From 3bebf5f0c9239e376e0735f55b7b631e773da38a Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Fri, 15 Jul 2016 00:14:14 +0200 Subject: [PATCH] Add test for island of security (#4181) --- .../recursortests.py | 19 ++++++++++++++++++- .../test_Simple.py | 12 ++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/regression-tests.recursor-dnssec/recursortests.py b/regression-tests.recursor-dnssec/recursortests.py index 31a3b547d..b1b86f710 100644 --- a/regression-tests.recursor-dnssec/recursortests.py +++ b/regression-tests.recursor-dnssec/recursortests.py @@ -92,6 +92,9 @@ ns1.optout.example. 3600 IN A {prefix}.14 insecure-formerr.example. 3600 IN NS ns1.insecure-formerr.example. ns1.insecure-formerr.example. 3600 IN A {prefix}.2 + +islandofsecurity.example. 3600 IN NS ns1.islandofsecurity.example. +ns1.islandofsecurity.example. 3600 IN A {prefix}.9 """, 'secure.example': """ secure.example. 3600 IN SOA {soa} @@ -102,6 +105,7 @@ host1.secure.example. 3600 IN A 192.0.2.2 cname.secure.example. 3600 IN CNAME host1.secure.example. cname-to-insecure.secure.example. 3600 IN CNAME node1.insecure.example. cname-to-bogus.secure.example. 3600 IN CNAME ted.bogus.example. +cname-to-islandofsecurity.secure.example. 3600 IN CNAME node1.islandofsecurity.example. host1.sub.secure.example. 3600 IN A 192.0.2.11 @@ -164,6 +168,13 @@ secure.optout.example. 3600 IN NS ns1.secure.optout.example. ns1.secure.optout.example. 3600 IN A {prefix}.15 node1.secure.optout.example. 3600 IN A 192.0.2.8 + """, + 'islandofsecurity.example': """ +islandofsecurity.example. 3600 IN SOA {soa} +islandofsecurity.example. 3600 IN NS ns1.islandofsecurity.example. +ns1.islandofsecurity.example. 3600 IN A {prefix}.9 + +node1.islandofsecurity.example. 3600 IN A 192.0.2.20 """ } @@ -204,6 +215,12 @@ PrivateKey: efmq9G+J4Y2iPnIBRwJiy6Z/nIHSzpsCy/7XHhlS19A= Private-key-format: v1.2 Algorithm: 13 (ECDSAP256SHA256) PrivateKey: xcNUxt1Knj14A00lKQFDboluiJyM2f7FxpgsQaQ3AQ4= + """, + + 'islandofsecurity.example': """ +Private-key-format: v1.2 +Algorithm: 13 (ECDSAP256SHA256) +PrivateKey: o9F5iix8V68tnMcuOaM2Lt8XXhIIY//SgHIHEePk6cM= """ } @@ -212,7 +229,7 @@ PrivateKey: xcNUxt1Knj14A00lKQFDboluiJyM2f7FxpgsQaQ3AQ4= # go into the _zones's zonecontent _auth_zones = { '8': ['ROOT'], - '9': ['secure.example'], + '9': ['secure.example', 'islandofsecurity.example'], '10': ['example'], '11': ['example'], '12': ['bogus.example'], diff --git a/regression-tests.recursor-dnssec/test_Simple.py b/regression-tests.recursor-dnssec/test_Simple.py index 178177762..300710dbd 100644 --- a/regression-tests.recursor-dnssec/test_Simple.py +++ b/regression-tests.recursor-dnssec/test_Simple.py @@ -84,3 +84,15 @@ auth-zones=authzone.example=configs/%s/authzone.zone""" % _confdir self.assertRcodeEqual(resPTR, dns.rcode.NOERROR) self.assertRRsetInAnswer(resPTR, expectedPTR) + + def testIslandOfSecurity(self): + query = dns.message.make_query('cname-to-islandofsecurity.secure.example.', 'A', want_dnssec=True) + + expectedCNAME = dns.rrset.from_text('cname-to-islandofsecurity.secure.example.', 0, 'IN', 'CNAME', 'node1.islandofsecurity.example.') + expectedA = dns.rrset.from_text('node1.islandofsecurity.example.', 0, 'IN', 'A', '192.0.2.20') + + res = self.sendUDPQuery(query) + + self.assertRcodeEqual(res, dns.rcode.NOERROR) + self.assertRRsetInAnswer(res, expectedA) + -- 2.40.0