diff options
Diffstat (limited to 'testdata')
42 files changed, 7741 insertions, 51 deletions
diff --git a/testdata/01-doc.tdir/01-doc.test b/testdata/01-doc.tdir/01-doc.test index 904672bd02de..1e7916d55742 100644 --- a/testdata/01-doc.tdir/01-doc.test +++ b/testdata/01-doc.tdir/01-doc.test @@ -12,6 +12,9 @@ get_make (cd $PRE ; $MAKE doc) > mylog 2>&1 bad=0 +# filter out doxygen warnings about unsupported tags in the config, print first +grep -e "warning: ignoring unsupported tag.*file .*/doc/unbound.doxygen" mylog +grep -v -e "warning: ignoring unsupported tag.*file .*/doc/unbound.doxygen" mylog > ilog; mv ilog mylog if grep -e "Warning" -e "warning" -e "Error" -e "error" mylog >/dev/null 2>&1; then cat mylog diff --git a/testdata/cachedb_expired.crpl b/testdata/cachedb_expired.crpl new file mode 100644 index 000000000000..9f9ff677c6d1 --- /dev/null +++ b/testdata/cachedb_expired.crpl @@ -0,0 +1,324 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + serve-expired: yes + module-config: "cachedb iterator" + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + cachedb-check-when-serve-expired: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb and serve expired. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 400 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 400 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +ns2.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.example.com. +ENTRY_END +RANGE_END + +; ns2.example.com. +RANGE_BEGIN 0 400 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; Get an entry in cache, to make it expired. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; Get another query in cache to make it expired. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.5 +ENTRY_END + +; it is now expired +STEP 40 TIME_PASSES ELAPSE 20 + +; cache is expired, and cachedb is expired. +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 30 IN A 1.2.3.5 +ENTRY_END + +; cache is expired, cachedb has no answer +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 80 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 1.2.3.4 +ENTRY_END + +STEP 90 TRAFFIC +; the entry should be refreshed in cache now. +; cache is valid and cachedb is valid. +STEP 100 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 110 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; flush the entry from cache +STEP 120 FLUSH_MESSAGE www.example.com. IN A + +; cache has no answer, cachedb valid +STEP 130 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 140 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; it is now expired +STEP 150 TIME_PASSES ELAPSE 20 +; flush the entry from cache +STEP 160 FLUSH_MESSAGE www.example.com. IN A + +; cache has no answer, cachedb is expired +STEP 170 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 180 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 1.2.3.4 +ENTRY_END + +STEP 190 TRAFFIC +; the expired message is updated. + +; cache is valid, cachedb is valid +STEP 200 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 210 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; expire the entry in cache +STEP 220 EXPIRE_MESSAGE www.example.com. IN A + +; cache is expired, cachedb valid +STEP 230 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 240 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; it is now expired +STEP 250 TIME_PASSES ELAPSE 20 +; expire the entry in cache +STEP 260 EXPIRE_MESSAGE www.example.com. IN A + +; cache is expired, cachedb is expired +STEP 270 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 280 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 1.2.3.4 +ENTRY_END + +STEP 290 TRAFFIC +; the expired message is updated. + +; cache is valid, cachedb is valid +STEP 300 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 310 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/cachedb_expired_client_timeout.crpl b/testdata/cachedb_expired_client_timeout.crpl new file mode 100644 index 000000000000..78ddf4d8f698 --- /dev/null +++ b/testdata/cachedb_expired_client_timeout.crpl @@ -0,0 +1,343 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 30 + ; at least one second, so we can time skip past the timer in the + ; testbound script steps, but also reply within the time. + serve-expired-client-timeout: 1200 + module-config: "cachedb iterator" + discard-timeout: 3000 + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + cachedb-check-when-serve-expired: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb and serve-expired-client-timeout. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 400 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 400 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +ns2.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.example.com. +ENTRY_END +RANGE_END + +; ns2.example.com. +RANGE_BEGIN 0 60 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns2.example.com. - after a change +RANGE_BEGIN 80 90 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.6 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.7 +ENTRY_END +RANGE_END + +; ns2.example.com. - steps 90-120 not responding. + +; ns2.example.com. - after a change +RANGE_BEGIN 130 140 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.9 +ENTRY_END +RANGE_END + +; ns2.example.com. - steps 150-160 not responding. + +; ns2.example.com. - after a change +RANGE_BEGIN 170 200 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.10 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.11 +ENTRY_END +RANGE_END + +; make time not 0 +STEP 2 TIME_PASSES ELAPSE 212 + +; Get an entry in cache. +STEP 4 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; Get another query in cache. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.5 +ENTRY_END + +; www.example.com and www2.example.com are in cache, www2 in cachedb. +STEP 40 FLUSH_MESSAGE www2.example.com. IN A +; now www in cache, www2 not in cache, www2 in cachedb. +; because of the client timeout, it should be able to use the +; response from cachedb for www2. + +; make 2 seconds pass to decrement the TTL on the response, +; the upstream TTL would be 10, cachedb 8. +STEP 48 TIME_PASSES ELAPSE 2 + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 8 IN A 1.2.3.5 +ENTRY_END + +; make both cache and cachedb expired +STEP 70 TIME_PASSES ELAPSE 20 + +; www and www2 expired in cache, www2 expired in cachedb. +; the query should now try to resolve and complete within the +; client timeout, and return the upstream version. +; the upstream is changed to give a different one now. +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.7 +ENTRY_END + +; expire the data again +STEP 100 TIME_PASSES ELAPSE 20 + +; the query should now try to resolve, but the upstream is not +; responsive for several testbound steps. When the timer expires, +; the expired answer should be returned. + +; www2 expired in cache and www2 expired in cachedb. +STEP 110 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +; make 2 seconds pass to go past the client timeout +STEP 112 TIME_PASSES ELAPSE 2 + +STEP 120 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 30 IN A 1.2.3.7 +ENTRY_END + +; make traffic flow to resolve the query, server responds. +STEP 130 TRAFFIC + +; expire the data again +STEP 140 TIME_PASSES ELAPSE 20 + +; The client query tries to resolve, but gets no immediate answer, +; so the expired data is used. But the expired data is in cache and +; the query is not in cachedb. +STEP 150 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; make 2 seconds pass to go past the client timeout +STEP 152 TIME_PASSES ELAPSE 2 + +STEP 160 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 1.2.3.4 +ENTRY_END + +; make traffic flow to resolve the query, server responds. +STEP 170 TRAFFIC + +; now the client query tries to resolve, and completes within the client +; timeout, but there is expired data in cache but not in cachedb. +STEP 180 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +STEP 190 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.11 +ENTRY_END + +SCENARIO_END diff --git a/testdata/cachedb_expired_reply_ttl.crpl b/testdata/cachedb_expired_reply_ttl.crpl new file mode 100644 index 000000000000..b5f34050594e --- /dev/null +++ b/testdata/cachedb_expired_reply_ttl.crpl @@ -0,0 +1,259 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 30 + module-config: "cachedb iterator" + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + cachedb-check-when-serve-expired: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb and serve-expired-reply-ttl. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 400 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 400 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +ns2.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.example.com. +ENTRY_END +RANGE_END + +; ns2.example.com. +RANGE_BEGIN 0 400 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; make time not 0 +STEP 2 TIME_PASSES ELAPSE 212 + +; Get an entry in cache, to make it expired. +STEP 4 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; Get another query in cache to make it expired. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.5 +ENTRY_END + +; it is now expired +STEP 40 TIME_PASSES ELAPSE 20 + +; cache is expired, and cachedb is expired. +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 30 IN A 1.2.3.5 +ENTRY_END + +; got an answer from upstream +STEP 61 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +STEP 62 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.5 +ENTRY_END + +; cache is expired, cachedb has no answer +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 80 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 1.2.3.4 +ENTRY_END + +STEP 90 TRAFFIC +; the entry should be refreshed in cache now. +; cache is valid and cachedb is valid. +STEP 100 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 110 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; make both cache and cachedb expired. +STEP 120 TIME_PASSES ELAPSE 20 +STEP 130 FLUSH_MESSAGE www.example.com. IN A + +; cache has no entry and cachedb is expired. +STEP 140 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 150 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 1.2.3.4 +ENTRY_END + +; the name is resolved +STEP 160 TRAFFIC + +; the resolve name has been updated. +STEP 170 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 180 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/cachedb_subnet_change.crpl b/testdata/cachedb_subnet_change.crpl new file mode 100644 index 000000000000..73584305ce60 --- /dev/null +++ b/testdata/cachedb_subnet_change.crpl @@ -0,0 +1,304 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 30 + + ; disable the serve expired client timeout. + serve-expired-client-timeout: 0 + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + ; subnetcache is to the left of cachedb, because it sets no cache + ; store for edns subnet content for modules to the right of it. + ; this keeps subnet content out of cachedb as global content. + module-config: "subnetcache cachedb iterator" + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + cachedb-check-when-serve-expired: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb, subnet and serve-expired, with a domain change from global to subnet. +; So the CNAME first points to a global record, then points to a subnet record. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 400 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 400 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +ns2.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.foo.com. +SECTION ADDITIONAL +ns.foo.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +initial.com. IN NS +SECTION AUTHORITY +initial.com. IN NS ns.initial.com. +SECTION ADDITIONAL +ns.initial.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns2.example.com. +RANGE_BEGIN 0 30 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME www.initial.com. +ENTRY_END +RANGE_END + +; ns2.example.com. - after change +RANGE_BEGIN 40 80 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +ENTRY_END +RANGE_END + +; ns.initial.com. +RANGE_BEGIN 0 400 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.initial.com. IN A +SECTION ANSWER +www.initial.com. 10 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.foo.com. +RANGE_BEGIN 40 80 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qname qtype ednsdata +REPLY QR AA NOERROR +SECTION QUESTION +example.foo.com. IN A +SECTION ANSWER +example.foo.com. 10 IN A 1.2.3.5 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +; ns2.example.com. - later +RANGE_BEGIN 90 200 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +ENTRY_END +RANGE_END + +; ns.foo.com. - later +RANGE_BEGIN 90 200 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qname qtype ednsdata +REPLY QR AA NOERROR +SECTION QUESTION +example.foo.com. IN A +SECTION ANSWER +example.foo.com. 10 IN A 1.2.3.6 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +; make time not 0 +STEP 2 TIME_PASSES ELAPSE 212 + +; Get an entry in cache. +STEP 4 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME www.initial.com. +www.initial.com. 10 IN A 1.2.3.4 +ENTRY_END + +; now valid in cache and valid in cachedb, without subnet. +STEP 30 TIME_PASSES ELAPSE 20 + +; now the cache and cachedb have an expired entry. +; the upstream is updated to CNAME to a subnet zone A record. + +STEP 40 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; the expired answer, while the ECS answer is looked up. +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN CNAME www.initial.com. +www.initial.com. 30 IN A 1.2.3.4 +ENTRY_END + +; check that subnet has the query in cache. +STEP 58 TIME_PASSES ELAPSE 2 +STEP 60 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN CNAME example.foo.com. +example.foo.com. 8 IN A 1.2.3.5 +ENTRY_END + +; everything is expired, cache, subnetcache and cachedb. +STEP 80 TIME_PASSES ELAPSE 20 + +STEP 90 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 100 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +example.foo.com. 10 IN A 1.2.3.6 +ENTRY_END + +; see the entry now in cache, from the subnetcache. +STEP 142 TIME_PASSES ELAPSE 2 +STEP 150 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 160 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN CNAME example.foo.com. +example.foo.com. 8 IN A 1.2.3.6 +ENTRY_END + +SCENARIO_END diff --git a/testdata/cachedb_subnet_expired.crpl b/testdata/cachedb_subnet_expired.crpl new file mode 100644 index 000000000000..eddff1002dd8 --- /dev/null +++ b/testdata/cachedb_subnet_expired.crpl @@ -0,0 +1,322 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 30 + ; at least one second, so we can time skip past the timer in the + ; testbound script steps, but also reply within the time. + serve-expired-client-timeout: 1200 + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + ; subnetcache is to the left of cachedb, because it sets no cache + ; store for edns subnet content for modules to the right of it. + ; this keeps subnet content out of cachedb as global content. + module-config: "subnetcache cachedb iterator" + discard-timeout: 3000 + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + cachedb-check-when-serve-expired: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb, subnet and serve-expired-client-timeout. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 400 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 400 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +ns2.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.foo.com. +SECTION ADDITIONAL +ns.foo.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns2.example.com. +RANGE_BEGIN 0 30 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns2.example.com. - after change +RANGE_BEGIN 40 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +ENTRY_END +RANGE_END + +; ns.foo.com. +RANGE_BEGIN 40 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qname qtype ednsdata +REPLY QR AA NOERROR +SECTION QUESTION +example.foo.com. IN A +SECTION ANSWER +example.foo.com. 10 IN A 1.2.3.5 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +; ns2.example.com. and ns.foo.com - no answer in 110-130. + +; ns2.example.com. - later +RANGE_BEGIN 140 200 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +ENTRY_END +RANGE_END + +; ns.foo.com. - later +RANGE_BEGIN 140 200 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qname qtype ednsdata +REPLY QR AA NOERROR +SECTION QUESTION +example.foo.com. IN A +SECTION ANSWER +example.foo.com. 10 IN A 1.2.3.6 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END +RANGE_END + + +; make time not 0 +STEP 2 TIME_PASSES ELAPSE 212 + +; Get an entry in cache. +STEP 4 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; now valid in cache and valid in cachedb, without subnet. +STEP 20 FLUSH_MESSAGE www.example.com. IN A +STEP 30 TIME_PASSES ELAPSE 20 + +; now nothing in cache and cachedb has an expired entry. +; the upstream is updated to CNAME to a subnet zone A record. + +STEP 40 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +example.foo.com. 10 IN A 1.2.3.5 +ENTRY_END + +; check that subnet has the query in cache. +STEP 58 TIME_PASSES ELAPSE 2 +STEP 60 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN CNAME example.foo.com. +example.foo.com. 8 IN A 1.2.3.5 +ENTRY_END + +; everything is expired, cache, subnetcache and cachedb. +STEP 80 TIME_PASSES ELAPSE 20 + +; send the query, reply arrives quickly. +STEP 90 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 100 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +example.foo.com. 10 IN A 1.2.3.5 +ENTRY_END + +; everything is expired, cache, subnetcache and cachedb. +STEP 110 TIME_PASSES ELAPSE 20 + +; send the query, but the reply is late, and there is expired data, +; the expired entry from cachedb is used to reply with. +STEP 120 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 122 TIME_PASSES ELAPSE 2 + +; But the entry has been deleted, so it cannot be served, the reply +; at step 141 is returned instead. +;STEP 130 CHECK_ANSWER +;ENTRY_BEGIN +;MATCH all +;REPLY QR RD RA NOERROR +;SECTION QUESTION +;www.example.com. IN A +;SECTION ANSWER +;www.example.com. 30 IN A 1.2.3.4 +;ENTRY_END + +; reply can flow again. +STEP 140 TRAFFIC + +STEP 141 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +example.foo.com. 10 IN A 1.2.3.6 +ENTRY_END + +; see the entry now in cache, from the subnetcache. +STEP 142 TIME_PASSES ELAPSE 2 +STEP 150 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 160 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN CNAME example.foo.com. +example.foo.com. 8 IN A 1.2.3.6 +ENTRY_END + +SCENARIO_END diff --git a/testdata/cachedb_subnet_toecs_timeout.crpl b/testdata/cachedb_subnet_toecs_timeout.crpl new file mode 100644 index 000000000000..f53fd9658e21 --- /dev/null +++ b/testdata/cachedb_subnet_toecs_timeout.crpl @@ -0,0 +1,229 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 30 + ; at least one second, so we can time skip past the timer in the + ; testbound script steps, but also reply within the time. + serve-expired-client-timeout: 1200 + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + ; subnetcache is to the left of cachedb, because it sets no cache + ; store for edns subnet content for modules to the right of it. + ; this keeps subnet content out of cachedb as global content. + module-config: "subnetcache cachedb iterator" + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + cachedb-check-when-serve-expired: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb, subnet and serve-expired, with a domain change from global to subnet with serve-expired-client-timeout enabled. +; So the CNAME first points to a global record, then points to a subnet record. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 400 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 400 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +ns2.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.foo.com. +SECTION ADDITIONAL +ns.foo.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +initial.com. IN NS +SECTION AUTHORITY +initial.com. IN NS ns.initial.com. +SECTION ADDITIONAL +ns.initial.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns2.example.com. +RANGE_BEGIN 0 30 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME www.initial.com. +ENTRY_END +RANGE_END + +; ns2.example.com. - after change +RANGE_BEGIN 40 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +ENTRY_END +RANGE_END + +; ns.initial.com. +RANGE_BEGIN 0 400 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.initial.com. IN A +SECTION ANSWER +www.initial.com. 10 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.foo.com. +RANGE_BEGIN 40 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qname qtype ednsdata +REPLY QR AA NOERROR +SECTION QUESTION +example.foo.com. IN A +SECTION ANSWER +example.foo.com. 10 IN A 1.2.3.5 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +; make time not 0 +STEP 2 TIME_PASSES ELAPSE 212 + +; Get an entry in cache. +STEP 4 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME www.initial.com. +www.initial.com. 10 IN A 1.2.3.4 +ENTRY_END + +; now valid in cache and valid in cachedb, without subnet. +STEP 30 TIME_PASSES ELAPSE 20 + +; now the cache and cachedb have an expired entry. +; the upstream is updated to CNAME to a subnet zone A record. + +STEP 40 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; this answer is returned by the subnet lookup within +; the serve-expired-client-timeout. +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +example.foo.com. 10 IN A 1.2.3.5 +ENTRY_END + +; check that subnet has the query in cache. +STEP 58 TIME_PASSES ELAPSE 2 +STEP 60 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN CNAME example.foo.com. +example.foo.com. 8 IN A 1.2.3.5 +ENTRY_END + +SCENARIO_END diff --git a/testdata/dnstap.tdir/dnstap.conf b/testdata/dnstap.tdir/dnstap.conf index 5e8dfaefbcef..fc382ccfd4e0 100644 --- a/testdata/dnstap.tdir/dnstap.conf +++ b/testdata/dnstap.tdir/dnstap.conf @@ -12,6 +12,8 @@ server: do-not-query-localhost: no local-zone: "example.net." redirect local-data: "example.net. IN A 10.20.30.41" + serve-expired: yes + serve-expired-reply-ttl: 30 remote-control: control-enable: yes control-interface: 127.0.0.1 diff --git a/testdata/dnstap.tdir/dnstap.test b/testdata/dnstap.tdir/dnstap.test index 3a2dcc5e13f0..3ec9c77bd0c8 100644 --- a/testdata/dnstap.tdir/dnstap.test +++ b/testdata/dnstap.tdir/dnstap.test @@ -81,6 +81,46 @@ for x in q1 q2 q3 q4 5 q6 q7 q8 q9 q10; do fi done +echo "> query for a short ttl record" +dig @127.0.0.1 -p $UNBOUND_PORT short.example.com. +echo "> wait for log to happen on timer" +sleep 3 +if grep "short.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "short.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "short.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "short.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "short.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "short.example.com" tap.log >/dev/null; then :; else sleep 10; fi +if grep "short.example.com" tap.log; then echo "yes it is in tap.log"; +else + echo "short.example.com. information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +echo "> query again for the now expired record" +dig @127.0.0.1 -p $UNBOUND_PORT short.example.com. +echo "> wait for log to happen on timer" +sleep 3 +num_responses=`grep "short.example.com" tap.log | grep CLIENT_RESPONSE | wc -l` +# Responses should be 2 for the 2 distinct dig commands. +if test $num_responses -gt 2; then + echo "Duplicate client responses for short.example.com. in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + echo "> cat logfiles" cat tap.log cat tap.errlog diff --git a/testdata/dnstap.tdir/dnstap.testns b/testdata/dnstap.tdir/dnstap.testns index 0c911ca5b30e..0987c41c8aae 100644 --- a/testdata/dnstap.tdir/dnstap.testns +++ b/testdata/dnstap.tdir/dnstap.testns @@ -14,6 +14,16 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +short IN A +SECTION ANSWER +short 2 IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname REPLY QR AA SERVFAIL ADJUST copy_id SECTION QUESTION diff --git a/testdata/doh_downstream.tdir/doh_downstream.conf b/testdata/doh_downstream.tdir/doh_downstream.conf index f0857bb58519..222c2159d27c 100644 --- a/testdata/doh_downstream.tdir/doh_downstream.conf +++ b/testdata/doh_downstream.tdir/doh_downstream.conf @@ -11,6 +11,7 @@ server: chroot: "" username: "" do-not-query-localhost: no + discard-timeout: 3000 # testns uses sleep=2 http-query-buffer-size: 1G http-response-buffer-size: 1G http-max-streams: 200 diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf index bdca456455ae..161c35559f4f 100644 --- a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf @@ -11,6 +11,7 @@ server: chroot: "" username: "" do-not-query-localhost: no + discard-timeout: 3000 # testns uses sleep=2 http-query-buffer-size: 1G http-response-buffer-size: 1G http-max-streams: 200 diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.conf b/testdata/doh_downstream_post.tdir/doh_downstream_post.conf index f0857bb58519..222c2159d27c 100644 --- a/testdata/doh_downstream_post.tdir/doh_downstream_post.conf +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.conf @@ -11,6 +11,7 @@ server: chroot: "" username: "" do-not-query-localhost: no + discard-timeout: 3000 # testns uses sleep=2 http-query-buffer-size: 1G http-response-buffer-size: 1G http-max-streams: 200 diff --git a/testdata/fwd_three_service.tdir/fwd_three_service.conf b/testdata/fwd_three_service.tdir/fwd_three_service.conf index 05fafe015c49..d6c9a205ffdc 100644 --- a/testdata/fwd_three_service.tdir/fwd_three_service.conf +++ b/testdata/fwd_three_service.tdir/fwd_three_service.conf @@ -11,6 +11,7 @@ server: num-queries-per-thread: 1024 use-syslog: no do-not-query-localhost: no + discard-timeout: 3000 # testns uses sleep=2 forward-zone: name: "." forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/iter_dname_ttl.rpl b/testdata/iter_dname_ttl.rpl index 115947af3ab3..71934c39fd69 100644 --- a/testdata/iter_dname_ttl.rpl +++ b/testdata/iter_dname_ttl.rpl @@ -145,31 +145,6 @@ ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} ENTRY_END -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN CNAME -SECTION ANSWER -www.example.com. IN CNAME www.example.net. -www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 3600 IN CNAME www.example.net. -www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= -ENTRY_END - ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id @@ -218,20 +193,6 @@ ns.example.net. IN A 1.2.3.5 ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} ENTRY_END -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. IN A 11.12.13.14 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id diff --git a/testdata/iter_ghost_grandchild_delegation.rpl b/testdata/iter_ghost_grandchild_delegation.rpl new file mode 100644 index 000000000000..d1e521b57e9c --- /dev/null +++ b/testdata/iter_ghost_grandchild_delegation.rpl @@ -0,0 +1,256 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test that deep delegation from the parent deletes intermediate delegations to avoid triggering the ghost domain countermeasure. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 19 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. 86400 IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. 86400 IN A 193.0.14.129 +ENTRY_END + +; we will explicitly ask for this +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. 10 IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. 86400 IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. 86400 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 86400 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. 10 IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. 86400 IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.example.com. IN A +SECTION ANSWER +a.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +b.example.com. IN A +SECTION ANSWER +b.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +c.example.com. IN A +SECTION ANSWER +c.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; get the com. IN NS delegation in cache +STEP 0 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +com. IN NS +ENTRY_END + +STEP 1 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. 10 IN NS a.gtld-servers.net. +ENTRY_END + +STEP 2 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.example.com. IN A +ENTRY_END + +STEP 3 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +a.example.com. IN A +SECTION ANSWER +a.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; time passes for com. IN NS to expire. +STEP 9 TIME_PASSES ELAPSE 11 + +; the following query should go to the root instead of example.com. IN NS +; because com. IN NS is expired +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +b.example.com. IN A +ENTRY_END + +; root replies with the example.com IN NS delegation +; the expired com. IN NS delegation should be deleted +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +b.example.com. IN A +SECTION ANSWER +b.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; root is offline in this range. +; the following query should go straight to the example.com. IN NS delegation +; because the expired com. IN NS should not be in the cache anymore +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +c.example.com. IN A +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +c.example.com. IN A +SECTION ANSWER +c.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_ghost_timewindow.rpl b/testdata/iter_ghost_timewindow.rpl index 566be82a9cf8..9e304628c98b 100644 --- a/testdata/iter_ghost_timewindow.rpl +++ b/testdata/iter_ghost_timewindow.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" minimal-responses: no + discard-timeout: 86400 stub-zone: name: "." diff --git a/testdata/local_cnameother.rpl b/testdata/local_cnameother.rpl new file mode 100644 index 000000000000..d86ba4f9d81a --- /dev/null +++ b/testdata/local_cnameother.rpl @@ -0,0 +1,67 @@ +; config options +server: + local-zone: "a." static + local-data: "myd.a. NSEC myd2.a. CNAME NSEC" + local-data: "myd.a. CNAME myd.target.a." + + ; Switches the types first one then the other. + local-data: "myd2.a. CNAME myd2.target.a." + local-data: "myd2.a. NSEC myd3.a. CNAME NSEC" + +stub-zone: + name: "a" + stub-addr: 1.2.3.4 + +CONFIG_END +SCENARIO_BEGIN Test local data queries with CNAME and other data. + +RANGE_BEGIN 0 1000 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.refuse.top. IN A +SECTION ANSWER +www.refuse.top. IN A 5.5.5.5 +ENTRY_END +RANGE_END + +; local data query for type next to CNAME, the specific type should +; be preferred over the CNAME. +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +myd.a. IN NSEC +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA +SECTION QUESTION +myd.a. IN NSEC +SECTION ANSWER +myd.a. NSEC myd2.a. CNAME NSEC +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +myd2.a. IN NSEC +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA +SECTION QUESTION +myd2.a. IN NSEC +SECTION ANSWER +myd2.a. NSEC myd3.a. CNAME NSEC +ENTRY_END + +SCENARIO_END diff --git a/testdata/rpz_clientip_override.rpl b/testdata/rpz_clientip_override.rpl new file mode 100644 index 000000000000..20e5213ff626 --- /dev/null +++ b/testdata/rpz_clientip_override.rpl @@ -0,0 +1,269 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + access-control: 192.0.0.0/8 allow + +rpz: + name: "rpz.example.com." + rpz-log: yes + rpz-log-name: "rpz.example.com" + rpz-action-override: "nxdomain" + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN example.com. +rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz.example.com. +32.1.5.0.192.rpz-client-ip CNAME rpz-passthru. +32.2.5.0.192.rpz-client-ip A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz2.example.com." + rpz-log: yes + rpz-log-name: "rpz2.example.com" + rpz-action-override: "nodata" + zonefile: +TEMPFILE_NAME rpz2.example.com +TEMPFILE_CONTENTS rpz2.example.com +$ORIGIN example.com. +rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz2.example.com. + 3600 IN NS ns2.rpz2.example.com. +$ORIGIN rpz2.example.com. +32.4.5.0.192.rpz-client-ip A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz3.example.com." + rpz-log: yes + rpz-log-name: "rpz3.example.com" + rpz-action-override: "passthru" + zonefile: +TEMPFILE_NAME rpz3.example.com +TEMPFILE_CONTENTS rpz3.example.com +$ORIGIN example.com. +rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz3.example.com. + 3600 IN NS ns2.rpz3.example.com. +$ORIGIN rpz3.example.com. +32.5.5.0.192.rpz-client-ip A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz4.example.com." + rpz-log: yes + rpz-log-name: "rpz4.example.com" + rpz-action-override: "drop" + zonefile: +TEMPFILE_NAME rpz4.example.com +TEMPFILE_CONTENTS rpz4.example.com +$ORIGIN example.com. +rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz4.example.com. + 3600 IN NS ns2.rpz4.example.com. +$ORIGIN rpz4.example.com. +32.5.5.0.192.rpz-client-ip A 1.2.3.5 +32.6.5.0.192.rpz-client-ip A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz5.example.com." + rpz-log: yes + rpz-log-name: "rpz5.example.com" + rpz-action-override: "cname" + rpz-cname-override: "target.a" + zonefile: +TEMPFILE_NAME rpz5.example.com +TEMPFILE_CONTENTS rpz5.example.com +$ORIGIN example.com. +rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz5.example.com. + 3600 IN NS ns2.rpz5.example.com. +$ORIGIN rpz5.example.com. +32.7.5.0.192.rpz-client-ip A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz6.example.com." + rpz-log: yes + rpz-log-name: "rpz6.example.com" + rpz-action-override: "disabled" + zonefile: +TEMPFILE_NAME rpz6.example.com +TEMPFILE_CONTENTS rpz6.example.com +$ORIGIN example.com. +rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz6.example.com. + 3600 IN NS ns2.rpz6.example.com. +$ORIGIN rpz6.example.com. +32.8.5.0.192.rpz-client-ip A 1.2.3.5 +TEMPFILE_END + +stub-zone: + name: "a." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test RPZ action override with trigger from clientip. + +; a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +d.a. IN A +SECTION ANSWER +d.a. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +target.a. IN A +SECTION ANSWER +target.a. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +STEP 10 QUERY ADDRESS 192.0.5.2 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END + +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +d.a. IN A +SECTION ANSWER +ENTRY_END + +STEP 20 QUERY ADDRESS 192.0.5.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +d.a. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 QUERY ADDRESS 192.0.5.3 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END + +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +d.a. IN A +SECTION ANSWER +d.a. IN A 1.2.3.4 +ENTRY_END + +STEP 40 QUERY ADDRESS 192.0.5.4 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END + +STEP 41 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +d.a. IN A +SECTION ANSWER +ENTRY_END + +STEP 50 QUERY ADDRESS 192.0.5.5 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END + +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +d.a. IN A +SECTION ANSWER +d.a. IN A 1.2.3.4 +ENTRY_END + +STEP 60 QUERY ADDRESS 192.0.5.6 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END +; dropped. + +STEP 70 QUERY ADDRESS 192.0.5.7 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END + +STEP 71 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +d.a. IN A +SECTION ANSWER +d.a. CNAME target.a. +target.a. A 1.2.3.6 +ENTRY_END + +STEP 80 QUERY ADDRESS 192.0.5.8 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END + +STEP 81 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +d.a. IN A +SECTION ANSWER +d.a. IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/rpz_cname_handle.rpl b/testdata/rpz_cname_handle.rpl new file mode 100644 index 000000000000..38dddf12c52a --- /dev/null +++ b/testdata/rpz_cname_handle.rpl @@ -0,0 +1,779 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + access-control: 192.0.0.0/8 allow + +rpz: + name: "rpz.example.com." + rpz-log: yes + rpz-log-name: "rpz.example.com" + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN example.com. +rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz.example.com. +www.gotham.a A 1.2.3.61 +www.gotham2.a CNAME g2.target.a. +g2.target.a A 1.2.3.62 +www.gotham3.a CNAME g3.target.a. +g3.target.a CNAME g3b.target.a. +g3b.target.a A 1.2.3.63 +www.gotham4.a CNAME g4.target.a. +g4.target.a CNAME g4b.target.a. +g4b.target.a CNAME g4c.target.a. +g4c.target.a A 1.2.3.64 +w2.gotham5.a A 1.2.3.65 +w2.gotham6.a CNAME g6.target.a. +g6.target.a A 1.2.3.66 +w2.gotham7.a CNAME g7.target.a. +g7.target.a CNAME g7b.target.a. +g7b.target.a A 1.2.3.66 +; ns1.gotham8.a +32.48.30.20.10.rpz-nsip A 1.2.3.68 +; ns1.gotham9.a +32.49.30.20.10.rpz-nsip CNAME g9.target.a. +g9.target.a A 1.2.3.69 +; ns1.gotham10.a +32.50.30.20.10.rpz-nsip CNAME g10.target.a. +g10.target.a CNAME g10b.target.a. +g10b.target.a A 1.2.3.70 +www.gotham11.a CNAME g11.target.a. +www.gotham12.a CNAME g12.target.a. +g12.target.a CNAME g12b.target.a. +www.gotham13.a CNAME g13.target.a. +g13.target.a CNAME g13b.target.a. +g13b.target.a CNAME g13c.target.a. +w2.gotham14.a CNAME g14.target.a. +w2.gotham15.a CNAME g15.target.a. +g15.target.a CNAME g15b.target.a. +; ns1.gotham16.a +32.56.30.20.10.rpz-nsip CNAME g16.target.a. +; ns1.gotham17.a +32.57.30.20.10.rpz-nsip CNAME g17.target.a. +g17.target.a CNAME g17b.target.a. +TEMPFILE_END + +stub-zone: + name: "a." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test RPZ handling of CNAMEs. + +; a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham5.a. IN NS +SECTION AUTHORITY +gotham5.a. NS ns1.gotham5.a. +SECTION ADDITIONAL +ns1.gotham5.a. A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham6.a. IN NS +SECTION AUTHORITY +gotham6.a. NS ns1.gotham6.a. +SECTION ADDITIONAL +ns1.gotham6.a. A 10.20.30.46 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham7.a. IN NS +SECTION AUTHORITY +gotham7.a. NS ns1.gotham7.a. +SECTION ADDITIONAL +ns1.gotham7.a. A 10.20.30.47 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham8.a. IN NS +SECTION AUTHORITY +gotham8.a. NS ns1.gotham8.a. +SECTION ADDITIONAL +ns1.gotham8.a. A 10.20.30.48 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham9.a. IN NS +SECTION AUTHORITY +gotham9.a. NS ns1.gotham9.a. +SECTION ADDITIONAL +ns1.gotham9.a. A 10.20.30.49 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham10.a. IN NS +SECTION AUTHORITY +gotham10.a. NS ns1.gotham10.a. +SECTION ADDITIONAL +ns1.gotham10.a. A 10.20.30.50 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham14.a. IN NS +SECTION AUTHORITY +gotham14.a. NS ns1.gotham14.a. +SECTION ADDITIONAL +ns1.gotham14.a. A 10.20.30.54 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham15.a. IN NS +SECTION AUTHORITY +gotham15.a. NS ns1.gotham15.a. +SECTION ADDITIONAL +ns1.gotham15.a. A 10.20.30.55 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham16.a. IN NS +SECTION AUTHORITY +gotham16.a. NS ns1.gotham16.a. +SECTION ADDITIONAL +ns1.gotham16.a. A 10.20.30.56 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham17.a. IN NS +SECTION AUTHORITY +gotham17.a. NS ns1.gotham17.a. +SECTION ADDITIONAL +ns1.gotham17.a. A 10.20.30.57 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +target.a. IN A +SECTION ANSWER +target.a. IN A 1.2.3.6 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +g11.target.a. IN A +SECTION ANSWER +g11.target.a. IN A 1.2.3.11 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +g12b.target.a. IN A +SECTION ANSWER +g12b.target.a. A 1.2.3.12 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +g13c.target.a. IN A +SECTION ANSWER +g13c.target.a. A 1.2.3.13 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +g14.target.a. IN A +SECTION ANSWER +g14.target.a. A 1.2.3.14 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +g15b.target.a. IN A +SECTION ANSWER +g15b.target.a. A 1.2.3.15 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +g16.target.a. IN A +SECTION ANSWER +g16.target.a. A 1.2.3.16 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +g17b.target.a. IN A +SECTION ANSWER +g17b.target.a. A 1.2.3.17 +ENTRY_END +RANGE_END + +; gotham5.a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.45 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.gotham5.a. IN A +SECTION ANSWER +www.gotham5.a. CNAME w2.gotham5.a. +ENTRY_END +RANGE_END + +; gotham6.a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.46 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham6.a. IN A +SECTION ANSWER +www.gotham6.a. CNAME w2.gotham6.a. +ENTRY_END +RANGE_END + +; gotham7.a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.47 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.gotham7.a. IN A +SECTION ANSWER +www.gotham7.a. CNAME w2.gotham7.a. +ENTRY_END +RANGE_END + +; gotham14.a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.54 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.gotham14.a. IN A +SECTION ANSWER +www.gotham14.a. CNAME w2.gotham14.a. +ENTRY_END +RANGE_END + +; gotham15.a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.55 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.gotham15.a. IN A +SECTION ANSWER +www.gotham15.a. CNAME w2.gotham15.a. +ENTRY_END +RANGE_END + +; Test with zero rpz CNAMEs, rpz answer. +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.a. IN A +ENTRY_END + +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham.a. IN A +SECTION ANSWER +www.gotham.a. A 1.2.3.61 +ENTRY_END + +; Test with one rpz CNAME, rpz answer. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham2.a. IN A +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION ANSWER +www.gotham2.a. CNAME g2.target.a. +g2.target.a. A 1.2.3.62 +ENTRY_END + +; Test with two rpz CNAMEs, rpz answer. +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham3.a. IN A +ENTRY_END + +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. CNAME g3.target.a. +g3.target.a. CNAME g3b.target.a. +g3b.target.a. A 1.2.3.63 +ENTRY_END + +; Test with three rpz CNAMEs, rpz answer. +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham4.a. IN A +ENTRY_END + +STEP 41 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham4.a. IN A +SECTION ANSWER +www.gotham4.a. CNAME g4.target.a. +g4.target.a. CNAME g4b.target.a. +g4b.target.a. CNAME g4c.target.a. +g4c.target.a. A 1.2.3.64 +ENTRY_END + +; Test with a CNAME from upstream, zero rpz CNAMEs, rpz answer. +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham5.a. IN A +ENTRY_END + +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham5.a. IN A +SECTION ANSWER +www.gotham5.a. CNAME w2.gotham5.a. +w2.gotham5.a. A 1.2.3.65 +ENTRY_END + +; Test with a CNAME from upstream, one rpz CNAME, rpz answer. +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham6.a. IN A +ENTRY_END + +STEP 61 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham6.a. IN A +SECTION ANSWER +www.gotham6.a. CNAME w2.gotham6.a. +w2.gotham6.a. CNAME g6.target.a. +g6.target.a. A 1.2.3.66 +ENTRY_END + +; Test with a CNAME from upstream, two rpz CNAMEs, rpz answer. +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham7.a. IN A +ENTRY_END + +STEP 71 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham7.a. IN A +SECTION ANSWER +www.gotham7.a. CNAME w2.gotham7.a. +w2.gotham7.a. CNAME g7.target.a. +g7.target.a. CNAME g7b.target.a. +g7b.target.a. A 1.2.3.66 +ENTRY_END + +; Test with a CNAME from cache, zero rpz CNAMEs, rpz answer. +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham5.a. IN A +ENTRY_END + +STEP 81 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham5.a. IN A +SECTION ANSWER +www.gotham5.a. CNAME w2.gotham5.a. +w2.gotham5.a. A 1.2.3.65 +ENTRY_END + +; Test with a CNAME from cache, one rpz CNAME, rpz answer. +STEP 90 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham6.a. IN A +ENTRY_END + +STEP 91 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham6.a. IN A +SECTION ANSWER +www.gotham6.a. CNAME w2.gotham6.a. +w2.gotham6.a. CNAME g6.target.a. +g6.target.a. A 1.2.3.66 +ENTRY_END + +; Test with a CNAME from cache, two rpz CNAMEs, rpz answer. +STEP 100 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham7.a. IN A +ENTRY_END + +STEP 101 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham7.a. IN A +SECTION ANSWER +www.gotham7.a. CNAME w2.gotham7.a. +w2.gotham7.a. CNAME g7.target.a. +g7.target.a. CNAME g7b.target.a. +g7b.target.a. A 1.2.3.66 +ENTRY_END + +; Test with lookup from nameserver, zero rpz CNAMEs, rpz nsip answer. +STEP 110 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham8.a. IN A +ENTRY_END + +STEP 111 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham8.a. IN A +SECTION ANSWER +www.gotham8.a. A 1.2.3.68 +ENTRY_END + +; Test with lookup from nameserver, one rpz CNAME, rpz nsip answer. +STEP 120 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham9.a. IN A +ENTRY_END + +STEP 121 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham9.a. IN A +SECTION ANSWER +www.gotham9.a. CNAME g9.target.a. +g9.target.a. A 1.2.3.69 +ENTRY_END + +; Test with lookup from nameserver, two rpz CNAMEs, rpz nsip answer. +STEP 130 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham10.a. IN A +ENTRY_END + +STEP 131 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham10.a. IN A +SECTION ANSWER +www.gotham10.a. CNAME g10.target.a. +g10.target.a. CNAME g10b.target.a. +g10b.target.a. A 1.2.3.70 +ENTRY_END + +; Test with one rpz CNAME, upstream answer. +STEP 140 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham11.a. IN A +ENTRY_END + +STEP 141 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham11.a. IN A +SECTION ANSWER +www.gotham11.a. CNAME g11.target.a. +g11.target.a. A 1.2.3.11 +ENTRY_END + +; Test with two rpz CNAMEs, upstream answer. +STEP 150 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham12.a. IN A +ENTRY_END + +STEP 151 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham12.a. IN A +SECTION ANSWER +www.gotham12.a. CNAME g12.target.a. +g12.target.a. CNAME g12b.target.a. +g12b.target.a. A 1.2.3.12 +ENTRY_END + +; Test with three rpz CNAMEs, upstream answer. +STEP 160 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham13.a. IN A +ENTRY_END + +STEP 161 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham13.a. IN A +SECTION ANSWER +www.gotham13.a. CNAME g13.target.a. +g13.target.a. CNAME g13b.target.a. +g13b.target.a. CNAME g13c.target.a. +g13c.target.a. A 1.2.3.13 +ENTRY_END + +; Test with a CNAME from upstream, one rpz CNAME, upstream answer. +STEP 170 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham14.a. IN A +ENTRY_END + +STEP 171 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham14.a. IN A +SECTION ANSWER +www.gotham14.a. CNAME w2.gotham14.a. +w2.gotham14.a. CNAME g14.target.a. +g14.target.a. A 1.2.3.14 +ENTRY_END + +; Test with a CNAME from upstream, two rpz CNAMEs, upstream answer. +STEP 180 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham15.a. IN A +ENTRY_END + +STEP 181 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham15.a. IN A +SECTION ANSWER +www.gotham15.a. CNAME w2.gotham15.a. +w2.gotham15.a. CNAME g15.target.a. +g15.target.a. CNAME g15b.target.a. +g15b.target.a. A 1.2.3.15 +ENTRY_END + +; Test with a CNAME from cache, one rpz CNAME, upstream answer. +STEP 190 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham14.a. IN A +ENTRY_END + +STEP 191 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham14.a. IN A +SECTION ANSWER +www.gotham14.a. CNAME w2.gotham14.a. +w2.gotham14.a. CNAME g14.target.a. +g14.target.a. A 1.2.3.14 +ENTRY_END + +; Test with a CNAME from cache, two rpz CNAMEs, upstream answer. +STEP 200 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham15.a. IN A +ENTRY_END + +STEP 201 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham15.a. IN A +SECTION ANSWER +www.gotham15.a. CNAME w2.gotham15.a. +w2.gotham15.a. CNAME g15.target.a. +g15.target.a. CNAME g15b.target.a. +g15b.target.a. A 1.2.3.15 +ENTRY_END + +; Test with lookup from nameserver, one rpz nsip CNAME, upstream answer. +STEP 210 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham16.a. IN A +ENTRY_END + +STEP 211 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham16.a. IN A +SECTION ANSWER +www.gotham16.a. CNAME g16.target.a. +g16.target.a. A 1.2.3.16 +ENTRY_END + +; Test with lookup from nameserver, two rpz nsip CNAMEs, upstream answer. +STEP 220 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham17.a. IN A +ENTRY_END + +STEP 221 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham17.a. IN A +SECTION ANSWER +www.gotham17.a. CNAME g17.target.a. +g17.target.a. CNAME g17b.target.a. +g17b.target.a. A 1.2.3.17 +ENTRY_END + +SCENARIO_END diff --git a/testdata/rpz_nsdname_override.rpl b/testdata/rpz_nsdname_override.rpl new file mode 100644 index 000000000000..d662e55c7775 --- /dev/null +++ b/testdata/rpz_nsdname_override.rpl @@ -0,0 +1,325 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + access-control: 192.0.0.0/8 allow + +rpz: + name: "rpz.example.com." + rpz-log: yes + rpz-log-name: "rpz.example.com" + rpz-action-override: "nxdomain" + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN example.com. +rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz.example.com. +ns1.gotham.a.rpz-nsdname A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz2.example.com." + rpz-log: yes + rpz-log-name: "rpz2.example.com" + rpz-action-override: "nodata" + zonefile: +TEMPFILE_NAME rpz2.example.com +TEMPFILE_CONTENTS rpz2.example.com +$ORIGIN example.com. +rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz2.example.com. + 3600 IN NS ns2.rpz2.example.com. +$ORIGIN rpz2.example.com. +ns1.gotham2.a.rpz-nsdname A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz3.example.com." + rpz-log: yes + rpz-log-name: "rpz3.example.com" + rpz-action-override: "passthru" + zonefile: +TEMPFILE_NAME rpz3.example.com +TEMPFILE_CONTENTS rpz3.example.com +$ORIGIN example.com. +rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz3.example.com. + 3600 IN NS ns2.rpz3.example.com. +$ORIGIN rpz3.example.com. +ns1.gotham3.a.rpz-nsdname A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz4.example.com." + rpz-log: yes + rpz-log-name: "rpz4.example.com" + rpz-action-override: "drop" + zonefile: +TEMPFILE_NAME rpz4.example.com +TEMPFILE_CONTENTS rpz4.example.com +$ORIGIN example.com. +rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz4.example.com. + 3600 IN NS ns2.rpz4.example.com. +$ORIGIN rpz4.example.com. +ns1.gotham3.a.rpz-nsdname A 1.2.3.5 +ns1.gotham4.a.rpz-nsdname A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz5.example.com." + rpz-log: yes + rpz-log-name: "rpz5.example.com" + rpz-action-override: "cname" + rpz-cname-override: "target.a" + zonefile: +TEMPFILE_NAME rpz5.example.com +TEMPFILE_CONTENTS rpz5.example.com +$ORIGIN example.com. +rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz5.example.com. + 3600 IN NS ns2.rpz5.example.com. +$ORIGIN rpz5.example.com. +ns1.gotham5.a.rpz-nsdname A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz6.example.com." + rpz-log: yes + rpz-log-name: "rpz6.example.com" + rpz-action-override: "disabled" + zonefile: +TEMPFILE_NAME rpz6.example.com +TEMPFILE_CONTENTS rpz6.example.com +$ORIGIN example.com. +rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz6.example.com. + 3600 IN NS ns2.rpz6.example.com. +$ORIGIN rpz6.example.com. +ns1.gotham6.a.rpz-nsdname A 1.2.3.5 +TEMPFILE_END + +stub-zone: + name: "a." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test RPZ action override with trigger from nsdname. + +; a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham.a. IN A +SECTION AUTHORITY +gotham.a. NS ns1.gotham.a. +SECTION ADDITIONAL +ns1.gotham.a. A 10.20.30.41 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION AUTHORITY +gotham2.a. NS ns1.gotham2.a. +SECTION ADDITIONAL +ns1.gotham2.a. A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION AUTHORITY +gotham3.a. NS ns1.gotham3.a. +SECTION ADDITIONAL +ns1.gotham3.a. A 10.20.30.43 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham4.a. IN A +SECTION AUTHORITY +gotham4.a. NS ns1.gotham4.a. +SECTION ADDITIONAL +ns1.gotham4.a. A 10.20.30.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham5.a. IN A +SECTION AUTHORITY +gotham5.a. NS ns1.gotham5.a. +SECTION ADDITIONAL +ns1.gotham5.a. A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham6.a. IN A +SECTION AUTHORITY +gotham6.a. NS ns1.gotham6.a. +SECTION ADDITIONAL +ns1.gotham6.a. A 10.20.30.46 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +target.a. IN A +SECTION ANSWER +target.a. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; gotham3.a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.43 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. A 1.2.3.4 +ENTRY_END +RANGE_END + +; gotham6.a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.46 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham6.a. IN A +SECTION ANSWER +www.gotham6.a. A 1.2.3.4 +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.a. IN A +ENTRY_END + +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +www.gotham.a. IN A +SECTION ANSWER +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham2.a. IN A +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham3.a. IN A +ENTRY_END + +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. A 1.2.3.4 +ENTRY_END + +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham4.a. IN A +ENTRY_END +;dropped + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham5.a. IN A +ENTRY_END + +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham5.a. IN A +SECTION ANSWER +www.gotham5.a. CNAME target.a +target.a A 1.2.3.6 +ENTRY_END + +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham6.a. IN A +ENTRY_END + +STEP 61 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham6.a. IN A +SECTION ANSWER +www.gotham6.a. A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/rpz_nsip_override.rpl b/testdata/rpz_nsip_override.rpl new file mode 100644 index 000000000000..8c3b20be381c --- /dev/null +++ b/testdata/rpz_nsip_override.rpl @@ -0,0 +1,332 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + access-control: 192.0.0.0/8 allow + +rpz: + name: "rpz.example.com." + rpz-log: yes + rpz-log-name: "rpz.example.com" + rpz-action-override: "nxdomain" + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN example.com. +rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz.example.com. +; ns1.gotham.a +32.41.30.20.10.rpz-nsip A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz2.example.com." + rpz-log: yes + rpz-log-name: "rpz2.example.com" + rpz-action-override: "nodata" + zonefile: +TEMPFILE_NAME rpz2.example.com +TEMPFILE_CONTENTS rpz2.example.com +$ORIGIN example.com. +rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz2.example.com. + 3600 IN NS ns2.rpz2.example.com. +$ORIGIN rpz2.example.com. +; ns1.gotham2.a +32.42.30.20.10.rpz-nsip A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz3.example.com." + rpz-log: yes + rpz-log-name: "rpz3.example.com" + rpz-action-override: "passthru" + zonefile: +TEMPFILE_NAME rpz3.example.com +TEMPFILE_CONTENTS rpz3.example.com +$ORIGIN example.com. +rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz3.example.com. + 3600 IN NS ns2.rpz3.example.com. +$ORIGIN rpz3.example.com. +; ns1.gotham3.a +32.43.30.20.10.rpz-nsip A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz4.example.com." + rpz-log: yes + rpz-log-name: "rpz4.example.com" + rpz-action-override: "drop" + zonefile: +TEMPFILE_NAME rpz4.example.com +TEMPFILE_CONTENTS rpz4.example.com +$ORIGIN example.com. +rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz4.example.com. + 3600 IN NS ns2.rpz4.example.com. +$ORIGIN rpz4.example.com. +; ns1.gotham3.a +32.43.30.20.10.rpz-nsip A 1.2.3.5 +; ns1.gotham4.a +32.44.30.20.10.rpz-nsip A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz5.example.com." + rpz-log: yes + rpz-log-name: "rpz5.example.com" + rpz-action-override: "cname" + rpz-cname-override: "target.a" + zonefile: +TEMPFILE_NAME rpz5.example.com +TEMPFILE_CONTENTS rpz5.example.com +$ORIGIN example.com. +rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz5.example.com. + 3600 IN NS ns2.rpz5.example.com. +$ORIGIN rpz5.example.com. +; ns1.gotham5.a +32.45.30.20.10.rpz-nsip A 1.2.3.5 +TEMPFILE_END + +rpz: + name: "rpz6.example.com." + rpz-log: yes + rpz-log-name: "rpz6.example.com" + rpz-action-override: "disabled" + zonefile: +TEMPFILE_NAME rpz6.example.com +TEMPFILE_CONTENTS rpz6.example.com +$ORIGIN example.com. +rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz6.example.com. + 3600 IN NS ns2.rpz6.example.com. +$ORIGIN rpz6.example.com. +; ns1.gotham6.a +32.46.30.20.10.rpz-nsip A 1.2.3.5 +TEMPFILE_END + +stub-zone: + name: "a." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test RPZ action override with trigger from nsip. + +; a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham.a. IN A +SECTION AUTHORITY +gotham.a. NS ns1.gotham.a. +SECTION ADDITIONAL +ns1.gotham.a. A 10.20.30.41 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION AUTHORITY +gotham2.a. NS ns1.gotham2.a. +SECTION ADDITIONAL +ns1.gotham2.a. A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION AUTHORITY +gotham3.a. NS ns1.gotham3.a. +SECTION ADDITIONAL +ns1.gotham3.a. A 10.20.30.43 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham4.a. IN A +SECTION AUTHORITY +gotham4.a. NS ns1.gotham4.a. +SECTION ADDITIONAL +ns1.gotham4.a. A 10.20.30.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham5.a. IN A +SECTION AUTHORITY +gotham5.a. NS ns1.gotham5.a. +SECTION ADDITIONAL +ns1.gotham5.a. A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham6.a. IN A +SECTION AUTHORITY +gotham6.a. NS ns1.gotham6.a. +SECTION ADDITIONAL +ns1.gotham6.a. A 10.20.30.46 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +target.a. IN A +SECTION ANSWER +target.a. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; gotham3.a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.43 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. A 1.2.3.4 +ENTRY_END +RANGE_END + +; gotham6.a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.46 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham6.a. IN A +SECTION ANSWER +www.gotham6.a. A 1.2.3.4 +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.a. IN A +ENTRY_END + +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +www.gotham.a. IN A +SECTION ANSWER +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham2.a. IN A +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham3.a. IN A +ENTRY_END + +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. A 1.2.3.4 +ENTRY_END + +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham4.a. IN A +ENTRY_END +;dropped + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham5.a. IN A +ENTRY_END + +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham5.a. IN A +SECTION ANSWER +www.gotham5.a. CNAME target.a +target.a A 1.2.3.6 +ENTRY_END + +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham6.a. IN A +ENTRY_END + +STEP 61 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham6.a. IN A +SECTION ANSWER +www.gotham6.a. A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/rpz_passthru_clientip.rpl b/testdata/rpz_passthru_clientip.rpl new file mode 100644 index 000000000000..1ffb79a00575 --- /dev/null +++ b/testdata/rpz_passthru_clientip.rpl @@ -0,0 +1,90 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + access-control: 192.0.0.0/8 allow + +rpz: + name: "rpz.example.com." + rpz-log: yes + rpz-log-name: "rpz.example.com" + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN example.com. +rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz.example.com. +d.a A 127.0.0.1 +32.1.5.0.192.rpz-client-ip CNAME rpz-passthru. +32.2.5.0.192.rpz-client-ip CNAME rpz-drop. +TEMPFILE_END + +stub-zone: + name: "a." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test RPZ passthru ends processing after clientip. + +; a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +d.a. IN A +SECTION ANSWER +d.a. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +STEP 10 QUERY ADDRESS 192.0.5.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END + +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +d.a. IN A +SECTION ANSWER +d.a. A 1.2.3.4 +ENTRY_END + +; This reply should get the rpz data +STEP 20 QUERY ADDRESS 192.0.5.3 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +d.a. IN A +SECTION ANSWER +d.a. A 127.0.0.1 +ENTRY_END + +; This reply should be dropped. +STEP 30 QUERY ADDRESS 192.0.5.2 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d.a. IN A +ENTRY_END + +SCENARIO_END diff --git a/testdata/rpz_qtype_cname.rpl b/testdata/rpz_qtype_cname.rpl new file mode 100644 index 000000000000..fa5674a0fba8 --- /dev/null +++ b/testdata/rpz_qtype_cname.rpl @@ -0,0 +1,120 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + access-control: 192.0.0.0/8 allow + +rpz: + name: "rpz.example.com." + rpz-log: yes + rpz-log-name: "rpz.example.com" + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN example.com. +rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz.example.com. +www.gotham.a CNAME foo.target.a. +32.42.30.20.10.rpz-nsip CNAME foo.target.a. +TEMPFILE_END + +stub-zone: + name: "a." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test RPZ with qtype CNAME. + +; a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham.a. IN A +SECTION AUTHORITY +gotham.a. NS ns1.gotham.a. +SECTION ADDITIONAL +ns1.gotham.a. A 10.20.30.41 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham2.a. IN NS +SECTION AUTHORITY +gotham2.a. NS ns1.gotham2.a. +SECTION ADDITIONAL +ns1.gotham2.a. A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +target.a. IN A +SECTION ANSWER +target.a. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; gotham2.a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.42 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham2.a. IN CNAME +SECTION ANSWER +www.gotham2.a. CNAME foo2.target.a. +ENTRY_END +RANGE_END + +; Query for type CNAME, from the RPZ response +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.a. IN CNAME +ENTRY_END + +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA +SECTION QUESTION +www.gotham.a. IN CNAME +SECTION ANSWER +www.gotham.a. IN CNAME foo.target.a. +ENTRY_END + +; Query for type CNAME, the answer is nameserver lookup, CNAME from rpz nsip. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham2.a. IN CNAME +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham2.a. IN CNAME +SECTION ANSWER +www.gotham2.a. IN CNAME foo.target.a. +ENTRY_END + +SCENARIO_END diff --git a/testdata/rpz_reload.tdir/example.org.zone b/testdata/rpz_reload.tdir/example.org.zone new file mode 100644 index 000000000000..21dd8993880a --- /dev/null +++ b/testdata/rpz_reload.tdir/example.org.zone @@ -0,0 +1,2 @@ +example.org. 3600 IN SOA ns1.example.org. hostmaster.example.org. 1379078166 28800 7200 604800 7200 +www.example.org. A 1.2.3.5 diff --git a/testdata/rpz_reload.tdir/rpz.example.com.zone b/testdata/rpz_reload.tdir/rpz.example.com.zone new file mode 100644 index 000000000000..ad075b18b359 --- /dev/null +++ b/testdata/rpz_reload.tdir/rpz.example.com.zone @@ -0,0 +1,6 @@ +; example rpz file +rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. 1379078166 28800 7200 604800 7200 + NS ns1.rpz.example.com. + NS ns2.rpz.example.com. +foo.example.net CNAME . +www.example.net A 1.2.3.4 diff --git a/testdata/rpz_reload.tdir/rpz_reload.conf b/testdata/rpz_reload.tdir/rpz_reload.conf new file mode 100644 index 000000000000..d3c81e486cdd --- /dev/null +++ b/testdata/rpz_reload.tdir/rpz_reload.conf @@ -0,0 +1,30 @@ +server: + verbosity: 7 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + module-config: "respip iterator" + log-time-ascii: yes + +remote-control: + control-enable: yes + control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@ + control-use-cert: no + +rpz: + name: "rpz.example.com" + zonefile: "rpz.example.com.zone" + rpz-action-override: cname + rpz-cname-override: "www.example.org" + rpz-log: yes + rpz-log-name: "example policy" + +auth-zone: + name: "example.org" + zonefile: "example.org.zone" + for-upstream: yes diff --git a/testdata/rpz_reload.tdir/rpz_reload.dsc b/testdata/rpz_reload.tdir/rpz_reload.dsc new file mode 100644 index 000000000000..27f31cff19df --- /dev/null +++ b/testdata/rpz_reload.tdir/rpz_reload.dsc @@ -0,0 +1,16 @@ +BaseName: rpz_reload +Version: 1.0 +Description: check rpz reload change +CreationDate: Mon 11 Mar 16:00:00 CET 2024 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: rpz_reload.pre +Post: rpz_reload.post +Test: rpz_reload.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/rpz_reload.tdir/rpz_reload.post b/testdata/rpz_reload.tdir/rpz_reload.post new file mode 100644 index 000000000000..ef93cd46bc59 --- /dev/null +++ b/testdata/rpz_reload.tdir/rpz_reload.post @@ -0,0 +1,12 @@ +# #-- rpz_reload.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +echo "> cat logfiles" +cat unbound.log +kill_pid $UNBOUND_PID +rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID diff --git a/testdata/rpz_reload.tdir/rpz_reload.pre b/testdata/rpz_reload.tdir/rpz_reload.pre new file mode 100644 index 000000000000..8f88b6094264 --- /dev/null +++ b/testdata/rpz_reload.tdir/rpz_reload.pre @@ -0,0 +1,26 @@ +# #-- rpz_reload.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +get_random_port 1 +UNBOUND_PORT=$RND_PORT +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test + +# make config file +CONTROL_PATH=/tmp +CONTROL_PID=$$ +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < rpz_reload.conf > ub.conf +# start unbound in the background +PRE="../.." +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test +echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_unbound_up unbound.log diff --git a/testdata/rpz_reload.tdir/rpz_reload.test b/testdata/rpz_reload.tdir/rpz_reload.test new file mode 100644 index 000000000000..f3cf9b29ef51 --- /dev/null +++ b/testdata/rpz_reload.tdir/rpz_reload.test @@ -0,0 +1,109 @@ +# #-- rpz_reload.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +# do the test +echo "> dig . SOA" +dig @127.0.0.1 -p $UNBOUND_PORT localhost. A | tee outfile +echo "> check answer" +if grep localhost outfile | grep "127.0.0.1"; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +echo "" +echo "> unbound-control status" +$PRE/unbound-control -c ub.conf status +if test $? -ne 0; then + echo "wrong exit value." + exit 1 +else + echo "exit value: OK" +fi + +# Have the RPZ block some things. +dig @127.0.0.1 -p $UNBOUND_PORT foo.example.net. A | tee outfile +echo "> check answer" +if grep "www.example.org" outfile | grep "1.2.3.5"; then + echo "OK" +else + echo "Not OK" + exit 1 +fi +if grep "rpz: applied .example policy." unbound.log | grep "foo.example.net. A"; then + echo "log line OK" +else + echo "log line not OK" + exit 1 +fi + +dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. A | tee outfile +if grep "www.example.org" outfile | grep "1.2.3.5"; then + echo "OK" +else + echo "Not OK" + exit 1 +fi +if grep "rpz: applied .example policy." unbound.log | grep "www.example.net. A"; then + echo "log line OK" +else + echo "log line not OK" + exit 1 +fi + +# Modify the config +cp ub.conf ub2.conf +sed -e 's/rpz-action-override: cname/#rpz-action-override: ""/' \ + -e 's/rpz-cname-override: "www.example.org"/rpz-cname-override: ""/' \ + -e 's/rpz-log-name: "example policy"/rpz-log-name: "exrpz"/' \ + < ub2.conf > ub.conf +echo "" +echo "> Modified config" +grep "rpz" ub.conf +echo "" + +echo "> unbound-control reload" +$PRE/unbound-control -c ub.conf reload 2>&1 | tee outfile +if test $? -ne 0; then + echo "wrong exit value." + exit 1 +fi +wait_logfile unbound.log "Restart of unbound" 60 + +# Check the output after reload +dig @127.0.0.1 -p $UNBOUND_PORT foo.example.net. A | tee outfile +echo "> check answer" +if grep "NXDOMAIN" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi +if grep "rpz: applied .exrpz." unbound.log | grep "foo.example.net. A"; then + echo "log line OK" +else + echo "log line not OK" + exit 1 +fi + +dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. A | tee outfile +if grep "1.2.3.4" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi +if grep "rpz: applied .exrpz." unbound.log | grep "www.example.net. A"; then + echo "log line OK" +else + echo "log line not OK" + exit 1 +fi + +exit 0 diff --git a/testdata/ssl_req_order.tdir/ssl_req_order.conf b/testdata/ssl_req_order.tdir/ssl_req_order.conf index 3b2e2b1b4fa9..ec39d3ab2823 100644 --- a/testdata/ssl_req_order.tdir/ssl_req_order.conf +++ b/testdata/ssl_req_order.tdir/ssl_req_order.conf @@ -9,6 +9,7 @@ server: chroot: "" username: "" do-not-query-localhost: no + discard-timeout: 3000 # testns uses sleep=2 ssl-port: @PORT@ ssl-service-key: "unbound_server.key" ssl-service-pem: "unbound_server.pem" diff --git a/testdata/subnet_cached.crpl b/testdata/subnet_cached.crpl index 209831335b8a..3cee6e978b76 100644 --- a/testdata/subnet_cached.crpl +++ b/testdata/subnet_cached.crpl @@ -21,7 +21,7 @@ stub-zone: stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END -SCENARIO_BEGIN Test validator with positive response +SCENARIO_BEGIN Test subnet cached response ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 diff --git a/testdata/subnet_cached_size.crpl b/testdata/subnet_cached_size.crpl new file mode 100644 index 000000000000..d221d0d37bc8 --- /dev/null +++ b/testdata/subnet_cached_size.crpl @@ -0,0 +1,308 @@ +; Ask the same question twice. Check to see second is answered +; from cache + +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache validator iterator" + verbosity: 3 + fake-sha1: yes + fake-dsa: yes + access-control: 127.0.0.0/8 allow_snoop + qname-minimisation: "no" + minimal-responses: no + ; the size for the edns subnet cache + msg-cache-size: 1500 + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test subnet cached response size + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to DNSKEY priming query + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN DNSKEY + SECTION ANSWER + example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} + example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.43 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AFC5G+z0jWt132hDuTIFOva59cZ7MTd+ex/osuoiQhIIuWFAr9xoZz8= + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.3.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 03 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 00 00 ;127.0.0.0/17 + HEX_ANSWER_END +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RD RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 11 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +STEP 11 QUERY + +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 00 00 00 01 00 00 ;ID 0, no RD + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 12 00 ; ip4, scope 18, source 0 + 7f 00 00 ;127.0.0.0/18 + HEX_ANSWER_END +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 12 11 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +; update the cache entry +STEP 30 QUERY +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 03 00 ;127.3.0.0/17 + HEX_ANSWER_END +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RD RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.43 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AFC5G+z0jWt132hDuTIFOva59cZ7MTd+ex/osuoiQhIIuWFAr9xoZz8= + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.3.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 11 ; source mask, scopemask + 7f 03 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/tcp_req_order.tdir/tcp_req_order.conf b/testdata/tcp_req_order.tdir/tcp_req_order.conf index 40d6f55c8cde..b2804e8e2d2d 100644 --- a/testdata/tcp_req_order.tdir/tcp_req_order.conf +++ b/testdata/tcp_req_order.tdir/tcp_req_order.conf @@ -9,6 +9,7 @@ server: chroot: "" username: "" do-not-query-localhost: no + discard-timeout: 3000 # testns uses sleep=2 local-zone: "example.net" static local-data: "www1.example.net. IN A 1.2.3.1" diff --git a/testdata/tcp_sigpipe.tdir/tcp_sigpipe.conf b/testdata/tcp_sigpipe.tdir/tcp_sigpipe.conf index 384f16b0738a..4f1ff9b088a8 100644 --- a/testdata/tcp_sigpipe.tdir/tcp_sigpipe.conf +++ b/testdata/tcp_sigpipe.tdir/tcp_sigpipe.conf @@ -1,5 +1,5 @@ server: - verbosity: 2 + verbosity: 4 # num-threads: 1 interface: 127.0.0.1 port: @PORT@ @@ -9,6 +9,7 @@ server: chroot: "" username: "" do-not-query-localhost: no + discard-timeout: 3000 # testns uses sleep=2 forward-zone: name: "." diff --git a/testdata/ttl_max_negative.rpl b/testdata/ttl_max_negative.rpl new file mode 100644 index 000000000000..243b66fe39b6 --- /dev/null +++ b/testdata/ttl_max_negative.rpl @@ -0,0 +1,206 @@ +; config options +server: + access-control: 127.0.0.1 allow_snoop + cache-max-ttl: 15 # This will be overriden + cache-max-negative-ttl: 10 + qname-minimisation: "no" + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test TTL max option for messages in the cache + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN A +SECTION ANSWER +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION AUTHORITY +. 86400 IN SOA . . 20070304 28800 7200 604800 86400 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN AAAA +SECTION AUTHORITY +. 86400 IN SOA . . 20070304 28800 7200 604800 86400 +ENTRY_END + +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. 3600 IN SOA . . 15 28800 7200 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. 3600 IN SOA . . 15 28800 7200 604800 3600 +ENTRY_END + +RANGE_END + +; start by passing time ; so we are not at 0 +STEP 1 TIME_PASSES ELAPSE 10 + +; query for the record +STEP 8 QUERY +ENTRY_BEGIN +REPLY RD CD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA CD NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 10 IN SOA . . 15 28800 7200 604800 3600 +ENTRY_END + +; wait +STEP 20 TIME_PASSES ELAPSE 5 + +; do a lookup to check TTLs. +STEP 25 QUERY +ENTRY_BEGIN +REPLY +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 26 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 5 IN SOA . . 15 28800 7200 604800 3600 +ENTRY_END + +SCENARIO_END diff --git a/testdata/ttl_min_negative.rpl b/testdata/ttl_min_negative.rpl new file mode 100644 index 000000000000..ece3366c54ee --- /dev/null +++ b/testdata/ttl_min_negative.rpl @@ -0,0 +1,204 @@ +; config options +server: + access-control: 127.0.0.1 allow_snoop + cache-min-ttl: 5 # This will be overriden + cache-min-negative-ttl: 10 + qname-minimisation: "no" + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test TTL min option for messages in the cache + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN A +SECTION ANSWER +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION AUTHORITY +. 86400 IN SOA . . 20070304 28800 7200 604800 86400 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN AAAA +SECTION AUTHORITY +. 86400 IN SOA . . 20070304 28800 7200 604800 86400 +ENTRY_END + +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. 1 IN SOA . . 15 28800 7200 604800 1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. 1 IN SOA . . 15 28800 7200 604800 1 +ENTRY_END + +RANGE_END + +; start by passing time ; so we are not at 0 +STEP 1 TIME_PASSES ELAPSE 10 + +; query for the record +STEP 8 QUERY +ENTRY_BEGIN +REPLY RD CD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA CD NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. 10 IN SOA . . 15 28800 7200 604800 1 +ENTRY_END + +; wait for 7 seconds +STEP 20 TIME_PASSES ELAPSE 7 + +; do a lookup to check TTLs. +STEP 25 QUERY +ENTRY_BEGIN +REPLY +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 26 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. 3 IN SOA . . 15 28800 7200 604800 1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_cnameqtype.rpl b/testdata/val_cnameqtype.rpl index 05ef47426789..abca7bcfad7e 100644 --- a/testdata/val_cnameqtype.rpl +++ b/testdata/val_cnameqtype.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + trust-anchor: "foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" @@ -17,7 +18,7 @@ CONFIG_END SCENARIO_BEGIN Test validator with a query for type cname ; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 +RANGE_BEGIN 0 1000 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname @@ -44,11 +45,11 @@ a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id +MATCH opcode subdomain +ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION -www.example.net. IN CNAME +net. IN A SECTION AUTHORITY net. IN NS a.gtld-servers.net. SECTION ADDITIONAL @@ -57,7 +58,7 @@ ENTRY_END RANGE_END ; a.gtld-servers.net. -RANGE_BEGIN 0 100 +RANGE_BEGIN 0 1000 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname @@ -94,21 +95,33 @@ example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END + ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id +MATCH opcode subdomain +ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION -www.example.net. IN A +example.net. IN A SECTION AUTHORITY example.net. IN NS ns.example.net. SECTION ADDITIONAL ns.example.net. IN A 1.2.3.5 ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.net. IN NS +SECTION AUTHORITY +foo.net. IN NS ns.example.com. +ENTRY_END + RANGE_END ; ns.example.com. -RANGE_BEGIN 0 100 +RANGE_BEGIN 0 1000 ADDRESS 1.2.3.4 ENTRY_BEGIN MATCH opcode qtype qname @@ -155,10 +168,167 @@ www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 3600 IN CNAME www.example.net. +www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN CNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +www3.example.com. 3600 IN CNAME www3.foo.net. +www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www3.foo.net. IN A +SECTION ANSWER +www3.foo.net. IN A 12.13.14.15 +www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.example.com. IN CNAME +SECTION ANSWER +www4.example.com. 3600 IN CNAME www4.foo.net. +www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.foo.net. IN CNAME +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www5.example.com. IN A +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www5.foo.net. IN A +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.h-dname.example.com. IN CNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.tea.foo.net. IN CNAME +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.net. IN DNSKEY +SECTION ANSWER +foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +foo.net. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 foo.net. FLWrxrEnMpKoUDf+mbHGKSQ9OYloJs1eVbxkQaTSfJSLnLzOS0MLflMfbH1nC+Fk8idN7Aw07P5S9Ez1/fAb4w== +ENTRY_END + RANGE_END ; ns.example.net. -RANGE_BEGIN 0 100 +RANGE_BEGIN 0 1000 ADDRESS 1.2.3.5 ENTRY_BEGIN MATCH opcode qtype qname @@ -207,6 +377,7 @@ SECTION ADDITIONAL ENTRY_END RANGE_END +; Test qtype CNAME, answer from upstream. STEP 1 QUERY ENTRY_BEGIN REPLY RD DO @@ -228,4 +399,229 @@ SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END +; Test qtype CNAME, answer from cache after A query. +; perform the A query that gets the CNAME in cache. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 3600 IN CNAME www.example.net. +www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +ENTRY_END + +; now query for type CNAME, that is in cache. +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www2.example.com. IN CNAME +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www2.example.com. IN CNAME +SECTION ANSWER +www2.example.com. 3600 IN CNAME www.example.net. +www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= +ENTRY_END + +; Test qtype CNAME, answer DNAME from upstream. +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo.test-dname.example.com. IN CNAME +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN CNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +ENTRY_END + +; Test qtype CNAME, answer DNAME from cached DNAME record. +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo2.test-dname.example.com. IN CNAME +ENTRY_END + +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +foo2.test-dname.example.com. IN CNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo2.test-dname.example.com. 3600 IN CNAME foo2.example.net. +ENTRY_END + +; Test first a simple A query, that connects example.com to foo.net. +STEP 100 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www3.example.com. IN A +ENTRY_END + +STEP 110 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +www3.example.com. 3600 IN CNAME www3.foo.net. +www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= +www3.foo.net. IN A 12.13.14.15 +www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== +ENTRY_END + +; Test qtype CNAME, but the upstream responds that there is NXDOMAIN, +; it can do this because it has the zone loaded at the name after the CNAME, +; in the zone foo.net. and it chases the CNAME. +STEP 120 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www4.example.com. IN CNAME +ENTRY_END + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www4.example.com. IN CNAME +SECTION ANSWER +www4.example.com. 3600 IN CNAME www4.foo.net. +www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +; Test, first pull a CNAME to NXDOMAIN in cache with an A query and then use +; it for qtype CNAME. +STEP 140 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www5.example.com. IN A +ENTRY_END + +STEP 150 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www5.example.com. IN A +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +SECTION AUTHORITY +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +ENTRY_END + +STEP 160 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www5.example.com. IN CNAME +ENTRY_END + +STEP 170 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www5.example.com. IN CNAME +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +ENTRY_END + +; Test, qtype CNAME, but it is a DNAME and the upstream server can respond +; with NXDOMAIN, it can do this because the foo.net zone is also loaded by +; the server and it looks in the other zone. +STEP 180 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cup.h-dname.example.com. IN CNAME +ENTRY_END + +STEP 190 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +cup.h-dname.example.com. IN CNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +; Test, first pull a DNAME in cache and then use it for qtype CNAME to an +; NXDOMAIN. +STEP 200 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cup2.h-dname.example.com. IN CNAME +ENTRY_END + +STEP 210 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +cup2.h-dname.example.com. IN CNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup2.h-dname.example.com. 3600 IN CNAME cup2.tea.foo.net. +ENTRY_END + SCENARIO_END diff --git a/testdata/val_cnameqtype_qmin.rpl b/testdata/val_cnameqtype_qmin.rpl new file mode 100644 index 000000000000..7943b09488ec --- /dev/null +++ b/testdata/val_cnameqtype_qmin.rpl @@ -0,0 +1,784 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + trust-anchor: "foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "yes" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a query for type cname + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 1000 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 1000 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.net. IN NS +SECTION AUTHORITY +foo.net. IN NS ns.example.com. +ENTRY_END + +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 1000 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN CNAME +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 3600 IN CNAME www.example.net. +www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +test-dname.example.com. IN A +SECTION AUTHORITY +test-dname.example.com. IN NSEC ur.example.com. DNAME RRSIG NSEC +test-dname.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AAez/ZKaKWeaFxTR139M1czTPdpAXG7QDAbNLEF3QT0/nBRKGyI3BAM= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN CNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN A +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +www3.example.com. 3600 IN CNAME www3.foo.net. +www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www3.foo.net. IN A +SECTION ANSWER +www3.foo.net. IN A 12.13.14.15 +www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.example.com. IN CNAME +SECTION ANSWER +www4.example.com. 3600 IN CNAME www4.foo.net. +www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.example.com. IN A +SECTION ANSWER +www4.example.com. 3600 IN CNAME www4.foo.net. +www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.foo.net. IN CNAME +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.foo.net. IN A +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www5.example.com. IN A +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www5.foo.net. IN A +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +h-dname.example.com. IN A +SECTION AUTHORITY +h-dname.example.com. IN NSEC ip.example.com. DNAME RRSIG NSEC +h-dname.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AFFsp8m0uRY9RaXCtk47kKuQEDj1YsM7izqOz9N+8sMT5wBXhWg3KqI= +example.com. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. ABRSIKVO+4LWyeGBM5lPJlZBJaj6iDihKwPSzYx6fgGbiHdtLkXOMUc= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.h-dname.example.com. IN CNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.h-dname.example.com. IN A +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +tea.foo.net. IN A +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.tea.foo.net. IN CNAME +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.tea.foo.net. IN A +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.net. IN DNSKEY +SECTION ANSWER +foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +foo.net. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 foo.net. FLWrxrEnMpKoUDf+mbHGKSQ9OYloJs1eVbxkQaTSfJSLnLzOS0MLflMfbH1nC+Fk8idN7Aw07P5S9Ez1/fAb4w== +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 1000 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +foo.example.net. IN A +SECTION ANSWER +foo.example.net. IN A 11.12.13.16 +foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. nDw60j3CmEUuFDXnTTNbdUHKJFTIEGHbSKE096CdgbSK73wV2xfG5YdMPA59cYUG0oODPyAKuhDltzk7LoTaWg== +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +foo.example.net. IN CNAME +SECTION AUTHORITY +foo.example.net. IN NSEC go.example.net. A AAAA RRSIG NSEC +foo.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. JgRBvtJwQqzidljfbnINd283z57/7UFcLGfSLKdgEXky0hf8S54cnFKsruMv8d3OMScmGOMFnYQ1flJxfK0+Zw== +example.net. IN SOA ns.example.net. admin.example.net. 2024030884 3600 3600 604800 3600 +example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ZlStOlahsMp7yzVD2GRAOKXoYlsV372Q2hMpFJYNdhpHcqlqodgVFxA80ftJ66OjeVpb+1DJSIZitSaQrfF8rA== +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; Test qtype CNAME, answer from upstream. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN CNAME +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN CNAME +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; Test qtype CNAME, answer from cache after A query. +; perform the A query that gets the CNAME in cache. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 3600 IN CNAME www.example.net. +www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +ENTRY_END + +; now query for type CNAME, that is in cache. +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www2.example.com. IN CNAME +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www2.example.com. IN CNAME +SECTION ANSWER +www2.example.com. 3600 IN CNAME www.example.net. +www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= +ENTRY_END + +; Test qtype CNAME, answer DNAME from upstream. +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo.test-dname.example.com. IN CNAME +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN CNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +ENTRY_END + +; Test qtype CNAME, answer DNAME from cached DNAME record. +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo2.test-dname.example.com. IN CNAME +ENTRY_END + +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +foo2.test-dname.example.com. IN CNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo2.test-dname.example.com. 3600 IN CNAME foo2.example.net. +ENTRY_END + +; Test first a simple A query, that connects example.com to foo.net. +STEP 100 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www3.example.com. IN A +ENTRY_END + +STEP 110 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +www3.example.com. 3600 IN CNAME www3.foo.net. +www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= +www3.foo.net. IN A 12.13.14.15 +www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== +ENTRY_END + +; Test qtype CNAME, but the upstream responds that there is NXDOMAIN, +; it can do this because it has the zone loaded at the name after the CNAME, +; in the zone foo.net. and it chases the CNAME. +STEP 120 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www4.example.com. IN CNAME +ENTRY_END + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www4.example.com. IN CNAME +SECTION ANSWER +www4.example.com. 3600 IN CNAME www4.foo.net. +www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +; Test, first pull a CNAME to NXDOMAIN in cache with an A query and then use +; it for qtype CNAME. +STEP 140 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www5.example.com. IN A +ENTRY_END + +STEP 150 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www5.example.com. IN A +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +SECTION AUTHORITY +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +ENTRY_END + +STEP 160 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www5.example.com. IN CNAME +ENTRY_END + +STEP 170 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www5.example.com. IN CNAME +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +ENTRY_END + +; Test, qtype CNAME, but it is a DNAME and the upstream server can respond +; with NXDOMAIN, it can do this because the foo.net zone is also loaded by +; the server and it looks in the other zone. +STEP 180 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cup.h-dname.example.com. IN CNAME +ENTRY_END + +STEP 190 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +cup.h-dname.example.com. IN CNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +; Test, first pull a DNAME in cache and then use it for qtype CNAME to an +; NXDOMAIN. +STEP 200 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cup2.h-dname.example.com. IN CNAME +ENTRY_END + +STEP 210 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +cup2.h-dname.example.com. IN CNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup2.h-dname.example.com. 3600 IN CNAME cup2.tea.foo.net. +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_dnameqtype.rpl b/testdata/val_dnameqtype.rpl new file mode 100644 index 000000000000..74cc45ec2008 --- /dev/null +++ b/testdata/val_dnameqtype.rpl @@ -0,0 +1,689 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + trust-anchor: "foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a query for type dname + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 1000 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 1000 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.net. IN NS +SECTION AUTHORITY +foo.net. IN NS ns.example.com. +ENTRY_END + +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 1000 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN DNAME +SECTION ANSWER +www.example.com. IN DNAME www.example.net. +www.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKXpbBNiurXv6oFOFQJv5rASdxpoWp2WV1j4ZdJAJ1f48cOkBM2oiEE= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www2.example.com. IN DNAME +SECTION ANSWER +www2.example.com. 3600 IN DNAME www.example.net. +www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +fore.www2.example.com. IN A +SECTION ANSWER +www2.example.com. 3600 IN DNAME www.example.net. +www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= +fore.www2.example.com. IN CNAME fore.www.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN DNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +www3.example.com. 3600 IN CNAME www3.foo.net. +www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www3.foo.net. IN A +SECTION ANSWER +www3.foo.net. IN A 12.13.14.15 +www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.example.com. IN DNAME +SECTION ANSWER +www4.example.com. 3600 IN CNAME www4.foo.net. +www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.foo.net. IN DNAME +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www5.example.com. IN A +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www5.foo.net. IN A +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.h-dname.example.com. IN DNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.tea.foo.net. IN DNAME +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.net. IN DNSKEY +SECTION ANSWER +foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +foo.net. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 foo.net. FLWrxrEnMpKoUDf+mbHGKSQ9OYloJs1eVbxkQaTSfJSLnLzOS0MLflMfbH1nC+Fk8idN7Aw07P5S9Ez1/fAb4w== +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 1000 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.example.net. IN DNAME +SECTION ANSWER +foo.example.net. IN DNAME lower.example.net. +foo.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. OZLH158CkKbQZOkBCof7oLzy8sbtDI3/BHEOqBeYZzcfHHfHS9L4qJBII5uO+x8yB/DTkFEhdL5WZV2IjRlkNQ== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo2.example.net. IN DNAME +SECTION ANSWER +foo2.example.net. IN DNAME lower.example.net. +foo2.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. xth0C1DoNubf4PpjkS0tgo6O7yzaLPuTKB2yTNFM1iZRm5pd0o3eo/upvfG2SwqfzimgvM1eDyK06QX/R7Enfw== +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +fore.www.example.net. IN A +SECTION ANSWER +fore.www.example.net. IN A 11.12.13.15 +fore.www.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 example.net. D1axzzs2olCCMQUQchy4ZRs8oefSdLpiIlhPsF1Y5GTTLHKKs6H14tm3FrRTLUIb2FzZywHX0Hl+pfoB/lG2qQ== +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; Test qtype DNAME, answer from upstream. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN DNAME +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN DNAME +SECTION ANSWER +www.example.com. IN DNAME www.example.net. +www.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKXpbBNiurXv6oFOFQJv5rASdxpoWp2WV1j4ZdJAJ1f48cOkBM2oiEE= +ENTRY_END + +; Test qtype DNAME, answer from cache after A query. +; perform the A query that gets the DNAME in cache. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +fore.www2.example.com. IN A +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +fore.www2.example.com. IN A +SECTION ANSWER +www2.example.com. 3600 IN DNAME www.example.net. +www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= +fore.www2.example.com. IN CNAME fore.www.example.net. +fore.www.example.net. IN A 11.12.13.15 +fore.www.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 example.net. D1axzzs2olCCMQUQchy4ZRs8oefSdLpiIlhPsF1Y5GTTLHKKs6H14tm3FrRTLUIb2FzZywHX0Hl+pfoB/lG2qQ== +ENTRY_END + +; now query for type DNAME, that is in cache. +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www2.example.com. IN DNAME +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www2.example.com. IN DNAME +SECTION ANSWER +www2.example.com. 3600 IN DNAME www.example.net. +www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= +ENTRY_END + +; Test qtype DNAME, answer DNAME from upstream. +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo.test-dname.example.com. IN DNAME +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN DNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +foo.example.net. IN DNAME lower.example.net. +foo.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. OZLH158CkKbQZOkBCof7oLzy8sbtDI3/BHEOqBeYZzcfHHfHS9L4qJBII5uO+x8yB/DTkFEhdL5WZV2IjRlkNQ== +ENTRY_END + +; Test qtype DNAME, answer DNAME from cached DNAME record. +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo2.test-dname.example.com. IN DNAME +ENTRY_END + +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +foo2.test-dname.example.com. IN DNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo2.test-dname.example.com. 3600 IN CNAME foo2.example.net. +foo2.example.net. IN DNAME lower.example.net. +foo2.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. xth0C1DoNubf4PpjkS0tgo6O7yzaLPuTKB2yTNFM1iZRm5pd0o3eo/upvfG2SwqfzimgvM1eDyK06QX/R7Enfw== +ENTRY_END + +; Test first a simple A query, that connects example.com to foo.net. +STEP 100 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www3.example.com. IN A +ENTRY_END + +STEP 110 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +www3.example.com. 3600 IN CNAME www3.foo.net. +www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= +www3.foo.net. IN A 12.13.14.15 +www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== +ENTRY_END + +; Test qtype DNAME, but the upstream responds that there is NXDOMAIN, +; it can do this because it has the zone loaded at the name after the CNAME, +; in the zone foo.net. and it chases the query there. +STEP 120 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www4.example.com. IN DNAME +ENTRY_END + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www4.example.com. IN DNAME +SECTION ANSWER +www4.example.com. 3600 IN CNAME www4.foo.net. +www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +; Test, first pull a CNAME to NXDOMAIN in cache with an A query and then use +; it for qtype DNAME. +STEP 140 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www5.example.com. IN A +ENTRY_END + +STEP 150 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www5.example.com. IN A +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +SECTION AUTHORITY +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +ENTRY_END + +STEP 160 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www5.example.com. IN DNAME +ENTRY_END + +STEP 170 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www5.example.com. IN DNAME +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +SECTION AUTHORITY +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +ENTRY_END + +; Test, qtype DNAME, but it is under a DNAME and the upstream server can +; respond with NXDOMAIN, it can do this because the foo.net zone is also +; loaded by the server and it looks in the other zone. +STEP 180 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cup.h-dname.example.com. IN DNAME +ENTRY_END + +STEP 190 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +cup.h-dname.example.com. IN DNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +; Test, first pull a DNAME in cache and then use it for qtype DNAME to an +; NXDOMAIN. +STEP 200 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cup2.h-dname.example.com. IN DNAME +ENTRY_END + +STEP 210 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +cup2.h-dname.example.com. IN DNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup2.h-dname.example.com. 3600 IN CNAME cup2.tea.foo.net. +SECTION AUTHORITY +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_dnameqtype_qmin.rpl b/testdata/val_dnameqtype_qmin.rpl new file mode 100644 index 000000000000..b37157d0ca69 --- /dev/null +++ b/testdata/val_dnameqtype_qmin.rpl @@ -0,0 +1,859 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + trust-anchor: "foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "yes" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a query for type dname + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 1000 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 1000 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.net. IN NS +SECTION AUTHORITY +foo.net. IN NS ns.example.com. +ENTRY_END + +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 1000 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN DNAME +SECTION ANSWER +www.example.com. IN DNAME www.example.net. +www.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKXpbBNiurXv6oFOFQJv5rASdxpoWp2WV1j4ZdJAJ1f48cOkBM2oiEE= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +www.example.com. IN NSEC www2.example.com. DNAME RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AFHQydH3FKwEv2XUy5holgQFEPC7dOQMJKamf16zu8ov2L37F9wl7ak= +example.com. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. ABRSIKVO+4LWyeGBM5lPJlZBJaj6iDihKwPSzYx6fgGbiHdtLkXOMUc= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www2.example.com. IN DNAME +SECTION ANSWER +www2.example.com. 3600 IN DNAME www.example.net. +www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION AUTHORITY +www2.example.com. IN NSEC www3.example.com. DNAME RRSIG NSEC +www2.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AHXqx82+YKFrEUSAFGEJJ+W27gtNA/1eWniwf9g+ZT4KTsTbqYnkYpk= +example.com. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. ABRSIKVO+4LWyeGBM5lPJlZBJaj6iDihKwPSzYx6fgGbiHdtLkXOMUc= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +fore.www2.example.com. IN A +SECTION ANSWER +www2.example.com. 3600 IN DNAME www.example.net. +www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= +fore.www2.example.com. IN CNAME fore.www.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +test-dname.example.com. IN A +SECTION AUTHORITY +test-dname.example.com. IN NSEC ur.example.com. DNAME RRSIG NSEC +test-dname.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AAez/ZKaKWeaFxTR139M1czTPdpAXG7QDAbNLEF3QT0/nBRKGyI3BAM= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN DNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN A +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +www3.example.com. 3600 IN CNAME www3.foo.net. +www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www3.foo.net. IN A +SECTION ANSWER +www3.foo.net. IN A 12.13.14.15 +www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.example.com. IN DNAME +SECTION ANSWER +www4.example.com. 3600 IN CNAME www4.foo.net. +www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.example.com. IN A +SECTION ANSWER +www4.example.com. 3600 IN CNAME www4.foo.net. +www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.foo.net. IN DNAME +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www4.foo.net. IN A +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www5.example.com. IN A +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www5.foo.net. IN A +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +h-dname.example.com. IN A +SECTION AUTHORITY +h-dname.example.com. IN NSEC ip.example.com. DNAME RRSIG NSEC +h-dname.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AFFsp8m0uRY9RaXCtk47kKuQEDj1YsM7izqOz9N+8sMT5wBXhWg3KqI= +example.com. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. ABRSIKVO+4LWyeGBM5lPJlZBJaj6iDihKwPSzYx6fgGbiHdtLkXOMUc= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.h-dname.example.com. IN DNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.h-dname.example.com. IN A +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +tea.foo.net. IN A +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.tea.foo.net. IN DNAME +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cup.tea.foo.net. IN A +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.net. IN DNSKEY +SECTION ANSWER +foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +foo.net. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 foo.net. FLWrxrEnMpKoUDf+mbHGKSQ9OYloJs1eVbxkQaTSfJSLnLzOS0MLflMfbH1nC+Fk8idN7Aw07P5S9Ez1/fAb4w== +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 1000 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.example.net. IN A +SECTION AUTHORITY +foo.example.net. IN NSEC foo2.example.net. DNAME RRSIG NSEC +foo.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. dl9WUrcxjV2vi46WBbCqhS2aVODCkZGvd/pbd6wo232P9+RmeEcRYrY05kbvW2A8+uHhY6dh7N7ft6wElG4IZQ== +example.net. IN SOA ns.example.net. admin.example.net. 2024030884 3600 3600 604800 3600 +example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ZlStOlahsMp7yzVD2GRAOKXoYlsV372Q2hMpFJYNdhpHcqlqodgVFxA80ftJ66OjeVpb+1DJSIZitSaQrfF8rA== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.example.net. IN DNAME +SECTION ANSWER +foo.example.net. IN DNAME lower.example.net. +foo.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. OZLH158CkKbQZOkBCof7oLzy8sbtDI3/BHEOqBeYZzcfHHfHS9L4qJBII5uO+x8yB/DTkFEhdL5WZV2IjRlkNQ== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo2.example.net. IN A +SECTION AUTHORITY +foo2.example.net. IN NSEC foo3.example.net. DNAME RRSIG NSEC +foo2.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. HEYg0iOnIgQEFH+FiMqqnFnXvx5KdIjQG/hwNrUqWZlknqOmnCLVDxSXr+PmSKuICcfStDqCMjnXEKOCr3Malg== +example.net. IN SOA ns.example.net. admin.example.net. 2024030884 3600 3600 604800 3600 +example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ZlStOlahsMp7yzVD2GRAOKXoYlsV372Q2hMpFJYNdhpHcqlqodgVFxA80ftJ66OjeVpb+1DJSIZitSaQrfF8rA== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo2.example.net. IN DNAME +SECTION ANSWER +foo2.example.net. IN DNAME lower.example.net. +foo2.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. xth0C1DoNubf4PpjkS0tgo6O7yzaLPuTKB2yTNFM1iZRm5pd0o3eo/upvfG2SwqfzimgvM1eDyK06QX/R7Enfw== +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +fore.www.example.net. IN A +SECTION ANSWER +fore.www.example.net. IN A 11.12.13.15 +fore.www.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 example.net. D1axzzs2olCCMQUQchy4ZRs8oefSdLpiIlhPsF1Y5GTTLHKKs6H14tm3FrRTLUIb2FzZywHX0Hl+pfoB/lG2qQ== +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; Test qtype DNAME, answer from upstream. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN DNAME +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN DNAME +SECTION ANSWER +www.example.com. IN DNAME www.example.net. +www.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKXpbBNiurXv6oFOFQJv5rASdxpoWp2WV1j4ZdJAJ1f48cOkBM2oiEE= +ENTRY_END + +; Test qtype DNAME, answer from cache after A query. +; perform the A query that gets the DNAME in cache. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +fore.www2.example.com. IN A +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +fore.www2.example.com. IN A +SECTION ANSWER +www2.example.com. 3600 IN DNAME www.example.net. +www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= +fore.www2.example.com. IN CNAME fore.www.example.net. +fore.www.example.net. IN A 11.12.13.15 +fore.www.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 example.net. D1axzzs2olCCMQUQchy4ZRs8oefSdLpiIlhPsF1Y5GTTLHKKs6H14tm3FrRTLUIb2FzZywHX0Hl+pfoB/lG2qQ== +ENTRY_END + +; now query for type DNAME, that is in cache. +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www2.example.com. IN DNAME +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www2.example.com. IN DNAME +SECTION ANSWER +www2.example.com. 3600 IN DNAME www.example.net. +www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= +ENTRY_END + +; Test qtype DNAME, answer DNAME from upstream. +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo.test-dname.example.com. IN DNAME +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN DNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +foo.example.net. IN DNAME lower.example.net. +foo.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. OZLH158CkKbQZOkBCof7oLzy8sbtDI3/BHEOqBeYZzcfHHfHS9L4qJBII5uO+x8yB/DTkFEhdL5WZV2IjRlkNQ== +ENTRY_END + +; Test qtype DNAME, answer DNAME from cached DNAME record. +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo2.test-dname.example.com. IN DNAME +ENTRY_END + +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +foo2.test-dname.example.com. IN DNAME +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo2.test-dname.example.com. 3600 IN CNAME foo2.example.net. +foo2.example.net. IN DNAME lower.example.net. +foo2.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. xth0C1DoNubf4PpjkS0tgo6O7yzaLPuTKB2yTNFM1iZRm5pd0o3eo/upvfG2SwqfzimgvM1eDyK06QX/R7Enfw== +ENTRY_END + +; Test first a simple A query, that connects example.com to foo.net. +STEP 100 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www3.example.com. IN A +ENTRY_END + +STEP 110 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +www3.example.com. 3600 IN CNAME www3.foo.net. +www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= +www3.foo.net. IN A 12.13.14.15 +www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== +ENTRY_END + +; Test qtype DNAME, but the upstream responds that there is NXDOMAIN, +; it can do this because it has the zone loaded at the name after the CNAME, +; in the zone foo.net. and it chases the query there. +STEP 120 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www4.example.com. IN DNAME +ENTRY_END + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www4.example.com. IN DNAME +SECTION ANSWER +www4.example.com. 3600 IN CNAME www4.foo.net. +www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +; Test, first pull a CNAME to NXDOMAIN in cache with an A query and then use +; it for qtype DNAME. +STEP 140 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www5.example.com. IN A +ENTRY_END + +STEP 150 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www5.example.com. IN A +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +SECTION AUTHORITY +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +ENTRY_END + +STEP 160 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www5.example.com. IN DNAME +ENTRY_END + +STEP 170 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www5.example.com. IN DNAME +SECTION ANSWER +www5.example.com. 3600 IN CNAME www5.foo.net. +www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= +SECTION AUTHORITY +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC +van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +ENTRY_END + +; Test, qtype DNAME, but it is under a DNAME and the upstream server can +; respond with NXDOMAIN, it can do this because the foo.net zone is also +; loaded by the server and it looks in the other zone. +STEP 180 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cup.h-dname.example.com. IN DNAME +ENTRY_END + +STEP 190 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +cup.h-dname.example.com. IN DNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. +SECTION AUTHORITY +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +ENTRY_END + +; Test, first pull a DNAME in cache and then use it for qtype DNAME to an +; NXDOMAIN. +STEP 200 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cup2.h-dname.example.com. IN DNAME +ENTRY_END + +STEP 210 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +cup2.h-dname.example.com. IN DNAME +SECTION ANSWER +h-dname.example.com. 3600 IN DNAME tea.foo.net. +h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= +cup2.h-dname.example.com. 3600 IN CNAME cup2.tea.foo.net. +SECTION AUTHORITY +foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY +foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== +sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC +sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== +foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 +foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== +ENTRY_END + +SCENARIO_END |