mirror of
https://gitlab.nic.cz/knot/knot-dns.git
synced 2026-02-03 18:49:28 -05:00
54 lines
1.4 KiB
Python
54 lines
1.4 KiB
Python
#!/usr/bin/env python3
|
|
|
|
'''NSEC3 opt-out flag test based on RFC-5155 example.'''
|
|
|
|
from dnstest.test import Test
|
|
|
|
t = Test()
|
|
|
|
knot = t.server("knot")
|
|
knot.DIG_TIMEOUT = 2
|
|
bind = t.server("bind")
|
|
zone = t.zone("example.", storage=".")
|
|
|
|
t.link(zone, knot)
|
|
t.link(zone, bind)
|
|
|
|
t.start()
|
|
|
|
# B1. Name Error.
|
|
resp = knot.dig("a.c.x.w.example.", "A", dnssec=True)
|
|
resp.check(rcode="NXDOMAIN", flags="QR AA", eflags="DO")
|
|
resp.cmp(bind)
|
|
|
|
# B2. No Data Error.
|
|
resp = knot.dig("ns1.example.", "MX", dnssec=True)
|
|
resp.check(rcode="NOERROR", flags="QR AA", eflags="DO")
|
|
resp.cmp(bind)
|
|
|
|
# B2.1. No Data Error, Empty Non-Terminal.
|
|
resp = knot.dig("y.w.example.", "A", dnssec=True)
|
|
resp.check(rcode="NOERROR", flags="QR AA", eflags="DO")
|
|
resp.cmp(bind)
|
|
|
|
# B3. Referral to an Opt-Out Unsigned Zone.
|
|
resp = knot.dig("mc.c.example.", "MX", dnssec=True)
|
|
resp.check(rcode="NOERROR", flags="QR", noflags="AA", eflags="DO")
|
|
resp.cmp(bind, additional=True)
|
|
|
|
# B4. Wildcard Expansion.
|
|
resp = knot.dig("a.z.w.example.", "MX", dnssec=True)
|
|
resp.check(rcode="NOERROR", flags="QR AA", eflags="DO")
|
|
resp.cmp(bind)
|
|
|
|
# B5. Wildcard No Data Error.
|
|
resp = knot.dig("a.z.w.example.", "AAAA", dnssec=True)
|
|
resp.check(rcode="NOERROR", flags="QR AA", eflags="DO")
|
|
resp.cmp(bind)
|
|
|
|
# B6. DS Child Zone No Data Error.
|
|
resp = knot.dig("example.", "DS", dnssec=True)
|
|
resp.check(rcode="NOERROR", flags="QR AA", eflags="DO")
|
|
resp.cmp(bind)
|
|
|
|
t.end()
|