regression-tests.recursor-dnssec/test_RDFlag.py

   1 import dns
   2 import os
   3 from recursortests import RecursorTest
   4
   5 class testRDNotAllowed(RecursorTest):
   6     _confdir = 'RDFlagNotAllowed'
   7
   8     _config_template = """
   9 """
  10     def testRD0(self):
  11         query = dns.message.make_query('ns.secure.example', 'A', want_dnssec=True)
  12         query.flags |= dns.flags.AD
  13         query.flags &= ~dns.flags.RD
  14
  15         res = self.sendUDPQuery(query)
  16
  17         self.assertRcodeEqual(res, dns.rcode.REFUSED)
  18         self.assertAnswerEmpty(res)
  19
  20 class testRDAllowed(RecursorTest):
  21     _confdir = 'RDFlagAllowed'
  22
  23     _config_template = """
  24     disable-packetcache=yes
  25     allow-no-rd=yes
  26 """
  27     def testRD0(self):
  28         expected = dns.rrset.from_text('ns.secure.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.9'.format(prefix=self._PREFIX))
  29         query = dns.message.make_query('ns.secure.example', 'A', want_dnssec=True)
  30         query.flags |= dns.flags.AD
  31         query.flags &= ~dns.flags.RD
  32
  33         # First time empty answer
  34         res = self.sendUDPQuery(query)
  35         self.assertRcodeEqual(res, dns.rcode.NOERROR)
  36         self.assertAnswerEmpty(res)
  37
  38         # Second time with RD=1 fills the record cache
  39         query.flags |= dns.flags.RD
  40
  41         res = self.sendUDPQuery(query)
  42         self.assertRcodeEqual(res, dns.rcode.NOERROR)
  43         self.assertMessageIsAuthenticated(res)
  44         self.assertRRsetInAnswer(res, expected)
  45         self.assertMatchingRRSIGInAnswer(res, expected)
  46
  47         # Third time with RD=0 retrieves record cache content
  48         query.flags &= ~dns.flags.RD
  49
  50         res = self.sendUDPQuery(query)
  51         self.assertMessageIsAuthenticated(res)
  52         self.assertRRsetInAnswer(res, expected)
  53         self.assertMatchingRRSIGInAnswer(res, expected)