From b48222dea2a8f717e7c27d67d85e5cb98115bc19 Mon Sep 17 00:00:00 2001
From: Otto <otto.moerbeek@open-xchange.com>
Date: Wed, 9 Jun 2021 13:10:48 +0200
Subject: [PATCH] Add very basic DoT regression test

---
 .circleci/config.yml                          |  1 +
 .../test_SimpleForwardOverDoT.py              | 51 +++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 regression-tests.recursor-dnssec/test_SimpleForwardOverDoT.py

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 06c48153cd..15cd5bcd0f 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1275,6 +1275,7 @@ jobs:
             --with-lua=luajit \
             --with-libcap \
             --with-net-snmp \
+            --enable-dns-over-tls \
             --enable-asan \
             --enable-ubsan
           working_directory: ~/project/pdns/recursordist
diff --git a/regression-tests.recursor-dnssec/test_SimpleForwardOverDoT.py b/regression-tests.recursor-dnssec/test_SimpleForwardOverDoT.py
new file mode 100644
index 0000000000..768bbe68b5
--- /dev/null
+++ b/regression-tests.recursor-dnssec/test_SimpleForwardOverDoT.py
@@ -0,0 +1,51 @@
+import dns
+import os
+import subprocess
+from recursortests import RecursorTest
+
+class testSimpleForwardOverDoT(RecursorTest):
+    """
+    This forwarding to a DoT srever in avery basic way and is dependent on Quad9 working
+    """
+
+    _confdir = 'SimpleForwardOverDoT'
+    _config_template = """
+dnssec=validate
+forward-zones-recurse=.=9.9.9.9:853
+    """
+
+    def testA(self):
+        expected = dns.rrset.from_text('dns.google.', 0, dns.rdataclass.IN, 'A', '8.8.8.8', '8.8.4.4')
+        query = dns.message.make_query('dns.google', 'A', want_dnssec=True)
+        query.flags |= dns.flags.AD
+
+        res = self.sendUDPQuery(query)
+
+        self.assertMessageIsAuthenticated(res)
+        self.assertRRsetInAnswer(res, expected)
+        self.assertMatchingRRSIGInAnswer(res, expected)
+
+        rec_controlCmd = [os.environ['RECCONTROL'],
+                          '--config-dir=%s' % 'configs/' + self._confdir,
+                          'get dot-outqueries']
+        try:
+            ret = subprocess.check_output(rec_controlCmd, stderr=subprocess.STDOUT)
+            self.assertNotEqual(ret, b'UNKNOWN\n')
+            self.assertNotEqual(ret, b'0\n')
+
+        except subprocess.CalledProcessError as e:
+            print(e.output)
+            raise
+
+        rec_controlCmd = [os.environ['RECCONTROL'],
+                          '--config-dir=%s' % 'configs/' + self._confdir,
+                          'get tcp-outqueries']
+        try:
+            ret = subprocess.check_output(rec_controlCmd, stderr=subprocess.STDOUT)
+            self.assertEqual(ret, b'0\n')
+
+        except subprocess.CalledProcessError as e:
+            print(e.output)
+            raise
+
+
-- 
2.47.3