]>
git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.recursor-dnssec/test_RDFlag.py
3 from recursortests
import RecursorTest
5 class testRDNotAllowed(RecursorTest
):
6 _confdir
= 'RDFlagNotAllowed'
11 query
= dns
.message
.make_query('ns.secure.example', 'A', want_dnssec
=True)
12 query
.flags |
= dns
.flags
.AD
13 query
.flags
&= ~dns
.flags
.RD
15 res
= self
.sendUDPQuery(query
)
17 self
.assertRcodeEqual(res
, dns
.rcode
.REFUSED
)
18 self
.assertAnswerEmpty(res
)
20 class testRDAllowed(RecursorTest
):
21 _confdir
= 'RDFlagAllowed'
23 _config_template
= """
24 disable-packetcache=yes
28 expected
= dns
.rrset
.from_text('ns.secure.example.', 0, dns
.rdataclass
.IN
, 'A', '{prefix}.9'.format(prefix
=self
._PREFIX
))
29 query
= dns
.message
.make_query('ns.secure.example', 'A', want_dnssec
=True)
30 query
.flags |
= dns
.flags
.AD
31 query
.flags
&= ~dns
.flags
.RD
33 # First time empty answer
34 res
= self
.sendUDPQuery(query
)
35 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
36 self
.assertAnswerEmpty(res
)
38 # Second time with RD=1 fills the record cache
39 query
.flags |
= dns
.flags
.RD
41 res
= self
.sendUDPQuery(query
)
42 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
43 self
.assertMessageIsAuthenticated(res
)
44 self
.assertRRsetInAnswer(res
, expected
)
45 self
.assertMatchingRRSIGInAnswer(res
, expected
)
47 # Third time with RD=0 retrieves record cache content
48 query
.flags
&= ~dns
.flags
.RD
50 res
= self
.sendUDPQuery(query
)
51 self
.assertMessageIsAuthenticated(res
)
52 self
.assertRRsetInAnswer(res
, expected
)
53 self
.assertMatchingRRSIGInAnswer(res
, expected
)