Skip to content

Commit

Permalink
test: add DNSSEC integration tests
Browse files Browse the repository at this point in the history
  • Loading branch information
developStorm committed Nov 18, 2024
1 parent 2baa4a4 commit 6721055
Showing 1 changed file with 49 additions and 0 deletions.
49 changes: 49 additions & 0 deletions testing/integration_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -1288,6 +1288,55 @@ def test_cd_bit_set(self):
cmd, res = self.run_zdns(c, name)
self.assertSuccess(res, cmd, "A")

def test_dnssec_validation_secure(self):
# checks if dnssec validation is performed
DOMAINS = [
"cloudflare.com",
"internetsociety.org",
"dnssec-tools.org",
"dnssec-deployment.org",
]
for domain in DOMAINS:
c = f"A {domain} --iterative --validate-dnssec --result-verbosity=long"
name = "."
cmd, res = self.run_zdns(c, name)
self.assertSuccess(res, cmd, "A")
dnssec = res["results"]["A"]["data"]["dnssec"]
self.assertEqual(dnssec["status"], "Secure")
self.assertTrue(len(dnssec["ds"]) > 0)
self.assertTrue(len(dnssec["dnskey"]) > 0)

def test_dnssec_validation_secure_circular(self):
# checks if dnssec validation can handle circular NS dependencies
c = "A example.com --iterative --validate-dnssec --result-verbosity=long"
name = "."
cmd, res = self.run_zdns(c, name)
self.assertSuccess(res, cmd, "A")
dnssec = res["results"]["A"]["data"]["dnssec"]
self.assertEqual(dnssec["status"], "Secure")

def test_dnssec_validation_insecure(self):
# checks if dnssec validation reports insecure (not signed) zones correctly
c = "A outlook.com --iterative --validate-dnssec --result-verbosity=long"
name = "."
cmd, res = self.run_zdns(c, name)
self.assertSuccess(res, cmd, "A")
dnssec = res["results"]["A"]["data"]["dnssec"]
self.assertEqual(dnssec["status"], "Insecure")
self.assertTrue(len(dnssec["ds"]) == 0)
self.assertTrue(len(dnssec["dnskey"]) == 0)

def test_dnssec_validation_bogus(self):
# checks if dnssec validation reports bogus zones correctly
DOMAINS = ["dnssec-failed.org", "rhybar.cz"]
for domain in DOMAINS:
c = f"A {domain} --iterative --validate-dnssec --result-verbosity=long"
name = "."
cmd, res = self.run_zdns(c, name)
self.assertSuccess(res, cmd, "A")
dnssec = res["results"]["A"]["data"]["dnssec"]
self.assertEqual(dnssec["status"], "Bogus")

def test_timetamps(self):
c = "A"
name = "zdns-testing.com"
Expand Down

0 comments on commit 6721055

Please sign in to comment.