From 05537f805cccd5f01f249827e77fd7e7f9494a31 Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Thu, 28 Apr 2016 16:57:53 +0200
Subject: [PATCH] Add simple NODATA tests

---
 .../basicDNSSEC.py                            | 26 +++++++++++++++++++
 .../recursortests.py                          | 14 ++++++++++
 2 files changed, 40 insertions(+)

diff --git a/regression-tests.recursor-dnssec/basicDNSSEC.py b/regression-tests.recursor-dnssec/basicDNSSEC.py
index 729156913..36f858ba6 100644
--- a/regression-tests.recursor-dnssec/basicDNSSEC.py
+++ b/regression-tests.recursor-dnssec/basicDNSSEC.py
@@ -107,3 +107,29 @@ class BasicDNSSEC(RecursorTest):
         self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
         self.assertMatchingRRSIGInAnswer(res, expectedCNAME)
         self.assertMessageIsAuthenticated(res)
+
+    def testSecureNoData(self):
+        res = self.sendQuery('host1.secure.example.', 'AAAA')
+
+        self.assertRcodeEqual(res, dns.rcode.NOERROR)
+        self.assertAnswerEmpty(res)
+        self.assertAuthorityHasSOA(res)
+        self.assertMessageIsAuthenticated(res)
+
+    def testSecureCNAMENoData(self):
+        res = self.sendQuery('cname.secure.example.', 'AAAA')
+        expectedCNAME = dns.rrset.from_text('cname.secure.example.', 0, dns.rdataclass.IN, 'CNAME', 'host1.secure.example.')
+
+        self.assertRcodeEqual(res, dns.rcode.NOERROR)
+        self.assertMatchingRRSIGInAnswer(res, expectedCNAME)
+        self.assertAuthorityHasSOA(res)
+        self.assertMessageIsAuthenticated(res)
+
+    def testSecureWildCardNoData(self):
+        res = self.sendQuery('something.cnamewildcard.secure.example.', 'AAAA')
+        expectedCNAME = dns.rrset.from_text('something.cnamewildcard.secure.example.', 0, dns.rdataclass.IN, 'CNAME', 'host1.secure.example.')
+
+        self.assertRcodeEqual(res, dns.rcode.NOERROR)
+        self.assertMatchingRRSIGInAnswer(res, expectedCNAME)
+        self.assertAuthorityHasSOA(res)
+        self.assertMessageIsAuthenticated(res)
diff --git a/regression-tests.recursor-dnssec/recursortests.py b/regression-tests.recursor-dnssec/recursortests.py
index ea1767e14..dd61f7a52 100644
--- a/regression-tests.recursor-dnssec/recursortests.py
+++ b/regression-tests.recursor-dnssec/recursortests.py
@@ -96,6 +96,7 @@ secure.example.          3600 IN NS   ns.secure.example.
 ns.secure.example.       3600 IN A    {prefix}.9
 
 host1.secure.example.    3600 IN A    192.0.2.2
+cname.secure.example.    3600 IN CNAME host1.secure.example.
 
 host1.sub.secure.example. 3600 IN A    192.0.2.11
 
@@ -684,3 +685,16 @@ distributor-threads=1""".format(confdir=confdir,
             wantedRcode = dns.rcode._by_value[rcode]
 
             raise AssertionError("Rcode for %s is %s, expected %s." % (msg.question[0].to_text(), msgRcode, wantedRcode))
+
+    def assertAuthorityHasSOA(self, msg):
+        if not isinstance(msg, dns.message.Message):
+            raise TypeError("msg is not a dns.message.Message but a %s" % type(msg))
+
+        found = False
+        for rrset in msg.authority:
+            if rrset.rdtype == dns.rdatatype.SOA:
+                found = True
+                break
+
+        if not found:
+            raise AssertionError("No SOA record found in the authority section:\n%s" % msg.to_text())
-- 
2.40.0