From: Petr Špaček <pspacek@isc.org>
Date: Mon, 9 Jun 2025 09:15:04 +0000 (+0200)
Subject: Test simple NODATA answers with NSEC3
X-Git-Tag: v9.21.11~22^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a92391f60f749f133f80a8ee9e3cee38265f3045;p=thirdparty%2Fbind9.git

Test simple NODATA answers with NSEC3
---

diff --git a/bin/tests/system/dnssec/tests_nsec3.py b/bin/tests/system/dnssec/tests_nsec3.py
index ae839059cd7..4f462cba6b2 100755
--- a/bin/tests/system/dnssec/tests_nsec3.py
+++ b/bin/tests/system/dnssec/tests_nsec3.py
@@ -30,7 +30,7 @@ import dns.rdtypes.ANY.RRSIG
 import dns.rdtypes.ANY.NSEC3
 import dns.rrset
 
-from isctest.hypothesis.strategies import dns_names
+from isctest.hypothesis.strategies import dns_names, sampled_from
 import isctest
 import isctest.name
 
@@ -55,6 +55,19 @@ def do_test_query(
     return response, NSEC3Checker(response)
 
 
+@pytest.mark.parametrize(
+    "server", [pytest.param(AUTH, id="ns3"), pytest.param(RESOLVER, id="ns4")]
+)
+@given(qname=sampled_from(sorted(ZONE.reachable)))
+def test_nodata(server, qname: dns.name.Name, named_port: int) -> None:
+    """An existing name, no wildcards, but a query type for RRset which does not exist"""
+    response, nsec3check = do_test_query(qname, dns.rdatatype.HINFO, server, named_port)
+    assert response.rcode() is dns.rcode.NOERROR
+
+    nsec3check.prove_name_exists(qname)
+    nsec3check.check_extraneous_rrs()
+
+
 def assume_nx_and_no_delegation(qname):
     assume(qname not in ZONE.all_existing_names)