From a90ba585b3249774e4847cc3c7ee341d80d760fe Mon Sep 17 00:00:00 2001
From: Daniel Salzman <daniel.salzman@nic.cz>
Date: Mon, 17 Mar 2014 15:06:51 +0100
Subject: [PATCH] tests-extra: add basic/opt-out test case
---
.../tests/basic/opt-out/data/example.zone | 226 ++++++++++++++++++
tests-extra/tests/basic/opt-out/test.py | 54 +++++
2 files changed, 280 insertions(+)
create mode 100644 tests-extra/tests/basic/opt-out/data/example.zone
create mode 100644 tests-extra/tests/basic/opt-out/test.py
diff --git a/tests-extra/tests/basic/opt-out/data/example.zone b/tests-extra/tests/basic/opt-out/data/example.zone
new file mode 100644
index 000000000..3f7c06d72
--- /dev/null
+++ b/tests-extra/tests/basic/opt-out/data/example.zone
@@ -0,0 +1,226 @@
+; This zone comes from RFC-5155
+; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
+; H(a.example) = 35mthgpgcu1qg68fab165klnsnk3dpvl
+; H(ai.example) = gjeqe526plbf1g8mklp59enfd789njgi
+; H(ns1.example) = 2t7b4g4vsa5smi47k61mv5bv1a22bojr
+; H(ns2.example) = q04jkcevqvmu85r014c7dkba38o0ji5r
+; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
+; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
+; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
+; H(y.w.example) = ji6neoaepv8b5o6k4ev33abha8ht9fgc
+; H(x.y.w.example) = 2vptu5timamqttgl4luu9kg21e0aor3s
+; H(xx.example) = t644ebqk9bibcna874givr6joj62mlhv
+; H(2t7b4g4vsa5smi47k61mv5bv1a22bojr.example)
+; = kohar7mbb8dc2ce8a9qvl8hon4k53uhi
+example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 (
+ 3600000 3600 )
+ RRSIG SOA 7 1 3600 20150420235959 20051021000000 (
+ 40430 example.
+ Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i
+ q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd
+ VI2LmKusbZsT0Q== )
+ NS ns1.example.
+ NS ns2.example.
+ RRSIG NS 7 1 3600 20150420235959 20051021000000 (
+ 40430 example.
+ PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ
+ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv
+ CnMXjtz6SyObxA== )
+ MX 1 xx.example.
+ RRSIG MX 7 1 3600 20150420235959 20051021000000 (
+ 40430 example.
+ GgQ1A9xs47k42VPvpL/a1BWUz/6XsnHkjotw
+ 9So8MQtZtl2wJBsnOQsaoHrRCrRbyriEl/GZ
+ n9Mto/Kx+wBo+w== )
+ DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU (
+ sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h
+ TY4hHn9npWFRw5BYubE= )
+ DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ (
+ j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9
+ AbsUdblMFin8CVF3n4s= )
+ RRSIG DNSKEY 7 1 3600 20150420235959 (
+ 20051021000000 12708 example.
+ AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31
+ uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm
+ MGQZf3bH+QsCtg== )
+ NSEC3PARAM 1 0 12 aabbccdd
+ RRSIG NSEC3PARAM 7 1 3600 20150420235959 (
+ 20051021000000 40430 example.
+ C1Gl8tPZNtnjlrYWDeeUV/sGLCyy/IHie2re
+ rN05XSA3Pq0U3+4VvGWYWdUMfflOdxqnXHwJ
+ TLQsjlkynhG6Cg== )
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd (
+ 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS
+ SOA NSEC3PARAM RRSIG )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL
+ IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762
+ BOCXJZMnpuwhpA== )
+2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. A 192.0.2.127
+ RRSIG A 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ h6c++bzhRuWWt2bykN6mjaTNBcXNq5UuL5Ed
+ K+iDP4eY8I0kSiKaCjg3tC1SQkeloMeub2GW
+ k8p6xHMPZumXlw== )
+ NSEC3 1 1 12 aabbccdd (
+ 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN
+ 4TFoNxZuP03gAXEI634YwOc4YBNITrj413iq
+ NI6mRk/r1dOSUw== )
+2vptu5timamqttgl4luu9kg21e0aor3s.example. NSEC3 1 1 12 aabbccdd (
+ 35mthgpgcu1qg68fab165klnsnk3dpvl MX RRSIG )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ KL1V2oFYghNV0Hm7Tf2vpJjM6l+0g1JCcVYG
+ VfI0lKrhPmTsOA96cLEACgo1x8I7kApJX+ob
+ TuktZ+sdsZPY1w== )
+35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd (
+ b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ
+ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ
+ XtAIR3chwgW+SA== )
+a.example. NS ns1.a.example.
+ NS ns2.a.example.
+ DS 58470 5 1 (
+ 3079F1593EBAD6DC121E202A8B766A6A4837206C )
+ RRSIG DS 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ XacFcQVHLVzdoc45EJhN616zQ4mEXtE8FzUh
+ M2KWjfy1VfRKD9r1MeVGwwoukOKgJxBPFsWo
+ o722vZ4UZ2dIdA== )
+ns1.a.example. A 192.0.2.5
+ns2.a.example. A 192.0.2.6
+ai.example. A 192.0.2.9
+ RRSIG A 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F
+ tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+
+ rznEn8sQ64UdqA== )
+ HINFO "KLH-10" "ITS"
+ RRSIG HINFO 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ Yi42uOq43eyO6qXHNvwwfFnIustWgV5urFcx
+ enkLvs6pKRh00VBjODmf3Z4nMO7IOl6nHSQ1
+ v0wLHpEZG7Xj2w== )
+ AAAA 2001:db8:0:0:0:0:f00:baa9
+ RRSIG AAAA 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W
+ uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG
+ cHueLuXkMjBArQ== )
+b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd (
+ gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh
+ 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3
+ pOv0TSTyiTxIZg== )
+c.example. NS ns1.c.example.
+ NS ns2.c.example.
+ns1.c.example. A 192.0.2.7
+ns2.c.example. A 192.0.2.8
+gjeqe526plbf1g8mklp59enfd789njgi.example. NSEC3 1 1 12 aabbccdd (
+ ji6neoaepv8b5o6k4ev33abha8ht9fgc HINFO A AAAA
+ RRSIG )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ IVnezTJ9iqblFF97vPSmfXZ5Zozngx3KX3by
+ LTZC4QBH2dFWhf6scrGFZB980AfCxoD9qbbK
+ Dy+rdGIeRSVNyw== )
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. NSEC3 1 1 12 aabbccdd (
+ k8udemvp1j2f7eg6jebps17vp3n8i58h )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj7
+ 2F3kQ490fEdp7k1BUIfbcZtPbX3YCpE+sIt0
+ MpzVSKfTwx4uYA== )
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd (
+ kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK
+ S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt
+ Otx7w9WfcIg62A== )
+kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. NSEC3 1 1 12 aabbccdd (
+ q04jkcevqvmu85r014c7dkba38o0ji5r A RRSIG )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ VrDXs2uVW21N08SyQIz88zml+y4ZCInTwgDr
+ 6zz43yAg+LFERjOrj3Ojct51ac7Dp4eZbf9F
+ QJazmASFKGxGXg== )
+ns1.example. A 192.0.2.1
+ RRSIG A 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ bu6kx73n6XEunoVGuRfAgY7EF/AJqHy7hj0j
+ kiqJjB0dOrx3wuz9SaBeGfqWIdn/uta3SavN
+ 4FRvZR9SCFHF5Q== )
+ns2.example. A 192.0.2.2
+ RRSIG A 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ ktQ3TqE0CfRfki0Rb/Ip5BM0VnxelbuejCC4
+ zpLbFKA/7eD7UNAwxMgxJPtbdST+syjYSJaj
+ 4IHfeX6n8vfoGA== )
+q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd (
+ r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3
+ ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN
+ NlkxWcLsIlMmUg== )
+r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd (
+ t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C
+ ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+
+ HF1FWKW7RIJdtQ== )
+t644ebqk9bibcna874givr6joj62mlhv.example. NSEC3 1 1 12 aabbccdd (
+ 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom HINFO A AAAA
+ RRSIG )
+ RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ RAjGECB8P7O+F4Pa4Dx3tC0M+Z3KmlLKImca
+ fb9XWwx+NWUNz7NBEDBQHivIyKPVDkChcePI
+ X1xPl1ATNa+8Dw== )
+*.w.example. MX 1 ai.example.
+ RRSIG MX 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb
+ 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM
+ ivEBP6+4KS3ldA== )
+x.w.example. MX 1 xx.example.
+ RRSIG MX 7 3 3600 20150420235959 20051021000000 (
+ 40430 example.
+ IrK3tq/tHFIBF0scHiE/1IwMAvckS/55hAVv
+ QyxTFbkAdDloP3NbZzu+yoSsr3b3OX6qbBpY
+ 7WCtwwekLKRAwQ== )
+x.y.w.example. MX 1 xx.example.
+ RRSIG MX 7 4 3600 20150420235959 20051021000000 (
+ 40430 example.
+ MqSt5HqJIN8+SLlzTOImrh5h9Xa6gDvAW/Gn
+ nbdPc6Z7nXvCpLPJj/5lCwx3VuzVOjkbvXze
+ 8/8Ccl2Zn2hbug== )
+xx.example. A 192.0.2.10
+ RRSIG A 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ T35hBWEZ017VC5u2c4OriKyVn/pu+fVK4AlX
+ YOxJ6iQylfV2HQIKjv6b7DzINB3aF/wjJqgX
+ pQvhq+Ac6+ZiFg== )
+ HINFO "KLH-10" "TOPS-20"
+ RRSIG HINFO 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ KimG+rDd+7VA1zRsu0ITNAQUTRlpnsmqWrih
+ FRnU+bRa93v2e5oFNFYCs3Rqgv62K93N7AhW
+ 6Jfqj/8NzWjvKg== )
+ AAAA 2001:db8:0:0:0:0:f00:baaa
+ RRSIG AAAA 7 2 3600 20150420235959 20051021000000 (
+ 40430 example.
+ IXBcXORITNwd8h3gNwyxtYFvAupS/CYWufVe
+ uBUX0O25ivBCULjZjpDxFSxfohb/KA7YRdxE
+ NzYfMItpILl/Xw== )
+
diff --git a/tests-extra/tests/basic/opt-out/test.py b/tests-extra/tests/basic/opt-out/test.py
new file mode 100644
index 000000000..542e9a133
--- /dev/null
+++ b/tests-extra/tests/basic/opt-out/test.py
@@ -0,0 +1,54 @@
+#!/usr/bin/env python3
+
+'''NSEC3 opt-out flag test based on RFC-5155 example.'''
+
+from dnstest.test import Test
+
+t = Test()
+
+knot = t.server("knot")
+knot.DIG_TIMEOUT = 2
+bind = t.server("bind")
+zone = t.zone("example.", storage=".")
+
+t.link(zone, knot)
+t.link(zone, bind)
+
+t.start()
+
+# B1. Name Error.
+resp = knot.dig("a.c.x.w.example.", "A", dnssec=True)
+resp.check(rcode="NXDOMAIN", flags="QR AA", eflags="DO")
+resp.cmp(bind)
+
+# B2. No Data Error.
+resp = knot.dig("ns1.example.", "MX", dnssec=True)
+resp.check(rcode="NOERROR", flags="QR AA", eflags="DO")
+resp.cmp(bind)
+
+# B2.1. No Data Error, Empty Non-Terminal.
+resp = knot.dig("y.w.example.", "A", dnssec=True)
+resp.check(rcode="NOERROR", flags="QR AA", eflags="DO")
+resp.cmp(bind)
+
+# B3. Referral to an Opt-Out Unsigned Zone.
+resp = knot.dig("mc.c.example.", "MX", dnssec=True)
+resp.check(rcode="NOERROR", flags="QR", noflags="AA", eflags="DO")
+resp.cmp(bind)
+
+# B4. Wildcard Expansion.
+resp = knot.dig("a.z.w.example.", "MX", dnssec=True)
+resp.check(rcode="NOERROR", flags="QR AA", eflags="DO")
+resp.cmp(bind)
+
+# B5. Wildcard No Data Error.
+resp = knot.dig("a.z.w.example.", "AAAA", dnssec=True)
+resp.check(rcode="NOERROR", flags="QR AA", eflags="DO")
+resp.cmp(bind)
+
+# B6. DS Child Zone No Data Error.
+resp = knot.dig("example.", "DS", dnssec=True)
+resp.check(rcode="NOERROR", flags="QR AA", eflags="DO")
+resp.cmp(bind)
+
+t.end()
--
GitLab