jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-26 20:12:44 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

unbound: Remove testcode and testdata

Browse Source 
The testcode and testdata directories are not used by FreeBSD.
Remove them.

MFC after:	1 week
This commit is contained in:
Cy Schubert 2024-10-18 07:14:41 -07:00
parent 46d2f61818
commit 0c2af19e78
139 changed files with 0 additions and 23468 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2701
contrib/unbound/testcode/doqclient.c
View File

File diff suppressed because it is too large Load Diff

84
contrib/unbound/testcode/unitdoq.c
View File

@ -1,84 +0,0 @@
/*
* testcode/unitdoq.c - unit test for doq routines.
*
* Copyright (c) 2022, NLnet Labs. All rights reserved.
*
* This software is open source.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of the NLNET LABS nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* \file
* Calls doq related unit tests. Exits with code 1 on a failure.
*/
#include "config.h"
#ifdef HAVE_NGTCP2
#include "util/netevent.h"
#include "services/listen_dnsport.h"
#include "testcode/unitmain.h"
/** check the size of a connection for doq */
static void
doq_size_conn_check()
{
/* Printout the size of one doq connection, in memory usage.
* A connection with a couple cids, of type doq_conid, and
* it has one stream, and that has a query and an answer. */
size_t answer_size = 233; /* size of www.nlnetlabs.nl minimal answer
with dnssec and one A record. The unsigned answer is 176 with
additional data, 61 bytes minimal response one A record. */
size_t query_size = 45; /* size of query for www.nlnetlabs.nl, with
an EDNS record with DO flag. */
size_t conn_size = sizeof(struct doq_conn);
size_t conid_size = sizeof(struct doq_conid);
size_t stream_size = sizeof(struct doq_stream);
conn_size += 16; /* DCID len in the conn key */
conn_size += 0; /* the size of the ngtcp2_conn */
conn_size += 0; /* the size of the SSL record */
conn_size += 0; /* size of the close pkt,
but we do not count it here. Only if the conn gets closed. */
conid_size += 16; /* the dcid of the conn key */
conid_size += 16; /* the cid */
stream_size += query_size; /* size of in buffer */
stream_size += answer_size; /* size of out buffer */
printf("doq connection size %u bytes\n", (unsigned)(conn_size +
conid_size*3 + stream_size));
}
void doq_test(void)
{
unit_show_feature("doq");
doq_size_conn_check();
}
#endif /* HAVE_NGTCP2 */

14
contrib/unbound/testdata/00-lint.tdir/00-lint.pre vendored
View File

@ -1,14 +0,0 @@
# #-- 00-lint.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
. ../common.sh
PRE="../.."
if test -f $PRE/unbound_test_00-lint ; then
echo test enabled
else
skip_test "test skipped; clang linter preferred over splint"
fi

5
contrib/unbound/testdata/09-unbound-control.tdir/conf.bad_credentials vendored
View File

@ -1,5 +0,0 @@
remote-control:
server-key-file: bad_server.key
server-cert-file: bad_server.pem
control-key-file: bad_control.key
control-cert-file: bad_control.pem

5
contrib/unbound/testdata/09-unbound-control.tdir/conf.spoofed_credentials vendored
View File

@ -1,5 +0,0 @@
remote-control:
server-key-file: unbound_server.key
server-cert-file: unbound_server.pem
control-key-file: bad_control.key
control-cert-file: bad_control.pem

4
contrib/unbound/testdata/09-unbound-control.tdir/view_local_data vendored
View File

@ -1,4 +0,0 @@
viewlocaldatafromfile 3600 TXT "view local data from file OK"
viewlocaldatafromfile1 3600 A 1.1.1.1
viewlocaldatafromfile2 3600 A 2.2.2.2
viewlocaldatafromfile3 3600 A 3.3.3.3

4
contrib/unbound/testdata/09-unbound-control.tdir/view_local_data_remove vendored
View File

@ -1,4 +0,0 @@
viewlocaldatafromfile
viewlocaldatafromfile1
viewlocaldatafromfile2
viewlocaldatafromfile3

3
contrib/unbound/testdata/acl_interface.tdir/rpz-nx.zone vendored
View File

@ -1,3 +0,0 @@
$ORIGIN rpz-nx.
@ IN SOA no.no no.no 1 2 3 4 5
local IN CNAME .

3
contrib/unbound/testdata/acl_interface.tdir/rpz-one.zone vendored
View File

@ -1,3 +0,0 @@
$ORIGIN rpz-one.
@ IN SOA no.no no.no 1 2 3 4 5
local IN A 11.11.11.11

3
contrib/unbound/testdata/acl_interface.tdir/rpz-two.zone vendored
View File

@ -1,3 +0,0 @@
$ORIGIN rpz-two.
@ IN SOA no.no no.no 1 2 3 4 5
local IN A 22.22.22.22

16
contrib/unbound/testdata/auth_tls.tdir/auth_tls.dsc vendored
View File

@ -1,16 +0,0 @@
BaseName: auth_tls
Version: 1.0
Description: Perform AXFR over tls for authority zone
CreationDate: Thu 29 Aug 09:35:40 CEST 2024
Maintainer: dr. W.C.A. Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: auth_tls.pre
Post: auth_tls.post
Test: auth_tls.test
AuxFiles:
Passed:
Failure:

21
contrib/unbound/testdata/auth_tls.tdir/auth_tls.nsd.conf vendored
View File

@ -1,21 +0,0 @@
server:
logfile: "/dev/stderr"
xfrdfile: xfrd.state
username: ""
chroot: ""
zonesdir: ""
pidfile: "nsd.pid"
zonelistfile: "zone.list"
verbosity: 5
port: @NSD_PORT@
interface: 127.0.0.1@@NSD_PORT@
tls-port: @NSD_PORT@
tls-service-key: "nsd_server.key"
tls-service-pem: "nsd_server.pem"
zone:
name: "example.com"
zonefile: "example.com.zone"
provide-xfr: 0.0.0.0/0 NOKEY
provide-xfr: ::0/0 NOKEY

14
contrib/unbound/testdata/auth_tls.tdir/auth_tls.post vendored
View File

@ -1,14 +0,0 @@
# #-- auth_tls.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_pid $NSD_PID
kill_pid $UNBOUND_PID
echo "nsd.log"
cat nsd.log
echo "unbound.log"
cat unbound.log

47
contrib/unbound/testdata/auth_tls.tdir/auth_tls.pre vendored
View File

@ -1,47 +0,0 @@
# #-- auth_tls.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
. ../common.sh
PRE="../.."
if test -n "$NSD"; then
:
else
if `which nsd >/dev/null 2>&1`; then
# need nsd >= 4.2.0
NSD="nsd"
else
if test -f $PRE/../nsd/nsd; then
NSD="$PRE/../nsd/nsd"
else
skip_test "need nsd"
fi
fi
fi
echo "NSD=$NSD"
get_random_port 2
UNBOUND_PORT=$RND_PORT
NSD_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test
# make config file
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls.ub.conf > ub.conf
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls.nsd.conf > nsd.conf
# start nsd
$NSD -d -c nsd.conf >nsd.log 2>&1 &
NSD_PID=$!
echo "NSD_PID=$NSD_PID" >> .tpkg.var.test
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_nsd_up nsd.log
wait_unbound_up unbound.log

48
contrib/unbound/testdata/auth_tls.tdir/auth_tls.test vendored
View File

@ -1,48 +0,0 @@
# #-- auth_tls.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
if grep SERVFAIL outfile; then
echo "> try again"
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
echo "> check answer"
if grep "1.2.3.4" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
exit 0

22
contrib/unbound/testdata/auth_tls.tdir/auth_tls.ub.conf vendored
View File

@ -1,22 +0,0 @@
server:
verbosity: 7
# num-threads: 1
interface: 127.0.0.1
port: @UNBOUND_PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
tls-service-key: "unbound_server.key"
tls-service-pem: "unbound_server.pem"
tls-cert-bundle: "nsd_server.pem"
auth-zone:
name: "example.com"
for-upstream: yes
for-downstream: yes
primary: "127.0.0.1@@NSD_PORT@#nsd"
allow-notify: "127.0.0.2@@NSD_PORT@"
allow-notify: 127.0.0.1

4
contrib/unbound/testdata/auth_tls.tdir/example.com.zone vendored
View File

@ -1,4 +0,0 @@
example.com. 240 IN SOA ns.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2024082400 28800 7200 604800 240
example.com. NS ns.example.com.
ns.example.com. IN A 192.0.2.1
www.example.com. A 1.2.3.4

39
contrib/unbound/testdata/auth_tls.tdir/nsd_server.key vendored
View File

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5QIBAAKCAYEAxLy5fFUI1OjXXbPcQ13303/K5AliTq6bCnS57edzQIbmPZj7
XbGZ0RnU47cZ11GSAI9ptDIrSidNTsHzaqWZn431/IVjwrIkRgz95/aOWRov4fwm
cS5qvbYV60l384NZLqmF4BDDxSt2MLT2+jWxFEK2iUm2YXZewifQ8zaHmjfAWlo8
TlK5jzt0Qc0qPv5nCC6mwtjb7OHul3N3QolW6hZOc1KZVEeBdELedoU9TyMyzhPB
vkqAXWoti/CwWj3YMTj/L7zNfQ9F1HW6n67Y+ltO8IadILPiZiiAVIrLqUh3EL2X
fq+BcJ3QvADjyL9F5TH3AaWoi6iYgMGcgdqK9k6hj+ziuMxX6OsgzfzxTEzZCHhP
Er39SX6j/fHzJP4aGQxAAHLAmv2p9P/oEZeZsvWPsBWYpULKgMZ0JDZhf26ddrB1
mpTaqRQsG384dUZR9f/iyzTszwgc2PQ7JG6gVg723KoBhlD0g+DlC8XdxiRyaDbJ
PXzSoXgLWumx02OhAgMBAAECggGBAMS7MARriBRX7hzuYaEgE1V0oe+cjqi9o542
EUMcQjzRaOVJ2HrdwUG+wgsgKwAMuqJCxuIBlRZm7MCH5CDODivmKohk3thviSRf
k3tlKv1g2Wby3YIqd2TT82FAK2nf+8tUi+H/AbVl+59DJwIXtMbc22m3w1/8nU8r
v5+l9L27aGcxesKbqKDZRC0Uu10YyvD8rZeEgY+EcjESrrxjV/1nZvWdMGR9yK74
uzrri95aBVDbos7l8yz2oysf+UmUMp5U9rWwuU4M/34pFSGeo7CHjtliwbBF4FHn
uyompXaOr7Qrgeg4fc9NbZNaB4OAOV2d1sI202q6j3kEkhG4pD8LAG/RRnugCj7D
PKGJL3iZKxknjA+tAKkgq50EbMpLHHv1qSiKWy8p+bR5FyBYPSheOSkOKTywpqnd
OU+VDTi4iLDvkENt6E0TghSyhncl8yIcomYPktqepaNekCHquK5sX8NUhOzRe3WH
gX7l3e/o8JRvbwXJ8UWfQlKhPO/hvQKBwQDiLXVMf+Hjl/OoXHtF6huerNBux5CS
KYha5BLARs9W74kd9mTJ9F5IflenpzQJc1b/PnvvlcDDlniUvlgk463EA2th4qWp
50jFniq/l4rUMFk1vZBXldvuUaL6f+Ihi8WmoUAyguEVAB9G/EJ1bXqHKdJtxuz+
/TXGBsXrF5+sZOTjfq96CgQtBmbPXMncPto0NndoMqcEB0bjsFywQXGCk6ZZZ3Ac
vwnZFqVwqro3aTwD+xllzVz+xBNK8GU+zW8CgcEA3q2EepAT7dlZAveC7VSLnFF/
w86ziynGEuhoJly+zedDPkFIGxYje1SPaKhpMH2jOdCajyHPOGuWEeVfKMbzCrHP
GdFyiTQDk3Pq0JRXpUUJSPGPusAQnPruE68XccDb+eBiJR6y+0vXHd1J3F8B4BMQ
AloZZtlx9BkEZaaRjROxM7Ilbev4IjOcScTREb2GL8gU3vnI2FJjBMy6fI5cm4QK
XEgiLcxGniM77bAZTeoVFbpd4SSICDXVn/NM/XfvAoHBAMHbjKphAc/9MY6gldg6
7Cl4nb4VtshQaNremWPMTXKKJNBVm9WtahJgl+jO2z8uaOalO70CchIyKm/zJcGY
lBtpguSHSs7xueIHy0QkM43jUtNJAyrO+46s0jA65Cs0jdhgZZHls944GJbTKHNV
vquTIRWOZxu3FBwDOihiOy2b3MNQlj7XzvR4hC4/rZTlGkmeVYItyBEf25bUVt2L
eisdOntuuR0qcNptGqgS7UEJJbOTyRUEjCyhCpg0q9LEaQKBwDF7N1wQ1gzdZlUt
cO+SAO/8gDqfnPAImVYsRLB5nYCdqiiUUxSJx9qpALEN80nuMS4wt5ekuKpd5dwW
Lx4dj3ZJ6q5fB2eLolvKv1wYCp3UCGsoGnsyIL7xV6QSHVCOvZL6FHURLE6BHM0r
FjWc+wqy0bTkFo7vNM48HOkFqYRC4vaM2JpjfCEFfO47iQW7Kq1FdbXSpZnEPPKd
F7eD3vpDzhWRhd7NbMfJJpD7t7PDl2nbnu7fska4x76iTvJoCwKBwQCcqj2yhl69
1GfpzsOtfzh9rECrnKjAhmVbwRfKB1ivwe8G2tobgQjOUajBqkCYKpZgTy3wyhWn
0D4AdwonGu1XYLZWX+Hw/ZWhNEg/6Ju2wfiMJfFWmy5pvTSvmOlNWvYKwmH/TDjX
tEctSVj6D67xE5v6s3donTI0NFa1u7i1hwoGu4POCockbau52YN4n20R5K7enu2+
YYpXfcUOmCi91Hpv+X1YbmY1tOo0m1ItYqupbuRFXnHVXJhKxsYXqlA=
-----END RSA PRIVATE KEY-----

22
contrib/unbound/testdata/auth_tls.tdir/nsd_server.pem vendored
View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDozCCAgsCFCAZislHgIerlrBBkLFt/ZOkKYVZMA0GCSqGSIb3DQEBCwUAMA4x
DDAKBgNVBAMMA25zZDAeFw0xOTA0MjUxNTEzMjdaFw0yOTA0MjIxNTEzMjdaMA4x
DDAKBgNVBAMMA25zZDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMS8
uXxVCNTo112z3ENd99N/yuQJYk6umwp0ue3nc0CG5j2Y+12xmdEZ1OO3GddRkgCP
abQyK0onTU7B82qlmZ+N9fyFY8KyJEYM/ef2jlkaL+H8JnEuar22FetJd/ODWS6p
heAQw8UrdjC09vo1sRRCtolJtmF2XsIn0PM2h5o3wFpaPE5SuY87dEHNKj7+Zwgu
psLY2+zh7pdzd0KJVuoWTnNSmVRHgXRC3naFPU8jMs4Twb5KgF1qLYvwsFo92DE4
/y+8zX0PRdR1up+u2PpbTvCGnSCz4mYogFSKy6lIdxC9l36vgXCd0LwA48i/ReUx
9wGlqIuomIDBnIHaivZOoY/s4rjMV+jrIM388UxM2Qh4TxK9/Ul+o/3x8yT+GhkM
QABywJr9qfT/6BGXmbL1j7AVmKVCyoDGdCQ2YX9unXawdZqU2qkULBt/OHVGUfX/
4ss07M8IHNj0OyRuoFYO9tyqAYZQ9IPg5QvF3cYkcmg2yT180qF4C1rpsdNjoQID
AQABMA0GCSqGSIb3DQEBCwUAA4IBgQB+WGMopDqNkv7yDAO8Ik2EWieDqxTshqR4
bT1do9zsC9WDrIVxoVcn+dtlIpEQl8MN9U5DTKBbRgk3grOwUsg2kC0Gujv3vAyQ
bF+jxjHWd1xzrbQ+QUgz07P1OMFWxMzECL2L2078UZbawFqKqlmNv5avUk27G8nB
GrujT/pUOIpRXC+rao8e14R84dPJLZuGm9IAeEBQIIdhY9sjFRyoQdCUubyKPpkm
/fpcDMkt7PzZ4nTovj4NUxnnoUGonpXuj0pHA/RDDJkPYaRrND4OGldQXdZ9LJNM
pROL6aCZ5iog74OY8yutVzCgGge9vZLkysceVP7Lyks9/fEAtIuozmulp9TUQAeR
MVdDOcREWRd0vFNtAC9xSloRqV+66CzrFHwkSMpLo+gdgcAZ8s33rgQk+I4gfavU
jPWMZVcZHXevtWuTRnxfOpMkbwiRyr2J8m549K7OKZgr+JRhdJTev4lvXVyfFia4
zr6UOK4exZWP6VDXb4IyZbJh+LMjmws=
-----END CERTIFICATE-----

39
contrib/unbound/testdata/auth_tls.tdir/unbound_server.key vendored
View File

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----

22
contrib/unbound/testdata/auth_tls.tdir/unbound_server.pem vendored
View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----

16
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.dsc vendored
View File

@ -1,16 +0,0 @@
BaseName: auth_tls_failcert
Version: 1.0
Description: Perform AXFR over tls for authority zone where the cert fails
CreationDate: Thu 29 Aug 10:35:40 CEST 2024
Maintainer: dr. W.C.A. Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: auth_tls_failcert.pre
Post: auth_tls_failcert.post
Test: auth_tls_failcert.test
AuxFiles:
Passed:
Failure:

21
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.nsd.conf vendored
View File

@ -1,21 +0,0 @@
server:
logfile: "/dev/stderr"
xfrdfile: xfrd.state
username: ""
chroot: ""
zonesdir: ""
pidfile: "nsd.pid"
zonelistfile: "zone.list"
verbosity: 5
port: @NSD_PORT@
interface: 127.0.0.1@@NSD_PORT@
tls-port: @NSD_PORT@
tls-service-key: "nsd_server.key"
tls-service-pem: "nsd_server.pem"
zone:
name: "example.com"
zonefile: "example.com.zone"
provide-xfr: 0.0.0.0/0 NOKEY
provide-xfr: ::0/0 NOKEY

14
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.post vendored
View File

@ -1,14 +0,0 @@
# #-- auth_tls_failcert.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_pid $NSD_PID
kill_pid $UNBOUND_PID
echo "nsd.log"
cat nsd.log
echo "unbound.log"
cat unbound.log

47
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.pre vendored
View File

@ -1,47 +0,0 @@
# #-- auth_tls_failcert.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
. ../common.sh
PRE="../.."
if test -n "$NSD"; then
:
else
if `which nsd >/dev/null 2>&1`; then
# need nsd >= 4.2.0
NSD="nsd"
else
if test -f $PRE/../nsd/nsd; then
NSD="$PRE/../nsd/nsd"
else
skip_test "need nsd"
fi
fi
fi
echo "NSD=$NSD"
get_random_port 2
UNBOUND_PORT=$RND_PORT
NSD_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test
# make config file
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls_failcert.ub.conf > ub.conf
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls_failcert.nsd.conf > nsd.conf
# start nsd
$NSD -d -c nsd.conf >nsd.log 2>&1 &
NSD_PID=$!
echo "NSD_PID=$NSD_PID" >> .tpkg.var.test
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_nsd_up nsd.log
wait_unbound_up unbound.log

56
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.test vendored
View File

@ -1,56 +0,0 @@
# #-- auth_tls_failcert.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
if grep SERVFAIL outfile; then
echo "> try again"
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
echo "> check answer"
if grep "1.2.3.4" outfile; then
echo "Not OK"
exit 1
else
echo "OK not present"
fi
# But the server should be up
if grep "SERVFAIL" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
exit 0

23
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.ub.conf vendored
View File

@ -1,23 +0,0 @@
server:
verbosity: 7
# num-threads: 1
interface: 127.0.0.1
port: @UNBOUND_PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
tls-service-key: "unbound_server.key"
tls-service-pem: "unbound_server.pem"
tls-cert-bundle: "nsd_server.pem"
auth-zone:
name: "example.com"
for-upstream: yes
for-downstream: yes
# actual working primary: "127.0.0.1@@NSD_PORT@#nsd"
primary: "127.0.0.1@@NSD_PORT@#wrongname"
allow-notify: "127.0.0.2@@NSD_PORT@"
allow-notify: 127.0.0.1

4
contrib/unbound/testdata/auth_tls_failcert.tdir/example.com.zone vendored
View File

@ -1,4 +0,0 @@
example.com. 240 IN SOA ns.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2024082400 28800 7200 604800 240
example.com. NS ns.example.com.
ns.example.com. IN A 192.0.2.1
www.example.com. A 1.2.3.4

39
contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.key vendored
View File

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5QIBAAKCAYEAxLy5fFUI1OjXXbPcQ13303/K5AliTq6bCnS57edzQIbmPZj7
XbGZ0RnU47cZ11GSAI9ptDIrSidNTsHzaqWZn431/IVjwrIkRgz95/aOWRov4fwm
cS5qvbYV60l384NZLqmF4BDDxSt2MLT2+jWxFEK2iUm2YXZewifQ8zaHmjfAWlo8
TlK5jzt0Qc0qPv5nCC6mwtjb7OHul3N3QolW6hZOc1KZVEeBdELedoU9TyMyzhPB
vkqAXWoti/CwWj3YMTj/L7zNfQ9F1HW6n67Y+ltO8IadILPiZiiAVIrLqUh3EL2X
fq+BcJ3QvADjyL9F5TH3AaWoi6iYgMGcgdqK9k6hj+ziuMxX6OsgzfzxTEzZCHhP
Er39SX6j/fHzJP4aGQxAAHLAmv2p9P/oEZeZsvWPsBWYpULKgMZ0JDZhf26ddrB1
mpTaqRQsG384dUZR9f/iyzTszwgc2PQ7JG6gVg723KoBhlD0g+DlC8XdxiRyaDbJ
PXzSoXgLWumx02OhAgMBAAECggGBAMS7MARriBRX7hzuYaEgE1V0oe+cjqi9o542
EUMcQjzRaOVJ2HrdwUG+wgsgKwAMuqJCxuIBlRZm7MCH5CDODivmKohk3thviSRf
k3tlKv1g2Wby3YIqd2TT82FAK2nf+8tUi+H/AbVl+59DJwIXtMbc22m3w1/8nU8r
v5+l9L27aGcxesKbqKDZRC0Uu10YyvD8rZeEgY+EcjESrrxjV/1nZvWdMGR9yK74
uzrri95aBVDbos7l8yz2oysf+UmUMp5U9rWwuU4M/34pFSGeo7CHjtliwbBF4FHn
uyompXaOr7Qrgeg4fc9NbZNaB4OAOV2d1sI202q6j3kEkhG4pD8LAG/RRnugCj7D
PKGJL3iZKxknjA+tAKkgq50EbMpLHHv1qSiKWy8p+bR5FyBYPSheOSkOKTywpqnd
OU+VDTi4iLDvkENt6E0TghSyhncl8yIcomYPktqepaNekCHquK5sX8NUhOzRe3WH
gX7l3e/o8JRvbwXJ8UWfQlKhPO/hvQKBwQDiLXVMf+Hjl/OoXHtF6huerNBux5CS
KYha5BLARs9W74kd9mTJ9F5IflenpzQJc1b/PnvvlcDDlniUvlgk463EA2th4qWp
50jFniq/l4rUMFk1vZBXldvuUaL6f+Ihi8WmoUAyguEVAB9G/EJ1bXqHKdJtxuz+
/TXGBsXrF5+sZOTjfq96CgQtBmbPXMncPto0NndoMqcEB0bjsFywQXGCk6ZZZ3Ac
vwnZFqVwqro3aTwD+xllzVz+xBNK8GU+zW8CgcEA3q2EepAT7dlZAveC7VSLnFF/
w86ziynGEuhoJly+zedDPkFIGxYje1SPaKhpMH2jOdCajyHPOGuWEeVfKMbzCrHP
GdFyiTQDk3Pq0JRXpUUJSPGPusAQnPruE68XccDb+eBiJR6y+0vXHd1J3F8B4BMQ
AloZZtlx9BkEZaaRjROxM7Ilbev4IjOcScTREb2GL8gU3vnI2FJjBMy6fI5cm4QK
XEgiLcxGniM77bAZTeoVFbpd4SSICDXVn/NM/XfvAoHBAMHbjKphAc/9MY6gldg6
7Cl4nb4VtshQaNremWPMTXKKJNBVm9WtahJgl+jO2z8uaOalO70CchIyKm/zJcGY
lBtpguSHSs7xueIHy0QkM43jUtNJAyrO+46s0jA65Cs0jdhgZZHls944GJbTKHNV
vquTIRWOZxu3FBwDOihiOy2b3MNQlj7XzvR4hC4/rZTlGkmeVYItyBEf25bUVt2L
eisdOntuuR0qcNptGqgS7UEJJbOTyRUEjCyhCpg0q9LEaQKBwDF7N1wQ1gzdZlUt
cO+SAO/8gDqfnPAImVYsRLB5nYCdqiiUUxSJx9qpALEN80nuMS4wt5ekuKpd5dwW
Lx4dj3ZJ6q5fB2eLolvKv1wYCp3UCGsoGnsyIL7xV6QSHVCOvZL6FHURLE6BHM0r
FjWc+wqy0bTkFo7vNM48HOkFqYRC4vaM2JpjfCEFfO47iQW7Kq1FdbXSpZnEPPKd
F7eD3vpDzhWRhd7NbMfJJpD7t7PDl2nbnu7fska4x76iTvJoCwKBwQCcqj2yhl69
1GfpzsOtfzh9rECrnKjAhmVbwRfKB1ivwe8G2tobgQjOUajBqkCYKpZgTy3wyhWn
0D4AdwonGu1XYLZWX+Hw/ZWhNEg/6Ju2wfiMJfFWmy5pvTSvmOlNWvYKwmH/TDjX
tEctSVj6D67xE5v6s3donTI0NFa1u7i1hwoGu4POCockbau52YN4n20R5K7enu2+
YYpXfcUOmCi91Hpv+X1YbmY1tOo0m1ItYqupbuRFXnHVXJhKxsYXqlA=
-----END RSA PRIVATE KEY-----

22
contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.pem vendored
View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDozCCAgsCFCAZislHgIerlrBBkLFt/ZOkKYVZMA0GCSqGSIb3DQEBCwUAMA4x
DDAKBgNVBAMMA25zZDAeFw0xOTA0MjUxNTEzMjdaFw0yOTA0MjIxNTEzMjdaMA4x
DDAKBgNVBAMMA25zZDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMS8
uXxVCNTo112z3ENd99N/yuQJYk6umwp0ue3nc0CG5j2Y+12xmdEZ1OO3GddRkgCP
abQyK0onTU7B82qlmZ+N9fyFY8KyJEYM/ef2jlkaL+H8JnEuar22FetJd/ODWS6p
heAQw8UrdjC09vo1sRRCtolJtmF2XsIn0PM2h5o3wFpaPE5SuY87dEHNKj7+Zwgu
psLY2+zh7pdzd0KJVuoWTnNSmVRHgXRC3naFPU8jMs4Twb5KgF1qLYvwsFo92DE4
/y+8zX0PRdR1up+u2PpbTvCGnSCz4mYogFSKy6lIdxC9l36vgXCd0LwA48i/ReUx
9wGlqIuomIDBnIHaivZOoY/s4rjMV+jrIM388UxM2Qh4TxK9/Ul+o/3x8yT+GhkM
QABywJr9qfT/6BGXmbL1j7AVmKVCyoDGdCQ2YX9unXawdZqU2qkULBt/OHVGUfX/
4ss07M8IHNj0OyRuoFYO9tyqAYZQ9IPg5QvF3cYkcmg2yT180qF4C1rpsdNjoQID
AQABMA0GCSqGSIb3DQEBCwUAA4IBgQB+WGMopDqNkv7yDAO8Ik2EWieDqxTshqR4
bT1do9zsC9WDrIVxoVcn+dtlIpEQl8MN9U5DTKBbRgk3grOwUsg2kC0Gujv3vAyQ
bF+jxjHWd1xzrbQ+QUgz07P1OMFWxMzECL2L2078UZbawFqKqlmNv5avUk27G8nB
GrujT/pUOIpRXC+rao8e14R84dPJLZuGm9IAeEBQIIdhY9sjFRyoQdCUubyKPpkm
/fpcDMkt7PzZ4nTovj4NUxnnoUGonpXuj0pHA/RDDJkPYaRrND4OGldQXdZ9LJNM
pROL6aCZ5iog74OY8yutVzCgGge9vZLkysceVP7Lyks9/fEAtIuozmulp9TUQAeR
MVdDOcREWRd0vFNtAC9xSloRqV+66CzrFHwkSMpLo+gdgcAZ8s33rgQk+I4gfavU
jPWMZVcZHXevtWuTRnxfOpMkbwiRyr2J8m549K7OKZgr+JRhdJTev4lvXVyfFia4
zr6UOK4exZWP6VDXb4IyZbJh+LMjmws=
-----END CERTIFICATE-----

39
contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.key vendored
View File

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----

22
contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.pem vendored
View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----

91
contrib/unbound/testdata/cachedb_cached_ede.crpl vendored
View File

@ -1,91 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
module-config: "cachedb validator iterator"
trust-anchor-signaling: no
verbosity: 4
ede: yes
val-log-level: 2
trust-anchor: "example.nl. DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
stub-zone:
name: "example.nl"
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb support for caching EDEs.
RANGE_BEGIN 0 10
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.nl. IN DNSKEY
SECTION ANSWER
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.nl. IN A
SECTION ANSWER
example.nl. IN A 1.2.3.4
ENTRY_END
RANGE_END
; get the entry in cache.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
example.nl. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
FF FE ; option code = 65534 (LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST)
00 00 ; option length
HEX_EDNSDATA_END
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ede=9
REPLY QR RD RA DO SERVFAIL
SECTION QUESTION
example.nl. IN A
ENTRY_END
; query again for the cached entry
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.nl. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
FF FE ; option code = 65534 (LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST)
00 00 ; option length
HEX_EDNSDATA_END
ENTRY_END
; this must be a cached answer since stub is not answering in this range
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ede=9
REPLY QR RD RA DO SERVFAIL
SECTION QUESTION
example.nl. IN A
ENTRY_END
SCENARIO_END

324
contrib/unbound/testdata/cachedb_expired.crpl vendored
View File

@ -1,324 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
serve-expired: yes
module-config: "cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
cachedb-check-when-serve-expired: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb and serve expired.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 400
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 400
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.example.com.
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 400
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
RANGE_END
; Get an entry in cache, to make it expired.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; Get another query in cache to make it expired.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
; get the answer for it
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
; it is now expired
STEP 40 TIME_PASSES ELAPSE 20
; cache is expired, and cachedb is expired.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 30 IN A 1.2.3.5
ENTRY_END
; cache is expired, cachedb has no answer
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 90 TRAFFIC
; the entry should be refreshed in cache now.
; cache is valid and cachedb is valid.
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; flush the entry from cache
STEP 120 FLUSH_MESSAGE www.example.com. IN A
; cache has no answer, cachedb valid
STEP 130 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 140 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 150 TIME_PASSES ELAPSE 20
; flush the entry from cache
STEP 160 FLUSH_MESSAGE www.example.com. IN A
; cache has no answer, cachedb is expired
STEP 170 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 180 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 190 TRAFFIC
; the expired message is updated.
; cache is valid, cachedb is valid
STEP 200 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 210 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; expire the entry in cache
STEP 220 EXPIRE_MESSAGE www.example.com. IN A
; cache is expired, cachedb valid
STEP 230 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 240 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 250 TIME_PASSES ELAPSE 20
; expire the entry in cache
STEP 260 EXPIRE_MESSAGE www.example.com. IN A
; cache is expired, cachedb is expired
STEP 270 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 280 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 290 TRAFFIC
; the expired message is updated.
; cache is valid, cachedb is valid
STEP 300 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 310 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END

343
contrib/unbound/testdata/cachedb_expired_client_timeout.crpl vendored
View File

@ -1,343 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
serve-expired: yes
serve-expired-reply-ttl: 30
; at least one second, so we can time skip past the timer in the
; testbound script steps, but also reply within the time.
serve-expired-client-timeout: 1200
module-config: "cachedb iterator"
discard-timeout: 3000
cachedb:
backend: "testframe"
secret-seed: "testvalue"
cachedb-check-when-serve-expired: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb and serve-expired-client-timeout.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 400
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 400
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.example.com.
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 60
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
RANGE_END
; ns2.example.com. - after a change
RANGE_BEGIN 80 90
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.6
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.7
ENTRY_END
RANGE_END
; ns2.example.com. - steps 90-120 not responding.
; ns2.example.com. - after a change
RANGE_BEGIN 130 140
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.9
ENTRY_END
RANGE_END
; ns2.example.com. - steps 150-160 not responding.
; ns2.example.com. - after a change
RANGE_BEGIN 170 200
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.10
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.11
ENTRY_END
RANGE_END
; make time not 0
STEP 2 TIME_PASSES ELAPSE 212
; Get an entry in cache.
STEP 4 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; Get another query in cache.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
; get the answer for it
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
; www.example.com and www2.example.com are in cache, www2 in cachedb.
STEP 40 FLUSH_MESSAGE www2.example.com. IN A
; now www in cache, www2 not in cache, www2 in cachedb.
; because of the client timeout, it should be able to use the
; response from cachedb for www2.
; make 2 seconds pass to decrement the TTL on the response,
; the upstream TTL would be 10, cachedb 8.
STEP 48 TIME_PASSES ELAPSE 2
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 8 IN A 1.2.3.5
ENTRY_END
; make both cache and cachedb expired
STEP 70 TIME_PASSES ELAPSE 20
; www and www2 expired in cache, www2 expired in cachedb.
; the query should now try to resolve and complete within the
; client timeout, and return the upstream version.
; the upstream is changed to give a different one now.
STEP 80 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 90 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.7
ENTRY_END
; expire the data again
STEP 100 TIME_PASSES ELAPSE 20
; the query should now try to resolve, but the upstream is not
; responsive for several testbound steps. When the timer expires,
; the expired answer should be returned.
; www2 expired in cache and www2 expired in cachedb.
STEP 110 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
; make 2 seconds pass to go past the client timeout
STEP 112 TIME_PASSES ELAPSE 2
STEP 120 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 30 IN A 1.2.3.7
ENTRY_END
; make traffic flow to resolve the query, server responds.
STEP 130 TRAFFIC
; expire the data again
STEP 140 TIME_PASSES ELAPSE 20
; The client query tries to resolve, but gets no immediate answer,
; so the expired data is used. But the expired data is in cache and
; the query is not in cachedb.
STEP 150 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; make 2 seconds pass to go past the client timeout
STEP 152 TIME_PASSES ELAPSE 2
STEP 160 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
; make traffic flow to resolve the query, server responds.
STEP 170 TRAFFIC
; now the client query tries to resolve, and completes within the client
; timeout, but there is expired data in cache but not in cachedb.
STEP 180 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 190 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.11
ENTRY_END
SCENARIO_END

259
contrib/unbound/testdata/cachedb_expired_reply_ttl.crpl vendored
View File

@ -1,259 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
serve-expired: yes
serve-expired-reply-ttl: 30
module-config: "cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
cachedb-check-when-serve-expired: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb and serve-expired-reply-ttl.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 400
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 400
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.example.com.
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 400
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
RANGE_END
; make time not 0
STEP 2 TIME_PASSES ELAPSE 212
; Get an entry in cache, to make it expired.
STEP 4 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; Get another query in cache to make it expired.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
; get the answer for it
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
; it is now expired
STEP 40 TIME_PASSES ELAPSE 20
; cache is expired, and cachedb is expired.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 30 IN A 1.2.3.5
ENTRY_END
; got an answer from upstream
STEP 61 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 62 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
; cache is expired, cachedb has no answer
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 90 TRAFFIC
; the entry should be refreshed in cache now.
; cache is valid and cachedb is valid.
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; make both cache and cachedb expired.
STEP 120 TIME_PASSES ELAPSE 20
STEP 130 FLUSH_MESSAGE www.example.com. IN A
; cache has no entry and cachedb is expired.
STEP 140 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 150 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
; the name is resolved
STEP 160 TRAFFIC
; the resolve name has been updated.
STEP 170 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 180 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END

29
contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.conf vendored
View File

@ -1,29 +0,0 @@
server:
verbosity: 4
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
module-config: "cachedb iterator"
do-not-query-localhost: no
qname-minimisation: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@@TOPORT@
stub-zone:
name: "example.com"
stub-addr: 127.0.0.1@@TOPORT@
remote-control:
control-enable: yes
control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
control-use-cert: no
cachedb:
backend: "testframe"
secret-seed: "testvalue"

16
contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.dsc vendored
View File

@ -1,16 +0,0 @@
BaseName: cachedb_no_store
Version: 1.0
Description: cachedb test the cachedb-no-store option
CreationDate: Wed 11 Oct 11:00:00 CEST 2023
Maintainer: dr. W.C.A. Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: cachedb_no_store.pre
Post: cachedb_no_store.post
Test: cachedb_no_store.test
AuxFiles:
Passed:
Failure:

20
contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.post vendored
View File

@ -1,20 +0,0 @@
# #-- cachedb_no_store.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
PRE="../.."
. ../common.sh
echo "> cat logfiles"
cat fwd.log
if test -f fwd2.log; then cat fwd2.log; else echo "no fwd2.log"; fi
if test -f fwd3.log; then cat fwd3.log; else echo "no fwd3.log"; fi
if test -f fwd4.log; then cat fwd4.log; else echo "no fwd4.log"; fi
cat unbound.log
if test -f unbound2.log; then cat unbound2.log; else echo "no unbound2.log"; fi
kill_pid $FWD_PID
kill_from_pidfile "unbound.pid"
rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID

36
contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.pre vendored
View File

@ -1,36 +0,0 @@
# #-- cachedb_no_store.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
if grep "define USE_CACHEDB 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi
get_random_port 2
UNBOUND_PORT=$RND_PORT
FWD_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
# start forwarder
get_ldns_testns
$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.testns >fwd.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
# make config file
CONTROL_PATH=/tmp
CONTROL_PID=$$
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < cachedb_no_store.conf > ub.conf
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_ldns_testns_up fwd.log
wait_unbound_up unbound.log

8
contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.servfail.testns vendored
View File

@ -1,8 +0,0 @@
ENTRY_BEGIN
MATCH opcode
ADJUST copy_id copy_query
REPLY QR AA SERVFAIL
SECTION QUESTION
txt1.example.com. IN TXT
SECTION ANSWER
ENTRY_END

132
contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.test vendored
View File

@ -1,132 +0,0 @@
# #-- cachedb_no_store.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# do the test
get_ldns_testns
# query for a text record that is stored by unbound's cache and cachedb
# in the testframe cache.
echo "> dig txt1.example.com."
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "example text message" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
# stop the forwarder with servfail, to check the answer came from the cache
echo "> stop ldns-testns"
kill_pid $FWD_PID
echo "> start ldns-testns with servfails"
$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.servfail.testns >fwd2.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
wait_ldns_testns_up fwd2.log
echo "> dig txt1.example.com. from unbound cache"
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "example text message" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
# clear the cache of unbound, but not cachedb testframe cache
echo "> unbound-control flush"
$PRE/unbound-control -c ub.conf flush_type txt1.example.com. TXT
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
echo "> dig txt1.example.com. from cachedb"
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "example text message" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
# start the forwarder again.
echo "> stop ldns-testns"
kill_pid $FWD_PID
echo "> start ldns-testns"
$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.testns >fwd3.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
wait_ldns_testns_up fwd3.log
# stop unbound to flush the cachedb cache
echo "> stop unbound"
kill_from_pidfile "unbound.pid"
echo ""
echo "> config unbound with cachedb-no-store: yes"
echo "cachedb: cachedb-no-store: yes" >> ub.conf
# start unbound again.
echo "> start unbound"
$PRE/unbound -d -c ub.conf >unbound2.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
wait_unbound_up unbound2.log
echo ""
echo "> dig txt1.example.com."
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "example text message" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
# stop the forwarder with servfail, to check the answer came from the cache
echo "> stop ldns-testns"
kill_pid $FWD_PID
echo "> start ldns-testns with servfails"
$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.servfail.testns >fwd4.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
wait_ldns_testns_up fwd4.log
echo "> dig txt1.example.com. from unbound cache"
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "example text message" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
# clear the cache of unbound, but not cachedb testframe cache
echo "> unbound-control flush"
$PRE/unbound-control -c ub.conf flush_type txt1.example.com. TXT
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
echo "> dig txt1.example.com. from cachedb, but that has no message stored"
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "SERVFAIL" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
exit 0

9
contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.testns vendored
View File

@ -1,9 +0,0 @@
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
txt1.example.com. IN TXT
SECTION ANSWER
txt1.example.com. IN TXT "example text message"
ENTRY_END

181
contrib/unbound/testdata/cachedb_servfail_cname.crpl vendored
View File

@ -1,181 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
;serve-expired: yes
module-config: "cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb store and servfail reply from cname.
; the servfail reply should not overwrite the cache contents.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.example.com.
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 20
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns2.example.com., now failing
RANGE_BEGIN 20 100
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME foo.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA SERVFAIL
SECTION QUESTION
foo.example.com. IN A
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA SERVFAIL
SECTION QUESTION
ns2.example.com. IN A
SECTION ANSWER
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA SERVFAIL
SECTION QUESTION
ns2.example.com. IN AAAA
SECTION ANSWER
ENTRY_END
RANGE_END
; get and entry in cache, to make it expired.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 20 TIME_PASSES ELAPSE 20
; get a servfail in cache for the destination
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
foo.example.com. IN A
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
foo.example.com. IN A
ENTRY_END
; the query is now a CNAME to servfail.
; there is a valid, but expired, entry in cache.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME foo.example.com.
ENTRY_END
SCENARIO_END

304
contrib/unbound/testdata/cachedb_subnet_change.crpl vendored
View File

@ -1,304 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
serve-expired: yes
serve-expired-reply-ttl: 30
; disable the serve expired client timeout.
serve-expired-client-timeout: 0
send-client-subnet: 1.2.3.4
max-client-subnet-ipv4: 17
; subnetcache is to the left of cachedb, because it sets no cache
; store for edns subnet content for modules to the right of it.
; this keeps subnet content out of cachedb as global content.
module-config: "subnetcache cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
cachedb-check-when-serve-expired: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb, subnet and serve-expired, with a domain change from global to subnet.
; So the CNAME first points to a global record, then points to a subnet record.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 400
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 400
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.foo.com.
SECTION ADDITIONAL
ns.foo.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
initial.com. IN NS
SECTION AUTHORITY
initial.com. IN NS ns.initial.com.
SECTION ADDITIONAL
ns.initial.com. IN A 1.2.3.6
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 30
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME www.initial.com.
ENTRY_END
RANGE_END
; ns2.example.com. - after change
RANGE_BEGIN 40 80
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME example.foo.com.
ENTRY_END
RANGE_END
; ns.initial.com.
RANGE_BEGIN 0 400
ADDRESS 1.2.3.6
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.initial.com. IN A
SECTION ANSWER
www.initial.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.foo.com.
RANGE_BEGIN 40 80
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype ednsdata
REPLY QR AA NOERROR
SECTION QUESTION
example.foo.com. IN A
SECTION ANSWER
example.foo.com. 10 IN A 1.2.3.5
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
11 00 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
; ns2.example.com. - later
RANGE_BEGIN 90 200
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME example.foo.com.
ENTRY_END
RANGE_END
; ns.foo.com. - later
RANGE_BEGIN 90 200
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype ednsdata
REPLY QR AA NOERROR
SECTION QUESTION
example.foo.com. IN A
SECTION ANSWER
example.foo.com. 10 IN A 1.2.3.6
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
11 00 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
; make time not 0
STEP 2 TIME_PASSES ELAPSE 212
; Get an entry in cache.
STEP 4 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME www.initial.com.
www.initial.com. 10 IN A 1.2.3.4
ENTRY_END
; now valid in cache and valid in cachedb, without subnet.
STEP 30 TIME_PASSES ELAPSE 20
; now the cache and cachedb have an expired entry.
; the upstream is updated to CNAME to a subnet zone A record.
STEP 40 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; the expired answer, while the ECS answer is looked up.
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN CNAME www.initial.com.
www.initial.com. 30 IN A 1.2.3.4
ENTRY_END
; check that subnet has the query in cache.
STEP 58 TIME_PASSES ELAPSE 2
STEP 60 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 8 IN CNAME example.foo.com.
example.foo.com. 8 IN A 1.2.3.5
ENTRY_END
; everything is expired, cache, subnetcache and cachedb.
STEP 80 TIME_PASSES ELAPSE 20
STEP 90 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 100 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME example.foo.com.
example.foo.com. 10 IN A 1.2.3.6
ENTRY_END
; see the entry now in cache, from the subnetcache.
STEP 142 TIME_PASSES ELAPSE 2
STEP 150 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 160 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 8 IN CNAME example.foo.com.
example.foo.com. 8 IN A 1.2.3.6
ENTRY_END
SCENARIO_END

322
contrib/unbound/testdata/cachedb_subnet_expired.crpl vendored
View File

@ -1,322 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
serve-expired: yes
serve-expired-reply-ttl: 30
; at least one second, so we can time skip past the timer in the
; testbound script steps, but also reply within the time.
serve-expired-client-timeout: 1200
send-client-subnet: 1.2.3.4
max-client-subnet-ipv4: 17
; subnetcache is to the left of cachedb, because it sets no cache
; store for edns subnet content for modules to the right of it.
; this keeps subnet content out of cachedb as global content.
module-config: "subnetcache cachedb iterator"
discard-timeout: 3000
cachedb:
backend: "testframe"
secret-seed: "testvalue"
cachedb-check-when-serve-expired: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb, subnet and serve-expired-client-timeout.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 400
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 400
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.foo.com.
SECTION ADDITIONAL
ns.foo.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 30
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns2.example.com. - after change
RANGE_BEGIN 40 100
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME example.foo.com.
ENTRY_END
RANGE_END
; ns.foo.com.
RANGE_BEGIN 40 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype ednsdata
REPLY QR AA NOERROR
SECTION QUESTION
example.foo.com. IN A
SECTION ANSWER
example.foo.com. 10 IN A 1.2.3.5
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
11 00 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
; ns2.example.com. and ns.foo.com - no answer in 110-130.
; ns2.example.com. - later
RANGE_BEGIN 140 200
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME example.foo.com.
ENTRY_END
RANGE_END
; ns.foo.com. - later
RANGE_BEGIN 140 200
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype ednsdata
REPLY QR AA NOERROR
SECTION QUESTION
example.foo.com. IN A
SECTION ANSWER
example.foo.com. 10 IN A 1.2.3.6
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
11 00 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
; make time not 0
STEP 2 TIME_PASSES ELAPSE 212
; Get an entry in cache.
STEP 4 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; now valid in cache and valid in cachedb, without subnet.
STEP 20 FLUSH_MESSAGE www.example.com. IN A
STEP 30 TIME_PASSES ELAPSE 20
; now nothing in cache and cachedb has an expired entry.
; the upstream is updated to CNAME to a subnet zone A record.
STEP 40 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME example.foo.com.
example.foo.com. 10 IN A 1.2.3.5
ENTRY_END
; check that subnet has the query in cache.
STEP 58 TIME_PASSES ELAPSE 2
STEP 60 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 8 IN CNAME example.foo.com.
example.foo.com. 8 IN A 1.2.3.5
ENTRY_END
; everything is expired, cache, subnetcache and cachedb.
STEP 80 TIME_PASSES ELAPSE 20
; send the query, reply arrives quickly.
STEP 90 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 100 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME example.foo.com.
example.foo.com. 10 IN A 1.2.3.5
ENTRY_END
; everything is expired, cache, subnetcache and cachedb.
STEP 110 TIME_PASSES ELAPSE 20
; send the query, but the reply is late, and there is expired data,
; the expired entry from cachedb is used to reply with.
STEP 120 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 122 TIME_PASSES ELAPSE 2
; But the entry has been deleted, so it cannot be served, the reply
; at step 141 is returned instead.
;STEP 130 CHECK_ANSWER
;ENTRY_BEGIN
;MATCH all
;REPLY QR RD RA NOERROR
;SECTION QUESTION
;www.example.com. IN A
;SECTION ANSWER
;www.example.com. 30 IN A 1.2.3.4
;ENTRY_END
; reply can flow again.
STEP 140 TRAFFIC
STEP 141 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME example.foo.com.
example.foo.com. 10 IN A 1.2.3.6
ENTRY_END
; see the entry now in cache, from the subnetcache.
STEP 142 TIME_PASSES ELAPSE 2
STEP 150 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 160 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 8 IN CNAME example.foo.com.
example.foo.com. 8 IN A 1.2.3.6
ENTRY_END
SCENARIO_END

229
contrib/unbound/testdata/cachedb_subnet_toecs_timeout.crpl vendored
View File

@ -1,229 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
serve-expired: yes
serve-expired-reply-ttl: 30
; at least one second, so we can time skip past the timer in the
; testbound script steps, but also reply within the time.
serve-expired-client-timeout: 1200
send-client-subnet: 1.2.3.4
max-client-subnet-ipv4: 17
; subnetcache is to the left of cachedb, because it sets no cache
; store for edns subnet content for modules to the right of it.
; this keeps subnet content out of cachedb as global content.
module-config: "subnetcache cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
cachedb-check-when-serve-expired: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb, subnet and serve-expired, with a domain change from global to subnet with serve-expired-client-timeout enabled.
; So the CNAME first points to a global record, then points to a subnet record.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 400
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 400
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.foo.com.
SECTION ADDITIONAL
ns.foo.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
initial.com. IN NS
SECTION AUTHORITY
initial.com. IN NS ns.initial.com.
SECTION ADDITIONAL
ns.initial.com. IN A 1.2.3.6
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 30
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME www.initial.com.
ENTRY_END
RANGE_END
; ns2.example.com. - after change
RANGE_BEGIN 40 100
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME example.foo.com.
ENTRY_END
RANGE_END
; ns.initial.com.
RANGE_BEGIN 0 400
ADDRESS 1.2.3.6
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.initial.com. IN A
SECTION ANSWER
www.initial.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.foo.com.
RANGE_BEGIN 40 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype ednsdata
REPLY QR AA NOERROR
SECTION QUESTION
example.foo.com. IN A
SECTION ANSWER
example.foo.com. 10 IN A 1.2.3.5
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
11 00 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
; make time not 0
STEP 2 TIME_PASSES ELAPSE 212
; Get an entry in cache.
STEP 4 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME www.initial.com.
www.initial.com. 10 IN A 1.2.3.4
ENTRY_END
; now valid in cache and valid in cachedb, without subnet.
STEP 30 TIME_PASSES ELAPSE 20
; now the cache and cachedb have an expired entry.
; the upstream is updated to CNAME to a subnet zone A record.
STEP 40 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; this answer is returned by the subnet lookup within
; the serve-expired-client-timeout.
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME example.foo.com.
example.foo.com. 10 IN A 1.2.3.5
ENTRY_END
; check that subnet has the query in cache.
STEP 58 TIME_PASSES ELAPSE 2
STEP 60 QUERY ADDRESS 127.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 8 IN CNAME example.foo.com.
example.foo.com. 8 IN A 1.2.3.5
ENTRY_END
SCENARIO_END

327
contrib/unbound/testdata/cachedb_val_expired.crpl vendored
View File

@ -1,327 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: yes
serve-expired: yes
;module-config: "subnetcache validator cachedb iterator"
module-config: "validator cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
cachedb-check-when-serve-expired: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb, validator and serve expired.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 400
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 400
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.example.com.
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 400
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
RANGE_END
; Get an entry in cache, to make it expired.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; Get another query in cache to make it expired.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
; get the answer for it
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
; it is now expired
STEP 40 TIME_PASSES ELAPSE 20
; cache is expired, and cachedb is expired.
; The expired reply, from cachedb, needs a validation status,
; because the validator module set that validation is needed.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 30 IN A 1.2.3.5
ENTRY_END
; cache is expired, cachedb has no answer
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 90 TRAFFIC
; the entry should be refreshed in cache now.
; cache is valid and cachedb is valid.
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; flush the entry from cache
STEP 120 FLUSH_MESSAGE www.example.com. IN A
; cache has no answer, cachedb valid
STEP 130 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 140 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 150 TIME_PASSES ELAPSE 20
; flush the entry from cache
STEP 160 FLUSH_MESSAGE www.example.com. IN A
; cache has no answer, cachedb is expired
STEP 170 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 180 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 190 TRAFFIC
; the expired message is updated.
; cache is valid, cachedb is valid
STEP 200 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 210 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; expire the entry in cache
STEP 220 EXPIRE_MESSAGE www.example.com. IN A
; cache is expired, cachedb valid
STEP 230 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 240 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 250 TIME_PASSES ELAPSE 20
; expire the entry in cache
STEP 260 EXPIRE_MESSAGE www.example.com. IN A
; cache is expired, cachedb is expired
STEP 270 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 280 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 290 TRAFFIC
; the expired message is updated.
; cache is valid, cachedb is valid
STEP 300 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 310 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END

19
contrib/unbound/testdata/cookie_file.tdir/cookie_file.conf vendored
View File

@ -1,19 +0,0 @@
server:
verbosity: 7
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
use-caps-for-id: no
port: @SERVER_PORT@
interface: 127.0.0.1
cookie-secret-file: "cookie_secrets.txt"
answer-cookie: yes
access-control: 127.0.0.0/8 allow_cookie # BADCOOKIE for incomplete/invalid cookies
remote-control:
control-enable: yes
control-port: @CONTROL_PORT@
control-use-cert: no

16
contrib/unbound/testdata/cookie_file.tdir/cookie_file.dsc vendored
View File

@ -1,16 +0,0 @@
BaseName: cookie_file
Version: 1.0
Description: Check the cookie rollover
CreationDate: Fri 14 Jun 11:00:00 CEST 2024
Maintainer:
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: cookie_file.pre
Post: cookie_file.post
Test: cookie_file.test
AuxFiles:
Passed:
Failure:

24
contrib/unbound/testdata/cookie_file.tdir/cookie_file.pre vendored
View File

@ -1,24 +0,0 @@
# #-- cookie_file.pre--#
PRE="../.."
. ../common.sh
get_random_port 2
SERVER_PORT=$RND_PORT
CONTROL_PORT=$(($RND_PORT + 1))
echo "SERVER_PORT=$SERVER_PORT" >> .tpkg.var.test
echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
# make config file
sed \
-e 's/@SERVER_PORT\@/'$SERVER_PORT'/' \
-e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' \
< cookie_file.conf > ub.conf
# empty cookie file
touch cookie_secrets.txt
# start unbound in the background
$PRE/unbound -d -c ub.conf > unbound.log 2>&1 &
cat .tpkg.var.test
wait_unbound_up unbound.log

250
contrib/unbound/testdata/cookie_file.tdir/cookie_file.test vendored
View File

@ -1,250 +0,0 @@
# #-- cookie_file.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
first_secret=dd3bdf9344b678b185a6f5cb60fca715
second_secret=445536bcd2513298075a5d379663c962
teststep "Add first secret"
echo ">> add_cookie_secret $first_secret"
$PRE/unbound-control -c ub.conf add_cookie_secret $first_secret
# check secret is persisted
outfile=cookie_secrets.1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
if ! grep -q "$first_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "$first_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "$first_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "^active.*$first_secret" $outfile
then
cat $outfile
echo "First secret was not provisioned"
exit 1
fi
echo ">> print_cookie_secrets"
cat $outfile
teststep "Get a valid cookie for this secret"
outfile=dig.output.1
dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=3132333435363738 > $outfile
if ! grep -q "BADCOOKIE" $outfile
then
cat $outfile
echo "Did not get a BADCOOKIE response for a client-only cookie"
exit 1
fi
if ! grep -q "COOKIE: 3132333435363738" $outfile
then
cat $outfile
echo "Did not get a cookie in the response"
exit 1
fi
first_cookie=$(grep "; COOKIE:" $outfile | cut -d ' ' -f 3)
cat $outfile
echo "first cookie: $first_cookie"
teststep "Verify the first cookie can be reused"
outfile=dig.output.2
dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile
if grep -q "BADCOOKIE" $outfile
then
cat $outfile
echo "Got BADCOOKIE response for a valid cookie"
exit 1
fi
if ! grep -q "COOKIE: $first_cookie" $outfile
then
cat $outfile
echo "Did not get the same first cookie in the response"
exit 1
fi
teststep "Add second secret"
outfile=cookie_secrets.2
echo ">> add_cookie_secret $second_secret"
$PRE/unbound-control -c ub.conf add_cookie_secret $second_secret
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
if ! grep -q "$second_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "$second_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "$second_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "^staging.*$second_secret" $outfile \
|| ! grep -q "^active.*$first_secret" $outfile
then
cat $outfile
echo "Secrets were not provisioned"
exit 1
fi
echo ">> print_cookie_secrets"
cat $outfile
echo ">> cookie_secrets.txt"
cat cookie_secrets.txt
teststep "Verify the first cookie can be reused"
outfile=dig.output.3
dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile
if grep -q "BADCOOKIE" $outfile
then
cat $outfile
echo "Got BADCOOKIE response for a valid cookie"
exit 1
fi
if ! grep -q "COOKIE: $first_cookie" $outfile
then
cat $outfile
echo "Did not get the same first cookie in the response"
exit 1
fi
teststep "Secret rollover"
outfile=cookie_secrets.3
$PRE/unbound-control -c ub.conf activate_cookie_secret
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
if ! grep -q "^active.*$second_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "^active.*$second_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "^active.*$second_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "^active.*$second_secret" $outfile \
|| ! grep -q "^staging.*$first_secret" $outfile
then
cat $outfile
echo "Second secret was not activated"
exit 1
fi
echo ">> activate cookie secret, printout"
cat $outfile
echo ">> cookie_secrets.txt"
cat cookie_secrets.txt
teststep "Verify the first cookie can be reused but a new cookie is returned from the second secret"
outfile=dig.output.4
dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile
if grep -q "BADCOOKIE" $outfile
then
cat $outfile
echo "Got BADCOOKIE response for a valid cookie"
exit 1
fi
if ! grep -q "COOKIE: 3132333435363738" $outfile
then
cat $outfile
echo "Did not get a cookie in the response"
exit 1
fi
if grep -q "COOKIE: $first_cookie" $outfile
then
cat $outfile
echo "Got the same first cookie in the response while the second secret is active"
exit 1
fi
second_cookie=$(grep "; COOKIE:" $outfile | cut -d ' ' -f 3)
cat $outfile
echo "second cookie: $second_cookie"
teststep "Drop cookie secret"
outfile=cookie_secrets.4
$PRE/unbound-control -c ub.conf drop_cookie_secret
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
if grep -q "^staging.*$first_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if grep -q "^staging.*$first_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if grep -q "^staging.*$first_secret" $outfile
then
sleep 1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if grep -q "^staging.*$first_secret" $outfile
then
cat $outfile
echo "First secret was not dropped"
exit 1
fi
echo ">> drop cookie secret, printout"
cat $outfile
echo ">> cookie_secrets.txt"
cat cookie_secrets.txt
teststep "Verify the first cookie can not be reused and the second cookie is returned instead"
outfile=dig.output.4
dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile
if ! grep -q "BADCOOKIE" $outfile
then
cat $outfile
echo "Did not get BADCOOKIE response for an invalid cookie"
exit 1
fi
if ! grep -q "COOKIE: 3132333435363738" $outfile
then
cat $outfile
echo "Did not get a cookie in the response"
exit 1
fi
if grep -q "COOKIE: $first_cookie" $outfile
then
cat $outfile
echo "Got the same first cookie in the response while the second secret is active"
exit 1
fi
if ! grep -q "COOKIE: .* (good)$" $outfile
then
# dig can generate a different cookie value here than previous cookies.
# but make sure the output contains a valid cookie
cat $outfile
echo "Did not get a valid cookie in the response"
exit 1
fi
exit 0

164
contrib/unbound/testdata/disable_edns_do.rpl vendored
View File

@ -1,164 +0,0 @@
; config options
; The island of trust is at example.com
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
trust-anchor-signaling: no
minimal-responses: no
disable-edns-do: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test lookup with disable-edns-do
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
; response to query of interest, when sent with EDNS DO
ENTRY_BEGIN
MATCH opcode qtype qname DO
ADJUST copy_id
REPLY QR AA DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
ENTRY_END
; response to query of interest, when sent without DO
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
SCENARIO_END

195
contrib/unbound/testdata/dns64_prefetch_cache.rpl vendored
View File

@ -1,195 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
module-config: "dns64 iterator"
dns64-prefix: 64:ff9b::0/96
minimal-responses: no
prefetch: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test dns64 with prefetch and cache store.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 200
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 200
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 3600 IN A 10.20.30.40
SECTION AUTHORITY
example.com. 3600 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 3600 IN A 1.2.3.4
ENTRY_END
STEP 20 TIME_PASSES ELAPSE 3500
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; the prefetch is started, the older cache reply is returned.
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 100 IN A 10.20.30.40
SECTION AUTHORITY
example.com. 100 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 100 IN A 1.2.3.4
ENTRY_END
; check what is in the cache
STEP 42 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 43 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 3600 IN A 10.20.30.40
SECTION AUTHORITY
example.com. 3600 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 3600 IN A 1.2.3.4
ENTRY_END
STEP 50 TIME_PASSES ELAPSE 300
; now the upstream is offline, the prefetched answer should be in the cache.
STEP 110 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 120 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 3300 IN A 10.20.30.40
SECTION AUTHORITY
example.com. 3300 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 3300 IN A 1.2.3.4
ENTRY_END
SCENARIO_END

21
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.conf vendored
View File

@ -1,21 +0,0 @@
server:
verbosity: 2
# num-threads: 1
interface: 127.0.0.1@@PORT@
quic-port: @PORT@
tls-service-key: "unbound_server.key"
tls-service-pem: "unbound_server.pem"
use-syslog: no
directory: .
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
local-zone: "example.net" static
local-data: "www.example.net. IN A 1.2.3.4"
local-zone: "drop.net" deny
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@"

16
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.dsc vendored
View File

@ -1,16 +0,0 @@
BaseName: doq_downstream
Version: 1.0
Description: Test DNS-over-QUIC query processing
CreationDate: Mon Aug 01 16:00:00 CEST 2022
Maintainer:
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: doq_downstream.pre
Post: doq_downstream.post
Test: doq_downstream.test
AuxFiles:
Passed:
Failure:

13
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.post vendored
View File

@ -1,13 +0,0 @@
# #-- doq_downstream.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
PRE="../.."
. ../common.sh
kill_pid $FWD_PID
if test -f unbound.pid; then
kill_pid $UNBOUND_PID
fi

44
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.pre vendored
View File

@ -1,44 +0,0 @@
# #-- doq_downstream.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
if grep "define HAVE_NGTCP2 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi
if test -f $PRE/unbound_do_valgrind_in_test; then
do_valgrind=yes
else
do_valgrind=no
fi
VALGRIND_FLAGS="--leak-check=full --show-leak-kinds=all"
get_random_port 2
UNBOUND_PORT=$RND_PORT
FWD_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
# start forwarder
get_ldns_testns
$LDNS_TESTNS -p $FWD_PORT doq_downstream.testns >fwd.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doq_downstream.conf > ub.conf
# start unbound in the background
if test $do_valgrind = "yes"; then
valgrind $VALGRIND_FLAGS $PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 &
else
$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 &
fi
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_ldns_testns_up fwd.log
wait_unbound_up unbound.log

109
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.test vendored
View File

@ -1,109 +0,0 @@
# #-- doq_downstream.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
get_make
(cd $PRE; $MAKE doqclient)
# test query from local-data, immediate like from cache
echo "> query www.example.net."
$PRE/doqclient -s 127.0.0.1 -p $UNBOUND_PORT www.example.net. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www.example.net" outfile | grep "1.2.3.4"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
echo "OK"
# test query that is resolved
echo "> query www.example.com."
$PRE/doqclient -s 127.0.0.1 -p $UNBOUND_PORT www.example.com. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www.example.com" outfile | grep "10.20.30.40"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
echo "OK"
# Perform the lock verify tests, stop the server first.
kill_pid $UNBOUND_PID
cat unbound.log
# Remove pidfile so that the post script does not try to stop the server,
# it is already stopped.
rm -f unbound.pid
if test -f ublocktrace-doqclient.0; then
if $PRE/lock-verify ublocktrace-doqclient.* 2>&1; then
echo "lock-verify test ublocktrace-doqclient worked."
else
echo "lock-verify test ublocktrace-doqclient failed."
exit 1
fi
fi
if test -f ublocktrace.0; then
if $PRE/lock-verify ublocktrace.* 2>&1; then
echo "lock-verify test ublocktrace worked."
else
echo "lock-verify test ublocktrace failed."
exit 1
fi
if grep "lock error" unbound.log >/dev/null; then
echo "lock error"
exit 1
fi
fi
# check valgrind output
if test -f $PRE/unbound_do_valgrind_in_test; then
if grep "All heap blocks were freed -- no leaks are possible" unbound.log; then
: # clean
else
grep "^==" unbound.log
echo "Memory leaked"
grep "in use at exit" unbound.log
exit 1
fi
if grep "ERROR SUMMARY: 0 errors from 0 contexts" unbound.log; then
: # clean
else
grep "^==" unbound.log
echo "Errors"
grep "ERROR SUMMARY" unbound.log
exit 1
fi
fi
exit 0

13
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.testns vendored
View File

@ -1,13 +0,0 @@
; nameserver test file
$ORIGIN example.com.
$TTL 3600
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www IN A
SECTION ANSWER
www IN A 10.20.30.40
ENTRY_END

15
contrib/unbound/testdata/doq_downstream.tdir/unbound_server.key vendored
View File

@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
-----END RSA PRIVATE KEY-----

11
contrib/unbound/testdata/doq_downstream.tdir/unbound_server.pem vendored
View File

@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
-----END CERTIFICATE-----

235
contrib/unbound/testdata/edns_downstream_cookies.rpl vendored
View File

@ -1,235 +0,0 @@
; config options
server:
answer-cookie: yes
cookie-secret: "000102030405060708090a0b0c0d0e0f"
access-control: 127.0.0.1 allow_cookie
access-control: 1.2.3.4 allow
local-data: "test. TXT test"
CONFIG_END
SCENARIO_BEGIN Test downstream DNS Cookies
; Note: When a valid hash was required, it was generated by running this test
; with an invalid one and checking the output for the valid one.
; Actual hash generation is tested with unit tests.
; Query without a client cookie ...
STEP 0 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test. IN TXT
ENTRY_END
; ... get TC and refused
STEP 1 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA TC REFUSED
SECTION QUESTION
test. IN TXT
ENTRY_END
; Query without a client cookie on TCP ...
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
MATCH TCP
SECTION QUESTION
test. IN TXT
ENTRY_END
; ... get an answer
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
test. IN TXT
SECTION ANSWER
test. IN TXT "test"
ENTRY_END
; Query with only a client cookie ...
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test. IN TXT
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 0a ; Opcode 10
00 08 ; Length 8
31 32 33 34 35 36 37 38 ; Random bits
HEX_EDNSDATA_END
ENTRY_END
; ... get BADCOOKIE and a new cookie
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all server_cookie
REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode
SECTION QUESTION
test. IN TXT
ENTRY_END
; Query with an invalid cookie ...
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test. IN TXT
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 0a ; Opcode 10
00 18 ; Length 24
31 32 33 34 35 36 37 38 ; Random bits
02 00 00 00 ; wrong version
00 00 00 00 ; Timestamp
31 32 33 34 35 36 37 38 ; wrong hash
HEX_EDNSDATA_END
ENTRY_END
; ... get BADCOOKIE and a new cookie
STEP 31 CHECK_ANSWER
ENTRY_BEGIN
MATCH all server_cookie
REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode
SECTION QUESTION
test. IN TXT
ENTRY_END
; Query with an invalid cookie from a non-cookie protected address ...
STEP 40 QUERY ADDRESS 1.2.3.4
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test. IN TXT
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 0a ; Opcode 10
00 18 ; Length 24
31 32 33 34 35 36 37 38 ; Random bits
02 00 00 00 ; wrong version
00 00 00 00 ; Timestamp
31 32 33 34 35 36 37 38 ; wrong hash
HEX_EDNSDATA_END
ENTRY_END
; ... get answer and a cookie
STEP 41 CHECK_ANSWER
ENTRY_BEGIN
MATCH all server_cookie
REPLY QR RD RA AA DO NOERROR
SECTION QUESTION
test. IN TXT
SECTION ANSWER
test. IN TXT "test"
ENTRY_END
; Query with a valid cookie ...
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test. IN TXT
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 0a ; Opcode 10
00 18 ; Length 24
31 32 33 34 35 36 37 38 ; Random bits
01 00 00 00 ; Version/Reserved
00 00 00 00 ; Timestamp
38 52 7b a8 c6 a4 ea 96 ; Hash
HEX_EDNSDATA_END
ENTRY_END
; ... get answer and the cookie
STEP 51 CHECK_ANSWER
ENTRY_BEGIN
MATCH all server_cookie
REPLY QR RD RA AA DO NOERROR
SECTION QUESTION
test. IN TXT
SECTION ANSWER
test. IN TXT "test"
ENTRY_END
; Query with a valid >30 minutes old cookie ...
STEP 59 TIME_PASSES ELAPSE 1801
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test. IN TXT
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 0a ; Opcode 10
00 18 ; Length 24
31 32 33 34 35 36 37 38 ; Random bits
01 00 00 00 ; Version/Reserved
00 00 00 00 ; Timestamp
38 52 7b a8 c6 a4 ea 96 ; Hash
HEX_EDNSDATA_END
ENTRY_END
; ... Get answer and a refreshed cookie
; (we don't check the re-freshness here; it has its own unit test)
STEP 61 CHECK_ANSWER
ENTRY_BEGIN
MATCH all server_cookie
REPLY QR RD RA AA DO NOERROR
SECTION QUESTION
test. IN TXT
SECTION ANSWER
test. IN TXT "test"
ENTRY_END
; Query with a hash-valid >60 minutes old cookie ...
STEP 69 TIME_PASSES ELAPSE 3601
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test. IN TXT
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 0a ; Opcode 10
00 18 ; Length 24
31 32 33 34 35 36 37 38 ; Random bits
01 00 00 00 ; Version/Reserved
00 00 07 09 ; Timestamp (1801)
77 81 38 e3 8f aa 72 86 ; Hash
HEX_EDNSDATA_END
ENTRY_END
; ... get BADCOOKIE and a new cookie
STEP 71 CHECK_ANSWER
ENTRY_BEGIN
MATCH all server_cookie
REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode
SECTION QUESTION
test. IN TXT
ENTRY_END
; Query with a valid future (<5 minutes) cookie ...
STEP 80 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test. IN TXT
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 0a ; Opcode 10
00 18 ; Length 24
31 32 33 34 35 36 37 38 ; Random bits
01 00 00 00 ; Version/Reserved
00 00 16 45 ; Timestamp (1801 + 3601 + 299)
4a f5 0f df f0 e8 c7 09 ; Hash
HEX_EDNSDATA_END
ENTRY_END
; ... get an answer
STEP 81 CHECK_ANSWER
ENTRY_BEGIN
MATCH all server_cookie
REPLY QR RD RA AA DO NOERROR
SECTION QUESTION
test. IN TXT
SECTION ANSWER
test. IN TXT "test"
ENTRY_END
SCENARIO_END

152
contrib/unbound/testdata/fwd_name_lookup.rpl vendored
View File

@ -1,152 +0,0 @@
; config options
server:
# must have target-fetch-policy to fetch forward-host name.
target-fetch-policy: "3 2 1 0 0"
qname-minimisation: no
minimal-responses: no
forward-zone:
name: "."
forward-addr: 1.2.3.4
forward-host: ns.example.com
CONFIG_END
SCENARIO_BEGIN Test forward with forward-host lookup for more addresses
; Forward server
RANGE_BEGIN 0 15
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.com. IN A
SECTION ANSWER
ns.example.com. IN A 1.2.3.4
ns.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.com. IN AAAA
SECTION ANSWER
SECTION AUTHORITY
example.com. IN SOA ns.example.com. host.example.com. 3 3600 300 86400 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 1.2.3.6
ENTRY_END
RANGE_END
; The forward server gives no answers.
RANGE_BEGIN 20 55
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR SERVFAIL
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR SERVFAIL
SECTION QUESTION
www3.example.com. IN A
SECTION ANSWER
ENTRY_END
RANGE_END
; The other forward server.
RANGE_BEGIN 20 55
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. IN A 1.2.3.7
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www3.example.com. IN A
SECTION ANSWER
www3.example.com. IN A 1.2.3.8
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 1.2.3.6
ENTRY_END
; The address 1.2.3.4 is not responding so it has to fail over to the
; address from the name lookup.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. IN A 1.2.3.7
ENTRY_END
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www3.example.com. IN A
ENTRY_END
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www3.example.com. IN A
SECTION ANSWER
www3.example.com. IN A 1.2.3.8
ENTRY_END
SCENARIO_END

28
contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.conf vendored
View File

@ -1,28 +0,0 @@
server:
verbosity: 5
# num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: .
pidfile: "unbound.pid"
chroot: ""
username: ""
local-data: "test. IN TXT localdata"
ip-ratelimit: 1
ip-ratelimit-cookie: 0
ip-ratelimit-factor: 0
ip-ratelimit-backoff: yes
answer-cookie: yes
access-control: 127.0.0.0/8 allow_cookie
remote-control:
control-enable: yes
control-interface: 127.0.0.1
# control-interface: ::1
control-port: @CONTROL_PORT@
server-key-file: "unbound_server.key"
server-cert-file: "unbound_server.pem"
control-key-file: "unbound_control.key"
control-cert-file: "unbound_control.pem"

16
contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc vendored
View File

@ -1,16 +0,0 @@
BaseName: ip_ratelimit
Version: 1.0
Description: Test IP source ratelimit.
CreationDate: Tue Aug 8 00:00:00 CET 2023
Maintainer: Yorgos Thessalonikefs
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: ip_ratelimit.pre
Post: ip_ratelimit.post
Test: ip_ratelimit.test
AuxFiles:
Passed:
Failure:

13
contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.post vendored
View File

@ -1,13 +0,0 @@
# #-- ip_ratelimit.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_pid $UNBOUND_PID
if test -f unbound.log; then
echo ">>> unbound log"
cat unbound.log
fi

24
contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.pre vendored
View File

@ -1,24 +0,0 @@
# #-- ip_ratelimit.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
get_random_port 2
UNBOUND_PORT=$RND_PORT
CONTROL_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < ip_ratelimit.conf > ub.conf
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
wait_unbound_up unbound.log
cat .tpkg.var.test

165
contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.test vendored
View File

@ -1,165 +0,0 @@
# #-- ip_ratelimit.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
get_make
(cd $PRE; $MAKE streamtcp)
# These tests rely on second time precision. To combat false negatives the
# tests run multiple times and we allow 1/3 of the runs to fail.
total_runs=6
success_threshold=4 # 2/3*total_runs
if dig -h 2>&1 | grep "cookie" >/dev/null; then
nocookie="+nocookie"
else
nocookie=""
fi
echo "> First get a valid cookie"
dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:0102030405060708 $nocookie +tcp +retry=0 +time=1 test. TXT >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound.log
echo "Not OK"
exit 1
fi
if test `grep "COOKIE: " outfile | wc -l` -ne 1; then
echo "Could not get cookie"
echo "> cat logfiles"
cat outfile
cat unbound.log
echo "Not OK"
exit 1
fi
cookie=`grep "COOKIE: " outfile | cut -d ' ' -f 3`
successes=0
echo "> Three parallel queries with backoff and cookie"
# For this test we send three parallel queries. The ratelimit should be reached
# for that second. We send a query to verify that there is no reply.
# Then for the next second we again send three parallel queries and we expect
# none of them to be allowed through because of the backoff logic that keeps
# rolling the RATE_WINDOW based on demand.
# Again we send another query but with a valid cookie and we expect to receive
# an answer.
for i in $(seq 1 $total_runs); do
# Try to hit limit
$PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound.log
echo "Not OK"
exit 1
fi
# Expect no answer because of limit
dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1
if test "$?" -eq 0; then
continue
fi
# Try to keep limit
$PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound.log
echo "Not OK"
exit 1
fi
# Expect answer because of DNS cookie
dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:$cookie $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1
if test "$?" -ne 0; then
continue
fi
((successes++))
# We don't have to wait for all the runs to complete if we know
# we passed the threshold.
if test $successes -ge $success_threshold; then
break
fi
done
if test $successes -ge $success_threshold; then
echo "Three parallel queries with backoff and cookie OK"
else
echo "Three parallel queries with backoff and cookie NOT OK"
echo "> cat logfiles"
cat outfile
cat unbound.log
echo "Three parallel queries with backoff and cookie NOT OK"
exit 1
fi
echo "> Activating ip-ratelimit-cookie"
echo "$PRE/unbound-control -c ub.conf set_option ip-ratelimit-cookie: 1"
$PRE/unbound-control -c ub.conf set_option ip-ratelimit-cookie: 1
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
successes=0
echo "> Three parallel queries with backoff and cookie with ip-ratelimit-cookie"
# This is the exact same test as above with the exception that we don't expect
# an answer on the last query because ip-ratelimit-cookie is now enabled.
for i in $(seq 1 $total_runs); do
# Try to hit limit
$PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound.log
echo "Not OK"
exit 1
fi
# Expect no answer because of limit
dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1
if test "$?" -eq 0; then
continue
fi
# Try to keep limit
$PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound.log
echo "Not OK"
exit 1
fi
# Expect no answer because of ip-ratelimit-cookie
dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:$cookie $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1
if test "$?" -eq 0; then
continue
fi
((successes++))
# We don't have to wait for all the runs to complete if we know
# we passed the threshold.
if test $successes -ge $success_threshold; then
break
fi
done
if test $successes -ge $success_threshold; then
echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie OK"
else
echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie NOT OK"
echo "> cat logfiles"
cat outfile
cat unbound.log
echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie NOT OK"
exit 1
fi
exit 0

39
contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.key vendored
View File

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
-----END RSA PRIVATE KEY-----

22
contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.pem vendored
View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
-----END CERTIFICATE-----

39
contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.key vendored
View File

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----

22
contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.pem vendored
View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----

245
contrib/unbound/testdata/iter_cname_minimise_nx.rpl vendored
View File

@ -1,245 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: yes
module-config: "validator iterator"
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
fake-sha1: yes
trust-anchor-signaling: no
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test cname chain resolution of nxdomain with qname minimisation.
; the qtype CNAME lookup has NXDOMAIN.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.44
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.44
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.44
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.com. IN A
SECTION ANSWER
ns.example.com. IN A 1.2.3.44
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU=
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.44
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.com. IN AAAA
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.44
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NXDOMAIN
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
SECTION AUTHORITY
example.com. 300 IN SOA a. b. 1 2 3 4 300
example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4=
v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC
v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc=
example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY
example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NXDOMAIN
SECTION QUESTION
c.example.com. IN A
SECTION ANSWER
c.example.com. 10 IN CNAME www.example.com.
c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U=
SECTION AUTHORITY
example.com. 300 IN SOA a. b. 1 2 3 4 300
example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4=
v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC
v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc=
example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY
example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
c.example.com. IN CNAME
SECTION ANSWER
c.example.com. 10 IN CNAME www.example.com.
c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U=
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
c.example.com. IN CNAME
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
c.example.com. IN CNAME
SECTION ANSWER
c.example.com. 10 IN CNAME www.example.com.
c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U=
ENTRY_END
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
c.example.com. IN CNAME
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
c.example.com. IN CNAME
SECTION ANSWER
c.example.com. 10 IN CNAME www.example.com.
c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U=
ENTRY_END
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
c.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NXDOMAIN
SECTION QUESTION
c.example.com. IN A
SECTION ANSWER
c.example.com. 10 IN CNAME www.example.com.
c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U=
SECTION AUTHORITY
example.com. 300 IN SOA a. b. 1 2 3 4 300
example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4=
v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC
v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc=
example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY
example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco=
ENTRY_END
SCENARIO_END

271
contrib/unbound/testdata/iter_dname_ttl.rpl vendored
View File

@ -1,271 +0,0 @@
; config options
; The island of trust is at example.com
; validation is enabled because the pickup of DNAME from cache wants
; a DNSSEC signed DNAME.
server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test iterator for TTL of synthesized CNAME of a DNAME from cache.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
net. IN A
SECTION AUTHORITY
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net. IN NS
SECTION ANSWER
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.net. IN A
SECTION AUTHORITY
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
foo.test-dname.example.com. IN A
SECTION ANSWER
test-dname.example.com. 3600 IN DNAME example.net.
test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0=
foo.test-dname.example.com. 3600 IN CNAME foo.example.net.
ENTRY_END
RANGE_END
; ns.example.net.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net. IN NS ns.example.net.
example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN DNSKEY
SECTION ANSWER
example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
SECTION AUTHORITY
example.net. IN NS ns.example.net.
example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
foo.example.net. IN A
SECTION ANSWER
foo.example.net. IN A 11.12.13.15
foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA==
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
foo2.example.net. IN A
SECTION ANSWER
foo2.example.net. IN A 11.12.13.16
foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ==
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
RANGE_END
STEP 1 TIME_PASSES ELAPSE 10
; Get DNAME in cache and then pick it up again from cache.
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
foo.test-dname.example.com. IN A
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
foo.test-dname.example.com. IN A
SECTION ANSWER
test-dname.example.com. 3600 IN DNAME example.net.
test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0=
foo.test-dname.example.com. 3600 IN CNAME foo.example.net.
foo.example.net. IN A 11.12.13.15
foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA==
ENTRY_END
STEP 30 TIME_PASSES ELAPSE 10
; Use DNAME from cache
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
foo2.test-dname.example.com. IN A
ENTRY_END
; Test the TTL on the synthesized CNAME for the DNAME record from cache.
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
foo2.test-dname.example.com. IN A
SECTION ANSWER
test-dname.example.com. 3590 IN DNAME example.net.
test-dname.example.com. 3590 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0=
foo2.test-dname.example.com. 3590 IN CNAME foo2.example.net.
foo2.example.net. 3600 IN A 11.12.13.16
foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ==
ENTRY_END
SCENARIO_END

132
contrib/unbound/testdata/iter_failreply.rpl vendored
View File

@ -1,132 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
minimal-responses: no
log-servfail: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test iterator fail_reply report
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. IN NS ns2.example.net.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. IN AAAA ::1
ns2.example.net. IN AAAA ::1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns2.example.net. IN A
SECTION ANSWER
ns2.example.net. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns2.example.net. IN AAAA
SECTION ANSWER
ns2.example.net. IN AAAA ::1
ENTRY_END
RANGE_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR SERVFAIL
SECTION QUESTION
www.example.com. IN A
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR SERVFAIL
SECTION QUESTION
ns.example.com. IN A
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR SERVFAIL
SECTION QUESTION
ns.example.com. IN AAAA
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 20 CHECK_OUT_QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 21 TIMEOUT
STEP 22 TIMEOUT
STEP 23 TIMEOUT
STEP 24 TIMEOUT
STEP 25 TIMEOUT
STEP 31 TIMEOUT
STEP 32 TIMEOUT
STEP 33 TIMEOUT
STEP 34 TIMEOUT
; recursion happens here.
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
ENTRY_END
SCENARIO_END

256
contrib/unbound/testdata/iter_ghost_grandchild_delegation.rpl vendored
View File

@ -1,256 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
minimal-responses: no
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test that deep delegation from the parent deletes intermediate delegations to avoid triggering the ghost domain countermeasure.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 19
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. 86400 IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. 86400 IN A 193.0.14.129
ENTRY_END
; we will explicitly ask for this
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. 10 IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. 86400 IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. 86400 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 86400 IN A 1.2.3.4
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. 10 IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. 86400 IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.com. IN A
SECTION ANSWER
ns.example.com. IN A 1.2.3.4
SECTION AUTHORITY
example.com. IN NS ns.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.com. IN AAAA
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.example.com. IN A
SECTION ANSWER
a.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
b.example.com. IN A
SECTION ANSWER
b.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
c.example.com. IN A
SECTION ANSWER
c.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com IN A 1.2.3.4
ENTRY_END
RANGE_END
; get the com. IN NS delegation in cache
STEP 0 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
com. IN NS
ENTRY_END
STEP 1 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. 10 IN NS a.gtld-servers.net.
ENTRY_END
STEP 2 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.example.com. IN A
ENTRY_END
STEP 3 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
a.example.com. IN A
SECTION ANSWER
a.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
; time passes for com. IN NS to expire.
STEP 9 TIME_PASSES ELAPSE 11
; the following query should go to the root instead of example.com. IN NS
; because com. IN NS is expired
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
b.example.com. IN A
ENTRY_END
; root replies with the example.com IN NS delegation
; the expired com. IN NS delegation should be deleted
STEP 12 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
b.example.com. IN A
SECTION ANSWER
b.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
; root is offline in this range.
; the following query should go straight to the example.com. IN NS delegation
; because the expired com. IN NS should not be in the cache anymore
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
c.example.com. IN A
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
c.example.com. IN A
SECTION ANSWER
c.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
SCENARIO_END

248
contrib/unbound/testdata/iter_ignore_empty.rpl vendored
View File

@ -1,248 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
minimal-responses: no
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test ignore of an empty response.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. IN NS ns2.example2.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example2.com. IN NS
SECTION AUTHORITY
example2.com. IN NS ns2.example2.com.
SECTION ADDITIONAL
ns2.example2.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.foo.com.
SECTION ADDITIONAL
ns.foo.com. IN A 1.2.3.5
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. IN NS ns2.example.net.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.example.com. IN A
SECTION ANSWER
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.example.com. IN AAAA
SECTION AUTHORITY
example.com. IN SOA ns root 4 14400 3600 604800 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
RANGE_END
; ns2.example2.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example2.com. IN NS
SECTION ANSWER
example2.com. IN NS ns2.example2.com.
SECTION ADDITIONAL
ns2.example2.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns2.example2.com. IN A
SECTION ANSWER
ns2.example2.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns2.example2.com. IN AAAA
SECTION AUTHORITY
example2.com. IN SOA ns2 root 4 14400 3600 604800 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
; foo.com
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.foo.com. IN A
SECTION ANSWER
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.foo.com. IN AAAA
SECTION ANSWER
SECTION AUTHORITY
;foo.com. IN SOA ns2.foo.com root.foo.com 4 14400 3600 604800 3600
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
; wait for pending nameserver lookups.
STEP 20 TRAFFIC
; Test that a nodata stays a nodata.
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.foo.com. IN A
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.foo.com. IN A
SECTION ANSWER
ENTRY_END
SCENARIO_END

2236
contrib/unbound/testdata/iter_max_global_quota.rpl vendored
View File

File diff suppressed because it is too large Load Diff

117
contrib/unbound/testdata/iter_nat64.rpl vendored
View File

@ -1,117 +0,0 @@
; config options
server:
do-nat64: yes
target-fetch-policy: "0 0 0 0 0"
stub-zone:
name: "."
stub-addr: 2001:db8::1
CONFIG_END
SCENARIO_BEGIN Test NAT64 transport for a v4-only server.
RANGE_BEGIN 0 100
ADDRESS 2001:db8::1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS FAKE.ROOT.
SECTION ADDITIONAL
FAKE.ROOT. IN AAAA 2001:db8::1
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
v4only. IN NS
SECTION AUTHORITY
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
RANGE_END
; replies from NS over "NAT64"
RANGE_BEGIN 0 100
ADDRESS 64:ff9b::c000:0201
; A over NAT64
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
ns.v4only. IN A
SECTION ANSWER
ns.v4only. IN A 192.0.2.1
SECTION AUTHORITY
v4only. IN NS ns.v4only.
ENTRY_END
; no AAAA
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
ns.v4only. IN AAAA
SECTION AUTHORITY
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
v4only. IN NS
SECTION ANSWER
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
test.v4only. IN A
SECTION ANSWER
test.v4only. IN A 192.0.2.2
SECTION AUTHORITY
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test.v4only. IN A
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
test.v4only. IN A
SECTION ANSWER
test.v4only. IN A 192.0.2.2
ENTRY_END
SCENARIO_END

119
contrib/unbound/testdata/iter_nat64_prefix.rpl vendored
View File

@ -1,119 +0,0 @@
; config options
server:
do-nat64: yes
nat64-prefix: 2001:db8:1234::/96
target-fetch-policy: "0 0 0 0 0"
do-ip4: no
stub-zone:
name: "."
stub-addr: 2001:db8::1
CONFIG_END
SCENARIO_BEGIN Test NAT64 transport for a v4-only server, custom NAT64 prefix.
RANGE_BEGIN 0 100
ADDRESS 2001:db8::1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS FAKE.ROOT.
SECTION ADDITIONAL
FAKE.ROOT. IN AAAA 2001:db8::1
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
v4only. IN NS
SECTION AUTHORITY
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
RANGE_END
; replies from NS over "NAT64"
RANGE_BEGIN 0 100
ADDRESS 2001:db8:1234::c000:0201
; A over NAT64
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
ns.v4only. IN A
SECTION ANSWER
ns.v4only. IN A 192.0.2.1
SECTION AUTHORITY
v4only. IN NS ns.v4only.
ENTRY_END
; no AAAA
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
ns.v4only. IN AAAA
SECTION AUTHORITY
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
v4only. IN NS
SECTION ANSWER
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
test.v4only. IN A
SECTION ANSWER
test.v4only. IN A 192.0.2.2
SECTION AUTHORITY
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test.v4only. IN A
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
test.v4only. IN A
SECTION ANSWER
test.v4only. IN A 192.0.2.2
ENTRY_END
SCENARIO_END

118
contrib/unbound/testdata/iter_nat64_prefix48.rpl vendored
View File

@ -1,118 +0,0 @@
; config options
server:
do-nat64: yes
nat64-prefix: 2001:db8:2345::/48
target-fetch-policy: "0 0 0 0 0"
stub-zone:
name: "."
stub-addr: 2001:db8::1
CONFIG_END
SCENARIO_BEGIN Test NAT64 transport, this time with /48 NAT64 prefix.
RANGE_BEGIN 0 100
ADDRESS 2001:db8::1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS FAKE.ROOT.
SECTION ADDITIONAL
FAKE.ROOT. IN AAAA 2001:db8::1
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
v4only. IN NS
SECTION AUTHORITY
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
RANGE_END
; replies from NS over "NAT64"
RANGE_BEGIN 0 100
ADDRESS 2001:db8:2345:c000:0002:0100::
; A over NAT64
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
ns.v4only. IN A
SECTION ANSWER
ns.v4only. IN A 192.0.2.1
SECTION AUTHORITY
v4only. IN NS ns.v4only.
ENTRY_END
; no AAAA
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
ns.v4only. IN AAAA
SECTION AUTHORITY
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
v4only. IN NS
SECTION ANSWER
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
test.v4only. IN A
SECTION ANSWER
test.v4only. IN A 192.0.2.2
SECTION AUTHORITY
v4only. IN NS ns.v4only.
SECTION ADDITIONAL
ns.v4only. IN A 192.0.2.1
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test.v4only. IN A
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
test.v4only. IN A
SECTION ANSWER
test.v4only. IN A 192.0.2.2
ENTRY_END
SCENARIO_END

298
contrib/unbound/testdata/iter_scrub_rr_length.rpl vendored
View File

@ -1,298 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
minimal-responses: no
rrset-roundrobin: no
ede: yes
log-servfail: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test scrub of RRs of inappropriate length
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 200
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 200
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 200
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
www.example.com. IN A \# 3 030405
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN AAAA
SECTION ANSWER
www.example.com. IN AAAA 2001:db8::1234
www.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
broken1.example.com. IN A
SECTION ANSWER
broken1.example.com. IN A \# 3 030405
broken1.example.com. IN A \# 3 030406
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
broken1.example.com. IN AAAA
SECTION ANSWER
broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F
broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E30
broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E31
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
broken2.example.com. IN A
SECTION ANSWER
broken2.example.com. IN A 1.2.3.4
broken2.example.com. IN A \# 3 030405
broken2.example.com. IN A 1.2.3.5
broken2.example.com. IN A \# 3 030406
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A \# 3 030407
ns.example.com. IN A 1.2.3.6
ns.example.com. IN A \# 3 030408
ns.example.com. IN A \# 3 030409
ns.example.com. IN A 1.2.3.7
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN AAAA
ENTRY_END
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN AAAA
SECTION ANSWER
www.example.com. IN AAAA 2001:db8::1234
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
broken1.example.com. IN A
ENTRY_END
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
broken1.example.com. IN A
SECTION ANSWER
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
broken1.example.com. IN AAAA
ENTRY_END
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
broken1.example.com. IN AAAA
SECTION ANSWER
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
STEP 80 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
broken2.example.com. IN A
ENTRY_END
STEP 90 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
broken2.example.com. IN A
SECTION ANSWER
broken2.example.com. IN A 1.2.3.4
broken2.example.com. IN A 1.2.3.5
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.6
ns.example.com. IN A 1.2.3.7
ENTRY_END
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD CD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ede=0
REPLY QR RD CD RA DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.6
ns.example.com. IN A 1.2.3.7
ENTRY_END
SCENARIO_END

188
contrib/unbound/testdata/iter_unverified_glue.rpl vendored
View File

@ -1,188 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
do-ip6: no
harden-unverified-glue: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test iterative resolve with lame hints.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RA NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RA NOERROR
SECTION QUESTION
a.gtld-servers.net. IN A
SECTION AUTHORITY
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.gtld-servers.net. IN A
SECTION ANSWER
a.gtld-servers.net. IN A 192.5.6.30
SECTION AUTHORITY
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns1.examplesibling.com.
SECTION ADDITIONAL
ns1.examplesibling.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns1.examplesibling.com. IN A
SECTION ANSWER
ns1.examplesibling.com. IN A 1.2.3.5
ENTRY_END
RANGE_END
; stale ns1.examplesibling.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns1.examplesibling.com.
SECTION ADDITIONAL
ns1.examplesibling.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns1.examplesibling.com.
SECTION ADDITIONAL
ns1.examplesibling.com. IN A 1.2.3.5
ENTRY_END
RANGE_END
; actual ns1.examplesibling.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns1.examplesibling.com.
SECTION ADDITIONAL
ns1.examplesibling.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.50
SECTION AUTHORITY
example.com. IN NS ns1.examplesibling.com.
SECTION ADDITIONAL
ns1.examplesibling.com. IN A 1.2.3.5
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.50
SECTION AUTHORITY
example.com. IN NS ns1.examplesibling.com.
ENTRY_END
SCENARIO_END

138
contrib/unbound/testdata/iter_unverified_glue_fallback.rpl vendored
View File

@ -1,138 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
do-ip6: no
harden-unverified-glue: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test iterative resolve with lame hints.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RA NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RA NOERROR
SECTION QUESTION
a.gtld-servers.net. IN A
SECTION AUTHORITY
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.gtld-servers.net. IN A
SECTION ANSWER
a.gtld-servers.net. IN A 192.5.6.30
SECTION AUTHORITY
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns1.examplesibling.com.
SECTION ADDITIONAL
ns1.examplesibling.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NXDOMAIN
SECTION QUESTION
ns1.examplesibling.com. IN A
ENTRY_END
RANGE_END
; stale ns1.examplesibling.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
SCENARIO_END

67
contrib/unbound/testdata/local_cnameother.rpl vendored
View File

@ -1,67 +0,0 @@
; config options
server:
local-zone: "a." static
local-data: "myd.a. NSEC myd2.a. CNAME NSEC"
local-data: "myd.a. CNAME myd.target.a."
; Switches the types first one then the other.
local-data: "myd2.a. CNAME myd2.target.a."
local-data: "myd2.a. NSEC myd3.a. CNAME NSEC"
stub-zone:
name: "a"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test local data queries with CNAME and other data.
RANGE_BEGIN 0 1000
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.refuse.top. IN A
SECTION ANSWER
www.refuse.top. IN A 5.5.5.5
ENTRY_END
RANGE_END
; local data query for type next to CNAME, the specific type should
; be preferred over the CNAME.
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
myd.a. IN NSEC
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA
SECTION QUESTION
myd.a. IN NSEC
SECTION ANSWER
myd.a. NSEC myd2.a. CNAME NSEC
ENTRY_END
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
myd2.a. IN NSEC
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA
SECTION QUESTION
myd2.a. IN NSEC
SECTION ANSWER
myd2.a. NSEC myd3.a. CNAME NSEC
ENTRY_END
SCENARIO_END

34
contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.conf vendored
View File

@ -1,34 +0,0 @@
server:
verbosity: 7
# num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
# for the test, so that DNSSEC verification works.
#val-override-date: 20230929090000
trust-anchor: ". DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D"
remote-control:
control-enable: yes
control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
control-use-cert: no
# for the test, an upstream server in the test setup.
stub-zone:
name: "."
stub-addr: 127.0.0.1@@TOPORT@
# hyperlocal root zone
auth-zone:
name: "."
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "root.zone"
zonemd-check: yes
zonemd-reject-absence: yes

16
contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.dsc vendored
View File

@ -1,16 +0,0 @@
BaseName: root_zonemd
Version: 1.0
Description: ZONEMD check for root zone
CreationDate: Fri 29 Sep 09:00:00 CEST 2023
Maintainer: dr. W.C.A. Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: root_zonemd.pre
Post: root_zonemd.post
Test: root_zonemd.test
AuxFiles:
Passed:
Failure:

14
contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.post vendored
View File

@ -1,14 +0,0 @@
# #-- root_zonemd.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
echo "> cat logfiles"
cat fwd.log
cat unbound.log
kill_pid $FWD_PID
kill_pid $UNBOUND_PID
rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID

50
contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.pre vendored
View File

@ -1,50 +0,0 @@
# #-- root_zonemd.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
. ../common.sh
# attempt to download the root zone
from=k.root-servers.net
dig @$from . AXFR > root.txt
if test $? -ne 0; then
echo "could not fetch root zone"
skip_test "could not fetch root zone"
fi
grep " SOA " root.txt | head -1 > root.soa
cat root.soa >> root.zone
grep -v " SOA " root.txt >> root.zone
echo "fetched root.zone"
ls -l root.zone
cat root.soa
get_random_port 2
UNBOUND_PORT=$RND_PORT
FWD_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
# start forwarder
get_ldns_testns
$LDNS_TESTNS -p $FWD_PORT root_zonemd.testns >fwd.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
# make config file
CONTROL_PATH=/tmp
CONTROL_PID=$$
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < root_zonemd.conf > ub.conf
# start unbound in the background
PRE="../.."
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_ldns_testns_up fwd.log
wait_unbound_up unbound.log

63
contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.test vendored
View File

@ -1,63 +0,0 @@
# #-- root_zonemd.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
# do the test
echo "> dig . SOA"
dig @127.0.0.1 -p $UNBOUND_PORT . SOA | tee outfile
echo "> check answer"
if grep root-servers outfile | grep "nstld.verisign-grs.com"; then
echo "OK"
else
echo "Not OK"
exit 1
fi
echo "> unbound-control status"
$PRE/unbound-control -c ub.conf status
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
# This is the output when an unsupported algorithm is used.
if grep "auth zone . zonemd DNSSEC verification of SOA and ZONEMD RRsets secure" unbound.log; then
echo "OK"
else
echo "ZONEMD verification not OK"
exit 1
fi
if grep "auth-zone . ZONEMD hash is correct" unbound.log; then
echo "OK"
else
echo "ZONEMD verification not OK"
exit 1
fi
if grep "auth zone . ZONEMD verification successful" unbound.log; then
echo "OK"
else
echo "ZONEMD verification not OK"
exit 1
fi
echo "> unbound-control auth_zone_reload ."
$PRE/unbound-control -c ub.conf auth_zone_reload . 2>&1 | tee outfile
if test $? -ne 0; then
echo "wrong exit value."
exit 1
fi
# The output of the reload can be checked.
echo "> check unbound-control output"
if grep ".: ZONEMD verification successful" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
exit 0

9
contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.testns vendored
View File

@ -1,9 +0,0 @@
# reply to everything
ENTRY_BEGIN
MATCH opcode
ADJUST copy_id copy_query
REPLY QR SERVFAIL
SECTION QUESTION
example.com. IN SOA
SECTION ANSWER
ENTRY_END

122
contrib/unbound/testdata/rpz_cached_cname.rpl vendored
View File

@ -1,122 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
rrset-roundrobin: no
access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com"
rpz-log: yes
rpz-log-name: "rpz.example.com"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
rpz.example.com. 3600 IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 1 3600 900 86400 3600
rpz.example.com. 3600 IN NS ns.rpz.example.net.
a.foo.rpz.example.com. 120 IN A 10.99.99.99
TEMPFILE_END
stub-zone:
name: "."
stub-addr: 10.20.30.40
CONFIG_END
SCENARIO_BEGIN Test RPZ with cached CNAME to A record
RANGE_BEGIN 0 100
ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR NOERROR AA
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS ns.
SECTION ADDITIONAL
ns. IN NS 10.20.30.40
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR NOERROR AA
SECTION QUESTION
b.foo. IN A
SECTION ANSWER
b.foo. 30 CNAME a.foo.
a.foo. 30 A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR NOERROR AA
SECTION QUESTION
a.foo. IN A
SECTION ANSWER
a.foo. A 1.2.3.4
ENTRY_END
RANGE_END
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.foo. IN A
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
a.foo. IN A
SECTION ANSWER
a.foo. 120 A 10.99.99.99
ENTRY_END
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
b.foo. IN A
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
b.foo. IN A
SECTION ANSWER
b.foo. 30 CNAME a.foo.
a.foo. 120 A 10.99.99.99
ENTRY_END
STEP 50 TIME_PASSES ELAPSE 3
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
b.foo. IN A
ENTRY_END
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
b.foo. IN A
SECTION ANSWER
b.foo. 30 CNAME a.foo.
a.foo. 120 A 10.99.99.99
ENTRY_END
SCENARIO_END

269
contrib/unbound/testdata/rpz_clientip_override.rpl vendored
View File

@ -1,269 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
rpz-action-override: "nxdomain"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
32.1.5.0.192.rpz-client-ip CNAME rpz-passthru.
32.2.5.0.192.rpz-client-ip A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz2.example.com."
rpz-log: yes
rpz-log-name: "rpz2.example.com"
rpz-action-override: "nodata"
zonefile:
TEMPFILE_NAME rpz2.example.com
TEMPFILE_CONTENTS rpz2.example.com
$ORIGIN example.com.
rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz2.example.com.
3600 IN NS ns2.rpz2.example.com.
$ORIGIN rpz2.example.com.
32.4.5.0.192.rpz-client-ip A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz3.example.com."
rpz-log: yes
rpz-log-name: "rpz3.example.com"
rpz-action-override: "passthru"
zonefile:
TEMPFILE_NAME rpz3.example.com
TEMPFILE_CONTENTS rpz3.example.com
$ORIGIN example.com.
rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz3.example.com.
3600 IN NS ns2.rpz3.example.com.
$ORIGIN rpz3.example.com.
32.5.5.0.192.rpz-client-ip A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz4.example.com."
rpz-log: yes
rpz-log-name: "rpz4.example.com"
rpz-action-override: "drop"
zonefile:
TEMPFILE_NAME rpz4.example.com
TEMPFILE_CONTENTS rpz4.example.com
$ORIGIN example.com.
rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz4.example.com.
3600 IN NS ns2.rpz4.example.com.
$ORIGIN rpz4.example.com.
32.5.5.0.192.rpz-client-ip A 1.2.3.5
32.6.5.0.192.rpz-client-ip A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz5.example.com."
rpz-log: yes
rpz-log-name: "rpz5.example.com"
rpz-action-override: "cname"
rpz-cname-override: "target.a"
zonefile:
TEMPFILE_NAME rpz5.example.com
TEMPFILE_CONTENTS rpz5.example.com
$ORIGIN example.com.
rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz5.example.com.
3600 IN NS ns2.rpz5.example.com.
$ORIGIN rpz5.example.com.
32.7.5.0.192.rpz-client-ip A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz6.example.com."
rpz-log: yes
rpz-log-name: "rpz6.example.com"
rpz-action-override: "disabled"
zonefile:
TEMPFILE_NAME rpz6.example.com
TEMPFILE_CONTENTS rpz6.example.com
$ORIGIN example.com.
rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz6.example.com.
3600 IN NS ns2.rpz6.example.com.
$ORIGIN rpz6.example.com.
32.8.5.0.192.rpz-client-ip A 1.2.3.5
TEMPFILE_END
stub-zone:
name: "a."
stub-addr: 10.20.30.40
CONFIG_END
SCENARIO_BEGIN Test RPZ action override with trigger from clientip.
; a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
target.a. IN A
SECTION ANSWER
target.a. IN A 1.2.3.6
ENTRY_END
RANGE_END
STEP 10 QUERY ADDRESS 192.0.5.2
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
d.a. IN A
SECTION ANSWER
ENTRY_END
STEP 20 QUERY ADDRESS 192.0.5.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
d.a. IN A
SECTION ANSWER
ENTRY_END
STEP 30 QUERY ADDRESS 192.0.5.3
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 31 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. IN A 1.2.3.4
ENTRY_END
STEP 40 QUERY ADDRESS 192.0.5.4
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 41 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
ENTRY_END
STEP 50 QUERY ADDRESS 192.0.5.5
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 51 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. IN A 1.2.3.4
ENTRY_END
STEP 60 QUERY ADDRESS 192.0.5.6
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
; dropped.
STEP 70 QUERY ADDRESS 192.0.5.7
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 71 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. CNAME target.a.
target.a. A 1.2.3.6
ENTRY_END
STEP 80 QUERY ADDRESS 192.0.5.8
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 81 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. IN A 1.2.3.4
ENTRY_END
SCENARIO_END

779
contrib/unbound/testdata/rpz_cname_handle.rpl vendored
View File

@ -1,779 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
www.gotham.a A 1.2.3.61
www.gotham2.a CNAME g2.target.a.
g2.target.a A 1.2.3.62
www.gotham3.a CNAME g3.target.a.
g3.target.a CNAME g3b.target.a.
g3b.target.a A 1.2.3.63
www.gotham4.a CNAME g4.target.a.
g4.target.a CNAME g4b.target.a.
g4b.target.a CNAME g4c.target.a.
g4c.target.a A 1.2.3.64
w2.gotham5.a A 1.2.3.65
w2.gotham6.a CNAME g6.target.a.
g6.target.a A 1.2.3.66
w2.gotham7.a CNAME g7.target.a.
g7.target.a CNAME g7b.target.a.
g7b.target.a A 1.2.3.66
; ns1.gotham8.a
32.48.30.20.10.rpz-nsip A 1.2.3.68
; ns1.gotham9.a
32.49.30.20.10.rpz-nsip CNAME g9.target.a.
g9.target.a A 1.2.3.69
; ns1.gotham10.a
32.50.30.20.10.rpz-nsip CNAME g10.target.a.
g10.target.a CNAME g10b.target.a.
g10b.target.a A 1.2.3.70
www.gotham11.a CNAME g11.target.a.
www.gotham12.a CNAME g12.target.a.
g12.target.a CNAME g12b.target.a.
www.gotham13.a CNAME g13.target.a.
g13.target.a CNAME g13b.target.a.
g13b.target.a CNAME g13c.target.a.
w2.gotham14.a CNAME g14.target.a.
w2.gotham15.a CNAME g15.target.a.
g15.target.a CNAME g15b.target.a.
; ns1.gotham16.a
32.56.30.20.10.rpz-nsip CNAME g16.target.a.
; ns1.gotham17.a
32.57.30.20.10.rpz-nsip CNAME g17.target.a.
g17.target.a CNAME g17b.target.a.
TEMPFILE_END
stub-zone:
name: "a."
stub-addr: 10.20.30.40
CONFIG_END
SCENARIO_BEGIN Test RPZ handling of CNAMEs.
; a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham5.a. IN NS
SECTION AUTHORITY
gotham5.a. NS ns1.gotham5.a.
SECTION ADDITIONAL
ns1.gotham5.a. A 10.20.30.45
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham6.a. IN NS
SECTION AUTHORITY
gotham6.a. NS ns1.gotham6.a.
SECTION ADDITIONAL
ns1.gotham6.a. A 10.20.30.46
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham7.a. IN NS
SECTION AUTHORITY
gotham7.a. NS ns1.gotham7.a.
SECTION ADDITIONAL
ns1.gotham7.a. A 10.20.30.47
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham8.a. IN NS
SECTION AUTHORITY
gotham8.a. NS ns1.gotham8.a.
SECTION ADDITIONAL
ns1.gotham8.a. A 10.20.30.48
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham9.a. IN NS
SECTION AUTHORITY
gotham9.a. NS ns1.gotham9.a.
SECTION ADDITIONAL
ns1.gotham9.a. A 10.20.30.49
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham10.a. IN NS
SECTION AUTHORITY
gotham10.a. NS ns1.gotham10.a.
SECTION ADDITIONAL
ns1.gotham10.a. A 10.20.30.50
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham14.a. IN NS
SECTION AUTHORITY
gotham14.a. NS ns1.gotham14.a.
SECTION ADDITIONAL
ns1.gotham14.a. A 10.20.30.54
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham15.a. IN NS
SECTION AUTHORITY
gotham15.a. NS ns1.gotham15.a.
SECTION ADDITIONAL
ns1.gotham15.a. A 10.20.30.55
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham16.a. IN NS
SECTION AUTHORITY
gotham16.a. NS ns1.gotham16.a.
SECTION ADDITIONAL
ns1.gotham16.a. A 10.20.30.56
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham17.a. IN NS
SECTION AUTHORITY
gotham17.a. NS ns1.gotham17.a.
SECTION ADDITIONAL
ns1.gotham17.a. A 10.20.30.57
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
target.a. IN A
SECTION ANSWER
target.a. IN A 1.2.3.6
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g11.target.a. IN A
SECTION ANSWER
g11.target.a. IN A 1.2.3.11
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g12b.target.a. IN A
SECTION ANSWER
g12b.target.a. A 1.2.3.12
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g13c.target.a. IN A
SECTION ANSWER
g13c.target.a. A 1.2.3.13
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g14.target.a. IN A
SECTION ANSWER
g14.target.a. A 1.2.3.14
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g15b.target.a. IN A
SECTION ANSWER
g15b.target.a. A 1.2.3.15
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g16.target.a. IN A
SECTION ANSWER
g16.target.a. A 1.2.3.16
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g17b.target.a. IN A
SECTION ANSWER
g17b.target.a. A 1.2.3.17
ENTRY_END
RANGE_END
; gotham5.a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.45
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham5.a. IN A
SECTION ANSWER
www.gotham5.a. CNAME w2.gotham5.a.
ENTRY_END
RANGE_END
; gotham6.a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.46
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham6.a. IN A
SECTION ANSWER
www.gotham6.a. CNAME w2.gotham6.a.
ENTRY_END
RANGE_END
; gotham7.a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.47
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham7.a. IN A
SECTION ANSWER
www.gotham7.a. CNAME w2.gotham7.a.
ENTRY_END
RANGE_END
; gotham14.a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.54
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham14.a. IN A
SECTION ANSWER
www.gotham14.a. CNAME w2.gotham14.a.
ENTRY_END
RANGE_END
; gotham15.a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.55
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham15.a. IN A
SECTION ANSWER
www.gotham15.a. CNAME w2.gotham15.a.
ENTRY_END
RANGE_END
; Test with zero rpz CNAMEs, rpz answer.
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham.a. IN A
ENTRY_END
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham.a. IN A
SECTION ANSWER
www.gotham.a. A 1.2.3.61
ENTRY_END
; Test with one rpz CNAME, rpz answer.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham2.a. IN A
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION ANSWER
www.gotham2.a. CNAME g2.target.a.
g2.target.a. A 1.2.3.62
ENTRY_END
; Test with two rpz CNAMEs, rpz answer.
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham3.a. IN A
ENTRY_END
STEP 31 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham3.a. IN A
SECTION ANSWER
www.gotham3.a. CNAME g3.target.a.
g3.target.a. CNAME g3b.target.a.
g3b.target.a. A 1.2.3.63
ENTRY_END
; Test with three rpz CNAMEs, rpz answer.
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham4.a. IN A
ENTRY_END
STEP 41 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham4.a. IN A
SECTION ANSWER
www.gotham4.a. CNAME g4.target.a.
g4.target.a. CNAME g4b.target.a.
g4b.target.a. CNAME g4c.target.a.
g4c.target.a. A 1.2.3.64
ENTRY_END
; Test with a CNAME from upstream, zero rpz CNAMEs, rpz answer.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham5.a. IN A
ENTRY_END
STEP 51 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham5.a. IN A
SECTION ANSWER
www.gotham5.a. CNAME w2.gotham5.a.
w2.gotham5.a. A 1.2.3.65
ENTRY_END
; Test with a CNAME from upstream, one rpz CNAME, rpz answer.
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham6.a. IN A
ENTRY_END
STEP 61 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham6.a. IN A
SECTION ANSWER
www.gotham6.a. CNAME w2.gotham6.a.
w2.gotham6.a. CNAME g6.target.a.
g6.target.a. A 1.2.3.66
ENTRY_END
; Test with a CNAME from upstream, two rpz CNAMEs, rpz answer.
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham7.a. IN A
ENTRY_END
STEP 71 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham7.a. IN A
SECTION ANSWER
www.gotham7.a. CNAME w2.gotham7.a.
w2.gotham7.a. CNAME g7.target.a.
g7.target.a. CNAME g7b.target.a.
g7b.target.a. A 1.2.3.66
ENTRY_END
; Test with a CNAME from cache, zero rpz CNAMEs, rpz answer.
STEP 80 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham5.a. IN A
ENTRY_END
STEP 81 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham5.a. IN A
SECTION ANSWER
www.gotham5.a. CNAME w2.gotham5.a.
w2.gotham5.a. A 1.2.3.65
ENTRY_END
; Test with a CNAME from cache, one rpz CNAME, rpz answer.
STEP 90 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham6.a. IN A
ENTRY_END
STEP 91 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham6.a. IN A
SECTION ANSWER
www.gotham6.a. CNAME w2.gotham6.a.
w2.gotham6.a. CNAME g6.target.a.
g6.target.a. A 1.2.3.66
ENTRY_END
; Test with a CNAME from cache, two rpz CNAMEs, rpz answer.
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham7.a. IN A
ENTRY_END
STEP 101 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham7.a. IN A
SECTION ANSWER
www.gotham7.a. CNAME w2.gotham7.a.
w2.gotham7.a. CNAME g7.target.a.
g7.target.a. CNAME g7b.target.a.
g7b.target.a. A 1.2.3.66
ENTRY_END
; Test with lookup from nameserver, zero rpz CNAMEs, rpz nsip answer.
STEP 110 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham8.a. IN A
ENTRY_END
STEP 111 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham8.a. IN A
SECTION ANSWER
www.gotham8.a. A 1.2.3.68
ENTRY_END
; Test with lookup from nameserver, one rpz CNAME, rpz nsip answer.
STEP 120 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham9.a. IN A
ENTRY_END
STEP 121 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham9.a. IN A
SECTION ANSWER
www.gotham9.a. CNAME g9.target.a.
g9.target.a. A 1.2.3.69
ENTRY_END
; Test with lookup from nameserver, two rpz CNAMEs, rpz nsip answer.
STEP 130 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham10.a. IN A
ENTRY_END
STEP 131 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham10.a. IN A
SECTION ANSWER
www.gotham10.a. CNAME g10.target.a.
g10.target.a. CNAME g10b.target.a.
g10b.target.a. A 1.2.3.70
ENTRY_END
; Test with one rpz CNAME, upstream answer.
STEP 140 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham11.a. IN A
ENTRY_END
STEP 141 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham11.a. IN A
SECTION ANSWER
www.gotham11.a. CNAME g11.target.a.
g11.target.a. A 1.2.3.11
ENTRY_END
; Test with two rpz CNAMEs, upstream answer.
STEP 150 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham12.a. IN A
ENTRY_END
STEP 151 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham12.a. IN A
SECTION ANSWER
www.gotham12.a. CNAME g12.target.a.
g12.target.a. CNAME g12b.target.a.
g12b.target.a. A 1.2.3.12
ENTRY_END
; Test with three rpz CNAMEs, upstream answer.
STEP 160 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham13.a. IN A
ENTRY_END
STEP 161 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham13.a. IN A
SECTION ANSWER
www.gotham13.a. CNAME g13.target.a.
g13.target.a. CNAME g13b.target.a.
g13b.target.a. CNAME g13c.target.a.
g13c.target.a. A 1.2.3.13
ENTRY_END
; Test with a CNAME from upstream, one rpz CNAME, upstream answer.
STEP 170 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham14.a. IN A
ENTRY_END
STEP 171 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham14.a. IN A
SECTION ANSWER
www.gotham14.a. CNAME w2.gotham14.a.
w2.gotham14.a. CNAME g14.target.a.
g14.target.a. A 1.2.3.14
ENTRY_END
; Test with a CNAME from upstream, two rpz CNAMEs, upstream answer.
STEP 180 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham15.a. IN A
ENTRY_END
STEP 181 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham15.a. IN A
SECTION ANSWER
www.gotham15.a. CNAME w2.gotham15.a.
w2.gotham15.a. CNAME g15.target.a.
g15.target.a. CNAME g15b.target.a.
g15b.target.a. A 1.2.3.15
ENTRY_END
; Test with a CNAME from cache, one rpz CNAME, upstream answer.
STEP 190 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham14.a. IN A
ENTRY_END
STEP 191 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham14.a. IN A
SECTION ANSWER
www.gotham14.a. CNAME w2.gotham14.a.
w2.gotham14.a. CNAME g14.target.a.
g14.target.a. A 1.2.3.14
ENTRY_END
; Test with a CNAME from cache, two rpz CNAMEs, upstream answer.
STEP 200 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham15.a. IN A
ENTRY_END
STEP 201 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham15.a. IN A
SECTION ANSWER
www.gotham15.a. CNAME w2.gotham15.a.
w2.gotham15.a. CNAME g15.target.a.
g15.target.a. CNAME g15b.target.a.
g15b.target.a. A 1.2.3.15
ENTRY_END
; Test with lookup from nameserver, one rpz nsip CNAME, upstream answer.
STEP 210 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham16.a. IN A
ENTRY_END
STEP 211 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham16.a. IN A
SECTION ANSWER
www.gotham16.a. CNAME g16.target.a.
g16.target.a. A 1.2.3.16
ENTRY_END
; Test with lookup from nameserver, two rpz nsip CNAMEs, upstream answer.
STEP 220 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham17.a. IN A
ENTRY_END
STEP 221 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham17.a. IN A
SECTION ANSWER
www.gotham17.a. CNAME g17.target.a.
g17.target.a. CNAME g17b.target.a.
g17b.target.a. A 1.2.3.17
ENTRY_END
SCENARIO_END

281
contrib/unbound/testdata/rpz_cname_tag.rpl vendored
View File

@ -1,281 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
access-control: 192.0.0.0/8 allow
access-control: 193.0.0.0/8 allow
define-tag: "internal server"
access-control-tag: 192.0.0.0/8 "internal"
access-control-tag: 127.0.0.0/8 "server"
; 193.0.0.0/8 has no tags
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
tags: "internal"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
www.gotham.a A 1.2.3.61
www.gotham2.a CNAME g2.target.a.
g2.target.a A 1.2.3.62
www.gotham3.a CNAME g3.target.a.
g3.target.a CNAME g3b.target.a.
g3b.target.a A 1.2.3.63
www.gotham4.a CNAME g4.target.a.
g4.target.a CNAME g4b.target.a.
g4b.target.a CNAME g4c.target.a.
g4c.target.a A 1.2.3.64
; server for a.
32.40.30.20.10.rpz-nsip A 1.2.3.68
www.gotham5.a TXT "txt5"
TEMPFILE_END
stub-zone:
name: "a."
stub-addr: 10.20.30.40
CONFIG_END
SCENARIO_BEGIN Test RPZ handling of CNAMEs and tags.
; a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
target.a. IN A
SECTION ANSWER
target.a. IN A 1.2.3.6
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham.a. IN A
SECTION ANSWER
www.gotham.a. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION ANSWER
www.gotham2.a. IN A 1.2.3.52
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham3.a. IN A
SECTION ANSWER
www.gotham3.a. IN A 1.2.3.53
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham4.a. IN A
SECTION ANSWER
www.gotham4.a. IN A 1.2.3.54
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham5.a. IN TXT
SECTION ANSWER
www.gotham5.a. IN TXT "gotham5"
ENTRY_END
RANGE_END
; Test with zero rpz CNAMEs, no tag match for rpz answer.
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham.a. IN A
ENTRY_END
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham.a. IN A
SECTION ANSWER
www.gotham.a. A 1.2.3.5
ENTRY_END
; Test with one rpz CNAME, no tag match for rpz answer.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham2.a. IN A
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION ANSWER
www.gotham2.a. A 1.2.3.52
ENTRY_END
; Test with two rpz CNAMEs, no tag match for rpz answer.
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham3.a. IN A
ENTRY_END
STEP 31 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham3.a. IN A
SECTION ANSWER
www.gotham3.a. A 1.2.3.53
ENTRY_END
; Test with three rpz CNAMEs, no tag match for rpz answer.
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham4.a. IN A
ENTRY_END
STEP 41 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham4.a. IN A
SECTION ANSWER
www.gotham4.a. A 1.2.3.54
ENTRY_END
; Test with zero rpz CNAMEs, rpz answer. Tag "internal"
STEP 50 QUERY ADDRESS 192.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham.a. IN A
ENTRY_END
STEP 51 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham.a. IN A
SECTION ANSWER
www.gotham.a. A 1.2.3.61
ENTRY_END
; Test with one rpz CNAME, rpz answer. Tag "internal"
STEP 60 QUERY ADDRESS 192.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham2.a. IN A
ENTRY_END
STEP 61 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION ANSWER
www.gotham2.a. CNAME g2.target.a.
g2.target.a. A 1.2.3.62
ENTRY_END
; Test with two rpz CNAMEs, rpz answer. Tag "internal"
STEP 70 QUERY ADDRESS 192.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham3.a. IN A
ENTRY_END
STEP 71 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham3.a. IN A
SECTION ANSWER
www.gotham3.a. CNAME g3.target.a.
g3.target.a. CNAME g3b.target.a.
g3b.target.a. A 1.2.3.63
ENTRY_END
; Test with three rpz CNAMEs, rpz answer. Tag "internal"
STEP 80 QUERY ADDRESS 192.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham4.a. IN A
ENTRY_END
STEP 81 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham4.a. IN A
SECTION ANSWER
www.gotham4.a. CNAME g4.target.a.
g4.target.a. CNAME g4b.target.a.
g4b.target.a. CNAME g4c.target.a.
g4c.target.a. A 1.2.3.64
ENTRY_END
; Test with zero rpz CNAMEs, no tags for the query, and so no rpz answer.
STEP 90 QUERY ADDRESS 193.0.0.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham5.a. IN TXT
ENTRY_END
STEP 91 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham5.a. IN TXT
SECTION ANSWER
www.gotham5.a. IN TXT "gotham5"
ENTRY_END
SCENARIO_END

325
contrib/unbound/testdata/rpz_nsdname_override.rpl vendored
View File

@ -1,325 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
rpz-action-override: "nxdomain"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
ns1.gotham.a.rpz-nsdname A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz2.example.com."
rpz-log: yes
rpz-log-name: "rpz2.example.com"
rpz-action-override: "nodata"
zonefile:
TEMPFILE_NAME rpz2.example.com
TEMPFILE_CONTENTS rpz2.example.com
$ORIGIN example.com.
rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz2.example.com.
3600 IN NS ns2.rpz2.example.com.
$ORIGIN rpz2.example.com.
ns1.gotham2.a.rpz-nsdname A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz3.example.com."
rpz-log: yes
rpz-log-name: "rpz3.example.com"
rpz-action-override: "passthru"
zonefile:
TEMPFILE_NAME rpz3.example.com
TEMPFILE_CONTENTS rpz3.example.com
$ORIGIN example.com.
rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz3.example.com.
3600 IN NS ns2.rpz3.example.com.
$ORIGIN rpz3.example.com.
ns1.gotham3.a.rpz-nsdname A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz4.example.com."
rpz-log: yes
rpz-log-name: "rpz4.example.com"
rpz-action-override: "drop"
zonefile:
TEMPFILE_NAME rpz4.example.com
TEMPFILE_CONTENTS rpz4.example.com
$ORIGIN example.com.
rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz4.example.com.
3600 IN NS ns2.rpz4.example.com.
$ORIGIN rpz4.example.com.
ns1.gotham3.a.rpz-nsdname A 1.2.3.5
ns1.gotham4.a.rpz-nsdname A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz5.example.com."
rpz-log: yes
rpz-log-name: "rpz5.example.com"
rpz-action-override: "cname"
rpz-cname-override: "target.a"
zonefile:
TEMPFILE_NAME rpz5.example.com
TEMPFILE_CONTENTS rpz5.example.com
$ORIGIN example.com.
rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz5.example.com.
3600 IN NS ns2.rpz5.example.com.
$ORIGIN rpz5.example.com.
ns1.gotham5.a.rpz-nsdname A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz6.example.com."
rpz-log: yes
rpz-log-name: "rpz6.example.com"
rpz-action-override: "disabled"
zonefile:
TEMPFILE_NAME rpz6.example.com
TEMPFILE_CONTENTS rpz6.example.com
$ORIGIN example.com.
rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz6.example.com.
3600 IN NS ns2.rpz6.example.com.
$ORIGIN rpz6.example.com.
ns1.gotham6.a.rpz-nsdname A 1.2.3.5
TEMPFILE_END
stub-zone:
name: "a."
stub-addr: 10.20.30.40
CONFIG_END
SCENARIO_BEGIN Test RPZ action override with trigger from nsdname.
; a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham.a. IN A
SECTION AUTHORITY
gotham.a. NS ns1.gotham.a.
SECTION ADDITIONAL
ns1.gotham.a. A 10.20.30.41
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION AUTHORITY
gotham2.a. NS ns1.gotham2.a.
SECTION ADDITIONAL
ns1.gotham2.a. A 10.20.30.42
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham3.a. IN A
SECTION AUTHORITY
gotham3.a. NS ns1.gotham3.a.
SECTION ADDITIONAL
ns1.gotham3.a. A 10.20.30.43
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham4.a. IN A
SECTION AUTHORITY
gotham4.a. NS ns1.gotham4.a.
SECTION ADDITIONAL
ns1.gotham4.a. A 10.20.30.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham5.a. IN A
SECTION AUTHORITY
gotham5.a. NS ns1.gotham5.a.
SECTION ADDITIONAL
ns1.gotham5.a. A 10.20.30.45
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham6.a. IN A
SECTION AUTHORITY
gotham6.a. NS ns1.gotham6.a.
SECTION ADDITIONAL
ns1.gotham6.a. A 10.20.30.46
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
target.a. IN A
SECTION ANSWER
target.a. IN A 1.2.3.6
ENTRY_END
RANGE_END
; gotham3.a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.43
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham3.a. IN A
SECTION ANSWER
www.gotham3.a. A 1.2.3.4
ENTRY_END
RANGE_END
; gotham6.a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.46
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham6.a. IN A
SECTION ANSWER
www.gotham6.a. A 1.2.3.4
ENTRY_END
RANGE_END
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham.a. IN A
ENTRY_END
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
www.gotham.a. IN A
SECTION ANSWER
ENTRY_END
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham2.a. IN A
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION ANSWER
ENTRY_END
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham3.a. IN A
ENTRY_END
STEP 31 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham3.a. IN A
SECTION ANSWER
www.gotham3.a. A 1.2.3.4
ENTRY_END
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham4.a. IN A
ENTRY_END
;dropped
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham5.a. IN A
ENTRY_END
STEP 51 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham5.a. IN A
SECTION ANSWER
www.gotham5.a. CNAME target.a
target.a A 1.2.3.6
ENTRY_END
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham6.a. IN A
ENTRY_END
STEP 61 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham6.a. IN A
SECTION ANSWER
www.gotham6.a. A 1.2.3.4
ENTRY_END
SCENARIO_END

332
contrib/unbound/testdata/rpz_nsip_override.rpl vendored
View File

@ -1,332 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
rpz-action-override: "nxdomain"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
; ns1.gotham.a
32.41.30.20.10.rpz-nsip A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz2.example.com."
rpz-log: yes
rpz-log-name: "rpz2.example.com"
rpz-action-override: "nodata"
zonefile:
TEMPFILE_NAME rpz2.example.com
TEMPFILE_CONTENTS rpz2.example.com
$ORIGIN example.com.
rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz2.example.com.
3600 IN NS ns2.rpz2.example.com.
$ORIGIN rpz2.example.com.
; ns1.gotham2.a
32.42.30.20.10.rpz-nsip A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz3.example.com."
rpz-log: yes
rpz-log-name: "rpz3.example.com"
rpz-action-override: "passthru"
zonefile:
TEMPFILE_NAME rpz3.example.com
TEMPFILE_CONTENTS rpz3.example.com
$ORIGIN example.com.
rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz3.example.com.
3600 IN NS ns2.rpz3.example.com.
$ORIGIN rpz3.example.com.
; ns1.gotham3.a
32.43.30.20.10.rpz-nsip A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz4.example.com."
rpz-log: yes
rpz-log-name: "rpz4.example.com"
rpz-action-override: "drop"
zonefile:
TEMPFILE_NAME rpz4.example.com
TEMPFILE_CONTENTS rpz4.example.com
$ORIGIN example.com.
rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz4.example.com.
3600 IN NS ns2.rpz4.example.com.
$ORIGIN rpz4.example.com.
; ns1.gotham3.a
32.43.30.20.10.rpz-nsip A 1.2.3.5
; ns1.gotham4.a
32.44.30.20.10.rpz-nsip A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz5.example.com."
rpz-log: yes
rpz-log-name: "rpz5.example.com"
rpz-action-override: "cname"
rpz-cname-override: "target.a"
zonefile:
TEMPFILE_NAME rpz5.example.com
TEMPFILE_CONTENTS rpz5.example.com
$ORIGIN example.com.
rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz5.example.com.
3600 IN NS ns2.rpz5.example.com.
$ORIGIN rpz5.example.com.
; ns1.gotham5.a
32.45.30.20.10.rpz-nsip A 1.2.3.5
TEMPFILE_END
rpz:
name: "rpz6.example.com."
rpz-log: yes
rpz-log-name: "rpz6.example.com"
rpz-action-override: "disabled"
zonefile:
TEMPFILE_NAME rpz6.example.com
TEMPFILE_CONTENTS rpz6.example.com
$ORIGIN example.com.
rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz6.example.com.
3600 IN NS ns2.rpz6.example.com.
$ORIGIN rpz6.example.com.
; ns1.gotham6.a
32.46.30.20.10.rpz-nsip A 1.2.3.5
TEMPFILE_END
stub-zone:
name: "a."
stub-addr: 10.20.30.40
CONFIG_END
SCENARIO_BEGIN Test RPZ action override with trigger from nsip.
; a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham.a. IN A
SECTION AUTHORITY
gotham.a. NS ns1.gotham.a.
SECTION ADDITIONAL
ns1.gotham.a. A 10.20.30.41
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION AUTHORITY
gotham2.a. NS ns1.gotham2.a.
SECTION ADDITIONAL
ns1.gotham2.a. A 10.20.30.42
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham3.a. IN A
SECTION AUTHORITY
gotham3.a. NS ns1.gotham3.a.
SECTION ADDITIONAL
ns1.gotham3.a. A 10.20.30.43
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham4.a. IN A
SECTION AUTHORITY
gotham4.a. NS ns1.gotham4.a.
SECTION ADDITIONAL
ns1.gotham4.a. A 10.20.30.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham5.a. IN A
SECTION AUTHORITY
gotham5.a. NS ns1.gotham5.a.
SECTION ADDITIONAL
ns1.gotham5.a. A 10.20.30.45
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham6.a. IN A
SECTION AUTHORITY
gotham6.a. NS ns1.gotham6.a.
SECTION ADDITIONAL
ns1.gotham6.a. A 10.20.30.46
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
target.a. IN A
SECTION ANSWER
target.a. IN A 1.2.3.6
ENTRY_END
RANGE_END
; gotham3.a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.43
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham3.a. IN A
SECTION ANSWER
www.gotham3.a. A 1.2.3.4
ENTRY_END
RANGE_END
; gotham6.a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.46
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham6.a. IN A
SECTION ANSWER
www.gotham6.a. A 1.2.3.4
ENTRY_END
RANGE_END
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham.a. IN A
ENTRY_END
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
www.gotham.a. IN A
SECTION ANSWER
ENTRY_END
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham2.a. IN A
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION ANSWER
ENTRY_END
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham3.a. IN A
ENTRY_END
STEP 31 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham3.a. IN A
SECTION ANSWER
www.gotham3.a. A 1.2.3.4
ENTRY_END
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham4.a. IN A
ENTRY_END
;dropped
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham5.a. IN A
ENTRY_END
STEP 51 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham5.a. IN A
SECTION ANSWER
www.gotham5.a. CNAME target.a
target.a A 1.2.3.6
ENTRY_END
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham6.a. IN A
ENTRY_END
STEP 61 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham6.a. IN A
SECTION ANSWER
www.gotham6.a. A 1.2.3.4
ENTRY_END
SCENARIO_END

90
contrib/unbound/testdata/rpz_passthru_clientip.rpl vendored
View File

@ -1,90 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
d.a A 127.0.0.1
32.1.5.0.192.rpz-client-ip CNAME rpz-passthru.
32.2.5.0.192.rpz-client-ip CNAME rpz-drop.
TEMPFILE_END
stub-zone:
name: "a."
stub-addr: 10.20.30.40
CONFIG_END
SCENARIO_BEGIN Test RPZ passthru ends processing after clientip.
; a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. IN A 1.2.3.4
ENTRY_END
RANGE_END
STEP 10 QUERY ADDRESS 192.0.5.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. A 1.2.3.4
ENTRY_END
; This reply should get the rpz data
STEP 20 QUERY ADDRESS 192.0.5.3
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. A 127.0.0.1
ENTRY_END
; This reply should be dropped.
STEP 30 QUERY ADDRESS 192.0.5.2
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
SCENARIO_END

120
contrib/unbound/testdata/rpz_qtype_cname.rpl vendored
View File

@ -1,120 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
www.gotham.a CNAME foo.target.a.
32.42.30.20.10.rpz-nsip CNAME foo.target.a.
TEMPFILE_END
stub-zone:
name: "a."
stub-addr: 10.20.30.40
CONFIG_END
SCENARIO_BEGIN Test RPZ with qtype CNAME.
; a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham.a. IN A
SECTION AUTHORITY
gotham.a. NS ns1.gotham.a.
SECTION ADDITIONAL
ns1.gotham.a. A 10.20.30.41
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham2.a. IN NS
SECTION AUTHORITY
gotham2.a. NS ns1.gotham2.a.
SECTION ADDITIONAL
ns1.gotham2.a. A 10.20.30.42
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
target.a. IN A
SECTION ANSWER
target.a. IN A 1.2.3.6
ENTRY_END
RANGE_END
; gotham2.a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.42
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham2.a. IN CNAME
SECTION ANSWER
www.gotham2.a. CNAME foo2.target.a.
ENTRY_END
RANGE_END
; Query for type CNAME, from the RPZ response
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham.a. IN CNAME
ENTRY_END
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA
SECTION QUESTION
www.gotham.a. IN CNAME
SECTION ANSWER
www.gotham.a. IN CNAME foo.target.a.
ENTRY_END
; Query for type CNAME, the answer is nameserver lookup, CNAME from rpz nsip.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham2.a. IN CNAME
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham2.a. IN CNAME
SECTION ANSWER
www.gotham2.a. IN CNAME foo.target.a.
ENTRY_END
SCENARIO_END

Some files were not shown because too many files have changed in this diff Show More