100 lines
3.4 KiB
Python
100 lines
3.4 KiB
Python
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
|
|
import os
|
|
|
|
import dns.message
|
|
import pytest
|
|
|
|
import isctest
|
|
|
|
pytestmark = pytest.mark.extra_artifacts(
|
|
[
|
|
"dig.out.*",
|
|
"ns3/child.example.st",
|
|
"ns5/example.db",
|
|
]
|
|
)
|
|
|
|
|
|
def test_stub_zones_availability(servers):
|
|
# check that the stub zone has been saved to disk
|
|
assert os.path.exists("ns3/child.example.st")
|
|
|
|
# try an AXFR that should be denied (NOTAUTH)
|
|
def axfr_denied():
|
|
msg = dns.message.make_query("child.example.", "AXFR")
|
|
res = isctest.query.tcp(msg, "10.53.0.3")
|
|
isctest.check.notauth(res)
|
|
|
|
# look for stub zone data without recursion (should not be found)
|
|
def stub_zone_lookout_without_recursion():
|
|
# drop all flags (dns.flags.RD is set by default)
|
|
msg = dns.message.make_query("data.child.example.", "TXT")
|
|
msg.flags = 0
|
|
res = isctest.query.tcp(msg, "10.53.0.3")
|
|
isctest.check.noerror(res)
|
|
assert not res.answer
|
|
assert res.authority[0] == dns.rrset.from_text(
|
|
"child.example.", "300", "IN", "NS", "ns2.child.example."
|
|
)
|
|
assert res.additional[0] == dns.rrset.from_text(
|
|
"ns2.child.example.", "300", "IN", "A", "10.53.0.2"
|
|
)
|
|
|
|
# look for stub zone data with recursion (should be found)
|
|
def stub_zone_lookout_with_recursion():
|
|
# dns.flags.RD is set by default
|
|
msg = dns.message.make_query("data.child.example.", "TXT")
|
|
res = isctest.query.tcp(msg, "10.53.0.3")
|
|
isctest.check.noerror(res)
|
|
assert res.answer[0] == dns.rrset.from_text(
|
|
"data.child.example.", "300", "IN", "TXT", '"some" "test" "data"'
|
|
)
|
|
|
|
axfr_denied()
|
|
stub_zone_lookout_without_recursion()
|
|
stub_zone_lookout_with_recursion()
|
|
|
|
servers["ns3"].stop()
|
|
servers["ns3"].start(["--noclean", "--restart", "--port", os.environ["PORT"]])
|
|
|
|
axfr_denied()
|
|
stub_zone_lookout_without_recursion()
|
|
stub_zone_lookout_with_recursion()
|
|
|
|
|
|
# check that glue record is correctly transferred from primary when the "minimal-responses" option is on
|
|
def test_stub_glue_record_with_minimal_response():
|
|
# ensure zone data were transfered
|
|
assert os.path.exists("ns5/example.db")
|
|
|
|
# this query would fail if NS glue wasn't transferred
|
|
msg_txt = dns.message.make_query("target.example.", "TXT", want_dnssec=False)
|
|
res_txt = isctest.query.tcp(msg_txt, "10.53.0.5")
|
|
isctest.check.noerror(res_txt)
|
|
assert res_txt.answer[0] == dns.rrset.from_text(
|
|
"target.example.", "300", "IN", "TXT", '"test"'
|
|
)
|
|
|
|
# ensure both IPv4 and IPv6 glue records were transferred
|
|
msg_a = dns.message.make_query("ns4.example.", "A")
|
|
res_a = isctest.query.tcp(msg_a, "10.53.0.5")
|
|
assert res_a.answer[0] == dns.rrset.from_text(
|
|
"ns4.example.", "300", "IN", "A", "10.53.0.4"
|
|
)
|
|
|
|
msg_aaaa = dns.message.make_query("ns4.example.", "AAAA")
|
|
res_aaaa = isctest.query.tcp(msg_aaaa, "10.53.0.5")
|
|
assert res_aaaa.answer[0] == dns.rrset.from_text(
|
|
"ns4.example.", "300", "IN", "AAAA", "fd92:7065:b8e:ffff::4"
|
|
)
|