[1696] also check edns' DO flag

tests/lettuce/features/nsec3_auth.feature

@@ -14,7 +14,7 @@ Feature: NSEC3 Authoritative service
         Given I have bind10 running with configuration nsec3/nsec3_auth.config
         A dnssec query for a.c.x.w.example. should have rcode NXDOMAIN
         The last query response should have flags qr aa rd
-        # TODO: check DO bit?
+        The last query response should have edns_flags do
         The last query response should have ancount 0
         The last query response should have nscount 8
         The last query response should have adcount 1
@@ -34,7 +34,7 @@ Feature: NSEC3 Authoritative service
         Given I have bind10 running with configuration nsec3/nsec3_auth.config
         A dnssec query for ns1.example. type MX should have rcode NOERROR
         The last query response should have flags qr aa rd
-        # TODO: check DO bit?
+        The last query response should have edns_flags do
         The last query response should have ancount 0
         The last query response should have nscount 4
         The last query response should have adcount 1
@@ -50,7 +50,7 @@ Feature: NSEC3 Authoritative service
         Given I have bind10 running with configuration nsec3/nsec3_auth.config
         A dnssec query for y.w.example. should have rcode NOERROR
         The last query response should have flags qr aa rd
-        # TODO: check DO bit?
+        The last query response should have edns_flags do
         The last query response should have ancount 0
         The last query response should have nscount 4
         The last query response should have adcount 1
@@ -66,7 +66,7 @@ Feature: NSEC3 Authoritative service
         Given I have bind10 running with configuration nsec3/nsec3_auth.config
         A dnssec query for mc.c.example. type MX should have rcode NOERROR
         The last query response should have flags qr rd
-        # TODO: check DO bit?
+        The last query response should have edns_flags do
         The last query response should have ancount 0
         The last query response should have nscount 6
         The last query response should have adcount 3
@@ -89,7 +89,7 @@ Feature: NSEC3 Authoritative service
         Given I have bind10 running with configuration nsec3/nsec3_auth.config
         A dnssec query for a.z.w.example. type MX should have rcode NOERROR
         The last query response should have flags qr aa rd
-        # TODO: check DO bit?
+        The last query response should have edns_flags do
         # BUG: NO RRSIG IN WILDCARD RESPONSE!!! (see ticket #1701)
         #The last query response should have ancount 2
         The last query response should have nscount 5
@@ -126,6 +126,7 @@ Feature: NSEC3 Authoritative service
         Given I have bind10 running with configuration nsec3/nsec3_auth.config
         A dnssec query for a.z.w.example. type AAAA should have rcode NOERROR
         The last query response should have flags qr aa rd
+        The last query response should have edns_flags do
         The last query response should have ancount 0
         The last query response should have nscount 8
         The last query response should have adcount 1
@@ -145,6 +146,7 @@ Feature: NSEC3 Authoritative service
         Given I have bind10 running with configuration nsec3/nsec3_auth.config
         A dnssec query for example. type DS should have rcode NOERROR
         The last query response should have flags qr aa rd
+        The last query response should have edns_flags do
         The last query response should have ancount 0
         The last query response should have nscount 4
         The last query response should have adcount 1

tests/lettuce/features/terrain/querying.py

@@ -41,9 +41,10 @@ import re
 #
 # The following attributes are 'parsed' from the response, all as strings,
 # and end up as direct attributes of the QueryResult object:
-# opcode, rcode, id, flags, qdcount, ancount, nscount, adcount
-# (flags is one string with all flags, in the order they appear in the
-# response packet.)
+# opcode, rcode, id, flags, qdcount, ancount, nscount, adcount,
+# edns_version, edns_flags, and edns_udp_size
+# (flags and edns_flags are both one string with all flags, in the order
+# in which they appear in the response packet.)
 #
 # this will set 'rcode' as the result code, we 'define' one additional
 # rcode, "NO_ANSWER", if the dig process returned an error code itself
@@ -55,6 +56,7 @@ import re
 # See server_from_sqlite3.feature for various examples to perform queries
 class QueryResult(object):
     status_re = re.compile("opcode: ([A-Z])+, status: ([A-Z]+), id: ([0-9]+)")
+    edns_re = re.compile("; EDNS: version: ([0-9]+), flags: ([a-z ]*); udp: ([0-9]+)")
     flags_re = re.compile("flags: ([a-z ]+); QUERY: ([0-9]+), ANSWER: " +
                           "([0-9]+), AUTHORITY: ([0-9]+), ADDITIONAL: ([0-9]+)")
 
@@ -106,6 +108,8 @@ class QueryResult(object):
         """
         if line == ";; ANSWER SECTION:\n":
             self.line_handler = self.parse_answer
+        elif line == ";; OPT PSEUDOSECTION:\n":
+            self.line_handler = self.parse_opt
         elif line == ";; AUTHORITY SECTION:\n":
             self.line_handler = self.parse_authority
         elif line == ";; ADDITIONAL SECTION:\n":
@@ -135,6 +139,19 @@ class QueryResult(object):
                 self.nscount = flags_match.group(4)
                 self.adcount = flags_match.group(5)
 
+    def parse_opt(self, line):
+        """
+        Parse the header lines of the query response.
+        Parameters:
+        line: The current line of the response.
+        """
+        if not self._check_next_header(line):
+            edns_match = self.edns_re.search(line)
+            if edns_match is not None:
+                self.edns_version = edns_match.group(1)
+                self.edns_flags = edns_match.group(2)
+                self.edns_udp_size = edns_match.group(3)
+
     def parse_question(self, line):
         """
         Parse the question section lines of the query response.