bind/bin/tests/system/glue/tests_glue.py

# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0.  If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.

import dns.message

import isctest

import pytest

pytest.importorskip("dns", minversion="2.0.0")


def test_glue_full_glue_set():
    """test that a ccTLD referral gets a full glue set from the root zone"""
    msg = dns.message.make_query("foo.bar.fi", "A")
    msg.flags &= ~dns.flags.RD
    res = isctest.query.udp(msg, "10.53.0.1")

    answer = """;ANSWER
;AUTHORITY
fi. 172800 IN NS HYDRA.HELSINKI.fi.
fi. 172800 IN NS NS.EU.NET.
fi. 172800 IN NS NS.UU.NET.
fi. 172800 IN NS NS.TELE.fi.
fi. 172800 IN NS T.NS.VERIO.NET.
fi. 172800 IN NS PRIFI.EUNET.fi.
;ADDITIONAL
NS.TELE.fi. 172800 IN A 193.210.18.18
NS.TELE.fi. 172800 IN A 193.210.19.19
PRIFI.EUNET.fi. 172800 IN A 193.66.1.146
HYDRA.HELSINKI.fi. 172800 IN A 128.214.4.29
NS.EU.NET. 172800 IN A 192.16.202.11
T.NS.VERIO.NET. 172800 IN A 192.67.14.16
NS.UU.NET. 172800 IN A 137.39.1.3
"""
    expected_answer = dns.message.from_text(answer)

    isctest.check.noerror(res)
    isctest.check.rrsets_equal(res.answer, expected_answer.answer)
    isctest.check.rrsets_equal(res.authority, expected_answer.authority)
    isctest.check.rrsets_equal(res.additional, expected_answer.additional)


def test_glue_no_glue_set():
    """test that out-of-zone glue is not found"""
    msg = dns.message.make_query("example.net.", "A")
    msg.flags &= ~dns.flags.RD
    res = isctest.query.udp(msg, "10.53.0.1")

    answer = """;ANSWER
;AUTHORITY
example.net. 300 IN NS ns2.example.
example.net. 300 IN NS ns1.example.
;ADDITIONAL
"""
    expected_answer = dns.message.from_text(answer)

    isctest.check.noerror(res)
    isctest.check.rrsets_equal(res.answer, expected_answer.answer)
    isctest.check.rrsets_equal(res.authority, expected_answer.authority)
    isctest.check.rrsets_equal(res.additional, expected_answer.additional)


@pytest.mark.parametrize(
    "qname,dnssec",
    [
        # test truncation for unsigned referrals close to UDP packet size limit (A glue)
        ("foo.subdomain-a.tc-test-unsigned.", False),
        # test truncation for unsigned referrals close to UDP packet size limit (AAAA glue)
        ("foo.subdomain-aaaa.tc-test-unsigned.", False),
        # test truncation for unsigned referrals close to UDP packet size limit (A+AAAA glue)
        ("foo.subdomain-both.tc-test-unsigned.", False),
        # test truncation for signed referrals close to UDP packet size limit (A glue)
        ("foo.subdomain-a.tc-test-signed.", True),
        # test truncation for signed referrals close to UDP packet size limit (AAAA glue)
        ("foo.subdomain-aaaa.tc-test-signed.", True),
        # test truncation for signed referrals close to UDP packet size limit (A+AAAA glue)
        ("foo.subdomain-both.tc-test-signed.", True),
    ],
)
def test_glue_truncation(qname, dnssec):
    msg = dns.message.make_query(qname, "A")
    msg.flags &= ~dns.flags.RD
    if dnssec:
        msg.use_edns(
            payload=512,
            # Zones used in this test were created with dig in mind that, unlike dnspython,
            # by default, sets a cookie. Given that the message size must be close to the
            # truncation limit, we also need to set a cookie here.
            options=[dns.edns.GenericOption(dns.edns.OptionType.COOKIE, b"0xda13cc")],
        )
        msg.want_dnssec(wanted=True)
    res = isctest.query.udp(msg, "10.53.0.1")

    isctest.check.noerror(res)
    assert res.flags & dns.flags.TC
Rewrite glue system test to pytest Limit dnspython to version 2.0.0+ (https://github.com/rthalley/dnspython/pull/503), otherwise the test fails with: E AttributeError: module 'dns.edns' has no attribute 'OptionType' 2024-03-07 14:58:38 +01:00			`# Copyright (C) Internet Systems Consortium, Inc. ("ISC")`
			`#`
			`# SPDX-License-Identifier: MPL-2.0`
			`#`
			`# This Source Code Form is subject to the terms of the Mozilla Public`
			`# License, v. 2.0. If a copy of the MPL was not distributed with this`
			`# file, you can obtain one at https://mozilla.org/MPL/2.0/.`
			`#`
			`# See the COPYRIGHT file distributed with this work for additional`
			`# information regarding copyright ownership.`

			`import dns.message`

			`import isctest`

			`import pytest`

			`pytest.importorskip("dns", minversion="2.0.0")`


			`def test_glue_full_glue_set():`
			`"""test that a ccTLD referral gets a full glue set from the root zone"""`
			`msg = dns.message.make_query("foo.bar.fi", "A")`
			`msg.flags &= ~dns.flags.RD`
			`res = isctest.query.udp(msg, "10.53.0.1")`

			`answer = """;ANSWER`
			`;AUTHORITY`
			`fi. 172800 IN NS HYDRA.HELSINKI.fi.`
			`fi. 172800 IN NS NS.EU.NET.`
			`fi. 172800 IN NS NS.UU.NET.`
			`fi. 172800 IN NS NS.TELE.fi.`
			`fi. 172800 IN NS T.NS.VERIO.NET.`
			`fi. 172800 IN NS PRIFI.EUNET.fi.`
			`;ADDITIONAL`
			`NS.TELE.fi. 172800 IN A 193.210.18.18`
			`NS.TELE.fi. 172800 IN A 193.210.19.19`
			`PRIFI.EUNET.fi. 172800 IN A 193.66.1.146`
			`HYDRA.HELSINKI.fi. 172800 IN A 128.214.4.29`
			`NS.EU.NET. 172800 IN A 192.16.202.11`
			`T.NS.VERIO.NET. 172800 IN A 192.67.14.16`
			`NS.UU.NET. 172800 IN A 137.39.1.3`
			`"""`
			`expected_answer = dns.message.from_text(answer)`

			`isctest.check.noerror(res)`
			`isctest.check.rrsets_equal(res.answer, expected_answer.answer)`
			`isctest.check.rrsets_equal(res.authority, expected_answer.authority)`
			`isctest.check.rrsets_equal(res.additional, expected_answer.additional)`


			`def test_glue_no_glue_set():`
			`"""test that out-of-zone glue is not found"""`
			`msg = dns.message.make_query("example.net.", "A")`
			`msg.flags &= ~dns.flags.RD`
			`res = isctest.query.udp(msg, "10.53.0.1")`

			`answer = """;ANSWER`
			`;AUTHORITY`
			`example.net. 300 IN NS ns2.example.`
			`example.net. 300 IN NS ns1.example.`
			`;ADDITIONAL`
			`"""`
			`expected_answer = dns.message.from_text(answer)`

			`isctest.check.noerror(res)`
			`isctest.check.rrsets_equal(res.answer, expected_answer.answer)`
			`isctest.check.rrsets_equal(res.authority, expected_answer.authority)`
			`isctest.check.rrsets_equal(res.additional, expected_answer.additional)`


			`@pytest.mark.parametrize(`
			`"qname,dnssec",`
			`[`
			`# test truncation for unsigned referrals close to UDP packet size limit (A glue)`
			`("foo.subdomain-a.tc-test-unsigned.", False),`
			`# test truncation for unsigned referrals close to UDP packet size limit (AAAA glue)`
			`("foo.subdomain-aaaa.tc-test-unsigned.", False),`
			`# test truncation for unsigned referrals close to UDP packet size limit (A+AAAA glue)`
			`("foo.subdomain-both.tc-test-unsigned.", False),`
			`# test truncation for signed referrals close to UDP packet size limit (A glue)`
			`("foo.subdomain-a.tc-test-signed.", True),`
			`# test truncation for signed referrals close to UDP packet size limit (AAAA glue)`
			`("foo.subdomain-aaaa.tc-test-signed.", True),`
			`# test truncation for signed referrals close to UDP packet size limit (A+AAAA glue)`
			`("foo.subdomain-both.tc-test-signed.", True),`
			`],`
			`)`
			`def test_glue_truncation(qname, dnssec):`
			`msg = dns.message.make_query(qname, "A")`
			`msg.flags &= ~dns.flags.RD`
			`if dnssec:`
			`msg.use_edns(`
			`payload=512,`
			`# Zones used in this test were created with dig in mind that, unlike dnspython,`
			`# by default, sets a cookie. Given that the message size must be close to the`
			`# truncation limit, we also need to set a cookie here.`
			`options=[dns.edns.GenericOption(dns.edns.OptionType.COOKIE, b"0xda13cc")],`
			`)`
			`msg.want_dnssec(wanted=True)`
			`res = isctest.query.udp(msg, "10.53.0.1")`

			`isctest.check.noerror(res)`
			`assert res.flags & dns.flags.TC`