From 6f37f5dc85f4b3e7bee14b898802aa08da33c7b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Mon, 9 Jun 2025 11:15:04 +0200 Subject: [PATCH] Test simple NODATA answers with NSEC3 (cherry picked from commit a92391f60f749f133f80a8ee9e3cee38265f3045) --- bin/tests/system/dnssec/tests_nsec3.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/bin/tests/system/dnssec/tests_nsec3.py b/bin/tests/system/dnssec/tests_nsec3.py index ae839059cd..4f462cba6b 100755 --- a/bin/tests/system/dnssec/tests_nsec3.py +++ b/bin/tests/system/dnssec/tests_nsec3.py @@ -30,7 +30,7 @@ import dns.rdtypes.ANY.RRSIG import dns.rdtypes.ANY.NSEC3 import dns.rrset -from isctest.hypothesis.strategies import dns_names +from isctest.hypothesis.strategies import dns_names, sampled_from import isctest import isctest.name @@ -55,6 +55,19 @@ def do_test_query( return response, NSEC3Checker(response) +@pytest.mark.parametrize( + "server", [pytest.param(AUTH, id="ns3"), pytest.param(RESOLVER, id="ns4")] +) +@given(qname=sampled_from(sorted(ZONE.reachable))) +def test_nodata(server, qname: dns.name.Name, named_port: int) -> None: + """An existing name, no wildcards, but a query type for RRset which does not exist""" + response, nsec3check = do_test_query(qname, dns.rdatatype.HINFO, server, named_port) + assert response.rcode() is dns.rcode.NOERROR + + nsec3check.prove_name_exists(qname) + nsec3check.check_extraneous_rrs() + + def assume_nx_and_no_delegation(qname): assume(qname not in ZONE.all_existing_names)