horok/bind9
1
0
Fork 0
Code Activity
bind9/bin/tests/system/glue/tests_glue.py
Daniel Baumann f66ff7eae6
Adding upstream version 1:9.20.9. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-21 13:32:37 +02:00

113 lines
3.9 KiB
Python
Raw Permalink Blame History

# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
import dns.message
import pytest
import isctest
pytest.importorskip("dns", minversion="2.0.0")
pytestmark = pytest.mark.extra_artifacts(
[
"ns1/*",
"ns1/dsset-*",
"ns1/tc-test-signed.db",
"ns1/tc-test-signed.db.signed",
]
)
def test_glue_full_glue_set():
"""test that a ccTLD referral gets a full glue set from the root zone"""
msg = dns.message.make_query("foo.bar.fi", "A")
msg.flags &= ~dns.flags.RD
res = isctest.query.udp(msg, "10.53.0.1")
answer = """;ANSWER
;AUTHORITY
fi. 172800 IN NS HYDRA.HELSINKI.fi.
fi. 172800 IN NS NS.EU.NET.
fi. 172800 IN NS NS.UU.NET.
fi. 172800 IN NS NS.TELE.fi.
fi. 172800 IN NS T.NS.VERIO.NET.
fi. 172800 IN NS PRIFI.EUNET.fi.
;ADDITIONAL
NS.TELE.fi. 172800 IN A 193.210.18.18
NS.TELE.fi. 172800 IN A 193.210.19.19
PRIFI.EUNET.fi. 172800 IN A 193.66.1.146
HYDRA.HELSINKI.fi. 172800 IN A 128.214.4.29
NS.EU.NET. 172800 IN A 192.16.202.11
T.NS.VERIO.NET. 172800 IN A 192.67.14.16
NS.UU.NET. 172800 IN A 137.39.1.3
"""
expected_answer = dns.message.from_text(answer)
isctest.check.noerror(res)
isctest.check.rrsets_equal(res.answer, expected_answer.answer)
isctest.check.rrsets_equal(res.authority, expected_answer.authority)
isctest.check.rrsets_equal(res.additional, expected_answer.additional)
def test_glue_no_glue_set():
"""test that out-of-zone glue is not found"""
msg = dns.message.make_query("example.net.", "A")
msg.flags &= ~dns.flags.RD
res = isctest.query.udp(msg, "10.53.0.1")
answer = """;ANSWER
;AUTHORITY
example.net. 300 IN NS ns2.example.
example.net. 300 IN NS ns1.example.
;ADDITIONAL
"""
expected_answer = dns.message.from_text(answer)
isctest.check.noerror(res)
isctest.check.rrsets_equal(res.answer, expected_answer.answer)
isctest.check.rrsets_equal(res.authority, expected_answer.authority)
isctest.check.rrsets_equal(res.additional, expected_answer.additional)
@pytest.mark.parametrize(
"qname,dnssec",
[
# test truncation for unsigned referrals close to UDP packet size limit (A glue)
("foo.subdomain-a.tc-test-unsigned.", False),
# test truncation for unsigned referrals close to UDP packet size limit (AAAA glue)
("foo.subdomain-aaaa.tc-test-unsigned.", False),
# test truncation for unsigned referrals close to UDP packet size limit (A+AAAA glue)
("foo.subdomain-both.tc-test-unsigned.", False),
# test truncation for signed referrals close to UDP packet size limit (A glue)
("foo.subdomain-a.tc-test-signed.", True),
# test truncation for signed referrals close to UDP packet size limit (AAAA glue)
("foo.subdomain-aaaa.tc-test-signed.", True),
# test truncation for signed referrals close to UDP packet size limit (A+AAAA glue)
("foo.subdomain-both.tc-test-signed.", True),
],
)
def test_glue_truncation(qname, dnssec):
msg = dns.message.make_query(qname, "A")
msg.flags &= ~dns.flags.RD
if dnssec:
msg.use_edns(
payload=512,
# Zones used in this test were created with dig in mind that, unlike dnspython,
# by default, sets a cookie. Given that the message size must be close to the
# truncation limit, we also need to set a cookie here.
options=[dns.edns.GenericOption(dns.edns.OptionType.COOKIE, b"0xda13cc")],
)
msg.want_dnssec(wanted=True)
res = isctest.query.udp(msg, "10.53.0.1")
isctest.check.noerror(res)
assert res.flags & dns.flags.TC
View git blame Copy permalink