# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
-rm -f supported
rm -f */K* */dsset-* */*.signed */trusted.conf
rm -f ns1/root.db
rm -f ns1/signer.err
rm -f ns2/good.db ns2/bad.db
-rm -f dig.out*
rm -f */named.conf
rm -f */named.run
rm -f */named.memstats
+++ /dev/null
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-set -e
-
-. ../conf.sh
-
-status=0
-
-rm -f dig.out.*
-
-DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
-
-# Check the good. domain
-
-echo_i "checking that validation with enabled digest types works"
-ret=0
-$DIG $DIGOPTS a.good. @10.53.0.3 a >dig.out.good || ret=1
-grep "status: NOERROR" dig.out.good >/dev/null || ret=1
-grep "flags:[^;]* ad[ ;]" dig.out.good >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-# Check the bad. domain
-
-echo_i "checking that validation with no supported digest types and must-be-secure results in SERVFAIL"
-ret=0
-$DIG $DIGOPTS a.bad. @10.53.0.3 a >dig.out.bad || ret=1
-grep "SERVFAIL" dig.out.bad >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-echo_i "checking that validation with no supported digest algorithms results in insecure"
-ret=0
-$DIG $DIGOPTS bad. @10.53.0.4 ds >dig.out.ds || ret=1
-grep "NOERROR" dig.out.ds >/dev/null || ret=1
-grep "flags:[^;]* ad[ ;]" dig.out.ds >/dev/null || ret=1
-$DIG $DIGOPTS a.bad. @10.53.0.4 a >dig.out.insecure || ret=1
-grep "NOERROR" dig.out.insecure >/dev/null || ret=1
-grep "flags:[^;]* ad[ ;]" dig.out.insecure >/dev/null && ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-echo_i "exit status: $status"
-
-[ $status -eq 0 ] || exit 1
--- /dev/null
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import dns.message
+
+import isctest
+
+
+def test_dsdigest_good():
+ """Check that validation with enabled digest types works"""
+ msg = dns.message.make_query("a.good.", "A", want_dnssec=True)
+ res = isctest.query.tcp(
+ msg,
+ "10.53.0.3",
+ )
+ isctest.check.noerror(res)
+ assert res.flags & dns.flags.AD
+
+
+def test_dsdigest_bad():
+ """Check that validation with not supported digest types
+ and "dnssec-must-be-secure yes;" results in SERVFAIL"""
+ msg = dns.message.make_query("a.bad.", "A", want_dnssec=True)
+ res = isctest.query.tcp(
+ msg,
+ "10.53.0.3",
+ )
+ isctest.check.servfail(res)
+
+
+def test_dsdigest_insecure():
+ """Check that validation with not supported digest algorithms is insecure"""
+ msg_ds = dns.message.make_query("bad.", "DS", want_dnssec=True)
+ res_ds = isctest.query.tcp(
+ msg_ds,
+ "10.53.0.4",
+ )
+ isctest.check.noerror(res_ds)
+ assert res_ds.flags & dns.flags.AD
+
+ msg_a = dns.message.make_query("a.bad.", "A", want_dnssec=True)
+ res_a = isctest.query.tcp(
+ msg_a,
+ "10.53.0.4",
+ )
+ isctest.check.noerror(res_a)
+ assert not res_a.flags & dns.flags.AD
+++ /dev/null
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-
-def test_dsdigest(run_tests_sh):
- run_tests_sh()
projects / thirdparty / bind9.git / commitdiff
