]>
git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.recursor-dnssec/basicDNSSEC.py
2 from recursortests
import RecursorTest
5 class BasicDNSSEC(RecursorTest
):
7 _config_template
= """dnssec=validate"""
11 confdir
= os
.path
.join('configs', cls
._confdir
)
12 cls
.wipeRecursorCache(confdir
)
15 def sendQuery(self
, name
, rdtype
):
16 """Helper function that creates the query"""
17 msg
= dns
.message
.make_query(name
, rdtype
, want_dnssec
=True)
18 msg
.flags |
= dns
.flags
.AD
20 return self
.sendUDPQuery(msg
)
22 def testSecureAnswer(self
):
23 res
= self
.sendQuery('ns.secure.example.', 'A')
24 expected
= dns
.rrset
.from_text('ns.secure.example.', 0, dns
.rdataclass
.IN
, 'A', '{prefix}.10'.format(prefix
=self
._PREFIX
))
26 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
27 self
.assertMatchingRRSIGInAnswer(res
, expected
)
28 self
.assertMessageIsAuthenticated(res
)
30 def testInsecureAnswer(self
):
31 res
= self
.sendQuery('node1.insecure.example.', 'A')
33 self
.assertNoRRSIGsInAnswer(res
)
34 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
36 def testBogusAnswer(self
):
37 res
= self
.sendQuery('ted.bogus.example.', 'A')
39 self
.assertRcodeEqual(res
, dns
.rcode
.SERVFAIL
)
40 self
.assertAnswerEmpty(res
)
42 def testSecureNXDOMAIN(self
):
43 res
= self
.sendQuery('nxdomain.secure.example.', 'A')
45 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
47 def testInsecureNXDOMAIN(self
):
48 res
= self
.sendQuery('nxdomain.insecure.example.', 'A')
50 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
52 def testBogusNXDOMAIN(self
):
53 res
= self
.sendQuery('nxdomain.bogus.example.', 'A')
55 self
.assertRcodeEqual(res
, dns
.rcode
.SERVFAIL
)
57 def testSecureOptoutAnswer(self
):
58 res
= self
.sendQuery('node1.secure.optout.example.', 'A')
59 expected
= dns
.rrset
.from_text('node1.secure.optout.example.', 0, dns
.rdataclass
.IN
, 'A', '192.0.2.8')
61 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
62 self
.assertMatchingRRSIGInAnswer(res
, expected
)
63 self
.assertMessageIsAuthenticated(res
)
65 def testInsecureOptoutAnswer(self
):
66 res
= self
.sendQuery('node1.insecure.optout.example.', 'A')
68 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
69 self
.assertNoRRSIGsInAnswer(res
)
71 def testSecureSubtreeInZoneAnswer(self
):
72 res
= self
.sendQuery('host1.sub.secure.example.', 'A')
73 expected
= dns
.rrset
.from_text('host1.sub.secure.example.', 0, dns
.rdataclass
.IN
, 'A', '192.0.2.11')
75 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
76 self
.assertMatchingRRSIGInAnswer(res
, expected
)
77 self
.assertMessageIsAuthenticated(res
)
79 def testSecureSubtreeInZoneNXDOMAIN(self
):
80 res
= self
.sendQuery('host2.sub.secure.example.', 'A')
82 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
83 self
.assertMessageIsAuthenticated(res
)
85 def testSecureWildcardAnswer(self
):
86 res
= self
.sendQuery('something.wildcard.secure.example.', 'A')
87 expected
= dns
.rrset
.from_text('something.wildcard.secure.example.', 0, dns
.rdataclass
.IN
, 'A', '192.0.2.10')
89 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
90 self
.assertMatchingRRSIGInAnswer(res
, expected
)
91 self
.assertMessageIsAuthenticated(res
)
93 def testSecureCNAMEWildCardAnswer(self
):
94 res
= self
.sendQuery('something.cnamewildcard.secure.example.', 'A')
95 expectedCNAME
= dns
.rrset
.from_text('something.cnamewildcard.secure.example.', 0, dns
.rdataclass
.IN
, 'CNAME', 'host1.secure.example.')
96 expectedA
= dns
.rrset
.from_text('host1.secure.example.', 0, dns
.rdataclass
.IN
, 'A', '192.0.2.2')
98 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
99 self
.assertMatchingRRSIGInAnswer(res
, expectedCNAME
)
100 self
.assertMatchingRRSIGInAnswer(res
, expectedA
)
101 self
.assertMessageIsAuthenticated(res
)
103 def testSecureCNAMEWildCardNXDOMAIN(self
):
104 res
= self
.sendQuery('something.cnamewildcardnxdomain.secure.example.', 'A')
105 expectedCNAME
= dns
.rrset
.from_text('something.cnamewildcardnxdomain.secure.example.', 0, dns
.rdataclass
.IN
, 'CNAME', 'doesntexist.secure.example.')
107 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
108 self
.assertMatchingRRSIGInAnswer(res
, expectedCNAME
)
109 self
.assertMessageIsAuthenticated(res
)
111 def testSecureNoData(self
):
112 res
= self
.sendQuery('host1.secure.example.', 'AAAA')
114 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
115 self
.assertAnswerEmpty(res
)
116 self
.assertAuthorityHasSOA(res
)
117 self
.assertMessageIsAuthenticated(res
)
119 def testSecureCNAMENoData(self
):
120 res
= self
.sendQuery('cname.secure.example.', 'AAAA')
121 expectedCNAME
= dns
.rrset
.from_text('cname.secure.example.', 0, dns
.rdataclass
.IN
, 'CNAME', 'host1.secure.example.')
123 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
124 self
.assertMatchingRRSIGInAnswer(res
, expectedCNAME
)
125 self
.assertAuthorityHasSOA(res
)
126 self
.assertMessageIsAuthenticated(res
)
128 def testSecureWildCardNoData(self
):
129 res
= self
.sendQuery('something.cnamewildcard.secure.example.', 'AAAA')
130 expectedCNAME
= dns
.rrset
.from_text('something.cnamewildcard.secure.example.', 0, dns
.rdataclass
.IN
, 'CNAME', 'host1.secure.example.')
132 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
133 self
.assertMatchingRRSIGInAnswer(res
, expectedCNAME
)
134 self
.assertAuthorityHasSOA(res
)
135 self
.assertMessageIsAuthenticated(res
)
137 def testInsecureToSecureCNAMEAnswer(self
):
138 res
= self
.sendQuery('cname-to-secure.insecure.example.', 'A')
139 expectedA
= dns
.rrset
.from_text('host1.secure.example.', 0, dns
.rdataclass
.IN
, 'A', '192.0.2.2')
140 expectedCNAME
= dns
.rrset
.from_text('cname-to-secure.insecure.example.', 0, dns
.rdataclass
.IN
, 'CNAME', 'host1.secure.example.')
142 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
143 self
.assertMessageHasFlags(res
, ['QR', 'RD', 'RA'], ['DO'])
144 self
.assertRRsetInAnswer(res
, expectedCNAME
)
145 self
.assertMatchingRRSIGInAnswer(res
, expectedA
)
147 def testSecureToInsecureCNAMEAnswer(self
):
148 res
= self
.sendQuery('cname-to-insecure.secure.example.', 'A')
149 expectedA
= dns
.rrset
.from_text('node1.insecure.example.', 0, dns
.rdataclass
.IN
, 'A', '192.0.2.6')
150 expectedCNAME
= dns
.rrset
.from_text('cname-to-insecure.secure.example.', 0, dns
.rdataclass
.IN
, 'CNAME', 'node1.secure.example.')
152 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
153 self
.assertMessageHasFlags(res
, ['QR', 'RD', 'RA'], ['DO'])
154 self
.assertRRsetInAnswer(res
, expectedA
)
155 self
.assertMatchingRRSIGInAnswer(res
, expectedCNAME
)