mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-26 20:12:44 +00:00
unbound: Vendor import 1.22.0
Release notes at https://nlnetlabs.nl/news/2024/Oct/17/unbound-1.22.0-released/ MFC after: 1 week Merge commit '0a6d797cf6eb751d7eb613900cd19803e05d905f' into main
This commit is contained in:
commit
46d2f61818
@ -179,11 +179,11 @@ testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \
|
||||
testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \
|
||||
testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \
|
||||
testcode/unitecs.c testcode/unitauth.c testcode/unitzonemd.c \
|
||||
testcode/unittcpreuse.c
|
||||
testcode/unittcpreuse.c testcode/unitdoq.c
|
||||
UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \
|
||||
unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \
|
||||
readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo unitzonemd.lo \
|
||||
unittcpreuse.lo
|
||||
unittcpreuse.lo unitdoq.lo
|
||||
UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \
|
||||
$(COMPAT_OBJ)
|
||||
DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \
|
||||
@ -242,6 +242,10 @@ DOHCLIENT_SRC=testcode/dohclient.c
|
||||
DOHCLIENT_OBJ=dohclient.lo
|
||||
DOHCLIENT_OBJ_LINK=$(DOHCLIENT_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \
|
||||
$(SLDNS_OBJ)
|
||||
DOQCLIENT_SRC=testcode/doqclient.c
|
||||
DOQCLIENT_OBJ=doqclient.lo
|
||||
DOQCLIENT_OBJ_LINK=$(DOQCLIENT_OBJ) $(COMMON_OBJ) $(COMPAT_OBJ) \
|
||||
$(SLDNS_OBJ)
|
||||
PERF_SRC=testcode/perf.c
|
||||
PERF_OBJ=perf.lo
|
||||
PERF_OBJ_LINK=$(PERF_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) $(SLDNS_OBJ)
|
||||
@ -288,7 +292,7 @@ ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \
|
||||
$(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) $(DNSTAP_SOCKET_SRC)\
|
||||
$(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \
|
||||
$(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) \
|
||||
$(DOHCLIENT_SRC) $(READZONE_SRC)
|
||||
$(DOHCLIENT_SRC) $(DOQCLIENT_SRC) $(READZONE_SRC)
|
||||
|
||||
ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \
|
||||
$(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \
|
||||
@ -297,7 +301,7 @@ ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \
|
||||
$(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) $(DNSTAP_SOCKET_OBJ)\
|
||||
$(COMPAT_OBJ) $(PYUNBOUND_OBJ) \
|
||||
$(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) \
|
||||
$(DOHCLIENT_OBJ) $(READZONE_OBJ)
|
||||
$(DOHCLIENT_OBJ) $(DOQCLIENT_OBJ) $(READZONE_OBJ)
|
||||
|
||||
COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@
|
||||
LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS)
|
||||
@ -334,7 +338,7 @@ rsrc_unbound_checkconf.o: $(srcdir)/winrc/rsrc_unbound_checkconf.rc config.h
|
||||
TEST_BIN=asynclook$(EXEEXT) delayer$(EXEEXT) \
|
||||
lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \
|
||||
petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \
|
||||
$(DNSTAP_SOCKET_TESTBIN) dohclient$(EXEEXT) \
|
||||
$(DNSTAP_SOCKET_TESTBIN) dohclient$(EXEEXT) doqclient$(EXEEXT) \
|
||||
testbound$(EXEEXT) unittest$(EXEEXT) readzone$(EXEEXT)
|
||||
tests: all $(TEST_BIN)
|
||||
|
||||
@ -416,6 +420,9 @@ streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK)
|
||||
dohclient$(EXEEXT): $(DOHCLIENT_OBJ_LINK)
|
||||
$(LINK) -o $@ $(DOHCLIENT_OBJ_LINK) $(SSLLIB) $(LIBS)
|
||||
|
||||
doqclient$(EXEEXT): $(DOQCLIENT_OBJ_LINK)
|
||||
$(LINK) -o $@ $(DOQCLIENT_OBJ_LINK) $(SSLLIB) $(LIBS)
|
||||
|
||||
perf$(EXEEXT): $(PERF_OBJ_LINK)
|
||||
$(LINK) -o $@ $(PERF_OBJ_LINK) $(SSLLIB) $(LIBS)
|
||||
|
||||
@ -703,6 +710,8 @@ depend:
|
||||
|
||||
# build rules
|
||||
ipset.lo ipset.o: $(srcdir)/ipset/ipset.c
|
||||
doqclient.lo doqclient.o: $(srcdir)/testcode/doqclient.c
|
||||
unitdoq.lo unitdoq.o: $(srcdir)/testcode/unitdoq.c
|
||||
|
||||
# Dependencies
|
||||
dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
|
||||
|
292
contrib/unbound/aclocal.m4
vendored
292
contrib/unbound/aclocal.m4
vendored
@ -1,6 +1,6 @@
|
||||
# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
|
||||
# generated automatically by aclocal 1.16.2 -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
|
||||
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
@ -14,8 +14,7 @@
|
||||
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
|
||||
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
|
||||
#
|
||||
# Copyright (C) 1996-2001, 2003-2019, 2021-2022 Free Software
|
||||
# Foundation, Inc.
|
||||
# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
|
||||
# Written by Gordon Matzigkeit, 1996
|
||||
#
|
||||
# This file is free software; the Free Software Foundation gives
|
||||
@ -46,7 +45,7 @@ m4_define([_LT_COPYING], [dnl
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
])
|
||||
|
||||
# serial 59 LT_INIT
|
||||
# serial 58 LT_INIT
|
||||
|
||||
|
||||
# LT_PREREQ(VERSION)
|
||||
@ -196,7 +195,6 @@ m4_require([_LT_FILEUTILS_DEFAULTS])dnl
|
||||
m4_require([_LT_CHECK_SHELL_FEATURES])dnl
|
||||
m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
|
||||
m4_require([_LT_CMD_RELOAD])dnl
|
||||
m4_require([_LT_DECL_FILECMD])dnl
|
||||
m4_require([_LT_CHECK_MAGIC_METHOD])dnl
|
||||
m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
|
||||
m4_require([_LT_CMD_OLD_ARCHIVE])dnl
|
||||
@ -235,8 +233,8 @@ esac
|
||||
ofile=libtool
|
||||
can_build_shared=yes
|
||||
|
||||
# All known linkers require a '.a' archive for static linking (except MSVC and
|
||||
# ICC, which need '.lib').
|
||||
# All known linkers require a '.a' archive for static linking (except MSVC,
|
||||
# which needs '.lib').
|
||||
libext=a
|
||||
|
||||
with_gnu_ld=$lt_cv_prog_gnu_ld
|
||||
@ -788,7 +786,7 @@ _LT_EOF
|
||||
# if finds mixed CR/LF and LF-only lines. Since sed operates in
|
||||
# text mode, it properly converts lines to CR/LF. This bash problem
|
||||
# is reportedly fixed, but why not run on old versions too?
|
||||
$SED '$q' "$ltmain" >> "$cfgfile" \
|
||||
sed '$q' "$ltmain" >> "$cfgfile" \
|
||||
|| (rm -f "$cfgfile"; exit 1)
|
||||
|
||||
mv -f "$cfgfile" "$ofile" ||
|
||||
@ -1050,8 +1048,8 @@ int forced_loaded() { return 2;}
|
||||
_LT_EOF
|
||||
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
|
||||
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
|
||||
echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
|
||||
$AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
|
||||
echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
|
||||
$AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
|
||||
echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
|
||||
$RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
|
||||
cat > conftest.c << _LT_EOF
|
||||
@ -1075,12 +1073,17 @@ _LT_EOF
|
||||
_lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
|
||||
darwin1.*)
|
||||
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
|
||||
darwin*)
|
||||
case $MACOSX_DEPLOYMENT_TARGET,$host in
|
||||
10.[[012]],*|,*powerpc*-darwin[[5-8]]*)
|
||||
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
|
||||
*)
|
||||
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
|
||||
darwin*) # darwin 5.x on
|
||||
# if running on 10.5 or later, the deployment target defaults
|
||||
# to the OS version, if on x86, and 10.4, the deployment
|
||||
# target defaults to 10.4. Don't you love it?
|
||||
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
|
||||
10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
|
||||
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
|
||||
10.[[012]][[,.]]*)
|
||||
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
|
||||
10.*)
|
||||
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
@ -1129,12 +1132,12 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
|
||||
output_verbose_link_cmd=func_echo_all
|
||||
_LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
|
||||
_LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
|
||||
_LT_TAGVAR(module_expsym_cmds, $1)="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
|
||||
_LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
|
||||
m4_if([$1], [CXX],
|
||||
[ if test yes != "$lt_cv_apple_cc_single_mod"; then
|
||||
_LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
|
||||
fi
|
||||
],[])
|
||||
else
|
||||
@ -1248,8 +1251,7 @@ _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
|
||||
# _LT_WITH_SYSROOT
|
||||
# ----------------
|
||||
AC_DEFUN([_LT_WITH_SYSROOT],
|
||||
[m4_require([_LT_DECL_SED])dnl
|
||||
AC_MSG_CHECKING([for sysroot])
|
||||
[AC_MSG_CHECKING([for sysroot])
|
||||
AC_ARG_WITH([sysroot],
|
||||
[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
|
||||
[Search for dependent libraries within DIR (or the compiler's sysroot
|
||||
@ -1266,7 +1268,7 @@ case $with_sysroot in #(
|
||||
fi
|
||||
;; #(
|
||||
/*)
|
||||
lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"`
|
||||
lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
|
||||
;; #(
|
||||
no|'')
|
||||
;; #(
|
||||
@ -1296,7 +1298,7 @@ ia64-*-hpux*)
|
||||
# options accordingly.
|
||||
echo 'int i;' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
*ELF-32*)
|
||||
HPUX_IA64_MODE=32
|
||||
;;
|
||||
@ -1313,7 +1315,7 @@ ia64-*-hpux*)
|
||||
echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
if test yes = "$lt_cv_prog_gnu_ld"; then
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
*32-bit*)
|
||||
LD="${LD-ld} -melf32bsmip"
|
||||
;;
|
||||
@ -1325,7 +1327,7 @@ ia64-*-hpux*)
|
||||
;;
|
||||
esac
|
||||
else
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
*32-bit*)
|
||||
LD="${LD-ld} -32"
|
||||
;;
|
||||
@ -1347,7 +1349,7 @@ mips64*-*linux*)
|
||||
echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
emul=elf
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
*32-bit*)
|
||||
emul="${emul}32"
|
||||
;;
|
||||
@ -1355,7 +1357,7 @@ mips64*-*linux*)
|
||||
emul="${emul}64"
|
||||
;;
|
||||
esac
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
*MSB*)
|
||||
emul="${emul}btsmip"
|
||||
;;
|
||||
@ -1363,7 +1365,7 @@ mips64*-*linux*)
|
||||
emul="${emul}ltsmip"
|
||||
;;
|
||||
esac
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
*N32*)
|
||||
emul="${emul}n32"
|
||||
;;
|
||||
@ -1383,14 +1385,14 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
|
||||
# not appear in the list.
|
||||
echo 'int i;' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
case `$FILECMD conftest.o` in
|
||||
case `/usr/bin/file conftest.o` in
|
||||
*32-bit*)
|
||||
case $host in
|
||||
x86_64-*kfreebsd*-gnu)
|
||||
LD="${LD-ld} -m elf_i386_fbsd"
|
||||
;;
|
||||
x86_64-*linux*)
|
||||
case `$FILECMD conftest.o` in
|
||||
case `/usr/bin/file conftest.o` in
|
||||
*x86-64*)
|
||||
LD="${LD-ld} -m elf32_x86_64"
|
||||
;;
|
||||
@ -1458,7 +1460,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
|
||||
# options accordingly.
|
||||
echo 'int i;' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
case `$FILECMD conftest.o` in
|
||||
case `/usr/bin/file conftest.o` in
|
||||
*64-bit*)
|
||||
case $lt_cv_prog_gnu_ld in
|
||||
yes*)
|
||||
@ -1497,22 +1499,9 @@ need_locks=$enable_libtool_lock
|
||||
m4_defun([_LT_PROG_AR],
|
||||
[AC_CHECK_TOOLS(AR, [ar], false)
|
||||
: ${AR=ar}
|
||||
: ${AR_FLAGS=cru}
|
||||
_LT_DECL([], [AR], [1], [The archiver])
|
||||
|
||||
# Use ARFLAGS variable as AR's operation code to sync the variable naming with
|
||||
# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
|
||||
# higher priority because thats what people were doing historically (setting
|
||||
# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS
|
||||
# variable obsoleted/removed.
|
||||
|
||||
test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
|
||||
lt_ar_flags=$AR_FLAGS
|
||||
_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
|
||||
|
||||
# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override
|
||||
# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
|
||||
_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}],
|
||||
[Flags to create an archive])
|
||||
_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
|
||||
|
||||
AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
|
||||
[lt_cv_ar_at_file=no
|
||||
@ -1731,7 +1720,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
|
||||
lt_cv_sys_max_cmd_len=8192;
|
||||
;;
|
||||
|
||||
bitrig* | darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*)
|
||||
bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
|
||||
# This has been around since 386BSD, at least. Likely further.
|
||||
if test -x /sbin/sysctl; then
|
||||
lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
|
||||
@ -1774,7 +1763,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
|
||||
sysv5* | sco5v6* | sysv4.2uw2*)
|
||||
kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
|
||||
if test -n "$kargmax"; then
|
||||
lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.*[[ ]]//'`
|
||||
lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'`
|
||||
else
|
||||
lt_cv_sys_max_cmd_len=32768
|
||||
fi
|
||||
@ -2224,35 +2213,26 @@ m4_defun([_LT_CMD_STRIPLIB],
|
||||
striplib=
|
||||
old_striplib=
|
||||
AC_MSG_CHECKING([whether stripping libraries is possible])
|
||||
if test -z "$STRIP"; then
|
||||
AC_MSG_RESULT([no])
|
||||
if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
|
||||
test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
|
||||
test -z "$striplib" && striplib="$STRIP --strip-unneeded"
|
||||
AC_MSG_RESULT([yes])
|
||||
else
|
||||
if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
|
||||
old_striplib="$STRIP --strip-debug"
|
||||
striplib="$STRIP --strip-unneeded"
|
||||
AC_MSG_RESULT([yes])
|
||||
else
|
||||
case $host_os in
|
||||
darwin*)
|
||||
# FIXME - insert some real tests, host_os isn't really good enough
|
||||
# FIXME - insert some real tests, host_os isn't really good enough
|
||||
case $host_os in
|
||||
darwin*)
|
||||
if test -n "$STRIP"; then
|
||||
striplib="$STRIP -x"
|
||||
old_striplib="$STRIP -S"
|
||||
AC_MSG_RESULT([yes])
|
||||
;;
|
||||
freebsd*)
|
||||
if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then
|
||||
old_striplib="$STRIP --strip-debug"
|
||||
striplib="$STRIP --strip-unneeded"
|
||||
AC_MSG_RESULT([yes])
|
||||
else
|
||||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
else
|
||||
AC_MSG_RESULT([no])
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
AC_MSG_RESULT([no])
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
|
||||
_LT_DECL([], [striplib], [1])
|
||||
@ -2575,7 +2555,7 @@ cygwin* | mingw* | pw32* | cegcc*)
|
||||
case $host_os in
|
||||
cygwin*)
|
||||
# Cygwin DLLs use 'cyg' prefix rather than 'lib'
|
||||
soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
|
||||
soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
|
||||
m4_if([$1], [],[
|
||||
sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
|
||||
;;
|
||||
@ -2585,14 +2565,14 @@ m4_if([$1], [],[
|
||||
;;
|
||||
pw32*)
|
||||
# pw32 DLLs use 'pw' prefix rather than 'lib'
|
||||
library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
|
||||
library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
|
||||
;;
|
||||
esac
|
||||
dynamic_linker='Win32 ld.exe'
|
||||
;;
|
||||
|
||||
*,cl* | *,icl*)
|
||||
# Native MSVC or ICC
|
||||
*,cl*)
|
||||
# Native MSVC
|
||||
libname_spec='$name'
|
||||
soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
|
||||
library_names_spec='$libname.dll.lib'
|
||||
@ -2611,7 +2591,7 @@ m4_if([$1], [],[
|
||||
done
|
||||
IFS=$lt_save_ifs
|
||||
# Convert to MSYS style.
|
||||
sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
|
||||
sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
|
||||
;;
|
||||
cygwin*)
|
||||
# Convert to unix form, then to dos form, then back to unix form
|
||||
@ -2648,7 +2628,7 @@ m4_if([$1], [],[
|
||||
;;
|
||||
|
||||
*)
|
||||
# Assume MSVC and ICC wrapper
|
||||
# Assume MSVC wrapper
|
||||
library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
|
||||
dynamic_linker='Win32 ld.exe'
|
||||
;;
|
||||
@ -2681,7 +2661,7 @@ dgux*)
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
;;
|
||||
|
||||
freebsd* | dragonfly* | midnightbsd*)
|
||||
freebsd* | dragonfly*)
|
||||
# DragonFly does not have aout. When/if they implement a new
|
||||
# versioning mechanism, adjust this.
|
||||
if test -x /usr/bin/objformat; then
|
||||
@ -3483,7 +3463,7 @@ beos*)
|
||||
|
||||
bsdi[[45]]*)
|
||||
lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
|
||||
lt_cv_file_magic_cmd='$FILECMD -L'
|
||||
lt_cv_file_magic_cmd='/usr/bin/file -L'
|
||||
lt_cv_file_magic_test_file=/shlib/libc.so
|
||||
;;
|
||||
|
||||
@ -3517,14 +3497,14 @@ darwin* | rhapsody*)
|
||||
lt_cv_deplibs_check_method=pass_all
|
||||
;;
|
||||
|
||||
freebsd* | dragonfly* | midnightbsd*)
|
||||
freebsd* | dragonfly*)
|
||||
if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
|
||||
case $host_cpu in
|
||||
i*86 )
|
||||
# Not sure whether the presence of OpenBSD here was a mistake.
|
||||
# Let's accept both of them until this is cleared up.
|
||||
lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
|
||||
lt_cv_file_magic_cmd=$FILECMD
|
||||
lt_cv_file_magic_cmd=/usr/bin/file
|
||||
lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
|
||||
;;
|
||||
esac
|
||||
@ -3538,7 +3518,7 @@ haiku*)
|
||||
;;
|
||||
|
||||
hpux10.20* | hpux11*)
|
||||
lt_cv_file_magic_cmd=$FILECMD
|
||||
lt_cv_file_magic_cmd=/usr/bin/file
|
||||
case $host_cpu in
|
||||
ia64*)
|
||||
lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
|
||||
@ -3585,7 +3565,7 @@ netbsd*)
|
||||
|
||||
newos6*)
|
||||
lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
|
||||
lt_cv_file_magic_cmd=$FILECMD
|
||||
lt_cv_file_magic_cmd=/usr/bin/file
|
||||
lt_cv_file_magic_test_file=/usr/lib/libnls.so
|
||||
;;
|
||||
|
||||
@ -3712,13 +3692,13 @@ else
|
||||
mingw*) lt_bad_file=conftest.nm/nofile ;;
|
||||
*) lt_bad_file=/dev/null ;;
|
||||
esac
|
||||
case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in
|
||||
case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
|
||||
*$lt_bad_file* | *'Invalid file or object type'*)
|
||||
lt_cv_path_NM="$tmp_nm -B"
|
||||
break 2
|
||||
;;
|
||||
*)
|
||||
case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in
|
||||
case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
|
||||
*/dev/null*)
|
||||
lt_cv_path_NM="$tmp_nm -p"
|
||||
break 2
|
||||
@ -3744,7 +3724,7 @@ else
|
||||
# Let the user override the test.
|
||||
else
|
||||
AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
|
||||
case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in
|
||||
case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
|
||||
*COFF*)
|
||||
DUMPBIN="$DUMPBIN -symbols -headers"
|
||||
;;
|
||||
@ -3984,7 +3964,7 @@ esac
|
||||
|
||||
if test "$lt_cv_nm_interface" = "MS dumpbin"; then
|
||||
# Gets list of data symbols to import.
|
||||
lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'"
|
||||
lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
|
||||
# Adjust the below global symbol transforms to fixup imported variables.
|
||||
lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
|
||||
lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
|
||||
@ -4002,20 +3982,20 @@ fi
|
||||
# Transform an extracted symbol line into a proper C declaration.
|
||||
# Some systems (esp. on ia64) link data and code symbols differently,
|
||||
# so use this general approach.
|
||||
lt_cv_sys_global_symbol_to_cdecl="$SED -n"\
|
||||
lt_cv_sys_global_symbol_to_cdecl="sed -n"\
|
||||
$lt_cdecl_hook\
|
||||
" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
|
||||
" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
|
||||
|
||||
# Transform an extracted symbol line into symbol name and symbol address
|
||||
lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\
|
||||
lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
|
||||
$lt_c_name_hook\
|
||||
" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
|
||||
" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
|
||||
|
||||
# Transform an extracted symbol line into symbol name with lib prefix and
|
||||
# symbol address.
|
||||
lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\
|
||||
lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
|
||||
$lt_c_name_lib_hook\
|
||||
" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
|
||||
" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
|
||||
@ -4039,7 +4019,7 @@ for ac_symprfx in "" "_"; do
|
||||
if test "$lt_cv_nm_interface" = "MS dumpbin"; then
|
||||
# Fake it for dumpbin and say T for any non-static function,
|
||||
# D for any global variable and I for any imported variable.
|
||||
# Also find C++ and __fastcall symbols from MSVC++ or ICC,
|
||||
# Also find C++ and __fastcall symbols from MSVC++,
|
||||
# which start with @ or ?.
|
||||
lt_cv_sys_global_symbol_pipe="$AWK ['"\
|
||||
" {last_section=section; section=\$ 3};"\
|
||||
@ -4057,9 +4037,9 @@ for ac_symprfx in "" "_"; do
|
||||
" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
|
||||
" ' prfx=^$ac_symprfx]"
|
||||
else
|
||||
lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
|
||||
lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
|
||||
fi
|
||||
lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'"
|
||||
lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
|
||||
|
||||
# Check to see that the pipe works correctly.
|
||||
pipe_works=no
|
||||
@ -4346,7 +4326,7 @@ m4_if([$1], [CXX], [
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
freebsd* | dragonfly* | midnightbsd*)
|
||||
freebsd* | dragonfly*)
|
||||
# FreeBSD uses GNU C++
|
||||
;;
|
||||
hpux9* | hpux10* | hpux11*)
|
||||
@ -4429,7 +4409,7 @@ m4_if([$1], [CXX], [
|
||||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
|
||||
;;
|
||||
*)
|
||||
case `$CC -V 2>&1 | $SED 5q` in
|
||||
case `$CC -V 2>&1 | sed 5q` in
|
||||
*Sun\ C*)
|
||||
# Sun C++ 5.9
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
|
||||
@ -4765,7 +4745,7 @@ m4_if([$1], [CXX], [
|
||||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
|
||||
;;
|
||||
*)
|
||||
case `$CC -V 2>&1 | $SED 5q` in
|
||||
case `$CC -V 2>&1 | sed 5q` in
|
||||
*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
|
||||
# Sun Fortran 8.3 passes all unrecognized flags to the linker
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
|
||||
@ -4948,7 +4928,7 @@ m4_if([$1], [CXX], [
|
||||
if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
|
||||
else
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
|
||||
fi
|
||||
;;
|
||||
pw32*)
|
||||
@ -4956,7 +4936,7 @@ m4_if([$1], [CXX], [
|
||||
;;
|
||||
cygwin* | mingw* | cegcc*)
|
||||
case $cc_basename in
|
||||
cl* | icl*)
|
||||
cl*)
|
||||
_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
|
||||
;;
|
||||
*)
|
||||
@ -5013,15 +4993,15 @@ dnl Note also adjust exclude_expsyms for C++ above.
|
||||
|
||||
case $host_os in
|
||||
cygwin* | mingw* | pw32* | cegcc*)
|
||||
# FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time
|
||||
# FIXME: the MSVC++ port hasn't been tested in a loooong time
|
||||
# When not using gcc, we currently assume that we are using
|
||||
# Microsoft Visual C++ or Intel C++ Compiler.
|
||||
# Microsoft Visual C++.
|
||||
if test yes != "$GCC"; then
|
||||
with_gnu_ld=no
|
||||
fi
|
||||
;;
|
||||
interix*)
|
||||
# we just hope/assume this is gcc and not c89 (= MSVC++ or ICC)
|
||||
# we just hope/assume this is gcc and not c89 (= MSVC++)
|
||||
with_gnu_ld=yes
|
||||
;;
|
||||
openbsd* | bitrig*)
|
||||
@ -5073,7 +5053,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
|
||||
_LT_TAGVAR(whole_archive_flag_spec, $1)=
|
||||
fi
|
||||
supports_anon_versioning=no
|
||||
case `$LD -v | $SED -e 's/([[^)]]\+)\s\+//' 2>&1` in
|
||||
case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
|
||||
*GNU\ gold*) supports_anon_versioning=yes ;;
|
||||
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
|
||||
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
|
||||
@ -5185,7 +5165,6 @@ _LT_EOF
|
||||
emximp -o $lib $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
|
||||
_LT_TAGVAR(file_list_spec, $1)='@'
|
||||
;;
|
||||
|
||||
interix[[3-9]]*)
|
||||
@ -5200,7 +5179,7 @@ _LT_EOF
|
||||
# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
|
||||
# time. Moving up from 0x10000000 also allows more sbrk(2) space.
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
;;
|
||||
|
||||
gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
|
||||
@ -5243,7 +5222,7 @@ _LT_EOF
|
||||
_LT_TAGVAR(compiler_needs_object, $1)=yes
|
||||
;;
|
||||
esac
|
||||
case `$CC -V 2>&1 | $SED 5q` in
|
||||
case `$CC -V 2>&1 | sed 5q` in
|
||||
*Sun\ C*) # Sun C 5.9
|
||||
_LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
|
||||
_LT_TAGVAR(compiler_needs_object, $1)=yes
|
||||
@ -5255,7 +5234,7 @@ _LT_EOF
|
||||
|
||||
if test yes = "$supports_anon_versioning"; then
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
|
||||
cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
echo "local: *; };" >> $output_objdir/$libname.ver~
|
||||
$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
|
||||
fi
|
||||
@ -5271,7 +5250,7 @@ _LT_EOF
|
||||
_LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
|
||||
if test yes = "$supports_anon_versioning"; then
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
|
||||
cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
echo "local: *; };" >> $output_objdir/$libname.ver~
|
||||
$LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
|
||||
fi
|
||||
@ -5403,7 +5382,7 @@ _LT_EOF
|
||||
if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
|
||||
else
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
|
||||
fi
|
||||
aix_use_runtimelinking=no
|
||||
|
||||
@ -5586,12 +5565,12 @@ _LT_EOF
|
||||
|
||||
cygwin* | mingw* | pw32* | cegcc*)
|
||||
# When not using gcc, we currently assume that we are using
|
||||
# Microsoft Visual C++ or Intel C++ Compiler.
|
||||
# Microsoft Visual C++.
|
||||
# hardcode_libdir_flag_spec is actually meaningless, as there is
|
||||
# no search path for DLLs.
|
||||
case $cc_basename in
|
||||
cl* | icl*)
|
||||
# Native MSVC or ICC
|
||||
cl*)
|
||||
# Native MSVC
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
|
||||
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
|
||||
_LT_TAGVAR(always_export_symbols, $1)=yes
|
||||
@ -5632,7 +5611,7 @@ _LT_EOF
|
||||
fi'
|
||||
;;
|
||||
*)
|
||||
# Assume MSVC and ICC wrapper
|
||||
# Assume MSVC wrapper
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
|
||||
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
|
||||
# Tell ltmain to make .lib files, not .a files.
|
||||
@ -5680,7 +5659,7 @@ _LT_EOF
|
||||
;;
|
||||
|
||||
# FreeBSD 3 and greater uses gcc -shared to do shared libraries.
|
||||
freebsd* | dragonfly* | midnightbsd*)
|
||||
freebsd* | dragonfly*)
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
|
||||
_LT_TAGVAR(hardcode_direct, $1)=yes
|
||||
@ -5891,7 +5870,6 @@ _LT_EOF
|
||||
emximp -o $lib $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
|
||||
_LT_TAGVAR(file_list_spec, $1)='@'
|
||||
;;
|
||||
|
||||
osf3*)
|
||||
@ -6658,8 +6636,8 @@ if test yes != "$_lt_caught_CXX_error"; then
|
||||
|
||||
cygwin* | mingw* | pw32* | cegcc*)
|
||||
case $GXX,$cc_basename in
|
||||
,cl* | no,cl* | ,icl* | no,icl*)
|
||||
# Native MSVC or ICC
|
||||
,cl* | no,cl*)
|
||||
# Native MSVC
|
||||
# hardcode_libdir_flag_spec is actually meaningless, as there is
|
||||
# no search path for DLLs.
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
|
||||
@ -6757,7 +6735,6 @@ if test yes != "$_lt_caught_CXX_error"; then
|
||||
emximp -o $lib $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
|
||||
_LT_TAGVAR(file_list_spec, $1)='@'
|
||||
;;
|
||||
|
||||
dgux*)
|
||||
@ -6788,7 +6765,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
||||
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
|
||||
;;
|
||||
|
||||
freebsd* | dragonfly* | midnightbsd*)
|
||||
freebsd* | dragonfly*)
|
||||
# FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
|
||||
# conventions
|
||||
_LT_TAGVAR(ld_shlibs, $1)=yes
|
||||
@ -6925,7 +6902,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
||||
# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
|
||||
# time. Moving up from 0x10000000 also allows more sbrk(2) space.
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
;;
|
||||
irix5* | irix6*)
|
||||
case $cc_basename in
|
||||
@ -7065,13 +7042,13 @@ if test yes != "$_lt_caught_CXX_error"; then
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
|
||||
if test yes = "$supports_anon_versioning"; then
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
|
||||
cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
echo "local: *; };" >> $output_objdir/$libname.ver~
|
||||
$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
case `$CC -V 2>&1 | $SED 5q` in
|
||||
case `$CC -V 2>&1 | sed 5q` in
|
||||
*Sun\ C*)
|
||||
# Sun C++ 5.9
|
||||
_LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
|
||||
@ -8209,14 +8186,6 @@ _LT_DECL([], [DLLTOOL], [1], [DLL creation program])
|
||||
AC_SUBST([DLLTOOL])
|
||||
])
|
||||
|
||||
# _LT_DECL_FILECMD
|
||||
# ----------------
|
||||
# Check for a file(cmd) program that can be used to detect file type and magic
|
||||
m4_defun([_LT_DECL_FILECMD],
|
||||
[AC_CHECK_TOOL([FILECMD], [file], [:])
|
||||
_LT_DECL([], [FILECMD], [1], [A file(cmd) program that detects file types])
|
||||
])# _LD_DECL_FILECMD
|
||||
|
||||
# _LT_DECL_SED
|
||||
# ------------
|
||||
# Check for a fully-functional sed program, that truncates
|
||||
@ -8396,8 +8365,8 @@ _LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
|
||||
|
||||
# Helper functions for option handling. -*- Autoconf -*-
|
||||
#
|
||||
# Copyright (C) 2004-2005, 2007-2009, 2011-2019, 2021-2022 Free
|
||||
# Software Foundation, Inc.
|
||||
# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
|
||||
# Foundation, Inc.
|
||||
# Written by Gary V. Vaughan, 2004
|
||||
#
|
||||
# This file is free software; the Free Software Foundation gives
|
||||
@ -8828,7 +8797,7 @@ LT_OPTION_DEFINE([LTDL_INIT], [convenience],
|
||||
|
||||
# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
|
||||
#
|
||||
# Copyright (C) 2004-2005, 2007-2008, 2011-2019, 2021-2022 Free Software
|
||||
# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
|
||||
# Foundation, Inc.
|
||||
# Written by Gary V. Vaughan, 2004
|
||||
#
|
||||
@ -8953,8 +8922,7 @@ m4_define([lt_dict_filter],
|
||||
|
||||
# ltversion.m4 -- version numbers -*- Autoconf -*-
|
||||
#
|
||||
# Copyright (C) 2004, 2011-2019, 2021-2022 Free Software Foundation,
|
||||
# Inc.
|
||||
# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
|
||||
# Written by Scott James Remnant, 2004
|
||||
#
|
||||
# This file is free software; the Free Software Foundation gives
|
||||
@ -8963,23 +8931,23 @@ m4_define([lt_dict_filter],
|
||||
|
||||
# @configure_input@
|
||||
|
||||
# serial 4245 ltversion.m4
|
||||
# serial 4179 ltversion.m4
|
||||
# This file is part of GNU Libtool
|
||||
|
||||
m4_define([LT_PACKAGE_VERSION], [2.4.7])
|
||||
m4_define([LT_PACKAGE_REVISION], [2.4.7])
|
||||
m4_define([LT_PACKAGE_VERSION], [2.4.6])
|
||||
m4_define([LT_PACKAGE_REVISION], [2.4.6])
|
||||
|
||||
AC_DEFUN([LTVERSION_VERSION],
|
||||
[macro_version='2.4.7'
|
||||
macro_revision='2.4.7'
|
||||
[macro_version='2.4.6'
|
||||
macro_revision='2.4.6'
|
||||
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
|
||||
_LT_DECL(, macro_revision, 0)
|
||||
])
|
||||
|
||||
# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
|
||||
#
|
||||
# Copyright (C) 2004-2005, 2007, 2009, 2011-2019, 2021-2022 Free
|
||||
# Software Foundation, Inc.
|
||||
# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
|
||||
# Foundation, Inc.
|
||||
# Written by Scott James Remnant, 2004.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation gives
|
||||
@ -9076,8 +9044,8 @@ m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])])
|
||||
m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
|
||||
m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
|
||||
|
||||
# pkg.m4 - Macros to locate and use pkg-config. -*- Autoconf -*-
|
||||
# serial 12 (pkg-config-0.29.2)
|
||||
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
|
||||
# serial 11 (pkg-config-0.29.1)
|
||||
|
||||
dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
|
||||
dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
|
||||
@ -9119,7 +9087,7 @@ dnl
|
||||
dnl See the "Since" comment for each macro you use to see what version
|
||||
dnl of the macros you require.
|
||||
m4_defun([PKG_PREREQ],
|
||||
[m4_define([PKG_MACROS_VERSION], [0.29.2])
|
||||
[m4_define([PKG_MACROS_VERSION], [0.29.1])
|
||||
m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
|
||||
[m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
|
||||
])dnl PKG_PREREQ
|
||||
@ -9164,7 +9132,7 @@ dnl Check to see whether a particular set of modules exists. Similar to
|
||||
dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
|
||||
dnl
|
||||
dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
|
||||
dnl only at the first occurrence in configure.ac, so if the first place
|
||||
dnl only at the first occurence in configure.ac, so if the first place
|
||||
dnl it's called might be skipped (such as if it is within an "if", you
|
||||
dnl have to call PKG_CHECK_EXISTS manually
|
||||
AC_DEFUN([PKG_CHECK_EXISTS],
|
||||
@ -9220,7 +9188,7 @@ AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
|
||||
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
|
||||
|
||||
pkg_failed=no
|
||||
AC_MSG_CHECKING([for $2])
|
||||
AC_MSG_CHECKING([for $1])
|
||||
|
||||
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
|
||||
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
|
||||
@ -9230,17 +9198,17 @@ and $1[]_LIBS to avoid the need to call pkg-config.
|
||||
See the pkg-config man page for more details.])
|
||||
|
||||
if test $pkg_failed = yes; then
|
||||
AC_MSG_RESULT([no])
|
||||
AC_MSG_RESULT([no])
|
||||
_PKG_SHORT_ERRORS_SUPPORTED
|
||||
if test $_pkg_short_errors_supported = yes; then
|
||||
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
|
||||
else
|
||||
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
|
||||
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
|
||||
else
|
||||
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
|
||||
fi
|
||||
# Put the nasty error message in config.log where it belongs
|
||||
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
|
||||
# Put the nasty error message in config.log where it belongs
|
||||
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
|
||||
|
||||
m4_default([$4], [AC_MSG_ERROR(
|
||||
m4_default([$4], [AC_MSG_ERROR(
|
||||
[Package requirements ($2) were not met:
|
||||
|
||||
$$1_PKG_ERRORS
|
||||
@ -9251,8 +9219,8 @@ installed software in a non-standard prefix.
|
||||
_PKG_TEXT])[]dnl
|
||||
])
|
||||
elif test $pkg_failed = untried; then
|
||||
AC_MSG_RESULT([no])
|
||||
m4_default([$4], [AC_MSG_FAILURE(
|
||||
AC_MSG_RESULT([no])
|
||||
m4_default([$4], [AC_MSG_FAILURE(
|
||||
[The pkg-config script could not be found or is too old. Make sure it
|
||||
is in your PATH or set the PKG_CONFIG environment variable to the full
|
||||
path to pkg-config.
|
||||
@ -9262,10 +9230,10 @@ _PKG_TEXT
|
||||
To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
|
||||
])
|
||||
else
|
||||
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
|
||||
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
|
||||
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
|
||||
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
|
||||
AC_MSG_RESULT([yes])
|
||||
$3
|
||||
$3
|
||||
fi[]dnl
|
||||
])dnl PKG_CHECK_MODULES
|
||||
|
||||
@ -9422,7 +9390,7 @@ AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"],
|
||||
|
||||
# AM_CONDITIONAL -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1997-2021 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
@ -9453,7 +9421,7 @@ AC_CONFIG_COMMANDS_PRE(
|
||||
Usually this means the macro was only invoked conditionally.]])
|
||||
fi])])
|
||||
|
||||
# Copyright (C) 2006-2021 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2006-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -621,6 +621,9 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf,
|
||||
}
|
||||
verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust);
|
||||
adjust_msg_ttl(qstate->return_msg, adjust);
|
||||
if(qstate->env->cfg->aggressive_nsec) {
|
||||
limit_nsec_ttl(qstate->return_msg);
|
||||
}
|
||||
|
||||
/* Similar to the unbound worker, if serve-expired is enabled and
|
||||
* the msg would be considered to be expired, mark the state so a
|
||||
@ -828,8 +831,6 @@ cachedb_handle_query(struct module_qstate* qstate,
|
||||
/* In case we have expired data but there is a client timer for expired
|
||||
* answers, pass execution to next module in order to try updating the
|
||||
* data first.
|
||||
* TODO: this needs revisit. The expired data stored from cachedb has
|
||||
* 0 TTL which is picked up by iterator later when looking in the cache.
|
||||
*/
|
||||
if(qstate->env->cfg->serve_expired && msg_expired) {
|
||||
qstate->return_msg = NULL;
|
||||
|
@ -58,7 +58,8 @@ struct redis_moddata {
|
||||
int server_port; /* server's TCP port */
|
||||
const char* server_path; /* server's unix path, or "", NULL if unused */
|
||||
const char* server_password; /* server's AUTH password, or "", NULL if unused */
|
||||
struct timeval timeout; /* timeout for connection setup and commands */
|
||||
struct timeval command_timeout; /* timeout for commands */
|
||||
struct timeval connect_timeout; /* timeout for connect */
|
||||
int logical_db; /* the redis logical database to use */
|
||||
};
|
||||
|
||||
@ -88,10 +89,10 @@ redis_connect(const struct redis_moddata* moddata)
|
||||
|
||||
if(moddata->server_path && moddata->server_path[0]!=0) {
|
||||
ctx = redisConnectUnixWithTimeout(moddata->server_path,
|
||||
moddata->timeout);
|
||||
moddata->connect_timeout);
|
||||
} else {
|
||||
ctx = redisConnectWithTimeout(moddata->server_host,
|
||||
moddata->server_port, moddata->timeout);
|
||||
moddata->server_port, moddata->connect_timeout);
|
||||
}
|
||||
if(!ctx || ctx->err) {
|
||||
const char *errstr = "out of memory";
|
||||
@ -100,7 +101,7 @@ redis_connect(const struct redis_moddata* moddata)
|
||||
log_err("failed to connect to redis server: %s", errstr);
|
||||
goto fail;
|
||||
}
|
||||
if(redisSetTimeout(ctx, moddata->timeout) != REDIS_OK) {
|
||||
if(redisSetTimeout(ctx, moddata->command_timeout) != REDIS_OK) {
|
||||
log_err("failed to set redis timeout");
|
||||
goto fail;
|
||||
}
|
||||
@ -159,8 +160,24 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
|
||||
moddata->server_port = env->cfg->redis_server_port;
|
||||
moddata->server_path = env->cfg->redis_server_path;
|
||||
moddata->server_password = env->cfg->redis_server_password;
|
||||
moddata->timeout.tv_sec = env->cfg->redis_timeout / 1000;
|
||||
moddata->timeout.tv_usec = (env->cfg->redis_timeout % 1000) * 1000;
|
||||
moddata->command_timeout.tv_sec = env->cfg->redis_timeout / 1000;
|
||||
moddata->command_timeout.tv_usec =
|
||||
(env->cfg->redis_timeout % 1000) * 1000;
|
||||
moddata->connect_timeout.tv_sec = env->cfg->redis_timeout / 1000;
|
||||
moddata->connect_timeout.tv_usec =
|
||||
(env->cfg->redis_timeout % 1000) * 1000;
|
||||
if(env->cfg->redis_command_timeout != 0) {
|
||||
moddata->command_timeout.tv_sec =
|
||||
env->cfg->redis_command_timeout / 1000;
|
||||
moddata->command_timeout.tv_usec =
|
||||
(env->cfg->redis_command_timeout % 1000) * 1000;
|
||||
}
|
||||
if(env->cfg->redis_connect_timeout != 0) {
|
||||
moddata->connect_timeout.tv_sec =
|
||||
env->cfg->redis_connect_timeout / 1000;
|
||||
moddata->connect_timeout.tv_usec =
|
||||
(env->cfg->redis_connect_timeout % 1000) * 1000;
|
||||
}
|
||||
moddata->logical_db = env->cfg->redis_logical_db;
|
||||
for(i = 0; i < moddata->numctxs; i++) {
|
||||
redisContext* ctx = redis_connect(moddata);
|
||||
|
@ -129,6 +129,14 @@
|
||||
and to 0 if you don't. */
|
||||
#undef HAVE_DECL_NGHTTP2_SESSION_SERVER_NEW
|
||||
|
||||
/* Define to 1 if you have the declaration of `ngtcp2_conn_server_new', and to
|
||||
0 if you don't. */
|
||||
#undef HAVE_DECL_NGTCP2_CONN_SERVER_NEW
|
||||
|
||||
/* Define to 1 if you have the declaration of `ngtcp2_crypto_encrypt_cb', and
|
||||
to 0 if you don't. */
|
||||
#undef HAVE_DECL_NGTCP2_CRYPTO_ENCRYPT_CB
|
||||
|
||||
/* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_NID_ED25519
|
||||
@ -421,6 +429,65 @@
|
||||
/* Define to 1 if you have the <nghttp2/nghttp2.h> header file. */
|
||||
#undef HAVE_NGHTTP2_NGHTTP2_H
|
||||
|
||||
/* Define this to use ngtcp2. */
|
||||
#undef HAVE_NGTCP2
|
||||
|
||||
/* Define to 1 if you have the `ngtcp2_ccerr_default' function. */
|
||||
#undef HAVE_NGTCP2_CCERR_DEFAULT
|
||||
|
||||
/* Define to 1 if you have the `ngtcp2_conn_encode_0rtt_transport_params'
|
||||
function. */
|
||||
#undef HAVE_NGTCP2_CONN_ENCODE_0RTT_TRANSPORT_PARAMS
|
||||
|
||||
/* Define to 1 if you have the `ngtcp2_conn_get_max_local_streams_uni'
|
||||
function. */
|
||||
#undef HAVE_NGTCP2_CONN_GET_MAX_LOCAL_STREAMS_UNI
|
||||
|
||||
/* Define to 1 if you have the `ngtcp2_conn_get_num_scid' function. */
|
||||
#undef HAVE_NGTCP2_CONN_GET_NUM_SCID
|
||||
|
||||
/* Define to 1 if you have the `ngtcp2_conn_in_closing_period' function. */
|
||||
#undef HAVE_NGTCP2_CONN_IN_CLOSING_PERIOD
|
||||
|
||||
/* Define to 1 if you have the `ngtcp2_conn_in_draining_period' function. */
|
||||
#undef HAVE_NGTCP2_CONN_IN_DRAINING_PERIOD
|
||||
|
||||
/* Define if ngtcp2_conn_shutdown_stream has 4 arguments. */
|
||||
#undef HAVE_NGTCP2_CONN_SHUTDOWN_STREAM4
|
||||
|
||||
/* Define to 1 if you have the `ngtcp2_conn_tls_early_data_rejected' function.
|
||||
*/
|
||||
#undef HAVE_NGTCP2_CONN_TLS_EARLY_DATA_REJECTED
|
||||
|
||||
/* Define to 1 if you have the `ngtcp2_crypto_encrypt_cb' function. */
|
||||
#undef HAVE_NGTCP2_CRYPTO_ENCRYPT_CB
|
||||
|
||||
/* Define to 1 if you have the
|
||||
`ngtcp2_crypto_quictls_configure_client_context' function. */
|
||||
#undef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
|
||||
|
||||
/* Define to 1 if you have the
|
||||
`ngtcp2_crypto_quictls_configure_server_context' function. */
|
||||
#undef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
|
||||
|
||||
/* Define to 1 if you have the
|
||||
`ngtcp2_crypto_quictls_from_ossl_encryption_level' function. */
|
||||
#undef HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL
|
||||
|
||||
/* Define to 1 if the system has the type `ngtcp2_encryption_level'. */
|
||||
#undef HAVE_NGTCP2_ENCRYPTION_LEVEL
|
||||
|
||||
/* Define to 1 if you have the <ngtcp2/ngtcp2_crypto_openssl.h> header file.
|
||||
*/
|
||||
#undef HAVE_NGTCP2_NGTCP2_CRYPTO_OPENSSL_H
|
||||
|
||||
/* Define to 1 if you have the <ngtcp2/ngtcp2_crypto_quictls.h> header file.
|
||||
*/
|
||||
#undef HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H
|
||||
|
||||
/* Define to 1 if you have the <ngtcp2/ngtcp2.h> header file. */
|
||||
#undef HAVE_NGTCP2_NGTCP2_H
|
||||
|
||||
/* Use libnss for crypto */
|
||||
#undef HAVE_NSS
|
||||
|
||||
@ -587,6 +654,9 @@
|
||||
/* Define to 1 if you have the `SSL_get1_peer_certificate' function. */
|
||||
#undef HAVE_SSL_GET1_PEER_CERTIFICATE
|
||||
|
||||
/* Define to 1 if you have the `SSL_is_quic' function. */
|
||||
#undef HAVE_SSL_IS_QUIC
|
||||
|
||||
/* Define to 1 if you have the `SSL_set1_host' function. */
|
||||
#undef HAVE_SSL_SET1_HOST
|
||||
|
||||
@ -629,6 +699,23 @@
|
||||
/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */
|
||||
#undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST
|
||||
|
||||
/* Define to 1 if `tokenlen' is a member of `struct ngtcp2_pkt_hd'. */
|
||||
#undef HAVE_STRUCT_NGTCP2_PKT_HD_TOKENLEN
|
||||
|
||||
/* Define to 1 if `max_tx_udp_payload_size' is a member of `struct
|
||||
ngtcp2_settings'. */
|
||||
#undef HAVE_STRUCT_NGTCP2_SETTINGS_MAX_TX_UDP_PAYLOAD_SIZE
|
||||
|
||||
/* Define to 1 if `tokenlen' is a member of `struct ngtcp2_settings'. */
|
||||
#undef HAVE_STRUCT_NGTCP2_SETTINGS_TOKENLEN
|
||||
|
||||
/* Define to 1 if `original_dcid_present' is a member of `struct
|
||||
ngtcp2_transport_params'. */
|
||||
#undef HAVE_STRUCT_NGTCP2_TRANSPORT_PARAMS_ORIGINAL_DCID_PRESENT
|
||||
|
||||
/* Define to 1 if the system has the type `struct ngtcp2_version_cid'. */
|
||||
#undef HAVE_STRUCT_NGTCP2_VERSION_CID
|
||||
|
||||
/* Define to 1 if `sun_len' is a member of `struct sockaddr_un'. */
|
||||
#undef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
|
||||
|
||||
@ -1497,6 +1584,9 @@ struct sockaddr_storage;
|
||||
# define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__)
|
||||
# define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__)
|
||||
# define strdup(s) unbound_stat_strdup_log(s, __FILE__, __LINE__, __func__)
|
||||
#ifdef HAVE_REALLOCARRAY
|
||||
# define reallocarray(p,n,s) unbound_stat_reallocarray_log(p, n, s, __FILE__, __LINE__, __func__)
|
||||
#endif
|
||||
void *unbound_stat_malloc(size_t size);
|
||||
void *unbound_stat_calloc(size_t nmemb, size_t size);
|
||||
void unbound_stat_free(void *ptr);
|
||||
@ -1509,6 +1599,8 @@ void unbound_stat_free_log(void *ptr, const char* file, int line,
|
||||
const char* func);
|
||||
void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
|
||||
int line, const char* func);
|
||||
void *unbound_stat_reallocarray_log(void *ptr, size_t nmemb, size_t size,
|
||||
const char* file, int line, const char* func);
|
||||
char *unbound_stat_strdup_log(const char *s, const char* file, int line,
|
||||
const char* func);
|
||||
#elif defined(UNBOUND_ALLOC_LITE)
|
||||
@ -1521,6 +1613,8 @@ char *unbound_stat_strdup_log(const char *s, const char* file, int line,
|
||||
#define UNBOUND_DNS_OVER_TLS_PORT 853
|
||||
/** default port for DNS over HTTPS traffic. */
|
||||
#define UNBOUND_DNS_OVER_HTTPS_PORT 443
|
||||
/** default port for DNS over QUIC traffic. */
|
||||
#define UNBOUND_DNS_OVER_QUIC_PORT 853
|
||||
/** default port for unbound control traffic, registered port with IANA,
|
||||
ub-dns-control 8953/tcp unbound dns nameserver control */
|
||||
#define UNBOUND_CONTROL_PORT 8953
|
||||
|
769
contrib/unbound/configure
vendored
769
contrib/unbound/configure
vendored
File diff suppressed because it is too large
Load Diff
@ -10,15 +10,15 @@ sinclude(dnscrypt/dnscrypt.m4)
|
||||
|
||||
# must be numbers. ac_defun because of later processing
|
||||
m4_define([VERSION_MAJOR],[1])
|
||||
m4_define([VERSION_MINOR],[21])
|
||||
m4_define([VERSION_MICRO],[1])
|
||||
m4_define([VERSION_MINOR],[22])
|
||||
m4_define([VERSION_MICRO],[0])
|
||||
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
|
||||
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||
|
||||
LIBUNBOUND_CURRENT=9
|
||||
LIBUNBOUND_REVISION=29
|
||||
LIBUNBOUND_REVISION=30
|
||||
LIBUNBOUND_AGE=1
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
@ -115,6 +115,7 @@ LIBUNBOUND_AGE=1
|
||||
# 1.20.0 had 9:27:1
|
||||
# 1.21.0 had 9:28:1
|
||||
# 1.21.1 had 9:29:1
|
||||
# 1.22.0 had 9:30:1
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
@ -1578,6 +1579,64 @@ if test x_$withval = x_yes -o x_$withval != x_no; then
|
||||
])
|
||||
fi
|
||||
|
||||
# ngtcp2
|
||||
AC_ARG_WITH(libngtcp2, AS_HELP_STRING([--with-libngtcp2=path],[specify explicit path for libngtcp2, for QUIC.]),
|
||||
[ ],[ withval="no" ])
|
||||
found_libngtcp2="no"
|
||||
if test x_$withval = x_yes -o x_$withval != x_no; then
|
||||
AC_MSG_CHECKING(for libngtcp2)
|
||||
if test x_$withval = x_ -o x_$withval = x_yes; then
|
||||
withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
|
||||
fi
|
||||
for dir in $withval ; do
|
||||
if test -f "$dir/include/ngtcp2/ngtcp2.h"; then
|
||||
found_libngtcp2="yes"
|
||||
dnl assume /usr is in default path.
|
||||
if test "$dir" != "/usr"; then
|
||||
CPPFLAGS="$CPPFLAGS -I$dir/include"
|
||||
LDFLAGS="$LDFLAGS -L$dir/lib"
|
||||
fi
|
||||
AC_MSG_RESULT(found in $dir)
|
||||
AC_DEFINE([HAVE_NGTCP2], [1], [Define this to use ngtcp2.])
|
||||
LIBS="$LIBS -lngtcp2"
|
||||
break;
|
||||
fi
|
||||
done
|
||||
if test x_$found_libngtcp2 != x_yes; then
|
||||
AC_MSG_ERROR([Could not find libngtcp2, ngtcp2.h])
|
||||
fi
|
||||
AC_CHECK_HEADERS([ngtcp2/ngtcp2.h ngtcp2/ngtcp2_crypto_openssl.h ngtcp2/ngtcp2_crypto_quictls.h],,, [AC_INCLUDES_DEFAULT])
|
||||
AC_CHECK_DECLS([ngtcp2_conn_server_new], [], [], [AC_INCLUDES_DEFAULT
|
||||
#include <ngtcp2/ngtcp2.h>
|
||||
])
|
||||
AC_CHECK_DECLS([ngtcp2_crypto_encrypt_cb], [], [], [AC_INCLUDES_DEFAULT
|
||||
#include <ngtcp2/ngtcp2_crypto.h>
|
||||
])
|
||||
AC_CHECK_LIB([ngtcp2_crypto_openssl], [ngtcp2_crypto_encrypt_cb], [ LIBS="$LIBS -lngtcp2_crypto_openssl" ])
|
||||
AC_CHECK_LIB([ngtcp2_crypto_quictls], [ngtcp2_crypto_encrypt_cb], [ LIBS="$LIBS -lngtcp2_crypto_quictls" ])
|
||||
AC_CHECK_FUNCS([ngtcp2_crypto_encrypt_cb ngtcp2_ccerr_default ngtcp2_conn_in_closing_period ngtcp2_conn_in_draining_period ngtcp2_conn_get_max_local_streams_uni ngtcp2_crypto_quictls_from_ossl_encryption_level ngtcp2_crypto_quictls_configure_server_context ngtcp2_crypto_quictls_configure_client_context ngtcp2_conn_get_num_scid ngtcp2_conn_tls_early_data_rejected ngtcp2_conn_encode_0rtt_transport_params])
|
||||
AC_CHECK_FUNCS([SSL_is_quic], [], [AC_MSG_ERROR([No QUIC support detected in OpenSSL. Need OpenSSL version with QUIC support to enable DNS over QUIC with libngtcp2.])])
|
||||
AC_CHECK_TYPES([struct ngtcp2_version_cid, ngtcp2_encryption_level],,,[AC_INCLUDES_DEFAULT
|
||||
#include <ngtcp2/ngtcp2.h>
|
||||
])
|
||||
AC_CHECK_MEMBERS([struct ngtcp2_pkt_hd.tokenlen, struct ngtcp2_settings.tokenlen, struct ngtcp2_settings.max_tx_udp_payload_size, struct ngtcp2_transport_params.original_dcid_present],,,[AC_INCLUDES_DEFAULT
|
||||
#include <ngtcp2/ngtcp2.h>
|
||||
])
|
||||
|
||||
AC_MSG_CHECKING([whether ngtcp2_conn_shutdown_stream has 4 arguments])
|
||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
|
||||
#include <ngtcp2/ngtcp2.h>
|
||||
],[
|
||||
(void)ngtcp2_conn_shutdown_stream(NULL, 0, 0, 0);
|
||||
])],[
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(HAVE_NGTCP2_CONN_SHUTDOWN_STREAM4, 1, [Define if ngtcp2_conn_shutdown_stream has 4 arguments.])
|
||||
],[
|
||||
AC_MSG_RESULT(no)
|
||||
])
|
||||
|
||||
fi
|
||||
|
||||
# set static linking for uninstalled libraries if requested
|
||||
AC_SUBST(staticexe)
|
||||
staticexe=""
|
||||
@ -1893,10 +1952,12 @@ if test x_$enable_lock_checks = x_yes; then
|
||||
UBSYMS="-export-symbols clubsyms.def"
|
||||
cp ${srcdir}/libunbound/ubsyms.def clubsyms.def
|
||||
echo lock_protect >> clubsyms.def
|
||||
echo lock_protect_place >> clubsyms.def
|
||||
echo lock_unprotect >> clubsyms.def
|
||||
echo lock_get_mem >> clubsyms.def
|
||||
echo checklock_start >> clubsyms.def
|
||||
echo checklock_stop >> clubsyms.def
|
||||
echo checklock_set_output_name >> clubsyms.def
|
||||
echo checklock_lock >> clubsyms.def
|
||||
echo checklock_unlock >> clubsyms.def
|
||||
echo checklock_init >> clubsyms.def
|
||||
@ -2331,6 +2392,9 @@ struct sockaddr_storage;
|
||||
# define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__)
|
||||
# define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__)
|
||||
# define strdup(s) unbound_stat_strdup_log(s, __FILE__, __LINE__, __func__)
|
||||
#ifdef HAVE_REALLOCARRAY
|
||||
# define reallocarray(p,n,s) unbound_stat_reallocarray_log(p, n, s, __FILE__, __LINE__, __func__)
|
||||
#endif
|
||||
void *unbound_stat_malloc(size_t size);
|
||||
void *unbound_stat_calloc(size_t nmemb, size_t size);
|
||||
void unbound_stat_free(void *ptr);
|
||||
@ -2343,6 +2407,8 @@ void unbound_stat_free_log(void *ptr, const char* file, int line,
|
||||
const char* func);
|
||||
void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
|
||||
int line, const char* func);
|
||||
void *unbound_stat_reallocarray_log(void *ptr, size_t nmemb, size_t size,
|
||||
const char* file, int line, const char* func);
|
||||
char *unbound_stat_strdup_log(const char *s, const char* file, int line,
|
||||
const char* func);
|
||||
#elif defined(UNBOUND_ALLOC_LITE)
|
||||
@ -2355,6 +2421,8 @@ char *unbound_stat_strdup_log(const char *s, const char* file, int line,
|
||||
#define UNBOUND_DNS_OVER_TLS_PORT 853
|
||||
/** default port for DNS over HTTPS traffic. */
|
||||
#define UNBOUND_DNS_OVER_HTTPS_PORT 443
|
||||
/** default port for DNS over QUIC traffic. */
|
||||
#define UNBOUND_DNS_OVER_QUIC_PORT 853
|
||||
/** default port for unbound control traffic, registered port with IANA,
|
||||
ub-dns-control 8953/tcp unbound dns nameserver control */
|
||||
#define UNBOUND_CONTROL_PORT 8953
|
||||
|
@ -236,7 +236,7 @@ index 54006940..768fe202 100644
|
||||
+ /* see if the failure did get (parent-lame) info */
|
||||
+ if(!cache_fill_missing(super->env,
|
||||
+ super_iq->qchase.qclass, super->region,
|
||||
+ super_iq->dp))
|
||||
+ super_iq->dp, 0))
|
||||
+ log_err("ASN-AAAA-filter: out of memory adding missing");
|
||||
+ dpns->resolved = 1; /* mark as failed */
|
||||
+ }
|
||||
|
@ -557,6 +557,12 @@ daemon_create_workers(struct daemon* daemon)
|
||||
fatal_exit("out of memory during daemon init");
|
||||
numport = daemon_get_shufport(daemon, shufport);
|
||||
verbose(VERB_ALGO, "total of %d outgoing ports available", numport);
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
daemon->doq_table = doq_table_create(daemon->cfg, daemon->rand);
|
||||
if(!daemon->doq_table)
|
||||
fatal_exit("could not create doq_table: out of memory");
|
||||
#endif
|
||||
|
||||
daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1);
|
||||
if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) {
|
||||
@ -906,6 +912,10 @@ daemon_cleanup(struct daemon* daemon)
|
||||
#ifdef USE_DNSCRYPT
|
||||
dnsc_delete(daemon->dnscenv);
|
||||
daemon->dnscenv = NULL;
|
||||
#endif
|
||||
#ifdef HAVE_NGTCP2
|
||||
doq_table_delete(daemon->doq_table);
|
||||
daemon->doq_table = NULL;
|
||||
#endif
|
||||
daemon->cfg = NULL;
|
||||
}
|
||||
|
@ -58,6 +58,7 @@ struct ub_randstate;
|
||||
struct daemon_remote;
|
||||
struct respip_set;
|
||||
struct shm_main_info;
|
||||
struct doq_table;
|
||||
struct cookie_secrets;
|
||||
|
||||
#include "dnstap/dnstap_config.h"
|
||||
@ -147,6 +148,8 @@ struct daemon {
|
||||
/** the dnscrypt environment */
|
||||
struct dnsc_env* dnscenv;
|
||||
#endif
|
||||
/** the doq connection table */
|
||||
struct doq_table* doq_table;
|
||||
/** reuse existing cache on reload if other conditions allow it. */
|
||||
int reuse_cache;
|
||||
/** the EDNS cookie secrets from the cookie-secret-file */
|
||||
|
@ -302,7 +302,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
|
||||
/* open fd */
|
||||
fd = create_tcp_accept_sock(res, 1, &noproto, 0,
|
||||
cfg->ip_transparent, 0, 0, cfg->ip_freebind,
|
||||
cfg->use_systemd, cfg->ip_dscp);
|
||||
cfg->use_systemd, cfg->ip_dscp, "unbound-control");
|
||||
freeaddrinfo(res);
|
||||
}
|
||||
|
||||
@ -866,6 +866,10 @@ print_mem(RES* ssl, struct worker* worker, struct daemon* daemon,
|
||||
if(!print_longnum(ssl, "mem.http.response_buffer"SQ,
|
||||
(size_t)s->svr.mem_http2_response_buffer))
|
||||
return 0;
|
||||
#ifdef HAVE_NGTCP2
|
||||
if(!print_longnum(ssl, "mem.quic"SQ, (size_t)s->svr.mem_quic))
|
||||
return 0;
|
||||
#endif /* HAVE_NGTCP2 */
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -996,6 +1000,10 @@ print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero)
|
||||
(unsigned long)s->svr.qipv6)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.https"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qhttps)) return 0;
|
||||
#ifdef HAVE_NGTCP2
|
||||
if(!ssl_printf(ssl, "num.query.quic"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qquic)) return 0;
|
||||
#endif /* HAVE_NGTCP2 */
|
||||
/* flags */
|
||||
if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qbit_QR)) return 0;
|
||||
@ -1953,6 +1961,8 @@ bogus_del_msg(struct lruhash_entry* e, void* arg)
|
||||
struct reply_info* d = (struct reply_info*)e->data;
|
||||
if(d->security == sec_status_bogus) {
|
||||
d->ttl = inf->expired;
|
||||
d->prefetch_ttl = inf->expired;
|
||||
d->serve_expired_ttl = inf->expired;
|
||||
inf->num_msgs++;
|
||||
#ifdef USE_CACHEDB
|
||||
if(inf->remcachedb && inf->worker->env.cachedb_enabled)
|
||||
@ -2035,6 +2045,8 @@ negative_del_msg(struct lruhash_entry* e, void* arg)
|
||||
* or NOERROR rcode with ANCOUNT==0: a NODATA answer */
|
||||
if(FLAGS_GET_RCODE(d->flags) != 0 || d->an_numrrsets == 0) {
|
||||
d->ttl = inf->expired;
|
||||
d->prefetch_ttl = inf->expired;
|
||||
d->serve_expired_ttl = inf->expired;
|
||||
inf->num_msgs++;
|
||||
#ifdef USE_CACHEDB
|
||||
if(inf->remcachedb && inf->worker->env.cachedb_enabled)
|
||||
|
@ -346,6 +346,12 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
|
||||
(long long)http2_get_query_buffer_size();
|
||||
s->svr.mem_http2_response_buffer =
|
||||
(long long)http2_get_response_buffer_size();
|
||||
#ifdef HAVE_NGTCP2
|
||||
s->svr.mem_quic = (long long)doq_table_quic_size_get(
|
||||
worker->daemon->doq_table);
|
||||
#else
|
||||
s->svr.mem_quic = 0;
|
||||
#endif /* HAVE_NGTCP2 */
|
||||
|
||||
/* Set neg cache usage numbers */
|
||||
set_neg_cache_stats(worker, &s->svr, reset);
|
||||
@ -474,6 +480,7 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a)
|
||||
total->svr.qtls += a->svr.qtls;
|
||||
total->svr.qtls_resume += a->svr.qtls_resume;
|
||||
total->svr.qhttps += a->svr.qhttps;
|
||||
total->svr.qquic += a->svr.qquic;
|
||||
total->svr.qipv6 += a->svr.qipv6;
|
||||
total->svr.qbit_QR += a->svr.qbit_QR;
|
||||
total->svr.qbit_AA += a->svr.qbit_AA;
|
||||
@ -533,7 +540,8 @@ void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c,
|
||||
else stats->qclass_big++;
|
||||
stats->qopcode[ LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) ]++;
|
||||
if(c->type != comm_udp) {
|
||||
stats->qtcp++;
|
||||
if(c->type != comm_doq)
|
||||
stats->qtcp++;
|
||||
if(c->ssl != NULL) {
|
||||
stats->qtls++;
|
||||
#ifdef HAVE_SSL
|
||||
@ -542,6 +550,10 @@ void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c,
|
||||
#endif
|
||||
if(c->type == comm_http)
|
||||
stats->qhttps++;
|
||||
#ifdef HAVE_NGTCP2
|
||||
else if(c->type == comm_doq)
|
||||
stats->qquic++;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
if(repinfo && addr_is_ip6(&repinfo->remote_addr, repinfo->remote_addrlen))
|
||||
|
@ -661,22 +661,18 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
|
||||
if(rep->ttl < timenow) {
|
||||
/* Check if we need to serve expired now */
|
||||
if(worker->env.cfg->serve_expired &&
|
||||
!worker->env.cfg->serve_expired_client_timeout
|
||||
/* if serve-expired-client-timeout is set, serve
|
||||
* an expired record without attempting recursion
|
||||
* if the serve_expired_norec_ttl is set for the record
|
||||
* as we know that recursion is currently failing. */
|
||||
(!worker->env.cfg->serve_expired_client_timeout ||
|
||||
timenow < rep->serve_expired_norec_ttl)
|
||||
#ifdef USE_CACHEDB
|
||||
&& !(worker->env.cachedb_enabled &&
|
||||
worker->env.cfg->cachedb_check_when_serve_expired)
|
||||
#endif
|
||||
) {
|
||||
if(worker->env.cfg->serve_expired_ttl &&
|
||||
rep->serve_expired_ttl < timenow)
|
||||
return 0;
|
||||
/* Ignore expired failure answers */
|
||||
if(FLAGS_GET_RCODE(rep->flags) !=
|
||||
LDNS_RCODE_NOERROR &&
|
||||
FLAGS_GET_RCODE(rep->flags) !=
|
||||
LDNS_RCODE_NXDOMAIN &&
|
||||
FLAGS_GET_RCODE(rep->flags) !=
|
||||
LDNS_RCODE_YXDOMAIN)
|
||||
if(!reply_info_can_answer_expired(rep, timenow))
|
||||
return 0;
|
||||
if(!rrset_array_lock(rep->ref, rep->rrset_count, 0))
|
||||
return 0;
|
||||
@ -2178,7 +2174,9 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
||||
cfg->harden_large_queries, cfg->http_max_streams,
|
||||
cfg->http_endpoint, cfg->http_notls_downstream,
|
||||
worker->daemon->tcl, worker->daemon->listen_sslctx,
|
||||
dtenv, worker_handle_request, worker);
|
||||
dtenv, worker->daemon->doq_table, worker->env.rnd,
|
||||
cfg->ssl_service_key, cfg->ssl_service_pem, cfg,
|
||||
worker_handle_request, worker);
|
||||
if(!worker->front) {
|
||||
log_err("could not create listening sockets");
|
||||
worker_delete(worker);
|
||||
@ -2512,3 +2510,19 @@ void dtio_mainfdcallback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
void doq_client_event_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
void* ATTR_UNUSED(arg))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
void doq_client_timer_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
void* ATTR_UNUSED(arg))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
@ -657,7 +657,7 @@ handle_event_moddone(struct module_qstate* qstate, int id)
|
||||
qstate->return_msg->rep &&
|
||||
!dns_cache_store(
|
||||
qstate->env, &qstate->qinfo, qstate->return_msg->rep,
|
||||
0, 0, 0, NULL,
|
||||
0, qstate->prefetch_leeway, 0, NULL,
|
||||
qstate->query_flags, qstate->qstarttime))
|
||||
log_err("out of memory");
|
||||
|
||||
@ -847,6 +847,7 @@ dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate
|
||||
*/
|
||||
cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount,
|
||||
rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl,
|
||||
rep->serve_expired_norec_ttl,
|
||||
rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets,
|
||||
rep->rrset_count, rep->security, LDNS_EDE_NONE);
|
||||
if(!cp)
|
||||
@ -1007,7 +1008,7 @@ dns64_inform_super(struct module_qstate* qstate, int id,
|
||||
/* Store the generated response in cache. */
|
||||
if ( (!super_dq || !super_dq->started_no_cache_store) &&
|
||||
!dns_cache_store(super->env, &super->qinfo, super->return_msg->rep,
|
||||
0, 0, 0, NULL, super->query_flags, qstate->qstarttime))
|
||||
0, super->prefetch_leeway, 0, NULL, super->query_flags, qstate->qstarttime))
|
||||
log_err("out of memory");
|
||||
}
|
||||
|
||||
|
@ -1151,7 +1151,9 @@ void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg)
|
||||
char* id = NULL;
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t addrlen = (socklen_t)sizeof(addr);
|
||||
int s = accept(fd, (struct sockaddr*)&addr, &addrlen);
|
||||
int s;
|
||||
memset(&addr, 0, sizeof(addr));
|
||||
s = accept(fd, (struct sockaddr*)&addr, &addrlen);
|
||||
if(s == -1) {
|
||||
#ifndef USE_WINSOCK
|
||||
/* EINTR is signal interrupt. others are closed connection. */
|
||||
@ -1543,8 +1545,8 @@ int main(int argc, char** argv)
|
||||
usage(argv);
|
||||
}
|
||||
}
|
||||
argc -= optind;
|
||||
argv += optind;
|
||||
/* argc -= optind; not using further arguments */
|
||||
/* argv += optind; not using further arguments */
|
||||
|
||||
if(usessl) {
|
||||
#ifdef HAVE_SSL
|
||||
@ -1783,3 +1785,19 @@ void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
void doq_client_event_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
void* ATTR_UNUSED(arg))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
void doq_client_timer_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
void* ATTR_UNUSED(arg))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
@ -1,6 +1,155 @@
|
||||
16 October 2024: Yorgos
|
||||
- Fix for dnsoverquic and dnstap to use the correct dnstap
|
||||
environment.
|
||||
|
||||
16 October 2024: Wouter
|
||||
- Fix for dnstap with dnscrypt and dnstap without dnsoverquic.
|
||||
|
||||
14 October 2024: Wouter
|
||||
- Fix to display warning if quic-port is set but dnsoverquic is not
|
||||
enabled when compiled.
|
||||
- Fix dnsoverquic to extend the number of streams when one is closed.
|
||||
|
||||
11 October 2024: Wouter
|
||||
- Fix to disable detection of quic configured ports when quic is
|
||||
not compiled in.
|
||||
- Fix harden-unverified-glue for AAAA cache_fill_missing lookups.
|
||||
- Fix contrib/aaaa-filter-iterator.patch for change in call
|
||||
signature for cache_fill_missing.
|
||||
|
||||
10 October 2024: Wouter
|
||||
- Fix cookie_file test sporadic fails for time change during
|
||||
the test.
|
||||
- Fix add reallocarray to alloc stats unit test, and disable
|
||||
override of strdup in unbound-host, and the result of config
|
||||
get option is freed properly.
|
||||
|
||||
9 October 2024: Wouter
|
||||
- Merge #871: DNS over QUIC. This adds `quic-port: 853` and
|
||||
`quic-size: 8m` that enable dnsoverquic, and the counters
|
||||
`num.query.quic` and `mem.quic` in the statistics output.
|
||||
The feature needs to be enabled by compiling with libngtcp2,
|
||||
with `--with-libngtcp2=path` and libngtcp2 needs openssl+quic,
|
||||
pass that with `--with-ssl=path` to compile unbound as well.
|
||||
- Fix to limit NSEC TTL for messages from cachedb. Fix to limit the
|
||||
prefetch ttl for messages after a CNAME with short TTL.
|
||||
- Fix for dnstap compile of doqclient with doq disabled.
|
||||
|
||||
8 October 2024: Wouter
|
||||
- Fix #1149: unbound-control-setup hangs sometimes depending on
|
||||
the openssl version.
|
||||
- Fix #1128: Cannot override tcp-upstream and tls-upstream with
|
||||
forward-tcp-upstream and forward-tls-upstream.
|
||||
|
||||
3 October 2024: Yorgos
|
||||
- Fix CVE-2024-8508, unbounded name compression could lead to denial
|
||||
of service.
|
||||
- This fix was part of 1.21.1, a security point release on 1.21.0.
|
||||
The code repository continues with this fix and the version number
|
||||
1.22.0.
|
||||
|
||||
30 September 2024: Wouter
|
||||
- Fix negative cache NSEC3 parameter compares for zero length NSEC3
|
||||
salt.
|
||||
- Fix unbound dnstap socket test program analyzer warnings about
|
||||
unused variable assignments and variable initialization.
|
||||
|
||||
25 September 2024: Wouter
|
||||
- Fix #1144: [FR] log timestamps in ISO8601 format with timezone.
|
||||
This adds the option `log-time-iso: yes` that logs in ISO8601
|
||||
format.
|
||||
|
||||
24 September 2024: Yorgos
|
||||
- Attempt to further fix doh_downstream_buffer_size.tdir flakiness.
|
||||
- More clear text for prefetch and minimal-responses in the
|
||||
unbound.conf man page.
|
||||
- Merge #1143: Fix cache update when serve expired is used. Expired
|
||||
records are favored over resolution and validation failures when
|
||||
serve-expired is used.
|
||||
|
||||
23 September 2024: Wouter
|
||||
- Fix dns64 with prefetch that the prefetch is stored in cache.
|
||||
|
||||
23 September 2024: Yorgos
|
||||
- Fix doxygen warnings by commenting out CLANG_ASSISTED_PARSING,
|
||||
CLANG_ADD_INC_PATHS, CLANG_OPTIONS and CLANG_DATABASE_PATH; they were
|
||||
already disabled.
|
||||
|
||||
17 September 2024: Wouter
|
||||
- Add redis-command-timeout: 20 and redis-connect-timeout: 200,
|
||||
that can set the timeout separately for commands and the
|
||||
connection set up to the redis server. If they are not
|
||||
specified, the redis-timeout value is used.
|
||||
|
||||
16 September 2024: Wouter
|
||||
- Merge #1140: Fix spelling mistake in comments.
|
||||
|
||||
11 September 2024: Yorgos
|
||||
- Fix and add comments in testdata/val_negcache_ttl.rpl.
|
||||
|
||||
10 September 2024: Wouter
|
||||
- Fix to limit NSEC and NSEC3 TTL when aggressive nsec is
|
||||
enabled (RFC9077).
|
||||
- Add unit test for ttl limit for aggressive nsec.
|
||||
|
||||
6 September 2024: Yorgos
|
||||
- Fix alloc-size and calloc-transposed-args compiler warnings.
|
||||
- Fix comment to not trigger doxygen unknown command.
|
||||
|
||||
5 September 2024: Wouter
|
||||
- Fix config file read for dnstap-sample-rate.
|
||||
|
||||
2 September 2024: Wouter
|
||||
- Merge #1135: Add new IANA trust anchor.
|
||||
|
||||
30 August 2024: Wouter
|
||||
- Merge #1132: b.root renumbering.
|
||||
- Fix for #1132, adjusted unit test for change in the test file.
|
||||
- Fix for #1132, comment about adjusted copy of reference check.
|
||||
|
||||
29 August 2024: Wouter
|
||||
- Unit test for auth zone transfer TLS, and TLS failure.
|
||||
- Fix to print port number in logs for auth zone transfer activities.
|
||||
|
||||
28 August 2024: Wouter
|
||||
- Fix that when rpz is applied the message does not get picked up by
|
||||
the validator. That stops validation failures for the message.
|
||||
- Fix that stub-zone and forward-zone clauses do not exhaust memory
|
||||
for long content.
|
||||
|
||||
27 August 2024: Wouter
|
||||
- Fix #1130: Loads of logs: "validation failure: key for validation
|
||||
<domain>. is marked as invalid because of a previous" for
|
||||
non-DNSSEC signed zone.
|
||||
|
||||
23 August 2024: Wouter
|
||||
- Merge patch to fix for glue that is outside of zone, with
|
||||
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
|
||||
Enabling this option protects the Unbound resolver against bad
|
||||
glue, that is unverified out of zone glue, by resolving them.
|
||||
It uses the records as last resort if there is no other working
|
||||
glue.
|
||||
- Fix #1127: error: "memory exhausted" when defining more than 9994
|
||||
local-zones.
|
||||
- Fix documentation for cache_fill_missing function.
|
||||
|
||||
21 August 2024: Wouter
|
||||
- Add cross platform freebsd, openbsd and netbsd to github ci.
|
||||
- Fix for char signedness warnings on NetBSD.
|
||||
|
||||
20 August 2024: Wouter
|
||||
- Add iter-scrub-ns, iter-scrub-cname and max-global-quota
|
||||
configuration options.
|
||||
|
||||
19 August 2024: Wouter
|
||||
- Fix #1126: unbound-control-setup hangs while testing for openssl
|
||||
presence starting from version 1.21.0.
|
||||
|
||||
9 August 2024: Wouter
|
||||
- Fix spelling for the cache-min-negative-ttl entry in the
|
||||
example.conf.
|
||||
- Tag for release 1.21.0, the repository continues with 1.21.1
|
||||
in development.
|
||||
|
||||
8 August 2024: Wouter
|
||||
- Fix CAMP issues with global quota. Thanks to Huayi Duan, Marco
|
||||
@ -8,7 +157,7 @@
|
||||
- Fix CacheFlush issues with limit on NS RRs. Thanks to Yehuda Afek,
|
||||
Anat Bremler-Barr, Shoham Danino and Yuval Shavitt (Tel-Aviv
|
||||
University and Reichman University).
|
||||
- Set version number to 1.21.0 for release.
|
||||
- Set version number to 1.21.0 for release. This has tag 1.21.0rc1.
|
||||
- Fix that for windows the module startup is called and sets up
|
||||
the module-config.
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
README for Unbound 1.21.1
|
||||
README for Unbound 1.22.0
|
||||
Copyright 2007 NLnet Labs
|
||||
http://unbound.net
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# Example configuration file.
|
||||
#
|
||||
# See unbound.conf(5) man page, version 1.21.1.
|
||||
# See unbound.conf(5) man page, version 1.22.0.
|
||||
#
|
||||
# this is a comment.
|
||||
|
||||
@ -187,6 +187,15 @@ server:
|
||||
# query upon encountering a CNAME record.
|
||||
# max-query-restarts: 11
|
||||
|
||||
# Limit on number of NS records in NS RRset for incoming packets.
|
||||
# iter-scrub-ns: 20
|
||||
|
||||
# Limit on number of CNAME, DNAME records for incoming packets.
|
||||
# iter-scrub-cname: 11
|
||||
|
||||
# Limit on upstream queries for an incoming query and its recursion.
|
||||
# max-global-quota: 128
|
||||
|
||||
# msec for waiting for an unknown server to reply. Increase if you
|
||||
# are behind a slow satellite link, to eg. 1128.
|
||||
# unknown-server-time-limit: 376
|
||||
@ -452,6 +461,10 @@ server:
|
||||
# print UTC timestamp in ascii to logfile, default is epoch in seconds.
|
||||
# log-time-ascii: no
|
||||
|
||||
# log timestamp in ISO8601 format if also log-time-ascii is enabled.
|
||||
# (y-m-dTh:m:s.msec[+-]tzhours:tzminutes)
|
||||
# log-time-iso: no
|
||||
|
||||
# print one line with time, IP, name, type, class for every query.
|
||||
# log-queries: no
|
||||
|
||||
@ -524,6 +537,9 @@ server:
|
||||
# Harden against out of zone rrsets, to avoid spoofing attempts.
|
||||
# harden-glue: yes
|
||||
|
||||
# Harden against unverified (outside-zone, including sibling zone) glue rrsets
|
||||
# harden-unverified-glue: no
|
||||
|
||||
# Harden against receiving dnssec-stripped data. If you turn it
|
||||
# off, failing to validate dnskey data for a trustanchor will
|
||||
# trigger insecure mode for that zone (like without a trustanchor).
|
||||
@ -904,6 +920,7 @@ server:
|
||||
# tls-service-pem: "path/to/publiccertfile.pem"
|
||||
# tls-port: 853
|
||||
# https-port: 443
|
||||
# quic-port: 853
|
||||
|
||||
# cipher setting for TLSv1.2
|
||||
# tls-ciphers: "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256"
|
||||
@ -968,6 +985,9 @@ server:
|
||||
# Disable TLS for DNS-over-HTTP downstream service.
|
||||
# http-notls-downstream: no
|
||||
|
||||
# Maximum number of bytes used for QUIC buffers.
|
||||
# quic-size: 8m
|
||||
|
||||
# The interfaces that use these listed port numbers will support and
|
||||
# expect PROXYv2. For UDP and TCP/TLS interfaces.
|
||||
# proxy-protocol-port: portno for each of the port numbers.
|
||||
@ -1289,6 +1309,10 @@ remote-control:
|
||||
# # redis-server-password: ""
|
||||
# # timeout (in ms) for communication with the redis server
|
||||
# redis-timeout: 100
|
||||
# # timeout (in ms) for commands, if 0, uses redis-timeout.
|
||||
# redis-command-timeout: 0
|
||||
# # timeout (in ms) for connection set up, if 0, uses redis-timeout.
|
||||
# redis-connect-timeout: 0
|
||||
# # set timeout on redis records based on DNS response TTL
|
||||
# redis-expire-records: no
|
||||
# # redis logical database to use, 0 is the default database.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "libunbound" "3" "Oct 3, 2024" "NLnet Labs" "unbound 1.21.1"
|
||||
.TH "libunbound" "3" "Oct 17, 2024" "NLnet Labs" "unbound 1.22.0"
|
||||
.\"
|
||||
.\" libunbound.3 -- unbound library functions manual
|
||||
.\"
|
||||
@ -44,7 +44,7 @@
|
||||
.B ub_ctx_zone_remove,
|
||||
.B ub_ctx_data_add,
|
||||
.B ub_ctx_data_remove
|
||||
\- Unbound DNS validating resolver 1.21.1 functions.
|
||||
\- Unbound DNS validating resolver 1.22.0 functions.
|
||||
.SH "SYNOPSIS"
|
||||
.B #include <unbound.h>
|
||||
.LP
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-anchor" "8" "Oct 3, 2024" "NLnet Labs" "unbound 1.21.1"
|
||||
.TH "unbound-anchor" "8" "Oct 17, 2024" "NLnet Labs" "unbound 1.22.0"
|
||||
.\"
|
||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||
.\"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-checkconf" "8" "Oct 3, 2024" "NLnet Labs" "unbound 1.21.1"
|
||||
.TH "unbound-checkconf" "8" "Oct 17, 2024" "NLnet Labs" "unbound 1.22.0"
|
||||
.\"
|
||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||
.\"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-control" "8" "Oct 3, 2024" "NLnet Labs" "unbound 1.21.1"
|
||||
.TH "unbound-control" "8" "Oct 17, 2024" "NLnet Labs" "unbound 1.22.0"
|
||||
.\"
|
||||
.\" unbound-control.8 -- unbound remote control manual
|
||||
.\"
|
||||
@ -606,6 +606,10 @@ queries waiting for request stream completion.
|
||||
Memory in bytes used by the HTTP/2 response buffers. Containing DNS responses
|
||||
waiting to be written back to the clients.
|
||||
.TP
|
||||
.I mem.quic
|
||||
Memory in bytes used by QUIC. Containing connection information, stream
|
||||
information, queries read and responses written back to the clients.
|
||||
.TP
|
||||
.I histogram.<sec>.<usec>.to.<sec>.<usec>
|
||||
Shows a histogram, summed over all threads. Every element counts the
|
||||
recursive queries whose reply time fit between the lower and upper bound.
|
||||
@ -654,6 +658,10 @@ Number of queries that were made using HTTPS towards the Unbound server.
|
||||
These are also counted in num.query.tcp and num.query.tls, because HTTPS
|
||||
uses TLS and TCP.
|
||||
.TP
|
||||
.I num.query.quic
|
||||
Number of queries that were made using QUIC towards the Unbound server.
|
||||
These are also counted in num.query.tls, because TLS is used for these queries.
|
||||
.TP
|
||||
.I num.query.ipv6
|
||||
Number of queries that were made using IPv6 towards the Unbound server.
|
||||
.TP
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound\-host" "1" "Oct 3, 2024" "NLnet Labs" "unbound 1.21.1"
|
||||
.TH "unbound\-host" "1" "Oct 17, 2024" "NLnet Labs" "unbound 1.22.0"
|
||||
.\"
|
||||
.\" unbound-host.1 -- unbound DNS lookup utility
|
||||
.\"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound" "8" "Oct 3, 2024" "NLnet Labs" "unbound 1.21.1"
|
||||
.TH "unbound" "8" "Oct 17, 2024" "NLnet Labs" "unbound 1.22.0"
|
||||
.\"
|
||||
.\" unbound.8 -- unbound manual
|
||||
.\"
|
||||
@ -9,7 +9,7 @@
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.B unbound
|
||||
\- Unbound DNS validating resolver 1.21.1.
|
||||
\- Unbound DNS validating resolver 1.22.0.
|
||||
.SH "SYNOPSIS"
|
||||
.B unbound
|
||||
.RB [ \-h ]
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound.conf" "5" "Oct 3, 2024" "NLnet Labs" "unbound 1.21.1"
|
||||
.TH "unbound.conf" "5" "Oct 17, 2024" "NLnet Labs" "unbound 1.22.0"
|
||||
.\"
|
||||
.\" unbound.conf.5 -- unbound.conf manual
|
||||
.\"
|
||||
@ -566,6 +566,9 @@ tls\-system\-cert to load CA certs, otherwise the connections cannot be
|
||||
authenticated. This option enables TLS for all of them, but if you do not set
|
||||
this you can configure TLS specifically for some forward zones with
|
||||
forward\-tls\-upstream. And also with stub\-tls\-upstream.
|
||||
If the tls\-upstream option is enabled, it is for all the forwards and stubs,
|
||||
where the forward\-tls\-upstream and stub\-tls\-upstream options are ignored,
|
||||
as if they had been set to yes.
|
||||
.TP
|
||||
.B ssl\-upstream: \fI<yes or no>
|
||||
Alternate syntax for \fBtls\-upstream\fR. If both are present in the config
|
||||
@ -716,6 +719,18 @@ PROXYv2 is supported for UDP and TCP/TLS listening interfaces.
|
||||
There is no support for PROXYv2 on a DoH or DNSCrypt listening interface.
|
||||
Can list multiple, each on a new statement.
|
||||
.TP
|
||||
.B quic\-port: \fI<number>
|
||||
The port number on which to provide DNS-over-QUIC service, default 853, only
|
||||
interfaces configured with that port number as @number get the QUIC service.
|
||||
The interface uses QUIC for the UDP traffic on that port number.
|
||||
.TP
|
||||
.B quic\-size: \fI<size in bytes>
|
||||
Maximum number of bytes for all QUIC buffers and data combined. Default is 8
|
||||
megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
|
||||
megabytes or gigabytes (1024*1024 bytes in a megabyte). New connections receive
|
||||
connection refused when the limit is exceeded. New streams are reset when the
|
||||
limit is exceeded.
|
||||
.TP
|
||||
.B use\-systemd: \fI<yes or no>
|
||||
Enable or disable systemd socket activation.
|
||||
Default is no.
|
||||
@ -936,6 +951,10 @@ Sets logfile lines to use a timestamp in UTC ascii. Default is no, which
|
||||
prints the seconds since 1970 in brackets. No effect if using syslog, in
|
||||
that case syslog formats the timestamp printed into the log files.
|
||||
.TP
|
||||
.B log\-time\-iso:\fR <yes or no>
|
||||
Log time in ISO8601 format, if \fBlog\-time\-ascii:\fR yes is also set.
|
||||
Default is no.
|
||||
.TP
|
||||
.B log\-queries: \fI<yes or no>
|
||||
Prints one line per query to the log, with the log timestamp and IP address,
|
||||
name, type and class. Default is no. Note that it takes time to print these
|
||||
@ -1048,6 +1067,11 @@ payload is very large.
|
||||
.B harden\-glue: \fI<yes or no>
|
||||
Will trust glue only if it is within the servers authority. Default is yes.
|
||||
.TP
|
||||
.B harden\-unverified\-glue: \fI<yes or no>
|
||||
Will trust only in-zone glue. Will try to resolve all out of zone
|
||||
(\fI<unverfied>) glue. Will fallback to the original glue if unable to resolve.
|
||||
Default is no.
|
||||
.TP
|
||||
.B harden\-dnssec\-stripped: \fI<yes or no>
|
||||
Require DNSSEC data for trust\-anchored zones, if such data is absent,
|
||||
the zone becomes bogus. If turned off, and no DNSSEC data is received
|
||||
@ -1171,10 +1195,11 @@ IP6 ::1 and IP4 127.0.0.1/8. If no, then localhost can be used to send
|
||||
queries to. Default is yes.
|
||||
.TP
|
||||
.B prefetch: \fI<yes or no>
|
||||
If yes, message cache elements are prefetched before they expire to
|
||||
keep the cache up to date. Default is no. Turning it on gives about
|
||||
10 percent more traffic and load on the machine, but popular items do
|
||||
not expire from the cache.
|
||||
If yes, cache hits on message cache elements that are on their last 10 percent
|
||||
of their TTL value trigger a prefetch to keep the cache up to date.
|
||||
Default is no.
|
||||
Turning it on gives about 10 percent more traffic and load on the machine, but
|
||||
popular items do not expire from the cache.
|
||||
.TP
|
||||
.B prefetch\-key: \fI<yes or no>
|
||||
If yes, fetch the DNSKEYs earlier in the validation process, when a DS
|
||||
@ -1194,12 +1219,13 @@ from the query ID, for speed and thread safety). Default is yes.
|
||||
.B minimal-responses: \fI<yes or no>
|
||||
If yes, Unbound does not insert authority/additional sections into response
|
||||
messages when those sections are not required. This reduces response
|
||||
size significantly, and may avoid TCP fallback for some responses.
|
||||
This may cause a slight speedup. The default is yes, even though the DNS
|
||||
size significantly, and may avoid TCP fallback for some responses which may
|
||||
cause a slight speedup. The default is yes, even though the DNS
|
||||
protocol RFCs mandate these sections, and the additional content could
|
||||
be of use and save roundtrips for clients. Because they are not used,
|
||||
and the saved roundtrips are easier saved with prefetch, whilst this is
|
||||
faster.
|
||||
save roundtrips for clients that use the additional content.
|
||||
However these sections are hardly used by clients.
|
||||
Enabling prefetch can benefit clients that need the additional content
|
||||
by trying to keep that content fresh in the cache.
|
||||
.TP
|
||||
.B disable-dnssec-lame-check: \fI<yes or no>
|
||||
If true, disables the DNSSEC lameness check in the iterator. This check
|
||||
@ -1957,6 +1983,23 @@ Changing this value needs caution as it can allow long CNAME chains to be
|
||||
accepted, where Unbound needs to verify (resolve) each link individually.
|
||||
Default is 11.
|
||||
.TP 5
|
||||
.B iter\-scrub\-ns: \fI<number>
|
||||
Limit on the number of NS records allowed in an rrset of type NS, from the
|
||||
iterator scrubber. This protects the internals of the resolver from overly
|
||||
large NS sets. Default is 20.
|
||||
.TP 5
|
||||
.B iter\-scrub\-cname: \fI<number>
|
||||
Limit on the number of CNAME, DNAME records in an answer, from the iterator
|
||||
scrubber. This protects the internals of the resolver from overly long
|
||||
indirection chains. Clips off the remainder of the reply packet at that point.
|
||||
Default is 11.
|
||||
.TP 5
|
||||
.B max\-global\-quota: \fI<number>
|
||||
Limit on the number of upstream queries sent out for an incoming query and
|
||||
its subqueries from recursion. It is not reset during the resolution. When
|
||||
it is exceeded the query is failed and the lookup process stops.
|
||||
Default is 128.
|
||||
.TP 5
|
||||
.B fast\-server\-permil: \fI<number>
|
||||
Specify how many times out of 1000 to pick from the set of fastest servers.
|
||||
0 turns the feature off. A value of 900 would pick from the fastest
|
||||
@ -2788,6 +2831,14 @@ if the Redis server does not have the requested data, and will try to
|
||||
re-establish a new connection later.
|
||||
This option defaults to 100 milliseconds.
|
||||
.TP
|
||||
.B redis-command-timeout: \fI<msec>\fR
|
||||
The timeout to use for redis commands, in milliseconds. If 0, it uses the
|
||||
redis\-timeout value. The default is 0.
|
||||
.TP
|
||||
.B redis-connect-timeout: \fI<msec>\fR
|
||||
The timeout to use for redis connection set up, in milliseconds. If 0, it
|
||||
uses the redis\-timeout value. The default is 0.
|
||||
.TP
|
||||
.B redis-expire-records: \fI<yes or no>
|
||||
If Redis record expiration is enabled. If yes, Unbound sets timeout for Redis
|
||||
records so that Redis can evict keys that have expired automatically. If
|
||||
|
@ -1226,7 +1226,7 @@ VERBATIM_HEADERS = NO
|
||||
# generated with the -Duse_libclang=ON option for CMake.
|
||||
# The default value is: NO.
|
||||
|
||||
CLANG_ASSISTED_PARSING = NO
|
||||
#CLANG_ASSISTED_PARSING = NO
|
||||
|
||||
# If the CLANG_ASSISTED_PARSING tag is set to YES and the CLANG_ADD_INC_PATHS
|
||||
# tag is set to YES then doxygen will add the directory of each input to the
|
||||
@ -1234,7 +1234,7 @@ CLANG_ASSISTED_PARSING = NO
|
||||
# The default value is: YES.
|
||||
# This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES.
|
||||
|
||||
CLANG_ADD_INC_PATHS = YES
|
||||
#CLANG_ADD_INC_PATHS = YES
|
||||
|
||||
# If clang assisted parsing is enabled you can provide the compiler with command
|
||||
# line options that you would normally use when invoking the compiler. Note that
|
||||
@ -1242,7 +1242,7 @@ CLANG_ADD_INC_PATHS = YES
|
||||
# specified with INPUT and INCLUDE_PATH.
|
||||
# This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES.
|
||||
|
||||
CLANG_OPTIONS =
|
||||
#CLANG_OPTIONS =
|
||||
|
||||
# If clang assisted parsing is enabled you can provide the clang parser with the
|
||||
# path to the directory containing a file called compile_commands.json. This
|
||||
@ -1255,7 +1255,7 @@ CLANG_OPTIONS =
|
||||
# Note: The availability of this option depends on whether or not doxygen was
|
||||
# generated with the -Duse_libclang=ON option for CMake.
|
||||
|
||||
CLANG_DATABASE_PATH =
|
||||
#CLANG_DATABASE_PATH =
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Configuration options related to the alphabetical class index
|
||||
|
@ -1,7 +1,7 @@
|
||||
#!/usr/bin/sh
|
||||
# install - install a program, script, or datafile
|
||||
|
||||
scriptversion=2020-11-14.01; # UTC
|
||||
scriptversion=2013-12-25.23; # UTC
|
||||
|
||||
# This originates from X11R5 (mit/util/scripts/install.sh), which was
|
||||
# later released in X11R6 (xc/config/util/install.sh) with the
|
||||
@ -69,11 +69,6 @@ posix_mkdir=
|
||||
# Desired mode of installed file.
|
||||
mode=0755
|
||||
|
||||
# Create dirs (including intermediate dirs) using mode 755.
|
||||
# This is like GNU 'install' as of coreutils 8.32 (2020).
|
||||
mkdir_umask=22
|
||||
|
||||
backupsuffix=
|
||||
chgrpcmd=
|
||||
chmodcmd=$chmodprog
|
||||
chowncmd=
|
||||
@ -104,28 +99,18 @@ Options:
|
||||
--version display version info and exit.
|
||||
|
||||
-c (ignored)
|
||||
-C install only if different (preserve data modification time)
|
||||
-C install only if different (preserve the last data modification time)
|
||||
-d create directories instead of installing files.
|
||||
-g GROUP $chgrpprog installed files to GROUP.
|
||||
-m MODE $chmodprog installed files to MODE.
|
||||
-o USER $chownprog installed files to USER.
|
||||
-p pass -p to $cpprog.
|
||||
-s $stripprog installed files.
|
||||
-S SUFFIX attempt to back up existing files, with suffix SUFFIX.
|
||||
-t DIRECTORY install into DIRECTORY.
|
||||
-T report an error if DSTFILE is a directory.
|
||||
|
||||
Environment variables override the default commands:
|
||||
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
|
||||
RMPROG STRIPPROG
|
||||
|
||||
By default, rm is invoked with -f; when overridden with RMPROG,
|
||||
it's up to you to specify -f if you want it.
|
||||
|
||||
If -S is not specified, no backups are attempted.
|
||||
|
||||
Email bug reports to bug-automake@gnu.org.
|
||||
Automake home page: https://www.gnu.org/software/automake/
|
||||
"
|
||||
|
||||
while test $# -ne 0; do
|
||||
@ -152,13 +137,8 @@ while test $# -ne 0; do
|
||||
-o) chowncmd="$chownprog $2"
|
||||
shift;;
|
||||
|
||||
-p) cpprog="$cpprog -p";;
|
||||
|
||||
-s) stripcmd=$stripprog;;
|
||||
|
||||
-S) backupsuffix="$2"
|
||||
shift;;
|
||||
|
||||
-t)
|
||||
is_target_a_directory=always
|
||||
dst_arg=$2
|
||||
@ -275,10 +255,6 @@ do
|
||||
dstdir=$dst
|
||||
test -d "$dstdir"
|
||||
dstdir_status=$?
|
||||
# Don't chown directories that already exist.
|
||||
if test $dstdir_status = 0; then
|
||||
chowncmd=""
|
||||
fi
|
||||
else
|
||||
|
||||
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
|
||||
@ -295,18 +271,15 @@ do
|
||||
fi
|
||||
dst=$dst_arg
|
||||
|
||||
# If destination is a directory, append the input filename.
|
||||
# If destination is a directory, append the input filename; won't work
|
||||
# if double slashes aren't ignored.
|
||||
if test -d "$dst"; then
|
||||
if test "$is_target_a_directory" = never; then
|
||||
echo "$0: $dst_arg: Is a directory" >&2
|
||||
exit 1
|
||||
fi
|
||||
dstdir=$dst
|
||||
dstbase=`basename "$src"`
|
||||
case $dst in
|
||||
*/) dst=$dst$dstbase;;
|
||||
*) dst=$dst/$dstbase;;
|
||||
esac
|
||||
dst=$dstdir/`basename "$src"`
|
||||
dstdir_status=0
|
||||
else
|
||||
dstdir=`dirname "$dst"`
|
||||
@ -315,16 +288,27 @@ do
|
||||
fi
|
||||
fi
|
||||
|
||||
case $dstdir in
|
||||
*/) dstdirslash=$dstdir;;
|
||||
*) dstdirslash=$dstdir/;;
|
||||
esac
|
||||
|
||||
obsolete_mkdir_used=false
|
||||
|
||||
if test $dstdir_status != 0; then
|
||||
case $posix_mkdir in
|
||||
'')
|
||||
# Create intermediate dirs using mode 755 as modified by the umask.
|
||||
# This is like FreeBSD 'install' as of 1997-10-28.
|
||||
umask=`umask`
|
||||
case $stripcmd.$umask in
|
||||
# Optimize common cases.
|
||||
*[2367][2367]) mkdir_umask=$umask;;
|
||||
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
|
||||
|
||||
*[0-7])
|
||||
mkdir_umask=`expr $umask + 22 \
|
||||
- $umask % 100 % 40 + $umask % 20 \
|
||||
- $umask % 10 % 4 + $umask % 2
|
||||
`;;
|
||||
*) mkdir_umask=$umask,go-w;;
|
||||
esac
|
||||
|
||||
# With -d, create the new directory with the user-specified mode.
|
||||
# Otherwise, rely on $mkdir_umask.
|
||||
if test -n "$dir_arg"; then
|
||||
@ -334,49 +318,43 @@ do
|
||||
fi
|
||||
|
||||
posix_mkdir=false
|
||||
# The $RANDOM variable is not portable (e.g., dash). Use it
|
||||
# here however when possible just to lower collision chance.
|
||||
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
|
||||
case $umask in
|
||||
*[123567][0-7][0-7])
|
||||
# POSIX mkdir -p sets u+wx bits regardless of umask, which
|
||||
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
|
||||
;;
|
||||
*)
|
||||
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
|
||||
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
|
||||
|
||||
trap '
|
||||
ret=$?
|
||||
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
|
||||
exit $ret
|
||||
' 0
|
||||
|
||||
# Because "mkdir -p" follows existing symlinks and we likely work
|
||||
# directly in world-writeable /tmp, make sure that the '$tmpdir'
|
||||
# directory is successfully created first before we actually test
|
||||
# 'mkdir -p'.
|
||||
if (umask $mkdir_umask &&
|
||||
$mkdirprog $mkdir_mode "$tmpdir" &&
|
||||
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
|
||||
then
|
||||
if test -z "$dir_arg" || {
|
||||
# Check for POSIX incompatibilities with -m.
|
||||
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
|
||||
# other-writable bit of parent directory when it shouldn't.
|
||||
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
|
||||
test_tmpdir="$tmpdir/a"
|
||||
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
|
||||
case $ls_ld_tmpdir in
|
||||
d????-?r-*) different_mode=700;;
|
||||
d????-?--*) different_mode=755;;
|
||||
*) false;;
|
||||
esac &&
|
||||
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
|
||||
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
|
||||
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
|
||||
}
|
||||
}
|
||||
then posix_mkdir=:
|
||||
fi
|
||||
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
|
||||
else
|
||||
# Remove any dirs left behind by ancient mkdir implementations.
|
||||
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
|
||||
fi
|
||||
trap '' 0;;
|
||||
if (umask $mkdir_umask &&
|
||||
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
|
||||
then
|
||||
if test -z "$dir_arg" || {
|
||||
# Check for POSIX incompatibilities with -m.
|
||||
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
|
||||
# other-writable bit of parent directory when it shouldn't.
|
||||
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
|
||||
ls_ld_tmpdir=`ls -ld "$tmpdir"`
|
||||
case $ls_ld_tmpdir in
|
||||
d????-?r-*) different_mode=700;;
|
||||
d????-?--*) different_mode=755;;
|
||||
*) false;;
|
||||
esac &&
|
||||
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
|
||||
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
|
||||
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
|
||||
}
|
||||
}
|
||||
then posix_mkdir=:
|
||||
fi
|
||||
rmdir "$tmpdir/d" "$tmpdir"
|
||||
else
|
||||
# Remove any dirs left behind by ancient mkdir implementations.
|
||||
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
|
||||
fi
|
||||
trap '' 0;;
|
||||
esac;;
|
||||
esac
|
||||
|
||||
if
|
||||
@ -387,7 +365,7 @@ do
|
||||
then :
|
||||
else
|
||||
|
||||
# mkdir does not conform to POSIX,
|
||||
# The umask is ridiculous, or mkdir does not conform to POSIX,
|
||||
# or it failed possibly due to a race condition. Create the
|
||||
# directory the slow way, step by step, checking for races as we go.
|
||||
|
||||
@ -416,7 +394,7 @@ do
|
||||
prefixes=
|
||||
else
|
||||
if $posix_mkdir; then
|
||||
(umask $mkdir_umask &&
|
||||
(umask=$mkdir_umask &&
|
||||
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
|
||||
# Don't fail if two instances are running concurrently.
|
||||
test -d "$prefix" || exit 1
|
||||
@ -449,25 +427,14 @@ do
|
||||
else
|
||||
|
||||
# Make a couple of temp file names in the proper directory.
|
||||
dsttmp=${dstdirslash}_inst.$$_
|
||||
rmtmp=${dstdirslash}_rm.$$_
|
||||
dsttmp=$dstdir/_inst.$$_
|
||||
rmtmp=$dstdir/_rm.$$_
|
||||
|
||||
# Trap to clean up those temp files at exit.
|
||||
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
|
||||
|
||||
# Copy the file name to the temp name.
|
||||
(umask $cp_umask &&
|
||||
{ test -z "$stripcmd" || {
|
||||
# Create $dsttmp read-write so that cp doesn't create it read-only,
|
||||
# which would cause strip to fail.
|
||||
if test -z "$doit"; then
|
||||
: >"$dsttmp" # No need to fork-exec 'touch'.
|
||||
else
|
||||
$doit touch "$dsttmp"
|
||||
fi
|
||||
}
|
||||
} &&
|
||||
$doit_exec $cpprog "$src" "$dsttmp") &&
|
||||
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
|
||||
|
||||
# and set any options; do chmod last to preserve setuid bits.
|
||||
#
|
||||
@ -493,13 +460,6 @@ do
|
||||
then
|
||||
rm -f "$dsttmp"
|
||||
else
|
||||
# If $backupsuffix is set, and the file being installed
|
||||
# already exists, attempt a backup. Don't worry if it fails,
|
||||
# e.g., if mv doesn't support -f.
|
||||
if test -n "$backupsuffix" && test -f "$dst"; then
|
||||
$doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
|
||||
fi
|
||||
|
||||
# Rename the file to the real destination.
|
||||
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
|
||||
|
||||
@ -514,9 +474,9 @@ do
|
||||
# file should still install successfully.
|
||||
{
|
||||
test ! -f "$dst" ||
|
||||
$doit $rmcmd "$dst" 2>/dev/null ||
|
||||
$doit $rmcmd -f "$dst" 2>/dev/null ||
|
||||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
|
||||
{ $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
|
||||
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
|
||||
} ||
|
||||
{ echo "$0: cannot unlink or rename $dst" >&2
|
||||
(exit 1); exit 1
|
||||
@ -533,9 +493,9 @@ do
|
||||
done
|
||||
|
||||
# Local variables:
|
||||
# eval: (add-hook 'before-save-hook 'time-stamp)
|
||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||
# time-stamp-start: "scriptversion="
|
||||
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
||||
# time-stamp-time-zone: "UTC0"
|
||||
# time-stamp-time-zone: "UTC"
|
||||
# time-stamp-end: "; # UTC"
|
||||
# End:
|
||||
|
@ -443,7 +443,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
|
||||
prev = NULL;
|
||||
rrset = msg->rrset_first;
|
||||
while(rrset && rrset->section == LDNS_SECTION_ANSWER) {
|
||||
if(cname_length > 11 /* env->cfg.iter_scrub_cname */) {
|
||||
if(cname_length > env->cfg->iter_scrub_cname) {
|
||||
/* Too many CNAMEs, or DNAMEs, from the authority
|
||||
* server, scrub down the length to something
|
||||
* shorter. This deletes everything after the limit
|
||||
@ -562,8 +562,8 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
|
||||
dname_pkt_compare(pkt, oldsname,
|
||||
rrset->dname) == 0) {
|
||||
if(rrset->type == LDNS_RR_TYPE_NS &&
|
||||
rrset->rr_count > 20 /* env->cfg->iter_scrub_ns */) {
|
||||
shorten_rrset(pkt, rrset, 20 /* env->cfg->iter_scrub_ns */);
|
||||
rrset->rr_count > env->cfg->iter_scrub_ns) {
|
||||
shorten_rrset(pkt, rrset, env->cfg->iter_scrub_ns);
|
||||
}
|
||||
prev = rrset;
|
||||
rrset = rrset->rrset_all_next;
|
||||
@ -581,8 +581,8 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
|
||||
}
|
||||
|
||||
if(rrset->type == LDNS_RR_TYPE_NS &&
|
||||
rrset->rr_count > 20 /* env->cfg->iter_scrub_ns */) {
|
||||
shorten_rrset(pkt, rrset, 20 /* env->cfg->iter_scrub_ns */);
|
||||
rrset->rr_count > env->cfg->iter_scrub_ns) {
|
||||
shorten_rrset(pkt, rrset, env->cfg->iter_scrub_ns);
|
||||
}
|
||||
|
||||
/* Mark the additional names from relevant rrset as OK. */
|
||||
@ -641,7 +641,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
|
||||
"RRset:", pkt, msg, prev, &rrset);
|
||||
continue;
|
||||
}
|
||||
if(rrset->rr_count > 20 /* env->cfg->iter_scrub_ns */) {
|
||||
if(rrset->rr_count > env->cfg->iter_scrub_ns) {
|
||||
/* If this is not a referral, and the NS RRset
|
||||
* is signed, then remove it entirely, so
|
||||
* that when it becomes bogus it does not
|
||||
@ -657,7 +657,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
|
||||
"RRset:", pkt, msg, prev, &rrset);
|
||||
continue;
|
||||
} else {
|
||||
shorten_rrset(pkt, rrset, 20 /* env->cfg->iter_scrub_ns */);
|
||||
shorten_rrset(pkt, rrset, env->cfg->iter_scrub_ns);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -871,6 +871,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
|
||||
{
|
||||
int del_addi = 0; /* if additional-holding rrsets are deleted, we
|
||||
do not trust the normalized additional-A-AAAA any more */
|
||||
uint8_t* ns_rrset_dname = NULL;
|
||||
int added_rrlen_ede = 0;
|
||||
struct rrset_parse* rrset, *prev;
|
||||
prev = NULL;
|
||||
@ -976,6 +977,16 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if(rrset->type == LDNS_RR_TYPE_NS &&
|
||||
(rrset->section == LDNS_SECTION_AUTHORITY ||
|
||||
rrset->section == LDNS_SECTION_ANSWER)) {
|
||||
/* If the type is NS, and we're in the
|
||||
* answer or authority section, then
|
||||
* store the dname so we can check
|
||||
* against the glue records
|
||||
* further down */
|
||||
ns_rrset_dname = rrset->dname;
|
||||
}
|
||||
if(del_addi && rrset->section == LDNS_SECTION_ADDITIONAL) {
|
||||
remove_rrset("sanitize: removing potential "
|
||||
"poison reference RRset:", pkt, msg, prev, &rrset);
|
||||
@ -988,6 +999,26 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
|
||||
"RRset:", pkt, msg, prev, &rrset);
|
||||
continue;
|
||||
}
|
||||
if(env->cfg->harden_unverified_glue && ns_rrset_dname &&
|
||||
rrset->section == LDNS_SECTION_ADDITIONAL &&
|
||||
(rrset->type == LDNS_RR_TYPE_A || rrset->type == LDNS_RR_TYPE_AAAA) &&
|
||||
!pkt_strict_sub(pkt, rrset->dname, ns_rrset_dname)) {
|
||||
/* We're in the additional section, looking
|
||||
* at an A/AAAA rrset, have a previous
|
||||
* delegation point and we notice that
|
||||
* the glue records are NOT for strict
|
||||
* subdomains of the delegation. So set a
|
||||
* flag, recompute the hash for the rrset
|
||||
* and write the A/AAAA record to cache.
|
||||
* It'll be retrieved if we can't separately
|
||||
* resolve the glue */
|
||||
rrset->flags = PACKED_RRSET_UNVERIFIED_GLUE;
|
||||
rrset->hash = pkt_hash_rrset(pkt, rrset->dname, rrset->type, rrset->rrset_class, rrset->flags);
|
||||
store_rrset(pkt, msg, env, rrset);
|
||||
remove_rrset("sanitize: storing potential "
|
||||
"unverified glue reference RRset:", pkt, msg, prev, &rrset);
|
||||
continue;
|
||||
}
|
||||
prev = rrset;
|
||||
rrset = rrset->rrset_all_next;
|
||||
}
|
||||
|
@ -1564,3 +1564,45 @@ void iterator_set_ip46_support(struct module_stack* mods,
|
||||
if(outnet->num_ip6 == 0)
|
||||
ie->supports_ipv6 = 0;
|
||||
}
|
||||
|
||||
void
|
||||
limit_nsec_ttl(struct dns_msg* msg)
|
||||
{
|
||||
/* Limit NSEC and NSEC3 TTL in response, RFC9077 */
|
||||
size_t i;
|
||||
int found = 0;
|
||||
time_t soa_ttl = 0;
|
||||
/* Limit the NSEC and NSEC3 TTL values to the SOA TTL and SOA minimum
|
||||
* TTL. That has already been applied to the SOA record ttl. */
|
||||
for(i=0; i<msg->rep->rrset_count; i++) {
|
||||
struct ub_packed_rrset_key* s = msg->rep->rrsets[i];
|
||||
if(ntohs(s->rk.type) == LDNS_RR_TYPE_SOA) {
|
||||
struct packed_rrset_data* soadata = (struct packed_rrset_data*)s->entry.data;
|
||||
found = 1;
|
||||
soa_ttl = soadata->ttl;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(!found)
|
||||
return;
|
||||
for(i=0; i<msg->rep->rrset_count; i++) {
|
||||
struct ub_packed_rrset_key* s = msg->rep->rrsets[i];
|
||||
if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC ||
|
||||
ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC3) {
|
||||
struct packed_rrset_data* data = (struct packed_rrset_data*)s->entry.data;
|
||||
/* Limit the negative TTL. */
|
||||
if(data->ttl > soa_ttl) {
|
||||
if(verbosity >= VERB_ALGO) {
|
||||
char buf[256];
|
||||
snprintf(buf, sizeof(buf),
|
||||
"limiting TTL %d of %s record to the SOA TTL of %d for",
|
||||
(int)data->ttl, ((ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC)?"NSEC":"NSEC3"), (int)soa_ttl);
|
||||
log_nametypeclass(VERB_ALGO, buf,
|
||||
s->rk.dname, ntohs(s->rk.type),
|
||||
ntohs(s->rk.rrset_class));
|
||||
}
|
||||
data->ttl = soa_ttl;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -428,4 +428,11 @@ int iter_stub_fwd_no_cache(struct module_qstate *qstate,
|
||||
void iterator_set_ip46_support(struct module_stack* mods,
|
||||
struct module_env* env, struct outside_network* outnet);
|
||||
|
||||
/**
|
||||
* Limit NSEC and NSEC3 TTL in response, RFC9077
|
||||
* @param msg: dns message, the SOA record ttl is used to restrict ttls
|
||||
* of NSEC and NSEC3 RRsets. If no SOA record, nothing happens.
|
||||
*/
|
||||
void limit_nsec_ttl(struct dns_msg* msg);
|
||||
|
||||
#endif /* ITERATOR_ITER_UTILS_H */
|
||||
|
@ -70,6 +70,8 @@
|
||||
#include "sldns/parseutil.h"
|
||||
#include "sldns/sbuffer.h"
|
||||
|
||||
/* number of packets */
|
||||
int MAX_GLOBAL_QUOTA = 128;
|
||||
/* in msec */
|
||||
int UNKNOWN_SERVER_NICENESS = 376;
|
||||
/* in msec */
|
||||
@ -252,7 +254,7 @@ error_supers(struct module_qstate* qstate, int id, struct module_qstate* super)
|
||||
} else {
|
||||
/* see if the failure did get (parent-lame) info */
|
||||
if(!cache_fill_missing(super->env, super_iq->qchase.qclass,
|
||||
super->region, super_iq->dp))
|
||||
super->region, super_iq->dp, 0))
|
||||
log_err("out of memory adding missing");
|
||||
}
|
||||
delegpt_mark_neg(dpns, qstate->qinfo.qtype);
|
||||
@ -320,16 +322,21 @@ error_response_cache(struct module_qstate* qstate, int id, int rcode)
|
||||
qstate->qinfo.qname, qstate->qinfo.qname_len,
|
||||
qstate->qinfo.qtype, qstate->qinfo.qclass,
|
||||
qstate->query_flags, 0,
|
||||
qstate->env->cfg->serve_expired_ttl_reset)) != NULL) {
|
||||
qstate->env->cfg->serve_expired)) != NULL) {
|
||||
struct reply_info* rep = (struct reply_info*)msg->entry.data;
|
||||
if(qstate->env->cfg->serve_expired &&
|
||||
qstate->env->cfg->serve_expired_ttl_reset && rep &&
|
||||
*qstate->env->now + qstate->env->cfg->serve_expired_ttl
|
||||
> rep->serve_expired_ttl) {
|
||||
verbose(VERB_ALGO, "reset serve-expired-ttl for "
|
||||
if(qstate->env->cfg->serve_expired && rep) {
|
||||
if(qstate->env->cfg->serve_expired_ttl_reset &&
|
||||
*qstate->env->now + qstate->env->cfg->serve_expired_ttl
|
||||
> rep->serve_expired_ttl) {
|
||||
verbose(VERB_ALGO, "reset serve-expired-ttl for "
|
||||
"response in cache");
|
||||
rep->serve_expired_ttl = *qstate->env->now +
|
||||
qstate->env->cfg->serve_expired_ttl;
|
||||
}
|
||||
verbose(VERB_ALGO, "set serve-expired-norec-ttl for "
|
||||
"response in cache");
|
||||
rep->serve_expired_ttl = *qstate->env->now +
|
||||
qstate->env->cfg->serve_expired_ttl;
|
||||
rep->serve_expired_norec_ttl = NORR_TTL +
|
||||
*qstate->env->now;
|
||||
}
|
||||
if(rep && (FLAGS_GET_RCODE(rep->flags) ==
|
||||
LDNS_RCODE_NOERROR ||
|
||||
@ -407,8 +414,11 @@ iter_prepend(struct iter_qstate* iq, struct dns_msg* msg,
|
||||
num_an = 0;
|
||||
for(p = iq->an_prepend_list; p; p = p->next) {
|
||||
sets[num_an++] = p->rrset;
|
||||
if(ub_packed_rrset_ttl(p->rrset) < msg->rep->ttl)
|
||||
if(ub_packed_rrset_ttl(p->rrset) < msg->rep->ttl) {
|
||||
msg->rep->ttl = ub_packed_rrset_ttl(p->rrset);
|
||||
msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
|
||||
msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
|
||||
}
|
||||
}
|
||||
memcpy(sets+num_an, msg->rep->rrsets, msg->rep->an_numrrsets *
|
||||
sizeof(struct ub_packed_rrset_key*));
|
||||
@ -421,8 +431,11 @@ iter_prepend(struct iter_qstate* iq, struct dns_msg* msg,
|
||||
msg->rep->ns_numrrsets, p->rrset))
|
||||
continue;
|
||||
sets[msg->rep->an_numrrsets + num_an + num_ns++] = p->rrset;
|
||||
if(ub_packed_rrset_ttl(p->rrset) < msg->rep->ttl)
|
||||
if(ub_packed_rrset_ttl(p->rrset) < msg->rep->ttl) {
|
||||
msg->rep->ttl = ub_packed_rrset_ttl(p->rrset);
|
||||
msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
|
||||
msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
|
||||
}
|
||||
}
|
||||
memcpy(sets + num_an + msg->rep->an_numrrsets + num_ns,
|
||||
msg->rep->rrsets + msg->rep->an_numrrsets,
|
||||
@ -1569,7 +1582,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
}
|
||||
if(!cache_fill_missing(qstate->env, iq->qchase.qclass,
|
||||
qstate->region, iq->dp)) {
|
||||
qstate->region, iq->dp, 0)) {
|
||||
errinf(qstate, "malloc failure, copy extra info into delegation point");
|
||||
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
}
|
||||
@ -2150,6 +2163,15 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
verbose(VERB_QUERY, "configured stub or forward servers failed -- returning SERVFAIL");
|
||||
return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
}
|
||||
if(qstate->env->cfg->harden_unverified_glue) {
|
||||
if(!cache_fill_missing(qstate->env, iq->qchase.qclass,
|
||||
qstate->region, iq->dp, PACKED_RRSET_UNVERIFIED_GLUE))
|
||||
log_err("out of memory in cache_fill_missing");
|
||||
if(iq->dp->usable_list) {
|
||||
verbose(VERB_ALGO, "try unverified glue from cache");
|
||||
return next_state(iq, QUERYTARGETS_STATE);
|
||||
}
|
||||
}
|
||||
if(!iq->dp->has_parent_side_NS && dname_is_root(iq->dp->name)) {
|
||||
struct delegpt* dp;
|
||||
int nolock = 0;
|
||||
@ -2192,7 +2214,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
}
|
||||
/* see if that makes new names available */
|
||||
if(!cache_fill_missing(qstate->env, iq->qchase.qclass,
|
||||
qstate->region, iq->dp))
|
||||
qstate->region, iq->dp, 0))
|
||||
log_err("out of memory in cache_fill_missing");
|
||||
if(iq->dp->usable_list) {
|
||||
verbose(VERB_ALGO, "try parent-side-name, w. glue from cache");
|
||||
@ -3424,7 +3446,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
old_dp->name, old_dp->namelen);
|
||||
}
|
||||
if(!cache_fill_missing(qstate->env, iq->qchase.qclass,
|
||||
qstate->region, iq->dp)) {
|
||||
qstate->region, iq->dp, 0)) {
|
||||
errinf(qstate, "malloc failure, copy extra info into delegation point");
|
||||
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
}
|
||||
@ -3993,6 +4015,8 @@ processClassResponse(struct module_qstate* qstate, int id,
|
||||
to->rep->prefetch_ttl = from->rep->prefetch_ttl;
|
||||
if(from->rep->serve_expired_ttl < to->rep->serve_expired_ttl)
|
||||
to->rep->serve_expired_ttl = from->rep->serve_expired_ttl;
|
||||
if(from->rep->serve_expired_norec_ttl < to->rep->serve_expired_norec_ttl)
|
||||
to->rep->serve_expired_norec_ttl = from->rep->serve_expired_norec_ttl;
|
||||
}
|
||||
/* are we done? */
|
||||
foriq->num_current_queries --;
|
||||
@ -4355,7 +4379,10 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
if(verbosity >= VERB_ALGO)
|
||||
log_dns_msg("incoming scrubbed packet:", &iq->response->qinfo,
|
||||
iq->response->rep);
|
||||
|
||||
|
||||
if(qstate->env->cfg->aggressive_nsec) {
|
||||
limit_nsec_ttl(iq->response);
|
||||
}
|
||||
if(event == module_event_capsfail || iq->caps_fallback) {
|
||||
if(qstate->env->cfg->qname_minimisation &&
|
||||
iq->minimisation_state != DONOT_MINIMISE_STATE) {
|
||||
|
@ -57,7 +57,7 @@ struct rbtree_type;
|
||||
#define MAX_TARGET_COUNT 64
|
||||
/** max number of upstream queries for a query and its subqueries, it is
|
||||
* never reset. */
|
||||
#define MAX_GLOBAL_QUOTA 128
|
||||
extern int MAX_GLOBAL_QUOTA;
|
||||
/** max number of target lookups per qstate, per delegation point */
|
||||
#define MAX_DP_TARGET_COUNT 16
|
||||
/** max number of nxdomains allowed for target lookups for a query and
|
||||
|
@ -395,7 +395,7 @@ context_serialize_cancel(struct ctx_query* q, uint32_t* len)
|
||||
/* format of cancel:
|
||||
* o uint32 cmd
|
||||
* o uint32 async-id */
|
||||
uint8_t* p = (uint8_t*)reallocarray(NULL, sizeof(uint32_t), 2);
|
||||
uint8_t* p = (uint8_t*)reallocarray(NULL, 2, sizeof(uint32_t));
|
||||
if(!p) return NULL;
|
||||
*len = 2*sizeof(uint32_t);
|
||||
sldns_write_uint32(p, UB_LIBCMD_CANCEL);
|
||||
|
@ -1058,3 +1058,19 @@ void dtio_mainfdcallback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
void doq_client_event_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
void* ATTR_UNUSED(arg))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
void doq_client_timer_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
void* ATTR_UNUSED(arg))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
@ -845,6 +845,10 @@ struct ub_server_stats {
|
||||
long long qtls_resume;
|
||||
/** RPZ action stats */
|
||||
long long rpz_action[UB_STATS_RPZ_ACTION_NUM];
|
||||
/** number of bytes in QUIC buffers */
|
||||
long long mem_quic;
|
||||
/** number of queries over (DNS over) QUIC */
|
||||
long long qquic;
|
||||
};
|
||||
|
||||
/**
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -3684,6 +3684,29 @@ auth_zone_parse_notify_serial(sldns_buffer* pkt, uint32_t *serial)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** print addr to str, and if not 53, append "@port_number", for logs. */
|
||||
static void addr_port_to_str(struct sockaddr_storage* addr, socklen_t addrlen,
|
||||
char* buf, size_t len)
|
||||
{
|
||||
uint16_t port = 0;
|
||||
if(addr_is_ip6(addr, addrlen)) {
|
||||
struct sockaddr_in6* sa = (struct sockaddr_in6*)addr;
|
||||
port = ntohs((uint16_t)sa->sin6_port);
|
||||
} else {
|
||||
struct sockaddr_in* sa = (struct sockaddr_in*)addr;
|
||||
port = ntohs((uint16_t)sa->sin_port);
|
||||
}
|
||||
if(port == UNBOUND_DNS_PORT) {
|
||||
/* If it is port 53, print it plainly. */
|
||||
addr_to_str(addr, addrlen, buf, len);
|
||||
} else {
|
||||
char a[256];
|
||||
a[0]=0;
|
||||
addr_to_str(addr, addrlen, a, sizeof(a));
|
||||
snprintf(buf, len, "%s@%d", a, (int)port);
|
||||
}
|
||||
}
|
||||
|
||||
/** see if addr appears in the list */
|
||||
static int
|
||||
addr_in_list(struct auth_addr* list, struct sockaddr_storage* addr,
|
||||
@ -5516,7 +5539,7 @@ xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env)
|
||||
if(!xfr->task_transfer->cp) {
|
||||
char zname[255+1], as[256];
|
||||
dname_str(xfr->name, zname);
|
||||
addr_to_str(&addr, addrlen, as, sizeof(as));
|
||||
addr_port_to_str(&addr, addrlen, as, sizeof(as));
|
||||
verbose(VERB_ALGO, "cannot create http cp "
|
||||
"connection for %s to %s", zname, as);
|
||||
return 0;
|
||||
@ -5525,7 +5548,7 @@ xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env)
|
||||
if(verbosity >= VERB_ALGO) {
|
||||
char zname[255+1], as[256];
|
||||
dname_str(xfr->name, zname);
|
||||
addr_to_str(&addr, addrlen, as, sizeof(as));
|
||||
addr_port_to_str(&addr, addrlen, as, sizeof(as));
|
||||
verbose(VERB_ALGO, "auth zone %s transfer next HTTP fetch from %s started", zname, as);
|
||||
}
|
||||
/* Create or refresh the list of allow_notify addrs */
|
||||
@ -5548,7 +5571,7 @@ xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env)
|
||||
if(!xfr->task_transfer->cp) {
|
||||
char zname[255+1], as[256];
|
||||
dname_str(xfr->name, zname);
|
||||
addr_to_str(&addr, addrlen, as, sizeof(as));
|
||||
addr_port_to_str(&addr, addrlen, as, sizeof(as));
|
||||
verbose(VERB_ALGO, "cannot create tcp cp connection for "
|
||||
"xfr %s to %s", zname, as);
|
||||
return 0;
|
||||
@ -5557,7 +5580,7 @@ xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env)
|
||||
if(verbosity >= VERB_ALGO) {
|
||||
char zname[255+1], as[256];
|
||||
dname_str(xfr->name, zname);
|
||||
addr_to_str(&addr, addrlen, as, sizeof(as));
|
||||
addr_port_to_str(&addr, addrlen, as, sizeof(as));
|
||||
verbose(VERB_ALGO, "auth zone %s transfer next %s fetch from %s started", zname,
|
||||
(xfr->task_transfer->on_ixfr?"IXFR":"AXFR"), as);
|
||||
}
|
||||
@ -5660,7 +5683,7 @@ xfr_master_add_addrs(struct auth_master* m, struct ub_packed_rrset_key* rrset,
|
||||
}
|
||||
if(verbosity >= VERB_ALGO) {
|
||||
char s[64];
|
||||
addr_to_str(&a->addr, a->addrlen, s, sizeof(s));
|
||||
addr_port_to_str(&a->addr, a->addrlen, s, sizeof(s));
|
||||
verbose(VERB_ALGO, "auth host %s lookup %s",
|
||||
m->host, s);
|
||||
}
|
||||
@ -6406,7 +6429,7 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env,
|
||||
if(!xfr->task_probe->cp) {
|
||||
char zname[255+1], as[256];
|
||||
dname_str(xfr->name, zname);
|
||||
addr_to_str(&addr, addrlen, as, sizeof(as));
|
||||
addr_port_to_str(&addr, addrlen, as, sizeof(as));
|
||||
verbose(VERB_ALGO, "cannot create udp cp for "
|
||||
"probe %s to %s", zname, as);
|
||||
return 0;
|
||||
@ -6426,7 +6449,7 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env,
|
||||
(struct sockaddr*)&addr, addrlen, 0)) {
|
||||
char zname[255+1], as[256];
|
||||
dname_str(xfr->name, zname);
|
||||
addr_to_str(&addr, addrlen, as, sizeof(as));
|
||||
addr_port_to_str(&addr, addrlen, as, sizeof(as));
|
||||
verbose(VERB_ALGO, "failed to send soa probe for %s to %s",
|
||||
zname, as);
|
||||
return 0;
|
||||
@ -6434,7 +6457,7 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env,
|
||||
if(verbosity >= VERB_ALGO) {
|
||||
char zname[255+1], as[256];
|
||||
dname_str(xfr->name, zname);
|
||||
addr_to_str(&addr, addrlen, as, sizeof(as));
|
||||
addr_port_to_str(&addr, addrlen, as, sizeof(as));
|
||||
verbose(VERB_ALGO, "auth zone %s soa probe sent to %s", zname,
|
||||
as);
|
||||
}
|
||||
|
59
contrib/unbound/services/cache/dns.c
vendored
59
contrib/unbound/services/cache/dns.c
vendored
@ -88,7 +88,7 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now,
|
||||
/* update ref if it was in the cache */
|
||||
switch(rrset_cache_update(env->rrset_cache, &rep->ref[i],
|
||||
env->alloc, ((ntohs(rep->ref[i].key->rk.type)==
|
||||
LDNS_RR_TYPE_NS && !pside)?qstarttime:now + leeway))) {
|
||||
LDNS_RR_TYPE_NS && !pside)?qstarttime:now) + leeway)) {
|
||||
case 0: /* ref unchanged, item inserted */
|
||||
break;
|
||||
case 2: /* ref updated, cache is superior */
|
||||
@ -162,7 +162,7 @@ dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
|
||||
size_t i;
|
||||
|
||||
/* store RRsets */
|
||||
for(i=0; i<rep->rrset_count; i++) {
|
||||
for(i=0; i<rep->rrset_count; i++) {
|
||||
rep->ref[i].key = rep->rrsets[i];
|
||||
rep->ref[i].id = rep->rrsets[i]->id;
|
||||
}
|
||||
@ -197,6 +197,7 @@ dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
|
||||
reply_info_sortref(rep);
|
||||
if(!(e = query_info_entrysetup(qinfo, rep, hash))) {
|
||||
log_err("store_msg: malloc failed");
|
||||
reply_info_delete(rep, NULL);
|
||||
return;
|
||||
}
|
||||
slabhash_insert(env->msg_cache, hash, &e->entry, rep, env->alloc);
|
||||
@ -365,7 +366,7 @@ find_add_addrs(struct module_env* env, uint16_t qclass,
|
||||
/** find and add A and AAAA records for missing nameservers in delegpt */
|
||||
int
|
||||
cache_fill_missing(struct module_env* env, uint16_t qclass,
|
||||
struct regional* region, struct delegpt* dp)
|
||||
struct regional* region, struct delegpt* dp, uint32_t flags)
|
||||
{
|
||||
struct delegpt_ns* ns;
|
||||
struct msgreply_entry* neg;
|
||||
@ -376,7 +377,7 @@ cache_fill_missing(struct module_env* env, uint16_t qclass,
|
||||
continue;
|
||||
ns->cache_lookup_count++;
|
||||
akey = rrset_cache_lookup(env->rrset_cache, ns->name,
|
||||
ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0);
|
||||
ns->namelen, LDNS_RR_TYPE_A, qclass, flags, now, 0);
|
||||
if(akey) {
|
||||
if(!delegpt_add_rrset_A(dp, region, akey, ns->lame,
|
||||
NULL)) {
|
||||
@ -397,7 +398,7 @@ cache_fill_missing(struct module_env* env, uint16_t qclass,
|
||||
}
|
||||
}
|
||||
akey = rrset_cache_lookup(env->rrset_cache, ns->name,
|
||||
ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
|
||||
ns->namelen, LDNS_RR_TYPE_AAAA, qclass, flags, now, 0);
|
||||
if(akey) {
|
||||
if(!delegpt_add_rrset_AAAA(dp, region, akey, ns->lame,
|
||||
NULL)) {
|
||||
@ -607,22 +608,8 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r,
|
||||
time_t now_control = now;
|
||||
if(now > r->ttl) {
|
||||
/* Check if we are allowed to serve expired */
|
||||
if(allow_expired) {
|
||||
if(env->cfg->serve_expired_ttl &&
|
||||
r->serve_expired_ttl < now) {
|
||||
return NULL;
|
||||
}
|
||||
/* Ignore expired failure answers */
|
||||
if(FLAGS_GET_RCODE(r->flags) !=
|
||||
LDNS_RCODE_NOERROR &&
|
||||
FLAGS_GET_RCODE(r->flags) !=
|
||||
LDNS_RCODE_NXDOMAIN &&
|
||||
FLAGS_GET_RCODE(r->flags) !=
|
||||
LDNS_RCODE_YXDOMAIN)
|
||||
return 0;
|
||||
} else {
|
||||
if(!allow_expired || !reply_info_can_answer_expired(r, now))
|
||||
return NULL;
|
||||
}
|
||||
/* Change the current time so we can pass the below TTL checks when
|
||||
* serving expired data. */
|
||||
now_control = r->ttl - env->cfg->serve_expired_reply_ttl;
|
||||
@ -641,6 +628,7 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r,
|
||||
else
|
||||
msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
|
||||
msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
|
||||
msg->rep->serve_expired_norec_ttl = 0;
|
||||
msg->rep->security = r->security;
|
||||
msg->rep->an_numrrsets = r->an_numrrsets;
|
||||
msg->rep->ns_numrrsets = r->ns_numrrsets;
|
||||
@ -724,6 +712,7 @@ rrset_msg(struct ub_packed_rrset_key* rrset, struct regional* region,
|
||||
msg->rep->ttl = d->ttl - now;
|
||||
msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
|
||||
msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
|
||||
msg->rep->serve_expired_norec_ttl = 0;
|
||||
msg->rep->security = sec_status_unchecked;
|
||||
msg->rep->an_numrrsets = 1;
|
||||
msg->rep->ns_numrrsets = 0;
|
||||
@ -763,6 +752,7 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region,
|
||||
msg->rep->ttl = d->ttl - now;
|
||||
msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
|
||||
msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
|
||||
msg->rep->serve_expired_norec_ttl = 0;
|
||||
msg->rep->security = sec_status_unchecked;
|
||||
msg->rep->an_numrrsets = 1;
|
||||
msg->rep->ns_numrrsets = 0;
|
||||
@ -1070,6 +1060,35 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
|
||||
struct regional* region, uint32_t flags, time_t qstarttime)
|
||||
{
|
||||
struct reply_info* rep = NULL;
|
||||
if(SERVE_EXPIRED) {
|
||||
/* We are serving expired records. Before caching, check if a
|
||||
* useful expired record exists. */
|
||||
struct msgreply_entry* e = msg_cache_lookup(env,
|
||||
msgqinf->qname, msgqinf->qname_len, msgqinf->qtype,
|
||||
msgqinf->qclass, flags, 0, 0);
|
||||
if(e) {
|
||||
struct reply_info* cached = e->entry.data;
|
||||
if(cached->ttl < *env->now
|
||||
&& reply_info_could_use_expired(cached, *env->now)
|
||||
/* If we are validating make sure only
|
||||
* validating modules can update such messages.
|
||||
* In that case don't cache it and let a
|
||||
* subsequent module handle the caching. For
|
||||
* example, the iterator should not replace an
|
||||
* expired secure answer with a fresh unchecked
|
||||
* one and let the validator manage caching. */
|
||||
&& cached->security != sec_status_bogus
|
||||
&& (env->need_to_validate &&
|
||||
msgrep->security == sec_status_unchecked)) {
|
||||
verbose(VERB_ALGO, "a validated expired entry "
|
||||
"could be overwritten, skip caching "
|
||||
"the new message at this stage");
|
||||
lock_rw_unlock(&e->entry.lock);
|
||||
return 1;
|
||||
}
|
||||
lock_rw_unlock(&e->entry.lock);
|
||||
}
|
||||
}
|
||||
/* alloc, malloc properly (not in region, like msg is) */
|
||||
rep = reply_info_copy(msgrep, env->alloc, NULL);
|
||||
if(!rep)
|
||||
|
3
contrib/unbound/services/cache/dns.h
vendored
3
contrib/unbound/services/cache/dns.h
vendored
@ -202,10 +202,11 @@ struct dns_msg* dns_cache_lookup(struct module_env* env,
|
||||
* @param qclass: which class to look in.
|
||||
* @param region: where to store new dp info.
|
||||
* @param dp: delegation point to fill missing entries.
|
||||
* @param flags: rrset flags, or 0.
|
||||
* @return false on alloc failure.
|
||||
*/
|
||||
int cache_fill_missing(struct module_env* env, uint16_t qclass,
|
||||
struct regional* region, struct delegpt* dp);
|
||||
struct regional* region, struct delegpt* dp, uint32_t flags);
|
||||
|
||||
/**
|
||||
* Utility, create new, unpacked data structure for cache response.
|
||||
|
10
contrib/unbound/services/cache/rrset.c
vendored
10
contrib/unbound/services/cache/rrset.c
vendored
@ -128,8 +128,8 @@ need_to_update_rrset(void* nd, void* cd, time_t timenow, int equal, int ns)
|
||||
{
|
||||
struct packed_rrset_data* newd = (struct packed_rrset_data*)nd;
|
||||
struct packed_rrset_data* cached = (struct packed_rrset_data*)cd;
|
||||
/* o if new data is expired, current data is better */
|
||||
if( newd->ttl < timenow && cached->ttl >= timenow)
|
||||
/* o if new data is expired, cached data is better */
|
||||
if( newd->ttl < timenow && timenow <= cached->ttl)
|
||||
return 0;
|
||||
/* o store if rrset has been validated
|
||||
* everything better than bogus data
|
||||
@ -140,9 +140,9 @@ need_to_update_rrset(void* nd, void* cd, time_t timenow, int equal, int ns)
|
||||
if( cached->security == sec_status_bogus &&
|
||||
newd->security != sec_status_bogus && !equal)
|
||||
return 1;
|
||||
/* o if current RRset is more trustworthy - insert it */
|
||||
/* o if new RRset is more trustworthy - insert it */
|
||||
if( newd->trust > cached->trust ) {
|
||||
/* if the cached rrset is bogus, and this one equal,
|
||||
/* if the cached rrset is bogus, and new is equal,
|
||||
* do not update the TTL - let it expire. */
|
||||
if(equal && cached->ttl >= timenow &&
|
||||
cached->security == sec_status_bogus)
|
||||
@ -155,7 +155,7 @@ need_to_update_rrset(void* nd, void* cd, time_t timenow, int equal, int ns)
|
||||
/* o same trust, but different in data - insert it */
|
||||
if( newd->trust == cached->trust && !equal ) {
|
||||
/* if this is type NS, do not 'stick' to owner that changes
|
||||
* the NS RRset, but use the old TTL for the new data, and
|
||||
* the NS RRset, but use the cached TTL for the new data, and
|
||||
* update to fetch the latest data. ttl is not expired, because
|
||||
* that check was before this one. */
|
||||
if(ns) {
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -43,10 +43,16 @@
|
||||
#define LISTEN_DNSPORT_H
|
||||
|
||||
#include "util/netevent.h"
|
||||
#include "util/rbtree.h"
|
||||
#include "util/locks.h"
|
||||
#include "daemon/acl_list.h"
|
||||
#ifdef HAVE_NGHTTP2_NGHTTP2_H
|
||||
#include <nghttp2/nghttp2.h>
|
||||
#endif
|
||||
#ifdef HAVE_NGTCP2
|
||||
#include <ngtcp2/ngtcp2.h>
|
||||
#include <ngtcp2/ngtcp2_crypto.h>
|
||||
#endif
|
||||
struct listen_list;
|
||||
struct config_file;
|
||||
struct addrinfo;
|
||||
@ -100,7 +106,9 @@ enum listen_type {
|
||||
/** udp ipv6 (v4mapped) for use with ancillary data + dnscrypt*/
|
||||
listen_type_udpancil_dnscrypt,
|
||||
/** HTTP(2) over TLS over TCP */
|
||||
listen_type_http
|
||||
listen_type_http,
|
||||
/** DNS over QUIC */
|
||||
listen_type_doq
|
||||
};
|
||||
|
||||
/*
|
||||
@ -188,6 +196,11 @@ int resolve_interface_names(char** ifs, int num_ifs,
|
||||
* @param tcp_conn_limit: TCP connection limit info.
|
||||
* @param sslctx: nonNULL if ssl context.
|
||||
* @param dtenv: nonNULL if dnstap enabled.
|
||||
* @param doq_table: the doq connection table, with shared information.
|
||||
* @param rnd: random state.
|
||||
* @param ssl_service_key: the SSL service key file.
|
||||
* @param ssl_service_pem: the SSL service pem file.
|
||||
* @param cfg: config file struct.
|
||||
* @param cb: callback function when a request arrives. It is passed
|
||||
* the packet and user argument. Return true to send a reply.
|
||||
* @param cb_arg: user data argument for callback function.
|
||||
@ -198,8 +211,10 @@ listen_create(struct comm_base* base, struct listen_port* ports,
|
||||
size_t bufsize, int tcp_accept_count, int tcp_idle_timeout,
|
||||
int harden_large_queries, uint32_t http_max_streams,
|
||||
char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit,
|
||||
void* sslctx, struct dt_env* dtenv, comm_point_callback_type* cb,
|
||||
void *cb_arg);
|
||||
void* sslctx, struct dt_env* dtenv, struct doq_table* doq_table,
|
||||
struct ub_randstate* rnd, const char* ssl_service_key,
|
||||
const char* ssl_service_pem, struct config_file* cfg,
|
||||
comm_point_callback_type* cb, void *cb_arg);
|
||||
|
||||
/**
|
||||
* delete the listening structure
|
||||
@ -278,11 +293,12 @@ int create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
||||
* @param freebind: set IP_FREEBIND socket option.
|
||||
* @param use_systemd: if true, fetch sockets from systemd.
|
||||
* @param dscp: DSCP to use.
|
||||
* @param additional: additional log information for the socket type.
|
||||
* @return: the socket. -1 on error.
|
||||
*/
|
||||
int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
|
||||
int* reuseport, int transparent, int mss, int nodelay, int freebind,
|
||||
int use_systemd, int dscp);
|
||||
int use_systemd, int dscp, const char* additional);
|
||||
|
||||
/**
|
||||
* Create and bind local listening socket
|
||||
@ -452,6 +468,377 @@ int http2_submit_dns_response(struct http2_session* h2_session);
|
||||
int http2_submit_dns_response(void* v);
|
||||
#endif /* HAVE_NGHTTP2 */
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
struct doq_conid;
|
||||
struct doq_server_socket;
|
||||
|
||||
/**
|
||||
* DoQ shared connection table. This is the connections for the host.
|
||||
* And some config parameter values for connections. The host has to
|
||||
* respond on that ip,port for those connections, so they are shared
|
||||
* between threads.
|
||||
*/
|
||||
struct doq_table {
|
||||
/** the lock on the tree and config elements. insert and deletion,
|
||||
* also lookup in the tree needs to hold the lock. */
|
||||
lock_rw_type lock;
|
||||
/** rbtree of doq_conn, the connections to different destination
|
||||
* addresses, and can be found by dcid. */
|
||||
struct rbtree_type* conn_tree;
|
||||
/** lock for the conid tree, needed for the conid tree and also
|
||||
* the conid elements */
|
||||
lock_rw_type conid_lock;
|
||||
/** rbtree of doq_conid, connections can be found by their
|
||||
* connection ids. Lookup by connection id, finds doq_conn. */
|
||||
struct rbtree_type* conid_tree;
|
||||
/** the server scid length */
|
||||
int sv_scidlen;
|
||||
/** the static secret for the server */
|
||||
uint8_t* static_secret;
|
||||
/** length of the static secret */
|
||||
size_t static_secret_len;
|
||||
/** the idle timeout in nanoseconds */
|
||||
uint64_t idle_timeout;
|
||||
/** the list of write interested connections, hold the doq_table.lock
|
||||
* to change them */
|
||||
struct doq_conn* write_list_first, *write_list_last;
|
||||
/** rbtree of doq_timer. */
|
||||
struct rbtree_type* timer_tree;
|
||||
/** lock on the current_size counter. */
|
||||
lock_basic_type size_lock;
|
||||
/** current use, in bytes, of QUIC buffers.
|
||||
* The doq_conn ngtcp2_conn structure, SSL structure and conid structs
|
||||
* are not counted. */
|
||||
size_t current_size;
|
||||
};
|
||||
|
||||
/** create doq table */
|
||||
struct doq_table* doq_table_create(struct config_file* cfg,
|
||||
struct ub_randstate* rnd);
|
||||
|
||||
/** delete doq table */
|
||||
void doq_table_delete(struct doq_table* table);
|
||||
|
||||
/**
|
||||
* Timer information for doq timer.
|
||||
*/
|
||||
struct doq_timer {
|
||||
/** The rbnode in the tree sorted by timeout value. Key this struct. */
|
||||
struct rbnode_type node;
|
||||
/** The timeout value. Absolute time value. */
|
||||
struct timeval time;
|
||||
/** If the timer is in the time tree, with the node. */
|
||||
int timer_in_tree;
|
||||
/** If there are more timers with the exact same timeout value,
|
||||
* they form a set of timers. The rbnode timer has a link to the list
|
||||
* with the other timers in the set. The rbnode timer is not a
|
||||
* member of the list with the other timers. The other timers are not
|
||||
* linked into the tree. */
|
||||
struct doq_timer* setlist_first, *setlist_last;
|
||||
/** If the timer is on the setlist. */
|
||||
int timer_in_list;
|
||||
/** If in the setlist, the next and prev element. */
|
||||
struct doq_timer* setlist_next, *setlist_prev;
|
||||
/** The connection that is timeouted. */
|
||||
struct doq_conn* conn;
|
||||
/** The worker that is waiting for the timeout event.
|
||||
* Set for the rbnode tree linked element. If a worker is waiting
|
||||
* for the event. If NULL, no worker is waiting for this timeout. */
|
||||
struct doq_server_socket* worker_doq_socket;
|
||||
};
|
||||
|
||||
/**
|
||||
* Key information that makes a doq_conn node in the tree lookup.
|
||||
*/
|
||||
struct doq_conn_key {
|
||||
/** the remote endpoint and local endpoint and ifindex */
|
||||
struct doq_pkt_addr paddr;
|
||||
/** the doq connection dcid */
|
||||
uint8_t* dcid;
|
||||
/** length of dcid */
|
||||
size_t dcidlen;
|
||||
};
|
||||
|
||||
/**
|
||||
* DoQ connection, for DNS over QUIC. One connection to a remote endpoint
|
||||
* with a number of streams in it. Every stream is like a tcp stream with
|
||||
* a uint16_t length, query read, and a uint16_t length and answer written.
|
||||
*/
|
||||
struct doq_conn {
|
||||
/** rbtree node, key is addresses and dcid */
|
||||
struct rbnode_type node;
|
||||
/** lock on the connection */
|
||||
lock_basic_type lock;
|
||||
/** the key information, with dcid and address endpoint */
|
||||
struct doq_conn_key key;
|
||||
/** the doq server socket for inside callbacks */
|
||||
struct doq_server_socket* doq_socket;
|
||||
/** the doq table this connection is part of */
|
||||
struct doq_table* table;
|
||||
/** if the connection is about to be deleted. */
|
||||
uint8_t is_deleted;
|
||||
/** the version, the client chosen version of QUIC */
|
||||
uint32_t version;
|
||||
/** the ngtcp2 connection, a server connection */
|
||||
struct ngtcp2_conn* conn;
|
||||
/** the connection ids that are associated with this doq_conn.
|
||||
* There can be a number, that can change. They are linked here,
|
||||
* so that upon removal, the list of actually associated conid
|
||||
* elements can be removed as well. */
|
||||
struct doq_conid* conid_list;
|
||||
/** the ngtcp2 last error for the connection */
|
||||
#ifdef HAVE_NGTCP2_CCERR_DEFAULT
|
||||
struct ngtcp2_ccerr ccerr;
|
||||
#else
|
||||
struct ngtcp2_connection_close_error last_error;
|
||||
#endif
|
||||
/** the recent tls alert error code */
|
||||
uint8_t tls_alert;
|
||||
/** the ssl context, SSL* */
|
||||
void* ssl;
|
||||
#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
|
||||
/** the connection reference for ngtcp2_conn and userdata in ssl */
|
||||
struct ngtcp2_crypto_conn_ref conn_ref;
|
||||
#endif
|
||||
/** closure packet, if any */
|
||||
uint8_t* close_pkt;
|
||||
/** length of closure packet. */
|
||||
size_t close_pkt_len;
|
||||
/** closure ecn */
|
||||
uint32_t close_ecn;
|
||||
/** the streams for this connection, of type doq_stream */
|
||||
struct rbtree_type stream_tree;
|
||||
/** the streams that want write, they have something to write.
|
||||
* The list is ordered, the last have to wait for the first to
|
||||
* get their data written. */
|
||||
struct doq_stream* stream_write_first, *stream_write_last;
|
||||
/** the conn has write interest if true, no write interest if false. */
|
||||
uint8_t write_interest;
|
||||
/** if the conn is on the connection write list */
|
||||
uint8_t on_write_list;
|
||||
/** the connection write list prev and next, if on the write list */
|
||||
struct doq_conn* write_prev, *write_next;
|
||||
/** The timer for the connection. If unused, it is not in the tree
|
||||
* and not in the list. It is alloced here, so that it is prealloced.
|
||||
* It has to be set after every read and write on the connection, so
|
||||
* this improves performance, but also the allocation does not fail. */
|
||||
struct doq_timer timer;
|
||||
};
|
||||
|
||||
/**
|
||||
* Connection ID and the doq_conn that is that connection. A connection
|
||||
* has an original dcid, and then more connection ids associated.
|
||||
*/
|
||||
struct doq_conid {
|
||||
/** rbtree node, key is the connection id. */
|
||||
struct rbnode_type node;
|
||||
/** the next and prev in the list of conids for the doq_conn */
|
||||
struct doq_conid* next, *prev;
|
||||
/** key to the doq_conn that is the connection */
|
||||
struct doq_conn_key key;
|
||||
/** the connection id, byte string */
|
||||
uint8_t* cid;
|
||||
/** the length of cid */
|
||||
size_t cidlen;
|
||||
};
|
||||
|
||||
/**
|
||||
* DoQ stream, for DNS over QUIC.
|
||||
*/
|
||||
struct doq_stream {
|
||||
/** the rbtree node for the stream, key is the stream_id */
|
||||
rbnode_type node;
|
||||
/** the stream id */
|
||||
int64_t stream_id;
|
||||
/** if the stream is closed */
|
||||
uint8_t is_closed;
|
||||
/** if the query is complete */
|
||||
uint8_t is_query_complete;
|
||||
/** the number of bytes read on the stream, up to querylen+2. */
|
||||
size_t nread;
|
||||
/** the length of the input query bytes */
|
||||
size_t inlen;
|
||||
/** the input bytes */
|
||||
uint8_t* in;
|
||||
/** does the stream have an answer to send */
|
||||
uint8_t is_answer_available;
|
||||
/** the answer bytes sent, up to outlen+2. */
|
||||
size_t nwrite;
|
||||
/** the length of the output answer bytes */
|
||||
size_t outlen;
|
||||
/** the output length in network wireformat */
|
||||
uint16_t outlen_wire;
|
||||
/** the output packet bytes */
|
||||
uint8_t* out;
|
||||
/** if the stream is on the write list */
|
||||
uint8_t on_write_list;
|
||||
/** the prev and next on the write list, if on the list */
|
||||
struct doq_stream* write_prev, *write_next;
|
||||
};
|
||||
|
||||
/** doq application error code that is sent when a stream is closed */
|
||||
#define DOQ_APP_ERROR_CODE 1
|
||||
|
||||
/**
|
||||
* Create the doq connection.
|
||||
* @param c: the comm point for the listening doq socket.
|
||||
* @param paddr: with remote and local address and ifindex for the
|
||||
* connection destination. This is where packets are sent.
|
||||
* @param dcid: the dcid, Destination Connection ID.
|
||||
* @param dcidlen: length of dcid.
|
||||
* @param version: client chosen version.
|
||||
* @return new doq connection or NULL on allocation failure.
|
||||
*/
|
||||
struct doq_conn* doq_conn_create(struct comm_point* c,
|
||||
struct doq_pkt_addr* paddr, const uint8_t* dcid, size_t dcidlen,
|
||||
uint32_t version);
|
||||
|
||||
/**
|
||||
* Delete the doq connection structure.
|
||||
* @param conn: to delete.
|
||||
* @param table: with memory size.
|
||||
*/
|
||||
void doq_conn_delete(struct doq_conn* conn, struct doq_table* table);
|
||||
|
||||
/** compare function of doq_conn */
|
||||
int doq_conn_cmp(const void* key1, const void* key2);
|
||||
|
||||
/** compare function of doq_conid */
|
||||
int doq_conid_cmp(const void* key1, const void* key2);
|
||||
|
||||
/** compare function of doq_timer */
|
||||
int doq_timer_cmp(const void* key1, const void* key2);
|
||||
|
||||
/** compare function of doq_stream */
|
||||
int doq_stream_cmp(const void* key1, const void* key2);
|
||||
|
||||
/** setup the doq_socket server tls context */
|
||||
int doq_socket_setup_ctx(struct doq_server_socket* doq_socket);
|
||||
|
||||
/** setup the doq connection callbacks, and settings. */
|
||||
int doq_conn_setup(struct doq_conn* conn, uint8_t* scid, size_t scidlen,
|
||||
uint8_t* ocid, size_t ocidlen, const uint8_t* token, size_t tokenlen);
|
||||
|
||||
/** fill a buffer with random data */
|
||||
void doq_fill_rand(struct ub_randstate* rnd, uint8_t* buf, size_t len);
|
||||
|
||||
/** delete a doq_conid */
|
||||
void doq_conid_delete(struct doq_conid* conid);
|
||||
|
||||
/** add a connection id to the doq_conn.
|
||||
* caller must hold doq_table.conid_lock. */
|
||||
int doq_conn_associate_conid(struct doq_conn* conn, uint8_t* data,
|
||||
size_t datalen);
|
||||
|
||||
/** remove a connection id from the doq_conn.
|
||||
* caller must hold doq_table.conid_lock. */
|
||||
void doq_conn_dissociate_conid(struct doq_conn* conn, const uint8_t* data,
|
||||
size_t datalen);
|
||||
|
||||
/** initial setup to link current connection ids to the doq_conn */
|
||||
int doq_conn_setup_conids(struct doq_conn* conn);
|
||||
|
||||
/** remove the connection ids from the doq_conn.
|
||||
* caller must hold doq_table.conid_lock. */
|
||||
void doq_conn_clear_conids(struct doq_conn* conn);
|
||||
|
||||
/** find a conid in the doq_conn connection.
|
||||
* caller must hold table.conid_lock. */
|
||||
struct doq_conid* doq_conid_find(struct doq_table* doq_table,
|
||||
const uint8_t* data, size_t datalen);
|
||||
|
||||
/** receive a packet for a connection */
|
||||
int doq_conn_recv(struct comm_point* c, struct doq_pkt_addr* paddr,
|
||||
struct doq_conn* conn, struct ngtcp2_pkt_info* pi, int* err_retry,
|
||||
int* err_drop);
|
||||
|
||||
/** send packets for a connection */
|
||||
int doq_conn_write_streams(struct comm_point* c, struct doq_conn* conn,
|
||||
int* err_drop);
|
||||
|
||||
/** send the close packet for the connection, perhaps again. */
|
||||
int doq_conn_send_close(struct comm_point* c, struct doq_conn* conn);
|
||||
|
||||
/** delete doq stream */
|
||||
void doq_stream_delete(struct doq_stream* stream);
|
||||
|
||||
/** doq read a connection key from repinfo. It is not malloced, but points
|
||||
* into the repinfo for the dcid. */
|
||||
void doq_conn_key_from_repinfo(struct doq_conn_key* key,
|
||||
struct comm_reply* repinfo);
|
||||
|
||||
/** doq find a stream in the connection */
|
||||
struct doq_stream* doq_stream_find(struct doq_conn* conn, int64_t stream_id);
|
||||
|
||||
/** doq shutdown the stream. */
|
||||
int doq_stream_close(struct doq_conn* conn, struct doq_stream* stream,
|
||||
int send_shutdown);
|
||||
|
||||
/** send reply for a connection */
|
||||
int doq_stream_send_reply(struct doq_conn* conn, struct doq_stream* stream,
|
||||
struct sldns_buffer* buf);
|
||||
|
||||
/** the connection has write interest, wants to write packets */
|
||||
void doq_conn_write_enable(struct doq_conn* conn);
|
||||
|
||||
/** the connection has no write interest, does not want to write packets */
|
||||
void doq_conn_write_disable(struct doq_conn* conn);
|
||||
|
||||
/** set the connection on or off the write list, depending on write interest */
|
||||
void doq_conn_set_write_list(struct doq_table* table, struct doq_conn* conn);
|
||||
|
||||
/** doq remove the connection from the write list */
|
||||
void doq_conn_write_list_remove(struct doq_table* table,
|
||||
struct doq_conn* conn);
|
||||
|
||||
/** doq get the first conn from the write list, if any, popped from list.
|
||||
* Locks the conn that is returned. */
|
||||
struct doq_conn* doq_table_pop_first(struct doq_table* table);
|
||||
|
||||
/**
|
||||
* doq check if the timer for the conn needs to be changed.
|
||||
* @param conn: connection, caller must hold lock on it.
|
||||
* @param tv: time value, absolute time, returned.
|
||||
* @return true if timer needs to be set to tv, false if no change is needed
|
||||
* to the timer. The timer is already set to the right time in that case.
|
||||
*/
|
||||
int doq_conn_check_timer(struct doq_conn* conn, struct timeval* tv);
|
||||
|
||||
/** doq remove timer from tree */
|
||||
void doq_timer_tree_remove(struct doq_table* table, struct doq_timer* timer);
|
||||
|
||||
/** doq remove timer from list */
|
||||
void doq_timer_list_remove(struct doq_table* table, struct doq_timer* timer);
|
||||
|
||||
/** doq unset the timer if it was set. */
|
||||
void doq_timer_unset(struct doq_table* table, struct doq_timer* timer);
|
||||
|
||||
/** doq set the timer and add it. */
|
||||
void doq_timer_set(struct doq_table* table, struct doq_timer* timer,
|
||||
struct doq_server_socket* worker_doq_socket, struct timeval* tv);
|
||||
|
||||
/** doq find a timeout in the timer tree */
|
||||
struct doq_timer* doq_timer_find_time(struct doq_table* table,
|
||||
struct timeval* tv);
|
||||
|
||||
/** doq handle timeout for a connection. Pass conn locked. Returns false for
|
||||
* deletion. */
|
||||
int doq_conn_handle_timeout(struct doq_conn* conn);
|
||||
|
||||
/** doq add size to the current quic buffer counter */
|
||||
void doq_table_quic_size_add(struct doq_table* table, size_t add);
|
||||
|
||||
/** doq subtract size from the current quic buffer counter */
|
||||
void doq_table_quic_size_subtract(struct doq_table* table, size_t subtract);
|
||||
|
||||
/** doq check if mem is available for quic. */
|
||||
int doq_table_quic_size_available(struct doq_table* table,
|
||||
struct config_file* cfg, size_t mem);
|
||||
|
||||
/** doq get the quic size value */
|
||||
size_t doq_table_quic_size_get(struct doq_table* table);
|
||||
#endif /* HAVE_NGTCP2 */
|
||||
|
||||
char* set_ip_dscp(int socket, int addrfamily, int ds);
|
||||
|
||||
/** for debug and profiling purposes only
|
||||
@ -459,4 +846,14 @@ char* set_ip_dscp(int socket, int addrfamily, int ds);
|
||||
*/
|
||||
void verbose_print_unbound_socket(struct unbound_socket* ub_sock);
|
||||
|
||||
/** event callback for testcode/doqclient */
|
||||
void doq_client_event_cb(int fd, short event, void* arg);
|
||||
|
||||
/** timer event callback for testcode/doqclient */
|
||||
void doq_client_timer_cb(int fd, short event, void* arg);
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
/** get a timestamp in nanoseconds */
|
||||
ngtcp2_tstamp doq_get_timestamp_nanosec(void);
|
||||
#endif
|
||||
#endif /* LISTEN_DNSPORT_H */
|
||||
|
@ -311,7 +311,7 @@ int mesh_make_new_space(struct mesh_area* mesh, sldns_buffer* qbuf)
|
||||
|
||||
struct dns_msg*
|
||||
mesh_serve_expired_lookup(struct module_qstate* qstate,
|
||||
struct query_info* lookup_qinfo)
|
||||
struct query_info* lookup_qinfo, int* is_expired)
|
||||
{
|
||||
hashvalue_type h;
|
||||
struct lruhash_entry* e;
|
||||
@ -321,6 +321,7 @@ mesh_serve_expired_lookup(struct module_qstate* qstate,
|
||||
time_t timenow = *qstate->env->now;
|
||||
int must_validate = (!(qstate->query_flags&BIT_CD)
|
||||
|| qstate->env->cfg->ignore_cd) && qstate->env->need_to_validate;
|
||||
*is_expired = 0;
|
||||
/* Lookup cache */
|
||||
h = query_info_hash(lookup_qinfo, qstate->query_flags);
|
||||
e = slabhash_lookup(qstate->env->msg_cache, h, lookup_qinfo, 0);
|
||||
@ -328,6 +329,7 @@ mesh_serve_expired_lookup(struct module_qstate* qstate,
|
||||
|
||||
key = (struct msgreply_entry*)e->key;
|
||||
data = (struct reply_info*)e->data;
|
||||
if(data->ttl < timenow) *is_expired = 1;
|
||||
msg = tomsg(qstate->env, &key->key, data, qstate->region, timenow,
|
||||
qstate->env->cfg->serve_expired, qstate->env->scratch);
|
||||
if(!msg)
|
||||
@ -2176,6 +2178,7 @@ mesh_serve_expired_callback(void* arg)
|
||||
int must_validate = (!(qstate->query_flags&BIT_CD)
|
||||
|| qstate->env->cfg->ignore_cd) && qstate->env->need_to_validate;
|
||||
int i = 0;
|
||||
int is_expired;
|
||||
if(!qstate->serve_expired_data) return;
|
||||
verbose(VERB_ALGO, "Serve expired: Trying to reply with expired data");
|
||||
comm_timer_delete(qstate->serve_expired_data->timer);
|
||||
@ -2193,7 +2196,7 @@ mesh_serve_expired_callback(void* arg)
|
||||
fptr_ok(fptr_whitelist_serve_expired_lookup(
|
||||
qstate->serve_expired_data->get_cached_answer));
|
||||
msg = (*qstate->serve_expired_data->get_cached_answer)(qstate,
|
||||
lookup_qinfo);
|
||||
lookup_qinfo, &is_expired);
|
||||
if(!msg)
|
||||
return;
|
||||
/* Reset these in case we pass a second time from here. */
|
||||
@ -2285,8 +2288,10 @@ mesh_serve_expired_callback(void* arg)
|
||||
|
||||
/* Add EDE Stale Answer (RCF8914). Ignore global ede as this is
|
||||
* warning instead of an error */
|
||||
if (r->edns.edns_present && qstate->env->cfg->ede_serve_expired &&
|
||||
qstate->env->cfg->ede) {
|
||||
if(r->edns.edns_present &&
|
||||
qstate->env->cfg->ede_serve_expired &&
|
||||
qstate->env->cfg->ede &&
|
||||
is_expired) {
|
||||
edns_opt_list_append_ede(&r->edns.opt_list_out,
|
||||
mstate->s.region, LDNS_EDE_STALE_ANSWER, NULL);
|
||||
}
|
||||
|
@ -673,11 +673,12 @@ void mesh_serve_expired_callback(void* arg);
|
||||
* the same behavior as when replying from cache.
|
||||
* @param qstate: the module qstate.
|
||||
* @param lookup_qinfo: the query info to look for in the cache.
|
||||
* @param is_expired: set if the cached answer is expired.
|
||||
* @return dns_msg if a cached answer was found, otherwise NULL.
|
||||
*/
|
||||
struct dns_msg*
|
||||
mesh_serve_expired_lookup(struct module_qstate* qstate,
|
||||
struct query_info* lookup_qinfo);
|
||||
struct query_info* lookup_qinfo, int* is_expired);
|
||||
|
||||
/**
|
||||
* See if the mesh has space for more queries. You can allocate queries
|
||||
|
@ -265,7 +265,7 @@ modstack_call_init(struct module_stack* stack, const char* module_conf,
|
||||
int i, changed = 0;
|
||||
env->need_to_validate = 0; /* set by module init below */
|
||||
for(i=0; i<stack->num; i++) {
|
||||
while(*module_conf && isspace(*module_conf))
|
||||
while(*module_conf && isspace((unsigned char)*module_conf))
|
||||
module_conf++;
|
||||
if(strncmp(stack->mod[i]->name, module_conf,
|
||||
strlen(stack->mod[i]->name))) {
|
||||
|
@ -1969,6 +1969,7 @@ rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms,
|
||||
0, /* ttl */
|
||||
0, /* prettl */
|
||||
0, /* expttl */
|
||||
0, /* norecttl */
|
||||
0, /* an */
|
||||
0, /* ns */
|
||||
0, /* ar */
|
||||
@ -1999,6 +2000,7 @@ rpz_synthesize_nxdomain(struct rpz* r, struct module_qstate* ms,
|
||||
0, /* ttl */
|
||||
0, /* prettl */
|
||||
0, /* expttl */
|
||||
0, /* norecttl */
|
||||
0, /* an */
|
||||
0, /* ns */
|
||||
0, /* ar */
|
||||
@ -2031,6 +2033,7 @@ rpz_synthesize_localdata_from_rrset(struct rpz* ATTR_UNUSED(r), struct module_qs
|
||||
0, /* ttl */
|
||||
0, /* prettl */
|
||||
0, /* expttl */
|
||||
0, /* norecttl */
|
||||
1, /* an */
|
||||
0, /* ns */
|
||||
0, /* ar */
|
||||
@ -2176,6 +2179,7 @@ rpz_synthesize_cname_override_msg(struct rpz* r, struct module_qstate* ms,
|
||||
0, /* ttl */
|
||||
0, /* prettl */
|
||||
0, /* expttl */
|
||||
0, /* norecttl */
|
||||
1, /* an */
|
||||
0, /* ns */
|
||||
0, /* ar */
|
||||
@ -2288,15 +2292,18 @@ rpz_apply_nsip_trigger(struct module_qstate* ms, struct query_info* qchase,
|
||||
if(action == RPZ_LOCAL_DATA_ACTION && raddr->data == NULL) {
|
||||
verbose(VERB_ALGO, "rpz: bug: nsip local data action but no local data");
|
||||
ret = rpz_synthesize_nodata(r, ms, qchase, az);
|
||||
ms->rpz_applied = 1;
|
||||
goto done;
|
||||
}
|
||||
|
||||
switch(action) {
|
||||
case RPZ_NXDOMAIN_ACTION:
|
||||
ret = rpz_synthesize_nxdomain(r, ms, qchase, az);
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
case RPZ_NODATA_ACTION:
|
||||
ret = rpz_synthesize_nodata(r, ms, qchase, az);
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
case RPZ_TCP_ONLY_ACTION:
|
||||
/* basically a passthru here but the tcp-only will be
|
||||
@ -2306,11 +2313,13 @@ rpz_apply_nsip_trigger(struct module_qstate* ms, struct query_info* qchase,
|
||||
break;
|
||||
case RPZ_DROP_ACTION:
|
||||
ret = rpz_synthesize_nodata(r, ms, qchase, az);
|
||||
ms->rpz_applied = 1;
|
||||
ms->is_drop = 1;
|
||||
break;
|
||||
case RPZ_LOCAL_DATA_ACTION:
|
||||
ret = rpz_synthesize_nsip_localdata(r, ms, qchase, raddr, az);
|
||||
if(ret == NULL) { ret = rpz_synthesize_nodata(r, ms, qchase, az); }
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
case RPZ_PASSTHRU_ACTION:
|
||||
ret = NULL;
|
||||
@ -2318,6 +2327,7 @@ rpz_apply_nsip_trigger(struct module_qstate* ms, struct query_info* qchase,
|
||||
break;
|
||||
case RPZ_CNAME_OVERRIDE_ACTION:
|
||||
ret = rpz_synthesize_cname_override_msg(r, ms, qchase);
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
default:
|
||||
verbose(VERB_ALGO, "rpz: nsip: bug: unhandled or invalid action: '%s'",
|
||||
@ -2352,9 +2362,11 @@ rpz_apply_nsdname_trigger(struct module_qstate* ms, struct query_info* qchase,
|
||||
switch(action) {
|
||||
case RPZ_NXDOMAIN_ACTION:
|
||||
ret = rpz_synthesize_nxdomain(r, ms, qchase, az);
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
case RPZ_NODATA_ACTION:
|
||||
ret = rpz_synthesize_nodata(r, ms, qchase, az);
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
case RPZ_TCP_ONLY_ACTION:
|
||||
/* basically a passthru here but the tcp-only will be
|
||||
@ -2364,11 +2376,13 @@ rpz_apply_nsdname_trigger(struct module_qstate* ms, struct query_info* qchase,
|
||||
break;
|
||||
case RPZ_DROP_ACTION:
|
||||
ret = rpz_synthesize_nodata(r, ms, qchase, az);
|
||||
ms->rpz_applied = 1;
|
||||
ms->is_drop = 1;
|
||||
break;
|
||||
case RPZ_LOCAL_DATA_ACTION:
|
||||
ret = rpz_synthesize_nsdname_localdata(r, ms, qchase, z, match, az);
|
||||
if(ret == NULL) { ret = rpz_synthesize_nodata(r, ms, qchase, az); }
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
case RPZ_PASSTHRU_ACTION:
|
||||
ret = NULL;
|
||||
@ -2376,6 +2390,7 @@ rpz_apply_nsdname_trigger(struct module_qstate* ms, struct query_info* qchase,
|
||||
break;
|
||||
case RPZ_CNAME_OVERRIDE_ACTION:
|
||||
ret = rpz_synthesize_cname_override_msg(r, ms, qchase);
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
default:
|
||||
verbose(VERB_ALGO, "rpz: nsdname: bug: unhandled or invalid action: '%s'",
|
||||
@ -2579,9 +2594,11 @@ struct dns_msg* rpz_callback_from_iterator_cname(struct module_qstate* ms,
|
||||
switch(localzone_type_to_rpz_action(lzt)) {
|
||||
case RPZ_NXDOMAIN_ACTION:
|
||||
ret = rpz_synthesize_nxdomain(r, ms, &is->qchase, a);
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
case RPZ_NODATA_ACTION:
|
||||
ret = rpz_synthesize_nodata(r, ms, &is->qchase, a);
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
case RPZ_TCP_ONLY_ACTION:
|
||||
/* basically a passthru here but the tcp-only will be
|
||||
@ -2591,11 +2608,13 @@ struct dns_msg* rpz_callback_from_iterator_cname(struct module_qstate* ms,
|
||||
break;
|
||||
case RPZ_DROP_ACTION:
|
||||
ret = rpz_synthesize_nodata(r, ms, &is->qchase, a);
|
||||
ms->rpz_applied = 1;
|
||||
ms->is_drop = 1;
|
||||
break;
|
||||
case RPZ_LOCAL_DATA_ACTION:
|
||||
ret = rpz_synthesize_qname_localdata_msg(r, ms, &is->qchase, z, a);
|
||||
if(ret == NULL) { ret = rpz_synthesize_nodata(r, ms, &is->qchase, a); }
|
||||
ms->rpz_applied = 1;
|
||||
break;
|
||||
case RPZ_PASSTHRU_ACTION:
|
||||
ret = NULL;
|
||||
|
@ -104,7 +104,7 @@ while getopts 'd:hr' arg; do
|
||||
done
|
||||
shift $((OPTIND - 1))
|
||||
|
||||
if ! openssl >/dev/null 2>&1; then
|
||||
if ! openssl version </dev/null >/dev/null 2>&1; then
|
||||
echo "$0 requires openssl to be installed for keys/certificates generation." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
@ -293,6 +293,9 @@ static void print_mem(struct ub_shm_stat_info* shm_stat,
|
||||
PR_LL("mem.streamwait", s->svr.mem_stream_wait);
|
||||
PR_LL("mem.http.query_buffer", s->svr.mem_http2_query_buffer);
|
||||
PR_LL("mem.http.response_buffer", s->svr.mem_http2_response_buffer);
|
||||
#ifdef HAVE_NGTCP2
|
||||
PR_LL("mem.quic", s->svr.mem_quic);
|
||||
#endif
|
||||
}
|
||||
|
||||
/** print histogram */
|
||||
@ -359,6 +362,9 @@ static void print_extended(struct ub_stats_info* s, int inhibit_zero)
|
||||
PR_UL("num.query.tls_resume", s->svr.qtls_resume);
|
||||
PR_UL("num.query.ipv6", s->svr.qipv6);
|
||||
PR_UL("num.query.https", s->svr.qhttps);
|
||||
#ifdef HAVE_NGTCP2
|
||||
PR_UL("num.query.quic", s->svr.qquic);
|
||||
#endif
|
||||
|
||||
/* flags */
|
||||
PR_UL("num.query.flags.QR", s->svr.qbit_QR);
|
||||
|
@ -50,6 +50,8 @@
|
||||
#undef calloc
|
||||
#undef free
|
||||
#undef realloc
|
||||
#undef reallocarray
|
||||
#undef strdup
|
||||
#endif
|
||||
#ifdef UNBOUND_ALLOC_LITE
|
||||
#undef malloc
|
||||
@ -492,7 +494,11 @@ int main(int argc, char* argv[])
|
||||
if(strcmp(use_syslog, "yes") == 0) /* disable use-syslog */
|
||||
check_ub_res(ub_ctx_set_option(ctx,
|
||||
"use-syslog:", "no"));
|
||||
#ifdef UNBOUND_ALLOC_STATS
|
||||
unbound_stat_free_log(use_syslog, __FILE__, __LINE__, __func__);
|
||||
#else
|
||||
free(use_syslog);
|
||||
#endif
|
||||
}
|
||||
argc -= optind;
|
||||
argv += optind;
|
||||
|
@ -255,3 +255,19 @@ void dtio_mainfdcallback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
void doq_client_event_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
void* ATTR_UNUSED(arg))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
void doq_client_timer_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev),
|
||||
void* ATTR_UNUSED(arg))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
#endif
|
||||
|
2701
contrib/unbound/testcode/doqclient.c
Normal file
2701
contrib/unbound/testcode/doqclient.c
Normal file
File diff suppressed because it is too large
Load Diff
84
contrib/unbound/testcode/unitdoq.c
Normal file
84
contrib/unbound/testcode/unitdoq.c
Normal file
@ -0,0 +1,84 @@
|
||||
/*
|
||||
* testcode/unitdoq.c - unit test for doq routines.
|
||||
*
|
||||
* Copyright (c) 2022, NLnet Labs. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file
|
||||
* Calls doq related unit tests. Exits with code 1 on a failure.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#ifdef HAVE_NGTCP2
|
||||
|
||||
#include "util/netevent.h"
|
||||
#include "services/listen_dnsport.h"
|
||||
#include "testcode/unitmain.h"
|
||||
|
||||
/** check the size of a connection for doq */
|
||||
static void
|
||||
doq_size_conn_check()
|
||||
{
|
||||
/* Printout the size of one doq connection, in memory usage.
|
||||
* A connection with a couple cids, of type doq_conid, and
|
||||
* it has one stream, and that has a query and an answer. */
|
||||
size_t answer_size = 233; /* size of www.nlnetlabs.nl minimal answer
|
||||
with dnssec and one A record. The unsigned answer is 176 with
|
||||
additional data, 61 bytes minimal response one A record. */
|
||||
size_t query_size = 45; /* size of query for www.nlnetlabs.nl, with
|
||||
an EDNS record with DO flag. */
|
||||
size_t conn_size = sizeof(struct doq_conn);
|
||||
size_t conid_size = sizeof(struct doq_conid);
|
||||
size_t stream_size = sizeof(struct doq_stream);
|
||||
|
||||
conn_size += 16; /* DCID len in the conn key */
|
||||
conn_size += 0; /* the size of the ngtcp2_conn */
|
||||
conn_size += 0; /* the size of the SSL record */
|
||||
conn_size += 0; /* size of the close pkt,
|
||||
but we do not count it here. Only if the conn gets closed. */
|
||||
conid_size += 16; /* the dcid of the conn key */
|
||||
conid_size += 16; /* the cid */
|
||||
stream_size += query_size; /* size of in buffer */
|
||||
stream_size += answer_size; /* size of out buffer */
|
||||
printf("doq connection size %u bytes\n", (unsigned)(conn_size +
|
||||
conid_size*3 + stream_size));
|
||||
}
|
||||
|
||||
void doq_test(void)
|
||||
{
|
||||
unit_show_feature("doq");
|
||||
doq_size_conn_check();
|
||||
}
|
||||
#endif /* HAVE_NGTCP2 */
|
16
contrib/unbound/testdata/auth_tls.tdir/auth_tls.dsc
vendored
Normal file
16
contrib/unbound/testdata/auth_tls.tdir/auth_tls.dsc
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
BaseName: auth_tls
|
||||
Version: 1.0
|
||||
Description: Perform AXFR over tls for authority zone
|
||||
CreationDate: Thu 29 Aug 09:35:40 CEST 2024
|
||||
Maintainer: dr. W.C.A. Wijngaards
|
||||
Category:
|
||||
Component:
|
||||
CmdDepends:
|
||||
Depends:
|
||||
Help:
|
||||
Pre: auth_tls.pre
|
||||
Post: auth_tls.post
|
||||
Test: auth_tls.test
|
||||
AuxFiles:
|
||||
Passed:
|
||||
Failure:
|
21
contrib/unbound/testdata/auth_tls.tdir/auth_tls.nsd.conf
vendored
Normal file
21
contrib/unbound/testdata/auth_tls.tdir/auth_tls.nsd.conf
vendored
Normal file
@ -0,0 +1,21 @@
|
||||
server:
|
||||
logfile: "/dev/stderr"
|
||||
xfrdfile: xfrd.state
|
||||
username: ""
|
||||
chroot: ""
|
||||
zonesdir: ""
|
||||
pidfile: "nsd.pid"
|
||||
zonelistfile: "zone.list"
|
||||
verbosity: 5
|
||||
port: @NSD_PORT@
|
||||
interface: 127.0.0.1@@NSD_PORT@
|
||||
|
||||
tls-port: @NSD_PORT@
|
||||
tls-service-key: "nsd_server.key"
|
||||
tls-service-pem: "nsd_server.pem"
|
||||
|
||||
zone:
|
||||
name: "example.com"
|
||||
zonefile: "example.com.zone"
|
||||
provide-xfr: 0.0.0.0/0 NOKEY
|
||||
provide-xfr: ::0/0 NOKEY
|
14
contrib/unbound/testdata/auth_tls.tdir/auth_tls.post
vendored
Normal file
14
contrib/unbound/testdata/auth_tls.tdir/auth_tls.post
vendored
Normal file
@ -0,0 +1,14 @@
|
||||
# #-- auth_tls.post --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# source the test var file when it's there
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
#
|
||||
# do your teardown here
|
||||
. ../common.sh
|
||||
kill_pid $NSD_PID
|
||||
kill_pid $UNBOUND_PID
|
||||
echo "nsd.log"
|
||||
cat nsd.log
|
||||
echo "unbound.log"
|
||||
cat unbound.log
|
47
contrib/unbound/testdata/auth_tls.tdir/auth_tls.pre
vendored
Normal file
47
contrib/unbound/testdata/auth_tls.tdir/auth_tls.pre
vendored
Normal file
@ -0,0 +1,47 @@
|
||||
# #-- auth_tls.pre--#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
. ../common.sh
|
||||
PRE="../.."
|
||||
if test -n "$NSD"; then
|
||||
:
|
||||
else
|
||||
if `which nsd >/dev/null 2>&1`; then
|
||||
# need nsd >= 4.2.0
|
||||
NSD="nsd"
|
||||
else
|
||||
if test -f $PRE/../nsd/nsd; then
|
||||
NSD="$PRE/../nsd/nsd"
|
||||
else
|
||||
skip_test "need nsd"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
echo "NSD=$NSD"
|
||||
|
||||
get_random_port 2
|
||||
UNBOUND_PORT=$RND_PORT
|
||||
NSD_PORT=$(($RND_PORT + 1))
|
||||
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
|
||||
echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test
|
||||
|
||||
# make config file
|
||||
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls.ub.conf > ub.conf
|
||||
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls.nsd.conf > nsd.conf
|
||||
|
||||
# start nsd
|
||||
$NSD -d -c nsd.conf >nsd.log 2>&1 &
|
||||
NSD_PID=$!
|
||||
echo "NSD_PID=$NSD_PID" >> .tpkg.var.test
|
||||
|
||||
# start unbound in the background
|
||||
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
|
||||
UNBOUND_PID=$!
|
||||
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
|
||||
|
||||
cat .tpkg.var.test
|
||||
wait_nsd_up nsd.log
|
||||
wait_unbound_up unbound.log
|
48
contrib/unbound/testdata/auth_tls.tdir/auth_tls.test
vendored
Normal file
48
contrib/unbound/testdata/auth_tls.tdir/auth_tls.test
vendored
Normal file
@ -0,0 +1,48 @@
|
||||
# #-- auth_tls.test --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
# do the test
|
||||
echo "> dig www.example.com."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
sleep 1
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
sleep 1
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
sleep 1
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
sleep 10
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
sleep 10
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
echo "> check answer"
|
||||
if grep "1.2.3.4" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exit 0
|
22
contrib/unbound/testdata/auth_tls.tdir/auth_tls.ub.conf
vendored
Normal file
22
contrib/unbound/testdata/auth_tls.tdir/auth_tls.ub.conf
vendored
Normal file
@ -0,0 +1,22 @@
|
||||
server:
|
||||
verbosity: 7
|
||||
# num-threads: 1
|
||||
interface: 127.0.0.1
|
||||
port: @UNBOUND_PORT@
|
||||
use-syslog: no
|
||||
directory: ""
|
||||
pidfile: "unbound.pid"
|
||||
chroot: ""
|
||||
username: ""
|
||||
do-not-query-localhost: no
|
||||
tls-service-key: "unbound_server.key"
|
||||
tls-service-pem: "unbound_server.pem"
|
||||
tls-cert-bundle: "nsd_server.pem"
|
||||
|
||||
auth-zone:
|
||||
name: "example.com"
|
||||
for-upstream: yes
|
||||
for-downstream: yes
|
||||
primary: "127.0.0.1@@NSD_PORT@#nsd"
|
||||
allow-notify: "127.0.0.2@@NSD_PORT@"
|
||||
allow-notify: 127.0.0.1
|
4
contrib/unbound/testdata/auth_tls.tdir/example.com.zone
vendored
Normal file
4
contrib/unbound/testdata/auth_tls.tdir/example.com.zone
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
example.com. 240 IN SOA ns.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2024082400 28800 7200 604800 240
|
||||
example.com. NS ns.example.com.
|
||||
ns.example.com. IN A 192.0.2.1
|
||||
www.example.com. A 1.2.3.4
|
39
contrib/unbound/testdata/auth_tls.tdir/nsd_server.key
vendored
Normal file
39
contrib/unbound/testdata/auth_tls.tdir/nsd_server.key
vendored
Normal file
@ -0,0 +1,39 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIG5QIBAAKCAYEAxLy5fFUI1OjXXbPcQ13303/K5AliTq6bCnS57edzQIbmPZj7
|
||||
XbGZ0RnU47cZ11GSAI9ptDIrSidNTsHzaqWZn431/IVjwrIkRgz95/aOWRov4fwm
|
||||
cS5qvbYV60l384NZLqmF4BDDxSt2MLT2+jWxFEK2iUm2YXZewifQ8zaHmjfAWlo8
|
||||
TlK5jzt0Qc0qPv5nCC6mwtjb7OHul3N3QolW6hZOc1KZVEeBdELedoU9TyMyzhPB
|
||||
vkqAXWoti/CwWj3YMTj/L7zNfQ9F1HW6n67Y+ltO8IadILPiZiiAVIrLqUh3EL2X
|
||||
fq+BcJ3QvADjyL9F5TH3AaWoi6iYgMGcgdqK9k6hj+ziuMxX6OsgzfzxTEzZCHhP
|
||||
Er39SX6j/fHzJP4aGQxAAHLAmv2p9P/oEZeZsvWPsBWYpULKgMZ0JDZhf26ddrB1
|
||||
mpTaqRQsG384dUZR9f/iyzTszwgc2PQ7JG6gVg723KoBhlD0g+DlC8XdxiRyaDbJ
|
||||
PXzSoXgLWumx02OhAgMBAAECggGBAMS7MARriBRX7hzuYaEgE1V0oe+cjqi9o542
|
||||
EUMcQjzRaOVJ2HrdwUG+wgsgKwAMuqJCxuIBlRZm7MCH5CDODivmKohk3thviSRf
|
||||
k3tlKv1g2Wby3YIqd2TT82FAK2nf+8tUi+H/AbVl+59DJwIXtMbc22m3w1/8nU8r
|
||||
v5+l9L27aGcxesKbqKDZRC0Uu10YyvD8rZeEgY+EcjESrrxjV/1nZvWdMGR9yK74
|
||||
uzrri95aBVDbos7l8yz2oysf+UmUMp5U9rWwuU4M/34pFSGeo7CHjtliwbBF4FHn
|
||||
uyompXaOr7Qrgeg4fc9NbZNaB4OAOV2d1sI202q6j3kEkhG4pD8LAG/RRnugCj7D
|
||||
PKGJL3iZKxknjA+tAKkgq50EbMpLHHv1qSiKWy8p+bR5FyBYPSheOSkOKTywpqnd
|
||||
OU+VDTi4iLDvkENt6E0TghSyhncl8yIcomYPktqepaNekCHquK5sX8NUhOzRe3WH
|
||||
gX7l3e/o8JRvbwXJ8UWfQlKhPO/hvQKBwQDiLXVMf+Hjl/OoXHtF6huerNBux5CS
|
||||
KYha5BLARs9W74kd9mTJ9F5IflenpzQJc1b/PnvvlcDDlniUvlgk463EA2th4qWp
|
||||
50jFniq/l4rUMFk1vZBXldvuUaL6f+Ihi8WmoUAyguEVAB9G/EJ1bXqHKdJtxuz+
|
||||
/TXGBsXrF5+sZOTjfq96CgQtBmbPXMncPto0NndoMqcEB0bjsFywQXGCk6ZZZ3Ac
|
||||
vwnZFqVwqro3aTwD+xllzVz+xBNK8GU+zW8CgcEA3q2EepAT7dlZAveC7VSLnFF/
|
||||
w86ziynGEuhoJly+zedDPkFIGxYje1SPaKhpMH2jOdCajyHPOGuWEeVfKMbzCrHP
|
||||
GdFyiTQDk3Pq0JRXpUUJSPGPusAQnPruE68XccDb+eBiJR6y+0vXHd1J3F8B4BMQ
|
||||
AloZZtlx9BkEZaaRjROxM7Ilbev4IjOcScTREb2GL8gU3vnI2FJjBMy6fI5cm4QK
|
||||
XEgiLcxGniM77bAZTeoVFbpd4SSICDXVn/NM/XfvAoHBAMHbjKphAc/9MY6gldg6
|
||||
7Cl4nb4VtshQaNremWPMTXKKJNBVm9WtahJgl+jO2z8uaOalO70CchIyKm/zJcGY
|
||||
lBtpguSHSs7xueIHy0QkM43jUtNJAyrO+46s0jA65Cs0jdhgZZHls944GJbTKHNV
|
||||
vquTIRWOZxu3FBwDOihiOy2b3MNQlj7XzvR4hC4/rZTlGkmeVYItyBEf25bUVt2L
|
||||
eisdOntuuR0qcNptGqgS7UEJJbOTyRUEjCyhCpg0q9LEaQKBwDF7N1wQ1gzdZlUt
|
||||
cO+SAO/8gDqfnPAImVYsRLB5nYCdqiiUUxSJx9qpALEN80nuMS4wt5ekuKpd5dwW
|
||||
Lx4dj3ZJ6q5fB2eLolvKv1wYCp3UCGsoGnsyIL7xV6QSHVCOvZL6FHURLE6BHM0r
|
||||
FjWc+wqy0bTkFo7vNM48HOkFqYRC4vaM2JpjfCEFfO47iQW7Kq1FdbXSpZnEPPKd
|
||||
F7eD3vpDzhWRhd7NbMfJJpD7t7PDl2nbnu7fska4x76iTvJoCwKBwQCcqj2yhl69
|
||||
1GfpzsOtfzh9rECrnKjAhmVbwRfKB1ivwe8G2tobgQjOUajBqkCYKpZgTy3wyhWn
|
||||
0D4AdwonGu1XYLZWX+Hw/ZWhNEg/6Ju2wfiMJfFWmy5pvTSvmOlNWvYKwmH/TDjX
|
||||
tEctSVj6D67xE5v6s3donTI0NFa1u7i1hwoGu4POCockbau52YN4n20R5K7enu2+
|
||||
YYpXfcUOmCi91Hpv+X1YbmY1tOo0m1ItYqupbuRFXnHVXJhKxsYXqlA=
|
||||
-----END RSA PRIVATE KEY-----
|
22
contrib/unbound/testdata/auth_tls.tdir/nsd_server.pem
vendored
Normal file
22
contrib/unbound/testdata/auth_tls.tdir/nsd_server.pem
vendored
Normal file
@ -0,0 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDozCCAgsCFCAZislHgIerlrBBkLFt/ZOkKYVZMA0GCSqGSIb3DQEBCwUAMA4x
|
||||
DDAKBgNVBAMMA25zZDAeFw0xOTA0MjUxNTEzMjdaFw0yOTA0MjIxNTEzMjdaMA4x
|
||||
DDAKBgNVBAMMA25zZDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMS8
|
||||
uXxVCNTo112z3ENd99N/yuQJYk6umwp0ue3nc0CG5j2Y+12xmdEZ1OO3GddRkgCP
|
||||
abQyK0onTU7B82qlmZ+N9fyFY8KyJEYM/ef2jlkaL+H8JnEuar22FetJd/ODWS6p
|
||||
heAQw8UrdjC09vo1sRRCtolJtmF2XsIn0PM2h5o3wFpaPE5SuY87dEHNKj7+Zwgu
|
||||
psLY2+zh7pdzd0KJVuoWTnNSmVRHgXRC3naFPU8jMs4Twb5KgF1qLYvwsFo92DE4
|
||||
/y+8zX0PRdR1up+u2PpbTvCGnSCz4mYogFSKy6lIdxC9l36vgXCd0LwA48i/ReUx
|
||||
9wGlqIuomIDBnIHaivZOoY/s4rjMV+jrIM388UxM2Qh4TxK9/Ul+o/3x8yT+GhkM
|
||||
QABywJr9qfT/6BGXmbL1j7AVmKVCyoDGdCQ2YX9unXawdZqU2qkULBt/OHVGUfX/
|
||||
4ss07M8IHNj0OyRuoFYO9tyqAYZQ9IPg5QvF3cYkcmg2yT180qF4C1rpsdNjoQID
|
||||
AQABMA0GCSqGSIb3DQEBCwUAA4IBgQB+WGMopDqNkv7yDAO8Ik2EWieDqxTshqR4
|
||||
bT1do9zsC9WDrIVxoVcn+dtlIpEQl8MN9U5DTKBbRgk3grOwUsg2kC0Gujv3vAyQ
|
||||
bF+jxjHWd1xzrbQ+QUgz07P1OMFWxMzECL2L2078UZbawFqKqlmNv5avUk27G8nB
|
||||
GrujT/pUOIpRXC+rao8e14R84dPJLZuGm9IAeEBQIIdhY9sjFRyoQdCUubyKPpkm
|
||||
/fpcDMkt7PzZ4nTovj4NUxnnoUGonpXuj0pHA/RDDJkPYaRrND4OGldQXdZ9LJNM
|
||||
pROL6aCZ5iog74OY8yutVzCgGge9vZLkysceVP7Lyks9/fEAtIuozmulp9TUQAeR
|
||||
MVdDOcREWRd0vFNtAC9xSloRqV+66CzrFHwkSMpLo+gdgcAZ8s33rgQk+I4gfavU
|
||||
jPWMZVcZHXevtWuTRnxfOpMkbwiRyr2J8m549K7OKZgr+JRhdJTev4lvXVyfFia4
|
||||
zr6UOK4exZWP6VDXb4IyZbJh+LMjmws=
|
||||
-----END CERTIFICATE-----
|
39
contrib/unbound/testdata/auth_tls.tdir/unbound_server.key
vendored
Normal file
39
contrib/unbound/testdata/auth_tls.tdir/unbound_server.key
vendored
Normal file
@ -0,0 +1,39 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
|
||||
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
|
||||
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
|
||||
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
|
||||
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
|
||||
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
|
||||
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
|
||||
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
|
||||
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
|
||||
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
|
||||
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
|
||||
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
|
||||
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
|
||||
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
|
||||
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
|
||||
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
|
||||
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
|
||||
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
|
||||
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
|
||||
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
|
||||
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
|
||||
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
|
||||
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
|
||||
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
|
||||
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
|
||||
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
|
||||
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
|
||||
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
|
||||
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
|
||||
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
|
||||
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
|
||||
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
|
||||
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
|
||||
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
|
||||
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
|
||||
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
|
||||
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
|
||||
-----END RSA PRIVATE KEY-----
|
22
contrib/unbound/testdata/auth_tls.tdir/unbound_server.pem
vendored
Normal file
22
contrib/unbound/testdata/auth_tls.tdir/unbound_server.pem
vendored
Normal file
@ -0,0 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
|
||||
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
|
||||
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
|
||||
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
|
||||
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
|
||||
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
|
||||
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
|
||||
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
|
||||
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
|
||||
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
|
||||
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
|
||||
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
|
||||
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
|
||||
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
|
||||
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
|
||||
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
|
||||
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
|
||||
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
|
||||
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
|
||||
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
|
||||
-----END CERTIFICATE-----
|
16
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.dsc
vendored
Normal file
16
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.dsc
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
BaseName: auth_tls_failcert
|
||||
Version: 1.0
|
||||
Description: Perform AXFR over tls for authority zone where the cert fails
|
||||
CreationDate: Thu 29 Aug 10:35:40 CEST 2024
|
||||
Maintainer: dr. W.C.A. Wijngaards
|
||||
Category:
|
||||
Component:
|
||||
CmdDepends:
|
||||
Depends:
|
||||
Help:
|
||||
Pre: auth_tls_failcert.pre
|
||||
Post: auth_tls_failcert.post
|
||||
Test: auth_tls_failcert.test
|
||||
AuxFiles:
|
||||
Passed:
|
||||
Failure:
|
21
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.nsd.conf
vendored
Normal file
21
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.nsd.conf
vendored
Normal file
@ -0,0 +1,21 @@
|
||||
server:
|
||||
logfile: "/dev/stderr"
|
||||
xfrdfile: xfrd.state
|
||||
username: ""
|
||||
chroot: ""
|
||||
zonesdir: ""
|
||||
pidfile: "nsd.pid"
|
||||
zonelistfile: "zone.list"
|
||||
verbosity: 5
|
||||
port: @NSD_PORT@
|
||||
interface: 127.0.0.1@@NSD_PORT@
|
||||
|
||||
tls-port: @NSD_PORT@
|
||||
tls-service-key: "nsd_server.key"
|
||||
tls-service-pem: "nsd_server.pem"
|
||||
|
||||
zone:
|
||||
name: "example.com"
|
||||
zonefile: "example.com.zone"
|
||||
provide-xfr: 0.0.0.0/0 NOKEY
|
||||
provide-xfr: ::0/0 NOKEY
|
14
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.post
vendored
Normal file
14
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.post
vendored
Normal file
@ -0,0 +1,14 @@
|
||||
# #-- auth_tls_failcert.post --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# source the test var file when it's there
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
#
|
||||
# do your teardown here
|
||||
. ../common.sh
|
||||
kill_pid $NSD_PID
|
||||
kill_pid $UNBOUND_PID
|
||||
echo "nsd.log"
|
||||
cat nsd.log
|
||||
echo "unbound.log"
|
||||
cat unbound.log
|
47
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.pre
vendored
Normal file
47
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.pre
vendored
Normal file
@ -0,0 +1,47 @@
|
||||
# #-- auth_tls_failcert.pre--#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
. ../common.sh
|
||||
PRE="../.."
|
||||
if test -n "$NSD"; then
|
||||
:
|
||||
else
|
||||
if `which nsd >/dev/null 2>&1`; then
|
||||
# need nsd >= 4.2.0
|
||||
NSD="nsd"
|
||||
else
|
||||
if test -f $PRE/../nsd/nsd; then
|
||||
NSD="$PRE/../nsd/nsd"
|
||||
else
|
||||
skip_test "need nsd"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
echo "NSD=$NSD"
|
||||
|
||||
get_random_port 2
|
||||
UNBOUND_PORT=$RND_PORT
|
||||
NSD_PORT=$(($RND_PORT + 1))
|
||||
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
|
||||
echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test
|
||||
|
||||
# make config file
|
||||
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls_failcert.ub.conf > ub.conf
|
||||
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls_failcert.nsd.conf > nsd.conf
|
||||
|
||||
# start nsd
|
||||
$NSD -d -c nsd.conf >nsd.log 2>&1 &
|
||||
NSD_PID=$!
|
||||
echo "NSD_PID=$NSD_PID" >> .tpkg.var.test
|
||||
|
||||
# start unbound in the background
|
||||
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
|
||||
UNBOUND_PID=$!
|
||||
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
|
||||
|
||||
cat .tpkg.var.test
|
||||
wait_nsd_up nsd.log
|
||||
wait_unbound_up unbound.log
|
56
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.test
vendored
Normal file
56
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.test
vendored
Normal file
@ -0,0 +1,56 @@
|
||||
# #-- auth_tls_failcert.test --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
# do the test
|
||||
echo "> dig www.example.com."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
sleep 1
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
sleep 1
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
sleep 1
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
sleep 1
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
if grep SERVFAIL outfile; then
|
||||
echo "> try again"
|
||||
sleep 1
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
fi
|
||||
echo "> check answer"
|
||||
if grep "1.2.3.4" outfile; then
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
else
|
||||
echo "OK not present"
|
||||
fi
|
||||
|
||||
# But the server should be up
|
||||
if grep "SERVFAIL" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exit 0
|
23
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.ub.conf
vendored
Normal file
23
contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.ub.conf
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
server:
|
||||
verbosity: 7
|
||||
# num-threads: 1
|
||||
interface: 127.0.0.1
|
||||
port: @UNBOUND_PORT@
|
||||
use-syslog: no
|
||||
directory: ""
|
||||
pidfile: "unbound.pid"
|
||||
chroot: ""
|
||||
username: ""
|
||||
do-not-query-localhost: no
|
||||
tls-service-key: "unbound_server.key"
|
||||
tls-service-pem: "unbound_server.pem"
|
||||
tls-cert-bundle: "nsd_server.pem"
|
||||
|
||||
auth-zone:
|
||||
name: "example.com"
|
||||
for-upstream: yes
|
||||
for-downstream: yes
|
||||
# actual working primary: "127.0.0.1@@NSD_PORT@#nsd"
|
||||
primary: "127.0.0.1@@NSD_PORT@#wrongname"
|
||||
allow-notify: "127.0.0.2@@NSD_PORT@"
|
||||
allow-notify: 127.0.0.1
|
4
contrib/unbound/testdata/auth_tls_failcert.tdir/example.com.zone
vendored
Normal file
4
contrib/unbound/testdata/auth_tls_failcert.tdir/example.com.zone
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
example.com. 240 IN SOA ns.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2024082400 28800 7200 604800 240
|
||||
example.com. NS ns.example.com.
|
||||
ns.example.com. IN A 192.0.2.1
|
||||
www.example.com. A 1.2.3.4
|
39
contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.key
vendored
Normal file
39
contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.key
vendored
Normal file
@ -0,0 +1,39 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIG5QIBAAKCAYEAxLy5fFUI1OjXXbPcQ13303/K5AliTq6bCnS57edzQIbmPZj7
|
||||
XbGZ0RnU47cZ11GSAI9ptDIrSidNTsHzaqWZn431/IVjwrIkRgz95/aOWRov4fwm
|
||||
cS5qvbYV60l384NZLqmF4BDDxSt2MLT2+jWxFEK2iUm2YXZewifQ8zaHmjfAWlo8
|
||||
TlK5jzt0Qc0qPv5nCC6mwtjb7OHul3N3QolW6hZOc1KZVEeBdELedoU9TyMyzhPB
|
||||
vkqAXWoti/CwWj3YMTj/L7zNfQ9F1HW6n67Y+ltO8IadILPiZiiAVIrLqUh3EL2X
|
||||
fq+BcJ3QvADjyL9F5TH3AaWoi6iYgMGcgdqK9k6hj+ziuMxX6OsgzfzxTEzZCHhP
|
||||
Er39SX6j/fHzJP4aGQxAAHLAmv2p9P/oEZeZsvWPsBWYpULKgMZ0JDZhf26ddrB1
|
||||
mpTaqRQsG384dUZR9f/iyzTszwgc2PQ7JG6gVg723KoBhlD0g+DlC8XdxiRyaDbJ
|
||||
PXzSoXgLWumx02OhAgMBAAECggGBAMS7MARriBRX7hzuYaEgE1V0oe+cjqi9o542
|
||||
EUMcQjzRaOVJ2HrdwUG+wgsgKwAMuqJCxuIBlRZm7MCH5CDODivmKohk3thviSRf
|
||||
k3tlKv1g2Wby3YIqd2TT82FAK2nf+8tUi+H/AbVl+59DJwIXtMbc22m3w1/8nU8r
|
||||
v5+l9L27aGcxesKbqKDZRC0Uu10YyvD8rZeEgY+EcjESrrxjV/1nZvWdMGR9yK74
|
||||
uzrri95aBVDbos7l8yz2oysf+UmUMp5U9rWwuU4M/34pFSGeo7CHjtliwbBF4FHn
|
||||
uyompXaOr7Qrgeg4fc9NbZNaB4OAOV2d1sI202q6j3kEkhG4pD8LAG/RRnugCj7D
|
||||
PKGJL3iZKxknjA+tAKkgq50EbMpLHHv1qSiKWy8p+bR5FyBYPSheOSkOKTywpqnd
|
||||
OU+VDTi4iLDvkENt6E0TghSyhncl8yIcomYPktqepaNekCHquK5sX8NUhOzRe3WH
|
||||
gX7l3e/o8JRvbwXJ8UWfQlKhPO/hvQKBwQDiLXVMf+Hjl/OoXHtF6huerNBux5CS
|
||||
KYha5BLARs9W74kd9mTJ9F5IflenpzQJc1b/PnvvlcDDlniUvlgk463EA2th4qWp
|
||||
50jFniq/l4rUMFk1vZBXldvuUaL6f+Ihi8WmoUAyguEVAB9G/EJ1bXqHKdJtxuz+
|
||||
/TXGBsXrF5+sZOTjfq96CgQtBmbPXMncPto0NndoMqcEB0bjsFywQXGCk6ZZZ3Ac
|
||||
vwnZFqVwqro3aTwD+xllzVz+xBNK8GU+zW8CgcEA3q2EepAT7dlZAveC7VSLnFF/
|
||||
w86ziynGEuhoJly+zedDPkFIGxYje1SPaKhpMH2jOdCajyHPOGuWEeVfKMbzCrHP
|
||||
GdFyiTQDk3Pq0JRXpUUJSPGPusAQnPruE68XccDb+eBiJR6y+0vXHd1J3F8B4BMQ
|
||||
AloZZtlx9BkEZaaRjROxM7Ilbev4IjOcScTREb2GL8gU3vnI2FJjBMy6fI5cm4QK
|
||||
XEgiLcxGniM77bAZTeoVFbpd4SSICDXVn/NM/XfvAoHBAMHbjKphAc/9MY6gldg6
|
||||
7Cl4nb4VtshQaNremWPMTXKKJNBVm9WtahJgl+jO2z8uaOalO70CchIyKm/zJcGY
|
||||
lBtpguSHSs7xueIHy0QkM43jUtNJAyrO+46s0jA65Cs0jdhgZZHls944GJbTKHNV
|
||||
vquTIRWOZxu3FBwDOihiOy2b3MNQlj7XzvR4hC4/rZTlGkmeVYItyBEf25bUVt2L
|
||||
eisdOntuuR0qcNptGqgS7UEJJbOTyRUEjCyhCpg0q9LEaQKBwDF7N1wQ1gzdZlUt
|
||||
cO+SAO/8gDqfnPAImVYsRLB5nYCdqiiUUxSJx9qpALEN80nuMS4wt5ekuKpd5dwW
|
||||
Lx4dj3ZJ6q5fB2eLolvKv1wYCp3UCGsoGnsyIL7xV6QSHVCOvZL6FHURLE6BHM0r
|
||||
FjWc+wqy0bTkFo7vNM48HOkFqYRC4vaM2JpjfCEFfO47iQW7Kq1FdbXSpZnEPPKd
|
||||
F7eD3vpDzhWRhd7NbMfJJpD7t7PDl2nbnu7fska4x76iTvJoCwKBwQCcqj2yhl69
|
||||
1GfpzsOtfzh9rECrnKjAhmVbwRfKB1ivwe8G2tobgQjOUajBqkCYKpZgTy3wyhWn
|
||||
0D4AdwonGu1XYLZWX+Hw/ZWhNEg/6Ju2wfiMJfFWmy5pvTSvmOlNWvYKwmH/TDjX
|
||||
tEctSVj6D67xE5v6s3donTI0NFa1u7i1hwoGu4POCockbau52YN4n20R5K7enu2+
|
||||
YYpXfcUOmCi91Hpv+X1YbmY1tOo0m1ItYqupbuRFXnHVXJhKxsYXqlA=
|
||||
-----END RSA PRIVATE KEY-----
|
22
contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.pem
vendored
Normal file
22
contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.pem
vendored
Normal file
@ -0,0 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDozCCAgsCFCAZislHgIerlrBBkLFt/ZOkKYVZMA0GCSqGSIb3DQEBCwUAMA4x
|
||||
DDAKBgNVBAMMA25zZDAeFw0xOTA0MjUxNTEzMjdaFw0yOTA0MjIxNTEzMjdaMA4x
|
||||
DDAKBgNVBAMMA25zZDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMS8
|
||||
uXxVCNTo112z3ENd99N/yuQJYk6umwp0ue3nc0CG5j2Y+12xmdEZ1OO3GddRkgCP
|
||||
abQyK0onTU7B82qlmZ+N9fyFY8KyJEYM/ef2jlkaL+H8JnEuar22FetJd/ODWS6p
|
||||
heAQw8UrdjC09vo1sRRCtolJtmF2XsIn0PM2h5o3wFpaPE5SuY87dEHNKj7+Zwgu
|
||||
psLY2+zh7pdzd0KJVuoWTnNSmVRHgXRC3naFPU8jMs4Twb5KgF1qLYvwsFo92DE4
|
||||
/y+8zX0PRdR1up+u2PpbTvCGnSCz4mYogFSKy6lIdxC9l36vgXCd0LwA48i/ReUx
|
||||
9wGlqIuomIDBnIHaivZOoY/s4rjMV+jrIM388UxM2Qh4TxK9/Ul+o/3x8yT+GhkM
|
||||
QABywJr9qfT/6BGXmbL1j7AVmKVCyoDGdCQ2YX9unXawdZqU2qkULBt/OHVGUfX/
|
||||
4ss07M8IHNj0OyRuoFYO9tyqAYZQ9IPg5QvF3cYkcmg2yT180qF4C1rpsdNjoQID
|
||||
AQABMA0GCSqGSIb3DQEBCwUAA4IBgQB+WGMopDqNkv7yDAO8Ik2EWieDqxTshqR4
|
||||
bT1do9zsC9WDrIVxoVcn+dtlIpEQl8MN9U5DTKBbRgk3grOwUsg2kC0Gujv3vAyQ
|
||||
bF+jxjHWd1xzrbQ+QUgz07P1OMFWxMzECL2L2078UZbawFqKqlmNv5avUk27G8nB
|
||||
GrujT/pUOIpRXC+rao8e14R84dPJLZuGm9IAeEBQIIdhY9sjFRyoQdCUubyKPpkm
|
||||
/fpcDMkt7PzZ4nTovj4NUxnnoUGonpXuj0pHA/RDDJkPYaRrND4OGldQXdZ9LJNM
|
||||
pROL6aCZ5iog74OY8yutVzCgGge9vZLkysceVP7Lyks9/fEAtIuozmulp9TUQAeR
|
||||
MVdDOcREWRd0vFNtAC9xSloRqV+66CzrFHwkSMpLo+gdgcAZ8s33rgQk+I4gfavU
|
||||
jPWMZVcZHXevtWuTRnxfOpMkbwiRyr2J8m549K7OKZgr+JRhdJTev4lvXVyfFia4
|
||||
zr6UOK4exZWP6VDXb4IyZbJh+LMjmws=
|
||||
-----END CERTIFICATE-----
|
39
contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.key
vendored
Normal file
39
contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.key
vendored
Normal file
@ -0,0 +1,39 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
|
||||
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
|
||||
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
|
||||
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
|
||||
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
|
||||
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
|
||||
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
|
||||
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
|
||||
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
|
||||
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
|
||||
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
|
||||
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
|
||||
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
|
||||
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
|
||||
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
|
||||
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
|
||||
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
|
||||
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
|
||||
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
|
||||
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
|
||||
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
|
||||
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
|
||||
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
|
||||
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
|
||||
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
|
||||
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
|
||||
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
|
||||
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
|
||||
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
|
||||
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
|
||||
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
|
||||
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
|
||||
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
|
||||
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
|
||||
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
|
||||
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
|
||||
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
|
||||
-----END RSA PRIVATE KEY-----
|
22
contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.pem
vendored
Normal file
22
contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.pem
vendored
Normal file
@ -0,0 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
|
||||
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
|
||||
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
|
||||
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
|
||||
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
|
||||
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
|
||||
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
|
||||
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
|
||||
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
|
||||
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
|
||||
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
|
||||
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
|
||||
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
|
||||
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
|
||||
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
|
||||
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
|
||||
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
|
||||
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
|
||||
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
|
||||
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
|
||||
-----END CERTIFICATE-----
|
@ -238,10 +238,12 @@ then
|
||||
echo "Got the same first cookie in the response while the second secret is active"
|
||||
exit 1
|
||||
fi
|
||||
if ! grep -q "COOKIE: $second_cookie" $outfile
|
||||
if ! grep -q "COOKIE: .* (good)$" $outfile
|
||||
then
|
||||
# dig can generate a different cookie value here than previous cookies.
|
||||
# but make sure the output contains a valid cookie
|
||||
cat $outfile
|
||||
echo "Did not get the same second cookie in the response"
|
||||
echo "Did not get a valid cookie in the response"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
195
contrib/unbound/testdata/dns64_prefetch_cache.rpl
vendored
Normal file
195
contrib/unbound/testdata/dns64_prefetch_cache.rpl
vendored
Normal file
@ -0,0 +1,195 @@
|
||||
; config options
|
||||
server:
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: "no"
|
||||
module-config: "dns64 iterator"
|
||||
dns64-prefix: 64:ff9b::0/96
|
||||
minimal-responses: no
|
||||
prefetch: yes
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test dns64 with prefetch and cache store.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 200
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 200
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
STEP 20 TIME_PASSES ELAPSE 3500
|
||||
|
||||
STEP 30 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; the prefetch is started, the older cache reply is returned.
|
||||
STEP 40 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 100 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 100 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 100 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; check what is in the cache
|
||||
STEP 42 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 43 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
STEP 50 TIME_PASSES ELAPSE 300
|
||||
|
||||
; now the upstream is offline, the prefetched answer should be in the cache.
|
||||
STEP 110 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 120 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3300 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 3300 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3300 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
21
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.conf
vendored
Normal file
21
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.conf
vendored
Normal file
@ -0,0 +1,21 @@
|
||||
server:
|
||||
verbosity: 2
|
||||
# num-threads: 1
|
||||
interface: 127.0.0.1@@PORT@
|
||||
quic-port: @PORT@
|
||||
tls-service-key: "unbound_server.key"
|
||||
tls-service-pem: "unbound_server.pem"
|
||||
use-syslog: no
|
||||
directory: .
|
||||
pidfile: "unbound.pid"
|
||||
chroot: ""
|
||||
username: ""
|
||||
do-not-query-localhost: no
|
||||
|
||||
local-zone: "example.net" static
|
||||
local-data: "www.example.net. IN A 1.2.3.4"
|
||||
local-zone: "drop.net" deny
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: "127.0.0.1@@TOPORT@"
|
16
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.dsc
vendored
Normal file
16
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.dsc
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
BaseName: doq_downstream
|
||||
Version: 1.0
|
||||
Description: Test DNS-over-QUIC query processing
|
||||
CreationDate: Mon Aug 01 16:00:00 CEST 2022
|
||||
Maintainer:
|
||||
Category:
|
||||
Component:
|
||||
CmdDepends:
|
||||
Depends:
|
||||
Help:
|
||||
Pre: doq_downstream.pre
|
||||
Post: doq_downstream.post
|
||||
Test: doq_downstream.test
|
||||
AuxFiles:
|
||||
Passed:
|
||||
Failure:
|
13
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.post
vendored
Normal file
13
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.post
vendored
Normal file
@ -0,0 +1,13 @@
|
||||
# #-- doq_downstream.post --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# source the test var file when it's there
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
#
|
||||
# do your teardown here
|
||||
PRE="../.."
|
||||
. ../common.sh
|
||||
kill_pid $FWD_PID
|
||||
if test -f unbound.pid; then
|
||||
kill_pid $UNBOUND_PID
|
||||
fi
|
44
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.pre
vendored
Normal file
44
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.pre
vendored
Normal file
@ -0,0 +1,44 @@
|
||||
# #-- doq_downstream.pre--#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
. ../common.sh
|
||||
if grep "define HAVE_NGTCP2 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi
|
||||
|
||||
if test -f $PRE/unbound_do_valgrind_in_test; then
|
||||
do_valgrind=yes
|
||||
else
|
||||
do_valgrind=no
|
||||
fi
|
||||
VALGRIND_FLAGS="--leak-check=full --show-leak-kinds=all"
|
||||
|
||||
get_random_port 2
|
||||
UNBOUND_PORT=$RND_PORT
|
||||
FWD_PORT=$(($RND_PORT + 1))
|
||||
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
|
||||
echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
|
||||
|
||||
# start forwarder
|
||||
get_ldns_testns
|
||||
$LDNS_TESTNS -p $FWD_PORT doq_downstream.testns >fwd.log 2>&1 &
|
||||
FWD_PID=$!
|
||||
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
|
||||
|
||||
# make config file
|
||||
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doq_downstream.conf > ub.conf
|
||||
# start unbound in the background
|
||||
if test $do_valgrind = "yes"; then
|
||||
valgrind $VALGRIND_FLAGS $PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 &
|
||||
else
|
||||
$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 &
|
||||
fi
|
||||
UNBOUND_PID=$!
|
||||
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
|
||||
|
||||
cat .tpkg.var.test
|
||||
wait_ldns_testns_up fwd.log
|
||||
wait_unbound_up unbound.log
|
||||
|
109
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.test
vendored
Normal file
109
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.test
vendored
Normal file
@ -0,0 +1,109 @@
|
||||
# #-- doq_downstream.test --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
. ../common.sh
|
||||
get_make
|
||||
(cd $PRE; $MAKE doqclient)
|
||||
|
||||
# test query from local-data, immediate like from cache
|
||||
echo "> query www.example.net."
|
||||
$PRE/doqclient -s 127.0.0.1 -p $UNBOUND_PORT www.example.net. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www.example.net" outfile | grep "1.2.3.4"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
echo "OK"
|
||||
|
||||
# test query that is resolved
|
||||
echo "> query www.example.com."
|
||||
$PRE/doqclient -s 127.0.0.1 -p $UNBOUND_PORT www.example.com. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www.example.com" outfile | grep "10.20.30.40"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
echo "OK"
|
||||
|
||||
# Perform the lock verify tests, stop the server first.
|
||||
kill_pid $UNBOUND_PID
|
||||
cat unbound.log
|
||||
# Remove pidfile so that the post script does not try to stop the server,
|
||||
# it is already stopped.
|
||||
rm -f unbound.pid
|
||||
if test -f ublocktrace-doqclient.0; then
|
||||
if $PRE/lock-verify ublocktrace-doqclient.* 2>&1; then
|
||||
echo "lock-verify test ublocktrace-doqclient worked."
|
||||
else
|
||||
echo "lock-verify test ublocktrace-doqclient failed."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
if test -f ublocktrace.0; then
|
||||
if $PRE/lock-verify ublocktrace.* 2>&1; then
|
||||
echo "lock-verify test ublocktrace worked."
|
||||
else
|
||||
echo "lock-verify test ublocktrace failed."
|
||||
exit 1
|
||||
fi
|
||||
if grep "lock error" unbound.log >/dev/null; then
|
||||
echo "lock error"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
# check valgrind output
|
||||
if test -f $PRE/unbound_do_valgrind_in_test; then
|
||||
if grep "All heap blocks were freed -- no leaks are possible" unbound.log; then
|
||||
: # clean
|
||||
else
|
||||
grep "^==" unbound.log
|
||||
echo "Memory leaked"
|
||||
grep "in use at exit" unbound.log
|
||||
exit 1
|
||||
fi
|
||||
if grep "ERROR SUMMARY: 0 errors from 0 contexts" unbound.log; then
|
||||
: # clean
|
||||
else
|
||||
grep "^==" unbound.log
|
||||
echo "Errors"
|
||||
grep "ERROR SUMMARY" unbound.log
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
exit 0
|
13
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.testns
vendored
Normal file
13
contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.testns
vendored
Normal file
@ -0,0 +1,13 @@
|
||||
; nameserver test file
|
||||
$ORIGIN example.com.
|
||||
$TTL 3600
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
REPLY QR AA NOERROR
|
||||
ADJUST copy_id
|
||||
SECTION QUESTION
|
||||
www IN A
|
||||
SECTION ANSWER
|
||||
www IN A 10.20.30.40
|
||||
ENTRY_END
|
15
contrib/unbound/testdata/doq_downstream.tdir/unbound_server.key
vendored
Normal file
15
contrib/unbound/testdata/doq_downstream.tdir/unbound_server.key
vendored
Normal file
@ -0,0 +1,15 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
|
||||
3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
|
||||
RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
|
||||
AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
|
||||
6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
|
||||
sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
|
||||
XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
|
||||
fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
|
||||
CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
|
||||
0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
|
||||
oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
|
||||
In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
|
||||
LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
|
||||
-----END RSA PRIVATE KEY-----
|
11
contrib/unbound/testdata/doq_downstream.tdir/unbound_server.pem
vendored
Normal file
11
contrib/unbound/testdata/doq_downstream.tdir/unbound_server.pem
vendored
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
|
||||
bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
|
||||
AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
|
||||
y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
|
||||
/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
|
||||
g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
|
||||
9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
|
||||
l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
|
||||
Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
|
||||
-----END CERTIFICATE-----
|
2236
contrib/unbound/testdata/iter_max_global_quota.rpl
vendored
Normal file
2236
contrib/unbound/testdata/iter_max_global_quota.rpl
vendored
Normal file
File diff suppressed because it is too large
Load Diff
188
contrib/unbound/testdata/iter_unverified_glue.rpl
vendored
Normal file
188
contrib/unbound/testdata/iter_unverified_glue.rpl
vendored
Normal file
@ -0,0 +1,188 @@
|
||||
; config options
|
||||
server:
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: no
|
||||
minimal-responses: no
|
||||
do-ip6: no
|
||||
harden-unverified-glue: yes
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test iterative resolve with lame hints.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR RA NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR RA NOERROR
|
||||
SECTION QUESTION
|
||||
a.gtld-servers.net. IN A
|
||||
SECTION AUTHORITY
|
||||
net. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
a.gtld-servers.net. IN A
|
||||
SECTION ANSWER
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
SECTION AUTHORITY
|
||||
net. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns1.examplesibling.com.
|
||||
SECTION ADDITIONAL
|
||||
ns1.examplesibling.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ns1.examplesibling.com. IN A
|
||||
SECTION ANSWER
|
||||
ns1.examplesibling.com. IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; stale ns1.examplesibling.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns1.examplesibling.com.
|
||||
SECTION ADDITIONAL
|
||||
ns1.examplesibling.com. IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns1.examplesibling.com.
|
||||
SECTION ADDITIONAL
|
||||
ns1.examplesibling.com. IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; actual ns1.examplesibling.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.5
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns1.examplesibling.com.
|
||||
SECTION ADDITIONAL
|
||||
ns1.examplesibling.com. IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.50
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns1.examplesibling.com.
|
||||
SECTION ADDITIONAL
|
||||
ns1.examplesibling.com. IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.50
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns1.examplesibling.com.
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
138
contrib/unbound/testdata/iter_unverified_glue_fallback.rpl
vendored
Normal file
138
contrib/unbound/testdata/iter_unverified_glue_fallback.rpl
vendored
Normal file
@ -0,0 +1,138 @@
|
||||
; config options
|
||||
server:
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: no
|
||||
minimal-responses: no
|
||||
do-ip6: no
|
||||
harden-unverified-glue: yes
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test iterative resolve with lame hints.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR RA NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR RA NOERROR
|
||||
SECTION QUESTION
|
||||
a.gtld-servers.net. IN A
|
||||
SECTION AUTHORITY
|
||||
net. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
a.gtld-servers.net. IN A
|
||||
SECTION ANSWER
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
SECTION AUTHORITY
|
||||
net. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns1.examplesibling.com.
|
||||
SECTION ADDITIONAL
|
||||
ns1.examplesibling.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NXDOMAIN
|
||||
SECTION QUESTION
|
||||
ns1.examplesibling.com. IN A
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; stale ns1.examplesibling.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
643
contrib/unbound/testdata/rpz_val_block.rpl
vendored
Normal file
643
contrib/unbound/testdata/rpz_val_block.rpl
vendored
Normal file
@ -0,0 +1,643 @@
|
||||
; config options
|
||||
server:
|
||||
module-config: "respip validator iterator"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: no
|
||||
trust-anchor: "org. DS 1444 8 2 5224fb17d630a2e3efdc863a05a4032c5db415b5de3f32472ee9abed42e10146"
|
||||
val-override-date: "20070916134226"
|
||||
trust-anchor-signaling: no
|
||||
log-servfail: yes
|
||||
val-log-level: 2
|
||||
ede: yes
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
|
||||
rpz:
|
||||
name: "rpz.example.com."
|
||||
rpz-log: yes
|
||||
rpz-log-name: "rpz.example.com"
|
||||
zonefile:
|
||||
TEMPFILE_NAME rpz.example.com
|
||||
TEMPFILE_CONTENTS rpz.example.com
|
||||
$ORIGIN example.com.
|
||||
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
|
||||
1379078166 28800 7200 604800 7200 )
|
||||
3600 IN NS ns1.rpz.example.com.
|
||||
3600 IN NS ns2.rpz.example.com.
|
||||
$ORIGIN rpz.example.com.
|
||||
foo.org CNAME .
|
||||
foo2.org CNAME .
|
||||
foo3.org CNAME .
|
||||
bok.foo4.org A 4.0.5.5
|
||||
www.foo5.org CNAME alt.foo5.org.
|
||||
TEMPFILE_END
|
||||
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test RPZ with validator handles blocked zone.
|
||||
; The DNSKEY and DS lookups are stopped.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
org. IN NS
|
||||
SECTION AUTHORITY
|
||||
org. IN NS ns1.servers.org.
|
||||
SECTION ADDITIONAL
|
||||
ns1.servers.org. IN A 1.2.3.51
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION AUTHORITY
|
||||
com. IN NS ns1.servers.com.
|
||||
SECTION ADDITIONAL
|
||||
ns1.servers.com. IN A 1.2.3.52
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns1.servers.org for .org
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 1.2.3.51
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
org. IN NS
|
||||
SECTION ANSWER
|
||||
org. 3600 IN NS ns1.servers.org.
|
||||
org. 3600 IN RRSIG NS 8 1 3600 20070926134150 20070829134150 1444 org. arkVLr3b2Ip4bkWpjPTywYWzoVqay11KLB+ZygfoIWtq7mKW20SjRGI+AzIviHHWPv8iibzA8nwcTehuSmqIuRTmZXYj58hpi/AxrqqzJNiwE60swi1dKn3ti0SZKZaLMRnxrrAv7yu3PR6zGt7CD7gJgxfMfQMc6QryQJQbiyM=
|
||||
SECTION ADDITIONAL
|
||||
ns1.servers.org. 3600 IN A 1.2.3.51
|
||||
ns1.servers.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1444 org. k+9JSbFm5GWSzEbVckC9bVXvzQYwbLvMbHMYmL5tIjt8RMhVhbkyqu+XER5m8xUFL0nrUqJ8ad6SKI9X/8FYGk1iSegpAjIh4bHGzea7vvM7CWw0HfTmmwDhS569IvUfxHyjH4TjSVlM1x9o/d8NGSLAa7h34b0s+NXLEEjNNbI=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
org. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
org. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
|
||||
org. 3600 IN RRSIG DNSKEY 8 1 3600 20070926134150 20070829134150 1444 org. pJVKrXD3veTg0qOB2PSQAWdeTEyFFzSbMHJ2F9J9WyxVuMMIDj119aJrkHtkXTmLT7wdOd9RZxDfG0A1H30lQeQdvaJoymaVUgWLXfiwIAYg+4Uk7vZrP7UzHJO2BgDnGdf42h2vgBoboyP9szNMHTGGQdpUk7VkhtE6djonzwg=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
foo.org. IN NS
|
||||
SECTION AUTHORITY
|
||||
foo.org. 3600 IN DS 29332 8 2 d38b124648bd7e32033a7fe9fd94ceab56e971ea9e61b3365566ccc028c15c98
|
||||
foo.org. 3600 IN RRSIG DS 8 2 3600 20070926134150 20070829134150 1444 org. BE2cR03ecUYk/nRsJNMcNfsOWnSoOfkwx4zmF9eEqwoRn/i5QzsrRBEUdorfBsFjpdKqB2R6jSu53CTQAGv392w8AE0cRANPBxcDUiWaRyFZ7CaqspKorPijOJCKEtgztEfFgC9YXab3xvRkJVUZzZRJ4nCrpmNIGzvmf7LlCTg=
|
||||
foo.org. IN NS ns.foo.org.
|
||||
SECTION ADDITIONAL
|
||||
ns.foo.org. IN A 1.2.3.53
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
foo2.org. IN NS
|
||||
SECTION AUTHORITY
|
||||
foo2.org. 3600 IN NSEC foo3.org. NS RRSIG NSEC
|
||||
foo2.org. 3600 IN RRSIG NSEC 8 2 3600 20070926134150 20070829134150 1444 org. RfkRfmLeyLYtdDKrLBaXTk/KXTkUn9/4dMZtm3Kl5k5oa9/LkbPmnPb0z+zZ/3aBBKZu0QIevS7w++fdYWfIQiK+DIgG9hhp+lNxakLKp4M5SiWuh+zlTjwbRzlf4abWe/c/FR4bjesgObUdLnaIoM4h3aQUS1KsjyGFmLOCUGM=
|
||||
foo2.org. IN NS ns.foo2.org.
|
||||
SECTION ADDITIONAL
|
||||
ns.foo2.org. IN A 1.2.3.54
|
||||
ENTRY_END
|
||||
|
||||
; for this entry the org zone is suddenly resigned with NSEC3.
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
foo3.org. IN NS
|
||||
SECTION AUTHORITY
|
||||
; org. NSEC3PARAM 1 0 0 -
|
||||
; org. -> mvnq25j8mo8ge527pikocn5rl72s2o0s.
|
||||
; foo3.org. -> n3dm0vverfek5tl6klsp0k0gduj0gk92.
|
||||
mvnq25j8mo8ge527pikocn5rl72s2o0s.org. IN NSEC3 1 0 0 - mvnq25j8mo8ge527pikocn5rl72s2o0t NS SOA RRSIG DNSKEY
|
||||
mvnq25j8mo8ge527pikocn5rl72s2o0s.org. 3600 IN RRSIG NSEC3 8 2 3600 20070926134150 20070829134150 1444 org. MBmDCmjCeXShkwoDI/I04KK7w33FkNs7vci+SKoR5uWS24E3yt2AVgfkwFkKh42+MgqZnBUJEdRPOfATc80XDwxDhdymB3Ff4W1KAVFpJAkU42ii3bdiyYr+YPWVWdCYG2EfSpLcJiD6E21mW2DNRR7Lj9/W89WmndeUEgpjALA=
|
||||
n3dm0vverfek5tl6klsp0k0gduj0gk91.org. IN NSEC3 1 0 0 - n3dm0vverfek5tl6klsp0k0gduj0gk93 NS DS RRSIG
|
||||
n3dm0vverfek5tl6klsp0k0gduj0gk91.org. 3600 IN RRSIG NSEC3 8 2 3600 20070926134150 20070829134150 1444 org. H5aeeVc6k8fTSwUYDA9BW4ScHazb2b3NfvdQwRbKYj97tlJnJa+cojgOnyvP3qW9YoqO0aRT8rzUjFPJajOIRoS/6XVWCZ3ymDNQIi8oW6vT8qQYA2ldmoWDvFK9fHSgiwqJzQiKXtNGdqTfj2HEyVKVbFTv/Cgxh5jLcB6r9jM=
|
||||
foo3.org. IN NS ns.foo3.org.
|
||||
SECTION ADDITIONAL
|
||||
ns.foo3.org. IN A 1.2.3.55
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
foo4.org. IN NS
|
||||
SECTION AUTHORITY
|
||||
foo4.org. 3600 IN DS 55567 8 2 db658962fbd0a03e81f1a68c33bb53eef3bc30e980040cb476fb191b24dfdd5a
|
||||
foo4.org. 3600 IN RRSIG DS 8 2 3600 20070926134150 20070829134150 1444 org. kO2d+9du+9y0HcAUq056qnqBoXLwT+/EN82lEocJjCE7lx9qxv4YpwfNd1Sr3J9lwvZbfEm5uRPmSwtrythlI4+qmlsEWE90mfUntH+JqlXj7t2E514AZ/SZPSUd6h6AKPlB/DIhHuI/fAEKB+S263NnvVMccaHh8ScJMsY9nGI=
|
||||
foo4.org. IN NS ns.foo4.org.
|
||||
SECTION ADDITIONAL
|
||||
ns.foo4.org. IN A 1.2.3.56
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
foo5.org. IN NS
|
||||
SECTION AUTHORITY
|
||||
foo5.org. 3600 IN DS 55567 8 2 4046e908302813cad9b4448cd4c243be118b7c18f8414b820bce0a1eab6f6889
|
||||
foo5.org. 3600 IN RRSIG DS 8 2 3600 20070926134150 20070829134150 1444 org. e0+FRSrwoSeQxd35dcvsEFGQIO9nz+H6p52LAwPDUTOSwFcbR+q+x4OKX+eG8dbFXK7MGztdGdpPji95HzlezXRTt/66sXqYeDM61NezxVM6N/OjPIOL3VTGeyG4nvDj4ycvBbgjJqdhmev6aWYmTQwFa0+6Nxrlsldrl5/chW4=
|
||||
foo5.org. IN NS ns.foo5.org.
|
||||
SECTION ADDITIONAL
|
||||
ns.foo5.org. IN A 1.2.3.57
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns1.servers.com for .com
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 1.2.3.52
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS ns1.servers.com.
|
||||
SECTION ADDITIONAL
|
||||
ns1.servers.com. IN A 1.2.3.52
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo.com. IN TXT
|
||||
SECTION ANSWER
|
||||
foo.com. IN CNAME www.foo.org.
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo2.com. IN TXT
|
||||
SECTION ANSWER
|
||||
foo2.com. IN CNAME www.foo2.org.
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo4.com. IN A
|
||||
SECTION ANSWER
|
||||
foo4.com. IN CNAME www.foo4.org.
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo5.com. IN A
|
||||
SECTION ANSWER
|
||||
foo5.com. IN CNAME www.foo5.org.
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.foo.org for foo.org
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 1.2.3.53
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo.org. IN NS
|
||||
SECTION ANSWER
|
||||
foo.org. 3600 IN NS ns.foo.org.
|
||||
foo.org. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 29332 foo.org. WfSshqIf/LdScUjw5uyB10t3yoF36aOc+lkhTQsAiR7gat14Un+F1s8bQiG3gU8mnMirsu7M1aMBeQlbJncFhLu4av6ZkkI5L/qvojBAL0AF7Rj0gUWKbMc2NsAeAKY8ySzDXqF7ol9YEskHWW35aL+r5DB91u4joZVsANSqeAfLWAhm47hDGlWgzQ1us72dWOPxPqNBG0sx48xaFxiZJjowXVs/zbRQ1TyIFPeKztayc6HL2gaOPPUoOuHp/AEecySqjamXI28mqBBs8MGJoArFaJ05wIuWEdOzsfc+BcYnmuCaTVgEHUvZMbNvi2CYCY4l0jcl1UD7i4FzPhC4jQ==
|
||||
SECTION ADDITIONAL
|
||||
ns.foo.org. 3600 IN A 1.2.3.53
|
||||
ns.foo.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 29332 foo.org. pScBuh9fyXazJLV4yPGQsDKAnNgAGe5G5712sQ46V9CA4Rv+STTI9p6JDyqu1EWVJupLwbL7dqqypSwcSy8CpCO1nH/n/yBnT/9txduEpzvr4OtVJnRZS1LMMlpb4NrT+QPpzxXZH5Zlc+Axevbxj7FVeFIAUq9Fh2+yO6lYXffIy9BW85VOZa1S08/O/2ZyZwPh6pdxB7HRGe/KuD86TMjfjVsveYL4w7UFC+wk1XGQA+zuXOIm+9MQC+UzM/cVR38nW/7Oj1hY2iAgvevFrT75tesf+H927uaHaPrWqSVJLPRIfm4O5wT5K1bgvfYDSlpU/YLf7vaCtJ+kKSOpJw==
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo.org. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
foo.org. 3600 IN DNSKEY 257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b}
|
||||
foo.org. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 29332 foo.org. qlZQpZG+prXK6vsd+zObdHj8DbPBCpjB16B7UgTwsgmVxGRX9nSBnkqUqcIrnszJMHvEwu7VPWjegPX3E8LESgz2Slepa5T8hWmcoega2vWakIzIRNtDxH9PXDy804Dmduk/fxBzMlbbFLfsSrG5+cK5PhingjjxNbEuG3V124xTjFUGHKu4NM6kMfPcHOwjTTQLt6azJ10i6CeyaUXCSYz5xGE7Z4PSLYAstlLsM64EtLTGQHAZIEr2Dq6C23u23sRrj/0qcMFo0Nv8E3rjnkfJIo+RYuqqAznFsLMqfveX42ElWBl5YVLQHSo+kFbXcvgX7gzL8X9u4Z6MJ9zUkw==
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo.org. IN TXT
|
||||
SECTION ANSWER
|
||||
foo.org. 3600 IN TXT "a.b.c."
|
||||
foo.org. 3600 IN RRSIG TXT 8 2 3600 20070926134150 20070829134150 29332 foo.org. UW/T+M0crcfzQ6PVM/0o1ZtXF2o26VTm/V/9/+F873aQnDwfRLH+tzYSC+yfWZ/0niuif6fv9FYWisE8CyAIIMZ8mrxM7M4JgEZ0/vFOC2sN0qnmqSoZoZaeOEjJIAS6F2om+L6AAFtAH2Khbm0wkHc0jBWj3vK8HoXO38iLe1pPnuBK6BhE2+tyDIcUCoABFrycT0E5NBKFERQL+CzYMEzMUS/joSeWloFw1AB1X9Z94ezgmD+g2MnbW78DR6TRZXGD4DWXuxYNswRnfp4VENSOsSbhX9ixtuxwGn1fhiZeTxN84zE/ERiLK59Yo1bQ3TFjOY0cCvj+c2NulTAr9w==
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.foo.org. IN TXT
|
||||
SECTION ANSWER
|
||||
www.foo.org. 3600 IN TXT "a.b.d."
|
||||
www.foo.org. 3600 IN RRSIG TXT 8 3 3600 20070926134150 20070829134150 29332 foo.org. EjFHdpJdlFFLDWabiMsMzUPE1+brzq/0ecRG39bpPuU/6MW4HCQs4rlLlZNmmJP/vj+kLTGfguSrKyLQt8n9Tf1fKbvD6NUOIOwiVUOE4kb54JghbiBhWeCnRLmUQwi7DKy0UEw8niX3SY6WwJxO/e7+leQJY7Gpg3S00vKskTAjnKeDYiHcrO69Dpyc0l/qtR1Bb98xcs4vMsh6//BBklSlPTMKBcu2uK6sK7G2ZR1lOtShoginq5UHa+EZWR6Pxn8pLkfQGOXTjGq5WaTeEdcinBlvXYBGhAPKWXHwcEtEjClkWi1ZXOnSgwHu9dRxgSk/jcfSmjBFzw2bycq2Lg==
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.foo2.org for foo2.org
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 1.2.3.54
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo2.org. IN NS
|
||||
SECTION ANSWER
|
||||
foo2.org. IN NS ns.foo2.org.
|
||||
SECTION ADDITIONAL
|
||||
ns.foo2.org. IN A 1.2.3.54
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.foo2.org. IN TXT
|
||||
SECTION ANSWER
|
||||
www.foo2.org. IN TXT "a.b.e."
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.foo3.org for foo3.org
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 1.2.3.55
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo3.org. IN NS
|
||||
SECTION ANSWER
|
||||
foo3.org. IN NS ns.foo3.org.
|
||||
SECTION ADDITIONAL
|
||||
ns.foo3.org. IN A 1.2.3.55
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.foo3.org. IN A
|
||||
SECTION ANSWER
|
||||
ns.foo3.org. IN A 1.2.3.55
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.foo3.org. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
foo3.org. IN SOA ns.foo3.org. host.foo3.org. 2007090422 3600 300 604800 3600
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.foo3.org. IN TXT
|
||||
SECTION ANSWER
|
||||
www.foo3.org. IN TXT "a.b.f."
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www2.foo3.org. IN TXT
|
||||
SECTION ANSWER
|
||||
www2.foo3.org. IN TXT "a.b.g."
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.foo4.org for foo4.org
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 1.2.3.56
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo4.org. IN NS
|
||||
SECTION ANSWER
|
||||
foo4.org. 3600 IN NS ns.foo4.org.
|
||||
foo4.org. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55567 foo4.org. FXwXqJ8EW2XZDzHiMSiqiUpkk6tHGsJdlH1pfuOO6yPsmAmg6sSnyE9UsIDeW1bGwanYxbZGiD4YR9ED/NzdlMUrCI0fs4c0fa0yJjcF5WY0yZCL9OZbyn/dPIcqZ3D6UWjVVMW6EhZSPqzuz5gWYEiXkBDEc1s2BEjIYSwZo4g=
|
||||
SECTION ADDITIONAL
|
||||
ns.foo4.org. 3600 IN A 1.2.3.56
|
||||
ns.foo4.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo4.org. MgKROh4mE6pUyp0ik2CHTZuf7n9M4WaDvTLdI9qb+AvvpJJiwA1+7/v004A3PADvohsUytQttldYKwK6J9+c8R48lpieT+e/WzeyoCM1ieFhbP73By32Bl/akH+8cOUxfqqLD8Y+1z/oKV55LyqKP0H0DCb6vfYtSxWAYQym9PQ=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo4.org. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
foo4.org. IN DNSKEY 257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b}
|
||||
foo4.org. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 55567 foo4.org. Hy1tP0xBPp23e+w2YJ49e09e8AB9hLDP3ksWI/8ujNFK51Kuwo8HBx4R6zbcuOELlqWxr6IQU2w6AwB6UqClS88mc2sIgeEbw7Nm+nCDWPSPklPP4qa9pdXFh2M4txF4NxymrgRABjTTJiXK4oeWtFBNKkUu0hf6RGb9OJmdzF0=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.foo4.org. IN A
|
||||
SECTION ANSWER
|
||||
www.foo4.org. 3600 IN CNAME bok.foo4.org.
|
||||
www.foo4.org. 3600 IN RRSIG CNAME 8 3 3600 20070926134150 20070829134150 55567 foo4.org. ZRY/v7TPmkuKVNB739kTMiqPh84jtDO01hx2EtuPI2YwG4EnhWFV0fuz86FDMPKUD17MXRHKsi0+RUopqGUEbuZ7G9MzUFtuuTnVD8f9lNJVp2AfE2RAr1le8zZpdSvlmB1Y07HsrFPxxZAPYdBC2IY3VcpI0xaT1nHGsSpcoXc=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
bok.foo4.org. IN A
|
||||
SECTION ANSWER
|
||||
bok.foo4.org. 3600 IN A 1.2.3.4
|
||||
bok.foo4.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo4.org. xDPRNYlwWTxfQaX6kKHbYeKC/ro/U1TAQzEexUoQb/GDpx1zB1oqvYBuauivIjHyKwjrGg7f9WHyyzMxSby0G62hJLPoMJMLscLce17mwkWcG2AuojBiDwLBr5QXvJXhvT21LpOFt8xplLZuzNRyw4EsUau0ecd2nQ/5vtIz5aU=
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.foo5.org for foo5.org
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 1.2.3.57
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo5.org. IN NS
|
||||
SECTION ANSWER
|
||||
foo5.org. 3600 IN NS ns.foo5.org.
|
||||
foo5.org. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55567 foo5.org. Zv/zSvsLucTxX2LL+i4IZfFw/D/5HvzNKmRcohBjmP2W+F53KddGJpRHb2FPqcBzKhvjL/Awf0x1mhHUUBCSQcHA3FZQ9q2kfXK4pzg4XbI03U/hsY5b/1M8SC/DfGE+4jN59QadXZ6N4ouV4Ka9sqRfqXiQFED1Rz9WuMyHfXY=
|
||||
SECTION ADDITIONAL
|
||||
ns.foo5.org. 3600 IN A 1.2.3.57
|
||||
ns.foo5.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. TcHl2qjwwcfoM1kJ+rwje/VRmPJT62RvJvjHwri5NqJopKp9tcaKz1dYByTlhbGbB0tGihWPa271ja3s31dHuOlZsuWd8hdMr7Hq/COpyn7iVOoeU8bLRtkvReLyiD3Ju9IMmzLMyWCGNNzpuZrEBfbBwTC4ali5iL4OgPjMdhc=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo5.org. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
foo5.org. IN DNSKEY 257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b}
|
||||
foo5.org. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 55567 foo5.org. wq5nET6vQal5aXvNr6lhUI5VzGJNM52k9RVdNsntiN25GehtBKF/+O2OhrD4YoLCIkMM4dzSSlO/nbbtx/8V8Y5LlA5Kxx3DU+QWpn4iwJg01VwXhJaw8KqK20bUS+PbkG+ZwAqVD1veAdtKR7lfYI35XZojZQ1ReSMWb/vLv4s=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.foo5.org. IN A
|
||||
SECTION ANSWER
|
||||
www.foo5.org. 3600 IN CNAME bok.foo5.org.
|
||||
www.foo5.org. 3600 IN RRSIG CNAME 8 3 3600 20070926134150 20070829134150 55567 foo5.org. L/KOVafKFY401Y2k3J+QjkX0XcBTsMperFyhKfTmyQYY3lI5shvdJT0UGu6ogZ9cCWM+tLNyVr804+dfK6QL/wdYOx9hkK/fiePUhAU6lzepJBdg7wotw560Eu6J7UhhtopHKrWa5ElQFG1UFR/qjcx/m4Ms6BgCWh8yWy20N1E=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
alt.foo5.org. IN A
|
||||
SECTION ANSWER
|
||||
alt.foo5.org. 3600 IN A 4.0.5.6
|
||||
alt.foo5.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. vG+qffAmazC38iBE2QsZq5kFxNW5Mo+65epMjAA/06syLzjOKkfh8dbe++jQqvwqCqrIBb56miVFDCW1VEYOdh8vReptt9KtbQjXXMfRF39V3ccvbhEfP1xMG8Z8B7tkIBtLvfCNrsfYaccvYgq+gkPeeL1JEiK3ntOukJUbapM=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
bok.foo5.org. IN A
|
||||
SECTION ANSWER
|
||||
bok.foo5.org. 3600 IN A 1.2.3.4
|
||||
bok.foo5.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. rlBgWgq0R4yT+bK0CyuZfFJ36dCsZnpvc9/7tShcMAzDPDu4+hgbXuyMWcsnsZjX3ZfR0a4wRwOwH86ZNLLxdkXNO1/bSDq+IsLyXesoVBDmcNvtdq5PgupCNW5I/cBP4tK0DCytXDLRFtU7LOxdgPps4dFANhHU6Q6LboqW4t8=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
alt.foo5.org. IN DS
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
foo5.org. 3600 IN SOA ns.foo5.org. host.foo5.org. 2007090422 3600 300 604800 3600
|
||||
foo5.org. 3600 IN RRSIG SOA 8 2 3600 20070926134150 20070829134150 55567 foo5.org. cHo00Jg0OI9sRaQV9t6WMybhkRwG6UFx6gEq87HOeOm2gPSbXFjIImyH6l1u8MPdXj8kYcGsUotWUEPuBTfA88bGb/lKfbu4aMD9GaqjB9oZF1iOCf7IdkXqHg/0iZNHOXbUNyNlCJgjkrVdZysJ1D1tAx7qmJgmzsJHerDuQzA=
|
||||
alt.foo5.org. 3600 IN NSEC alt2.foo5.org. A RRSIG NSEC
|
||||
alt.foo5.org. 3600 IN RRSIG NSEC 8 3 3600 20070926134150 20070829134150 55567 foo5.org. fgOxxCj+ZnRWyfVFlNCS/9UDg4n8+JaSmMjQzsqUoXk5Db9fMzOd3ScYqVxweXC/ER6Ly+XHz9RFVsAOA4I67eWGL6YJ5sA/MUJd3tB4Dk3xp0ycHH0ARvys9YedG9PLUvBY9B5qT/nhrw2N9yRtkq04z6DhjLh3uC0UJKsSiVc=
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; Test query
|
||||
STEP 10 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
foo.org. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
; It is blocked
|
||||
STEP 11 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA AA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
foo.org. IN TXT
|
||||
SECTION ANSWER
|
||||
ENTRY_END
|
||||
|
||||
; The foo2.org domain has no DS with NSEC. The queries for foo2.org DS and
|
||||
; DNSKEY are blocked.
|
||||
STEP 20 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.foo2.org. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
STEP 21 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.foo2.org. IN TXT
|
||||
SECTION ANSWER
|
||||
www.foo2.org. IN TXT "a.b.e."
|
||||
ENTRY_END
|
||||
|
||||
; The foo3.org domain has no DS with NSEC3. The queries for foo3.org DS and
|
||||
; DNSKEY are blocked. Because it is nsec3, there is no negative cache entry,
|
||||
; and a type DS query is made, that is then blocked.
|
||||
STEP 30 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.foo3.org. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
STEP 31 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.foo3.org. IN TXT
|
||||
SECTION ANSWER
|
||||
www.foo3.org. IN TXT "a.b.f."
|
||||
ENTRY_END
|
||||
|
||||
; This query would use a validation failure for foo3.org from the key cache,
|
||||
; if it previously failed.
|
||||
STEP 32 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www2.foo3.org. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
STEP 33 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www2.foo3.org. IN TXT
|
||||
SECTION ANSWER
|
||||
www2.foo3.org. IN TXT "a.b.g."
|
||||
ENTRY_END
|
||||
|
||||
; This query has a CNAME to www.foo.org. It is signed, but foo.org is blocked,
|
||||
; for DS and DNSKEY queries. There is a DS, but the DNSKEY query is blocked.
|
||||
STEP 40 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
foo.com. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
STEP 41 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
foo.com. IN TXT
|
||||
SECTION ANSWER
|
||||
foo.com. IN CNAME www.foo.org.
|
||||
www.foo.org. 3600 IN TXT "a.b.d."
|
||||
ENTRY_END
|
||||
|
||||
; The foo4.com query has a CNAME to a validly signed domain www.foo4.org,
|
||||
; that has a cname to bok.foo4.org. The bok.foo4.org name is RPZ filtered,
|
||||
; with a new A record in the response, that is not signed, from RPZ.
|
||||
STEP 50 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
foo4.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 51 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA AA NOERROR
|
||||
SECTION QUESTION
|
||||
foo4.com. IN A
|
||||
SECTION ANSWER
|
||||
foo4.com. IN CNAME www.foo4.org.
|
||||
www.foo4.org. IN CNAME bok.foo4.org.
|
||||
bok.foo4.org IN A 4.0.5.5
|
||||
ENTRY_END
|
||||
|
||||
; The foo5.com query has a CNAME to a signed domain www.foo5.org,
|
||||
; the www.foo5.org is filtered by RPZ with a different CNAME to another,
|
||||
; DNSSEC signed A record, alt.foo5.org, instead of bok.foo5.org.
|
||||
STEP 60 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
foo5.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 61 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
foo5.com. IN A
|
||||
SECTION ANSWER
|
||||
foo5.com. IN CNAME www.foo5.org.
|
||||
www.foo5.org. IN CNAME alt.foo5.org.
|
||||
alt.foo5.org IN A 4.0.5.6
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
@ -38,7 +38,7 @@ RANGE_BEGIN 0 20
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 30 100
|
||||
RANGE_BEGIN 40 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
|
@ -15,7 +15,7 @@ stub-zone:
|
||||
stub-addr: 1.2.3.4
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply
|
||||
SCENARIO_BEGIN Test serve-expired without client-timeout and a SERVFAIL upstream reply
|
||||
; Scenario overview:
|
||||
; - query for example.com. IN A
|
||||
; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
|
||||
|
317
contrib/unbound/testdata/serve_expired_client_timeout_val_bogus.rpl
vendored
Normal file
317
contrib/unbound/testdata/serve_expired_client_timeout_val_bogus.rpl
vendored
Normal file
@ -0,0 +1,317 @@
|
||||
; config options
|
||||
; The island of trust is at example.com
|
||||
server:
|
||||
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
|
||||
val-override-date: "20070916134226"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: "no"
|
||||
fake-sha1: yes
|
||||
trust-anchor-signaling: no
|
||||
minimal-responses: no
|
||||
|
||||
serve-expired: yes
|
||||
serve-expired-client-timeout: 1
|
||||
serve-expired-reply-ttl: 123
|
||||
ede: yes
|
||||
ede-serve-expired: yes
|
||||
|
||||
# No need for AAAA nameserver queries
|
||||
do-ip6: no
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test serve-expired with client-timeout and bogus answer
|
||||
; Scenario overview:
|
||||
; - query for www.example.com. IN A
|
||||
; - check the answer
|
||||
; - wait for the record to expire
|
||||
; - (upstream now has a bogus response)
|
||||
; - query again for www.example.com. IN A
|
||||
; - check that we get the expired valid response instead
|
||||
; - query once more
|
||||
; - (upstream has the valid response again)
|
||||
; - check that we get the immediate expired valid response
|
||||
; - (the prefetch query updates the cache with the valid response)
|
||||
; - query one last time
|
||||
; - check that we get the immediate valid cache response; upstream does not have an answer at this moment
|
||||
|
||||
;;
|
||||
;; K.ROOT-SERVERS.NET.
|
||||
;;
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; a.gtld-servers.net.
|
||||
;;
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns.example.com. with generic valid data
|
||||
;;
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
|
||||
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns.example.com with valid data
|
||||
;;
|
||||
RANGE_BEGIN 0 10
|
||||
ADDRESS 1.2.3.4
|
||||
; response to query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns.example.com. with bogus data
|
||||
;;
|
||||
RANGE_BEGIN 20 30
|
||||
ADDRESS 1.2.3.4
|
||||
; response to query of interest (bogus answer)
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
;; (valid signature)
|
||||
;; www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
;; (bogus signature)
|
||||
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com.
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns.example.com. with valid data again
|
||||
;;
|
||||
RANGE_BEGIN 40 60
|
||||
ADDRESS 1.2.3.4
|
||||
; response to query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
STEP 11 TIME_PASSES ELAPSE 3601
|
||||
|
||||
STEP 20 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; expired answer because upstream is bogus
|
||||
STEP 30 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl ede=3
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 123 IN A 10.20.30.40
|
||||
www.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. 123 IN NS ns.example.com.
|
||||
example.com. 123 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 123 IN A 1.2.3.4
|
||||
ns.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
STEP 40 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; immediate cached answer because upstream is valid again
|
||||
STEP 50 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl ede=3
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 123 IN A 10.20.30.40
|
||||
www.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. 123 IN NS ns.example.com.
|
||||
example.com. 123 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 123 IN A 1.2.3.4
|
||||
ns.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
; upstream query is resolved before this query comes in
|
||||
STEP 60 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; prefetch query updated the cache, since there is no upstream response in this range
|
||||
STEP 70 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
247
contrib/unbound/testdata/serve_expired_client_timeout_val_insecure_delegation.rpl
vendored
Normal file
247
contrib/unbound/testdata/serve_expired_client_timeout_val_insecure_delegation.rpl
vendored
Normal file
@ -0,0 +1,247 @@
|
||||
; config options
|
||||
server:
|
||||
trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
|
||||
val-override-date: "20120420235959"
|
||||
val-max-restart: 0
|
||||
outbound-msg-retry: 0
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: "no"
|
||||
fake-sha1: yes
|
||||
trust-anchor-signaling: no
|
||||
minimal-responses: no
|
||||
rrset-roundrobin: no
|
||||
|
||||
serve-expired: yes
|
||||
serve-expired-client-timeout: 1
|
||||
serve-expired-reply-ttl: 123
|
||||
ede: yes
|
||||
ede-serve-expired: yes
|
||||
|
||||
# No need for AAAA nameserver queries
|
||||
do-ip6: no
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test serve-expired with client-timeout and failed DNSSEC parent of insecure zone
|
||||
; Scenario overview:
|
||||
; - query for mc.c.example. IN MX
|
||||
; - check the answer
|
||||
; - wait for all the records to expire
|
||||
; - (example. now has a bogus DNSKEY response)
|
||||
; - query again for mc.c.example. IN MX
|
||||
; - (validator fails priming the trust anchor because of the bogus DNSKEY)
|
||||
; - check that we get the expired insecure response instead
|
||||
|
||||
;;
|
||||
;; K.ROOT-SERVERS.NET.
|
||||
;;
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN A
|
||||
SECTION AUTHORITY
|
||||
example. IN NS ns1.example.
|
||||
SECTION ADDITIONAL
|
||||
ns1.example. IN A 192.0.2.1
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns1.example. generic data
|
||||
;;
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.0.2.1
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR REFUSED
|
||||
SECTION QUESTION
|
||||
example. IN NS
|
||||
SECTION ANSWER
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ns1.example. IN A
|
||||
SECTION ANSWER
|
||||
ns1.example. IN A 192.0.2.1
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA DO NOERROR
|
||||
SECTION QUESTION
|
||||
mc.c.example. IN MX
|
||||
SECTION AUTHORITY
|
||||
;; NSEC3 RR that covers the "next closer" name (c.example)
|
||||
;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
|
||||
35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
|
||||
35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
|
||||
;; NSEC3 RR that matches the closest encloser (example)
|
||||
;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
|
||||
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
|
||||
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
|
||||
c.example. NS ns1.c.example.
|
||||
SECTION ADDITIONAL
|
||||
ns1.c.example. A 192.0.2.7
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA DO NOERROR
|
||||
SECTION QUESTION
|
||||
c.example. IN DS
|
||||
SECTION AUTHORITY
|
||||
;; NSEC3 RR that covers the "next closer" name (c.example)
|
||||
;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
|
||||
35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
|
||||
35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
|
||||
;; NSEC3 RR that matches the closest encloser (example)
|
||||
;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
|
||||
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
|
||||
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns1.example. with valid DNSKEY data
|
||||
;;
|
||||
RANGE_BEGIN 0 20
|
||||
ADDRESS 192.0.2.1
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
|
||||
example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
|
||||
example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns1.example. with bogus DNSKEY data
|
||||
;;
|
||||
RANGE_BEGIN 30 40
|
||||
ADDRESS 192.0.2.1
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
|
||||
example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
|
||||
;; (bogus signature)
|
||||
example. RRSIG DNSKEY 7 1 3600 20150420235959 20051021000000 12708 example.
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns1.c.example.
|
||||
;;
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.0.2.7
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
c.example. IN NS
|
||||
SECTION ANSWER
|
||||
c.example. NS ns1.c.example.
|
||||
SECTION ADDITIONAL
|
||||
ns1.c.example. A 192.0.2.7
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
mc.c.example. IN MX
|
||||
SECTION ANSWER
|
||||
mc.c.example. IN MX 50 mx.c.example.
|
||||
SECTION AUTHORITY
|
||||
c.example. NS ns1.c.example.
|
||||
SECTION ADDITIONAL
|
||||
ns1.c.example. A 192.0.2.7
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
|
||||
STEP 0 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
mc.c.example. IN MX
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA DO NOERROR
|
||||
SECTION QUESTION
|
||||
mc.c.example. IN MX
|
||||
SECTION ANSWER
|
||||
mc.c.example. IN MX 50 mx.c.example.
|
||||
SECTION AUTHORITY
|
||||
c.example. NS ns1.c.example.
|
||||
SECTION ADDITIONAL
|
||||
ns1.c.example. A 192.0.2.7
|
||||
ENTRY_END
|
||||
|
||||
STEP 20 TIME_PASSES ELAPSE 3601
|
||||
|
||||
STEP 30 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
mc.c.example. IN MX
|
||||
ENTRY_END
|
||||
|
||||
STEP 40 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl ede=3
|
||||
REPLY QR RD RA DO NOERROR
|
||||
SECTION QUESTION
|
||||
mc.c.example. IN MX
|
||||
SECTION ANSWER
|
||||
mc.c.example. 123 IN MX 50 mx.c.example.
|
||||
SECTION AUTHORITY
|
||||
c.example. 123 NS ns1.c.example.
|
||||
SECTION ADDITIONAL
|
||||
ns1.c.example. 123 A 192.0.2.7
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
102
contrib/unbound/testdata/serve_expired_ttl_reset.rpl
vendored
Normal file
102
contrib/unbound/testdata/serve_expired_ttl_reset.rpl
vendored
Normal file
@ -0,0 +1,102 @@
|
||||
; config options go here.
|
||||
server:
|
||||
serve-expired: yes
|
||||
serve-expired-ttl: 1
|
||||
serve-expired-ttl-reset: yes
|
||||
serve-expired-reply-ttl: 123
|
||||
ede: yes
|
||||
ede-serve-expired: yes
|
||||
forward-zone: name: "." forward-addr: 216.0.0.1
|
||||
CONFIG_END
|
||||
SCENARIO_BEGIN Serve expired ttl with reset on forwarder with a timeout on upstream query
|
||||
; Scenario overview:
|
||||
; - Send query
|
||||
; - Get reply
|
||||
; - Wait for it to expire (+ serve-expired-ttl)
|
||||
; - Send query again
|
||||
; - Upstream timeouts
|
||||
; - Error response from iterator SERVFAIL, resets expired-ttl on cache
|
||||
; - Check we are getting the SERVFAIL response
|
||||
; - Query again
|
||||
; - Check we are getting the expired answer
|
||||
; - Upstream still timeouts
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; Upstream reply
|
||||
STEP 2 REPLY
|
||||
ENTRY_BEGIN
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 10 IN A 0.0.0.0
|
||||
ENTRY_END
|
||||
|
||||
STEP 3 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RA RD NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 10 IN A 0.0.0.0
|
||||
ENTRY_END
|
||||
|
||||
; Expire the record (+ serve-expired-ttl)
|
||||
STEP 4 TIME_PASSES ELAPSE 12
|
||||
|
||||
STEP 5 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; But the pending query times out!
|
||||
; outbound-msg-retry times timeout.
|
||||
STEP 6 TIMEOUT
|
||||
STEP 7 TIMEOUT
|
||||
STEP 8 TIMEOUT
|
||||
STEP 9 TIMEOUT
|
||||
STEP 10 TIMEOUT
|
||||
|
||||
; Returns servfail
|
||||
; but error response from iterator resets the expired ttl
|
||||
STEP 11 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RA RD SERVFAIL
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; Query again
|
||||
STEP 12 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; Check that we get the expired answer
|
||||
STEP 13 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl ede=3
|
||||
REPLY QR RA RD DO NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 123 IN A 0.0.0.0
|
||||
ENTRY_END
|
||||
|
||||
; But the pending query times out!
|
||||
; Only one because RTT reached the limit.
|
||||
STEP 16 TIMEOUT
|
||||
|
||||
SCENARIO_END
|
316
contrib/unbound/testdata/serve_expired_val_bogus.rpl
vendored
Normal file
316
contrib/unbound/testdata/serve_expired_val_bogus.rpl
vendored
Normal file
@ -0,0 +1,316 @@
|
||||
; config options
|
||||
; The island of trust is at example.com
|
||||
server:
|
||||
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
|
||||
val-override-date: "20070916134226"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: "no"
|
||||
fake-sha1: yes
|
||||
trust-anchor-signaling: no
|
||||
minimal-responses: no
|
||||
|
||||
serve-expired: yes
|
||||
serve-expired-reply-ttl: 123
|
||||
ede: yes
|
||||
ede-serve-expired: yes
|
||||
|
||||
# No need for AAAA nameserver queries
|
||||
do-ip6: no
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test serve-expired with client-timeout and bogus answer
|
||||
; Scenario overview:
|
||||
; - query for www.example.com. IN A
|
||||
; - check the answer
|
||||
; - wait for the record to expire
|
||||
; - (upstream now has a bogus response)
|
||||
; - query again for www.example.com. IN A
|
||||
; - check that we get the immediate expired valid response
|
||||
; - (prefetch response is bogus and is not cached)
|
||||
; - query once more
|
||||
; - check that we still get the immediate expired valid response and not the fresh bogus one
|
||||
; - (upstream has a valid response again; prefetch will update the cache)
|
||||
; - query one last time
|
||||
; - check that we get an immediate valid cache response
|
||||
|
||||
;;
|
||||
;; K.ROOT-SERVERS.NET.
|
||||
;;
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; a.gtld-servers.net.
|
||||
;;
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns.example.com. with generic data
|
||||
;;
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
|
||||
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns.example.com. with valid data
|
||||
;;
|
||||
RANGE_BEGIN 0 10
|
||||
ADDRESS 1.2.3.4
|
||||
; response to query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns.example.com. with bogus data
|
||||
;;
|
||||
RANGE_BEGIN 20 40
|
||||
ADDRESS 1.2.3.4
|
||||
; response to query of interest (bogus answer)
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
;; (valid signature)
|
||||
;; www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
;; (bogus signature)
|
||||
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com.
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
;;
|
||||
;; ns.example.com. with valid data again
|
||||
;;
|
||||
RANGE_BEGIN 50 100
|
||||
ADDRESS 1.2.3.4
|
||||
; response to query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; this is the valid answer
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
STEP 11 TIME_PASSES ELAPSE 3601
|
||||
|
||||
STEP 20 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; this is the immediate expired cache response
|
||||
STEP 30 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl ede=3
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 123 IN A 10.20.30.40
|
||||
www.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. 123 IN NS ns.example.com.
|
||||
example.com. 123 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 123 IN A 1.2.3.4
|
||||
ns.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
STEP 40 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; this is still the immediate cache response because the previous upstream response was bogus
|
||||
STEP 50 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl ede=3
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 123 IN A 10.20.30.40
|
||||
www.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. 123 IN NS ns.example.com.
|
||||
example.com. 123 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 123 IN A 1.2.3.4
|
||||
ns.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
STEP 60 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; this is the immediate cache response because the previous upstream response was valid
|
||||
STEP 70 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
188
contrib/unbound/testdata/val_negcache_ttl.rpl
vendored
Normal file
188
contrib/unbound/testdata/val_negcache_ttl.rpl
vendored
Normal file
@ -0,0 +1,188 @@
|
||||
; config options
|
||||
; The island of trust is at testzone.nlnetlabs.nl
|
||||
server:
|
||||
trust-anchor: "testzone.nlnetlabs.nl. 3600 IN DS 1444 8 2 07633464c1c7b93abd6fc24c73f904a40f0f304b279a80667d7e33908eed43be"
|
||||
val-override-date: "20180213111425"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: "no"
|
||||
trust-anchor-signaling: no
|
||||
aggressive-nsec: yes
|
||||
|
||||
stub-zone:
|
||||
name: "testzone.nlnetlabs.nl"
|
||||
stub-addr: 185.49.140.60
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test validator with negative cache TTL (aggressive NSEC)
|
||||
; Scenario overview:
|
||||
; - query for antelope.testzone.nlnetlabs.nl. IN TXT (NXDOMAIN)
|
||||
; - answer from upstream is NXDOMAIN with NSEC records that cover ant.testzone.nlnetlabs.nl
|
||||
; - the NSEC records should be cached for 900 seconds only (minimum of SOA)
|
||||
; - check that ant.testzone.nlnetlabs.nl gets the synthesized NXDOMAIN from aggressive-nsec
|
||||
; - let NSEC records expire
|
||||
; - query for ant.testzone.nlnetlabs.nl. IN TXT which is now available on the nameserver
|
||||
; - check that aggressive-nsec cannot synthesize NXDOMAIN (expired NSECs) and the query is resolved
|
||||
|
||||
; testzone.nlnetlabs.nl nameserver
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 185.49.140.60
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
testzone.nlnetlabs.nl. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
testzone.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
|
||||
testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. kQ2sc41aQeMxQ7KInz2HrHi4nQcUGdv1olro0GmVYgPvIJh7SqBKW3yZWYeQrbWWwdc3klBERBbBI8gnkNYbl5kX3BBa5su8w71mpTQPRGtMxDTB17daxc0SxpPUxM35CpWU9QlBuDXcu+VNyVUuLvZGGLznlqr6ku888U2Rz+c=
|
||||
ENTRY_END
|
||||
|
||||
; response for antelope.testzone.nlnetlabs.nl.
|
||||
; NSECs cover ant.testzone.nlnetlabs.nl as non-existent.
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
antelope.testzone.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
|
||||
testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; No answer for ant.testzone.nlnetlabs.nl in this range
|
||||
|
||||
; response for peanut.testzone.nlnetlabs.nl. AAAA
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
peanut.testzone.nlnetlabs.nl. IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC
|
||||
peanut.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; testzone.nlnetlabs.nl nameserver
|
||||
RANGE_BEGIN 100 200
|
||||
ADDRESS 185.49.140.60
|
||||
; response for ant.testzone.nlnetlabs.nl
|
||||
ENTRY_BEGIN
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ant.testzone.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
ant.testzone.nlnetlabs.nl. TXT "heap"
|
||||
ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais=
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
antelope.testzone.nlnetlabs.nl. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here. Expect NXDOMAIN.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA DO AD NXDOMAIN
|
||||
SECTION QUESTION
|
||||
antelope.testzone.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
|
||||
testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; query for ant.testzone.nlnetlabs.nl (non-existent)
|
||||
STEP 11 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
ant.testzone.nlnetlabs.nl. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
; this is the synthesized NXDOMAIN from aggressive-nsec
|
||||
STEP 12 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NXDOMAIN
|
||||
SECTION QUESTION
|
||||
ant.testzone.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
|
||||
testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
ENTRY_END
|
||||
|
||||
; Time passes and NSECs should be expired.
|
||||
STEP 20 TIME_PASSES ELAPSE 910
|
||||
|
||||
; query something that gets the SOA record for the testzone in cache.
|
||||
STEP 30 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
ENTRY_END
|
||||
|
||||
STEP 40 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
peanut.testzone.nlnetlabs.nl. IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC
|
||||
peanut.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
ENTRY_END
|
||||
|
||||
; query for ant.testzone.nlnetlabs.nl. In this range it is on the nameserver.
|
||||
STEP 110 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
ant.testzone.nlnetlabs.nl. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
; Expect an answer since the 3600 TTL NSECs from STEP 10 should have been
|
||||
; limited to 900 and be expired by now.
|
||||
STEP 120 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
ant.testzone.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
ant.testzone.nlnetlabs.nl. TXT "heap"
|
||||
ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais=
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
316
contrib/unbound/testdata/val_negcache_ttl_prefetch.rpl
vendored
Normal file
316
contrib/unbound/testdata/val_negcache_ttl_prefetch.rpl
vendored
Normal file
@ -0,0 +1,316 @@
|
||||
; config options
|
||||
; The island of trust is at testzone.nlnetlabs.nl
|
||||
server:
|
||||
trust-anchor: "testzone.nlnetlabs.nl. 3600 IN DS 1444 8 2 07633464c1c7b93abd6fc24c73f904a40f0f304b279a80667d7e33908eed43be"
|
||||
val-override-date: "20180213111425"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: "no"
|
||||
trust-anchor-signaling: no
|
||||
aggressive-nsec: yes
|
||||
prefetch: yes
|
||||
|
||||
stub-zone:
|
||||
name: "testzone.nlnetlabs.nl"
|
||||
stub-addr: 185.49.140.60
|
||||
stub-zone:
|
||||
name: "zone2.nlnetlabs.nl"
|
||||
stub-addr: 185.49.140.61
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test validator with negative cache TTL (aggressive NSEC) and some prefetch.
|
||||
; The NSEC records are restricted by the TTL of 900 of the SOA record.
|
||||
; There are prefetch actions, both with and without a CNAME preceding.
|
||||
|
||||
; testzone.nlnetlabs.nl nameserver
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 185.49.140.60
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
testzone.nlnetlabs.nl. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
testzone.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
|
||||
testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. kQ2sc41aQeMxQ7KInz2HrHi4nQcUGdv1olro0GmVYgPvIJh7SqBKW3yZWYeQrbWWwdc3klBERBbBI8gnkNYbl5kX3BBa5su8w71mpTQPRGtMxDTB17daxc0SxpPUxM35CpWU9QlBuDXcu+VNyVUuLvZGGLznlqr6ku888U2Rz+c=
|
||||
ENTRY_END
|
||||
|
||||
; response for antelope.testzone.nlnetlabs.nl.
|
||||
; NSECs cover ant.testzone.nlnetlabs.nl as non-existent.
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
antelope.testzone.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
|
||||
testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; No answer for ant.testzone.nlnetlabs.nl in this range
|
||||
|
||||
; response for peanut.testzone.nlnetlabs.nl. AAAA
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
peanut.testzone.nlnetlabs.nl. IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC
|
||||
peanut.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; testzone.nlnetlabs.nl nameserver
|
||||
RANGE_BEGIN 100 200
|
||||
ADDRESS 185.49.140.60
|
||||
; response for ant.testzone.nlnetlabs.nl
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ant.testzone.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
ant.testzone.nlnetlabs.nl. TXT "heap"
|
||||
ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais=
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; zone2.nlnetlabs.nl nameserver
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 185.49.140.61
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
redir.zone2.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
redir.zone2.nlnetlabs.nl. 15 IN CNAME antelope.testzone.nlnetlabs.nl.
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
antelope.testzone.nlnetlabs.nl. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here. Expect NXDOMAIN.
|
||||
STEP 2 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA DO AD NXDOMAIN
|
||||
SECTION QUESTION
|
||||
antelope.testzone.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
|
||||
testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
STEP 4 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
ENTRY_END
|
||||
|
||||
STEP 5 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
peanut.testzone.nlnetlabs.nl. IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC
|
||||
peanut.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
ENTRY_END
|
||||
|
||||
; query for ant.testzone.nlnetlabs.nl (non-existent)
|
||||
STEP 11 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
ant.testzone.nlnetlabs.nl. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
; this is the synthesized NXDOMAIN from aggressive-nsec
|
||||
STEP 12 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NXDOMAIN
|
||||
SECTION QUESTION
|
||||
ant.testzone.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
|
||||
testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
|
||||
alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
ENTRY_END
|
||||
|
||||
STEP 13 TIME_PASSES ELAPSE 860
|
||||
STEP 14 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
redir.zone2.nlnetlabs.nl. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
STEP 15 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA DO NXDOMAIN
|
||||
SECTION QUESTION
|
||||
redir.zone2.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
redir.zone2.nlnetlabs.nl. 15 IN CNAME antelope.testzone.nlnetlabs.nl.
|
||||
SECTION AUTHORITY
|
||||
testzone.nlnetlabs.nl. 2740 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
|
||||
testzone.nlnetlabs.nl. 2740 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
|
||||
alligator.testzone.nlnetlabs.nl. 2740 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
|
||||
alligator.testzone.nlnetlabs.nl. 2740 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
|
||||
testzone.nlnetlabs.nl. 40 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 40 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
ENTRY_END
|
||||
|
||||
STEP 16 TIME_PASSES ELAPSE 14
|
||||
STEP 17 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
redir.zone2.nlnetlabs.nl. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
STEP 18 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA DO NXDOMAIN
|
||||
SECTION QUESTION
|
||||
redir.zone2.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
redir.zone2.nlnetlabs.nl. 1 IN CNAME antelope.testzone.nlnetlabs.nl.
|
||||
SECTION AUTHORITY
|
||||
testzone.nlnetlabs.nl. 2726 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
|
||||
testzone.nlnetlabs.nl. 2726 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
|
||||
alligator.testzone.nlnetlabs.nl. 2726 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
|
||||
alligator.testzone.nlnetlabs.nl. 2726 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
|
||||
testzone.nlnetlabs.nl. 26 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 26 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
ENTRY_END
|
||||
|
||||
STEP 19 TRAFFIC
|
||||
|
||||
STEP 20 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
ENTRY_END
|
||||
|
||||
STEP 21 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
peanut.testzone.nlnetlabs.nl. 2726 IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC
|
||||
peanut.testzone.nlnetlabs.nl. 2726 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
ENTRY_END
|
||||
|
||||
STEP 22 TRAFFIC
|
||||
STEP 23 TIME_PASSES ELAPSE 901
|
||||
|
||||
STEP 24 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
ENTRY_END
|
||||
|
||||
STEP 25 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
peanut.testzone.nlnetlabs.nl. IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC
|
||||
peanut.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg=
|
||||
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
ENTRY_END
|
||||
STEP 26 TRAFFIC
|
||||
|
||||
; Time passes and NSECs should be expired.
|
||||
STEP 60 TIME_PASSES ELAPSE 60
|
||||
|
||||
; query something that gets the SOA record for the testzone in cache.
|
||||
STEP 70 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
ENTRY_END
|
||||
|
||||
STEP 80 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
peanut.testzone.nlnetlabs.nl. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
peanut.testzone.nlnetlabs.nl. 3540 IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC
|
||||
peanut.testzone.nlnetlabs.nl. 3540 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg=
|
||||
testzone.nlnetlabs.nl. 840 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||
testzone.nlnetlabs.nl. 840 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||
ENTRY_END
|
||||
|
||||
; query for ant.testzone.nlnetlabs.nl. In this range it is on the nameserver.
|
||||
STEP 110 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
ant.testzone.nlnetlabs.nl. IN TXT
|
||||
ENTRY_END
|
||||
|
||||
; Expect an answer since the 3600 TTL NSECs from STEP 10 should have been
|
||||
; limited to 900 and be expired by now.
|
||||
STEP 120 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
ant.testzone.nlnetlabs.nl. IN TXT
|
||||
SECTION ANSWER
|
||||
ant.testzone.nlnetlabs.nl. TXT "heap"
|
||||
ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais=
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
@ -519,6 +519,15 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
|
||||
return unbound_stat_realloc(ptr, size);
|
||||
}
|
||||
|
||||
/** log to file where alloc was done */
|
||||
void *unbound_stat_reallocarray_log(void *ptr, size_t nmemb, size_t size,
|
||||
const char* file, int line, const char* func)
|
||||
{
|
||||
log_info("%s:%d %s reallocarray(%p, %u, %u)", file, line, func,
|
||||
ptr, (unsigned)nmemb, (unsigned)size);
|
||||
return unbound_stat_realloc(ptr, nmemb*size);
|
||||
}
|
||||
|
||||
/** log to file where strdup was done */
|
||||
char *unbound_stat_strdup_log(const char *s, const char* file, int line,
|
||||
const char* func)
|
||||
|
@ -135,9 +135,12 @@ config_create(void)
|
||||
cfg->http_query_buffer_size = 4*1024*1024;
|
||||
cfg->http_response_buffer_size = 4*1024*1024;
|
||||
cfg->http_nodelay = 1;
|
||||
cfg->quic_port = UNBOUND_DNS_OVER_QUIC_PORT;
|
||||
cfg->quic_size = 8*1024*1024;
|
||||
cfg->use_syslog = 1;
|
||||
cfg->log_identity = NULL; /* changed later with argv[0] */
|
||||
cfg->log_time_ascii = 0;
|
||||
cfg->log_time_iso = 0;
|
||||
cfg->log_queries = 0;
|
||||
cfg->log_replies = 0;
|
||||
cfg->log_tag_queryreply = 0;
|
||||
@ -237,6 +240,7 @@ config_create(void)
|
||||
cfg->harden_short_bufsize = 1;
|
||||
cfg->harden_large_queries = 0;
|
||||
cfg->harden_glue = 1;
|
||||
cfg->harden_unverified_glue = 0;
|
||||
cfg->harden_dnssec_stripped = 1;
|
||||
cfg->harden_below_nxdomain = 1;
|
||||
cfg->harden_referral_path = 0;
|
||||
@ -398,6 +402,8 @@ config_create(void)
|
||||
cfg->redis_server_path = NULL;
|
||||
cfg->redis_server_password = NULL;
|
||||
cfg->redis_timeout = 100;
|
||||
cfg->redis_command_timeout = 0;
|
||||
cfg->redis_connect_timeout = 0;
|
||||
cfg->redis_server_port = 6379;
|
||||
cfg->redis_expire_records = 0;
|
||||
cfg->redis_logical_db = 0;
|
||||
@ -408,6 +414,9 @@ config_create(void)
|
||||
cfg->ipset_name_v6 = NULL;
|
||||
#endif
|
||||
cfg->ede = 0;
|
||||
cfg->iter_scrub_ns = 20;
|
||||
cfg->iter_scrub_cname = 11;
|
||||
cfg->max_global_quota = 128;
|
||||
return cfg;
|
||||
error_exit:
|
||||
config_delete(cfg);
|
||||
@ -541,6 +550,9 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||
else if(strcmp(opt, "log-time-ascii:") == 0)
|
||||
{ IS_YES_OR_NO; cfg->log_time_ascii = (strcmp(val, "yes") == 0);
|
||||
log_set_time_asc(cfg->log_time_ascii); }
|
||||
else if(strcmp(opt, "log-time-iso:") == 0)
|
||||
{ IS_YES_OR_NO; cfg->log_time_iso = (strcmp(val, "yes") == 0);
|
||||
log_set_time_iso(cfg->log_time_iso); }
|
||||
else S_SIZET_NONZERO("max-udp-size:", max_udp_size)
|
||||
else S_YNO("use-syslog:", use_syslog)
|
||||
else S_STR("log-identity:", log_identity)
|
||||
@ -594,6 +606,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||
else S_MEMSIZE("http-response-buffer-size:", http_response_buffer_size)
|
||||
else S_YNO("http-nodelay:", http_nodelay)
|
||||
else S_YNO("http-notls-downstream:", http_notls_downstream)
|
||||
else S_NUMBER_NONZERO("quic-port:", quic_port)
|
||||
else S_MEMSIZE("quic-size:", quic_size)
|
||||
else S_YNO("interface-automatic:", if_automatic)
|
||||
else S_STR("interface-automatic-ports:", if_automatic_ports)
|
||||
else S_YNO("use-systemd:", use_systemd)
|
||||
@ -672,6 +686,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||
else S_STRLIST("root-hints:", root_hints)
|
||||
else S_STR("target-fetch-policy:", target_fetch_policy)
|
||||
else S_YNO("harden-glue:", harden_glue)
|
||||
else S_YNO("harden-unverified-glue:", harden_unverified_glue)
|
||||
else S_YNO("harden-short-bufsize:", harden_short_bufsize)
|
||||
else S_YNO("harden-large-queries:", harden_large_queries)
|
||||
else S_YNO("harden-dnssec-stripped:", harden_dnssec_stripped)
|
||||
@ -712,12 +727,17 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||
SERVE_EXPIRED = cfg->serve_expired; }
|
||||
else if(strcmp(opt, "serve-expired-ttl:") == 0)
|
||||
{ IS_NUMBER_OR_ZERO; cfg->serve_expired_ttl = atoi(val); SERVE_EXPIRED_TTL=(time_t)cfg->serve_expired_ttl;}
|
||||
else S_YNO("serve-expired-ttl-reset:", serve_expired_ttl_reset)
|
||||
else if(strcmp(opt, "serve-expired-ttl-reset:") == 0)
|
||||
{ IS_YES_OR_NO; cfg->serve_expired_ttl_reset = (strcmp(val, "yes") == 0);
|
||||
SERVE_EXPIRED_TTL_RESET = cfg->serve_expired_ttl_reset; }
|
||||
else if(strcmp(opt, "serve-expired-reply-ttl:") == 0)
|
||||
{ IS_NUMBER_OR_ZERO; cfg->serve_expired_reply_ttl = atoi(val); SERVE_EXPIRED_REPLY_TTL=(time_t)cfg->serve_expired_reply_ttl;}
|
||||
else S_NUMBER_OR_ZERO("serve-expired-client-timeout:", serve_expired_client_timeout)
|
||||
else S_YNO("ede:", ede)
|
||||
else S_YNO("ede-serve-expired:", ede_serve_expired)
|
||||
else S_NUMBER_OR_ZERO("iter-scrub-ns:", iter_scrub_ns)
|
||||
else S_NUMBER_OR_ZERO("iter-scrub-cname:", iter_scrub_cname)
|
||||
else S_NUMBER_OR_ZERO("max-global-quota:", max_global_quota)
|
||||
else S_YNO("serve-original-ttl:", serve_original_ttl)
|
||||
else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations)
|
||||
else S_YNO("zonemd-permissive-mode:", zonemd_permissive_mode)
|
||||
@ -1054,6 +1074,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||
else O_YNO(opt, "use-syslog", use_syslog)
|
||||
else O_STR(opt, "log-identity", log_identity)
|
||||
else O_YNO(opt, "log-time-ascii", log_time_ascii)
|
||||
else O_YNO(opt, "log-time-iso", log_time_iso)
|
||||
else O_DEC(opt, "num-threads", num_threads)
|
||||
else O_IFC(opt, "interface", num_ifs, ifs)
|
||||
else O_IFC(opt, "outgoing-interface", num_out_ifs, out_ifs)
|
||||
@ -1137,6 +1158,8 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||
else O_MEM(opt, "http-response-buffer-size", http_response_buffer_size)
|
||||
else O_YNO(opt, "http-nodelay", http_nodelay)
|
||||
else O_YNO(opt, "http-notls-downstream", http_notls_downstream)
|
||||
else O_DEC(opt, "quic-port", quic_port)
|
||||
else O_MEM(opt, "quic-size", quic_size)
|
||||
else O_YNO(opt, "use-systemd", use_systemd)
|
||||
else O_YNO(opt, "do-daemonize", do_daemonize)
|
||||
else O_STR(opt, "chroot", chrootdir)
|
||||
@ -1162,6 +1185,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||
else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize)
|
||||
else O_YNO(opt, "harden-large-queries", harden_large_queries)
|
||||
else O_YNO(opt, "harden-glue", harden_glue)
|
||||
else O_YNO(opt, "harden-unverified-glue", harden_unverified_glue)
|
||||
else O_YNO(opt, "harden-dnssec-stripped", harden_dnssec_stripped)
|
||||
else O_YNO(opt, "harden-below-nxdomain", harden_below_nxdomain)
|
||||
else O_YNO(opt, "harden-referral-path", harden_referral_path)
|
||||
@ -1186,6 +1210,9 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||
else O_DEC(opt, "serve-expired-client-timeout", serve_expired_client_timeout)
|
||||
else O_YNO(opt, "ede", ede)
|
||||
else O_YNO(opt, "ede-serve-expired", ede_serve_expired)
|
||||
else O_DEC(opt, "iter-scrub-ns", iter_scrub_ns)
|
||||
else O_DEC(opt, "iter-scrub-cname", iter_scrub_cname)
|
||||
else O_DEC(opt, "max-global-quota", max_global_quota)
|
||||
else O_YNO(opt, "serve-original-ttl", serve_original_ttl)
|
||||
else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations)
|
||||
else O_YNO(opt, "zonemd-permissive-mode", zonemd_permissive_mode)
|
||||
@ -1352,6 +1379,8 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||
else O_STR(opt, "redis-server-path", redis_server_path)
|
||||
else O_STR(opt, "redis-server-password", redis_server_password)
|
||||
else O_DEC(opt, "redis-timeout", redis_timeout)
|
||||
else O_DEC(opt, "redis-command-timeout", redis_command_timeout)
|
||||
else O_DEC(opt, "redis-connect-timeout", redis_connect_timeout)
|
||||
else O_YNO(opt, "redis-expire-records", redis_expire_records)
|
||||
else O_DEC(opt, "redis-logical-db", redis_logical_db)
|
||||
#endif /* USE_REDIS */
|
||||
@ -2323,7 +2352,7 @@ uint8_t* cfg_parse_nsid(const char* str, uint16_t* nsid_len)
|
||||
uint8_t *dp;
|
||||
|
||||
for ( ch = str, dp = nsid
|
||||
; isxdigit(ch[0]) && isxdigit(ch[1])
|
||||
; isxdigit((unsigned char)ch[0]) && isxdigit((unsigned char)ch[1])
|
||||
; ch += 2, dp++) {
|
||||
*dp = (uint8_t)sldns_hexdigit_to_int(ch[0]) * 16;
|
||||
*dp += (uint8_t)sldns_hexdigit_to_int(ch[1]);
|
||||
@ -2379,6 +2408,7 @@ config_apply(struct config_file* config)
|
||||
MIN_TTL = (time_t)config->min_ttl;
|
||||
SERVE_EXPIRED = config->serve_expired;
|
||||
SERVE_EXPIRED_TTL = (time_t)config->serve_expired_ttl;
|
||||
SERVE_EXPIRED_TTL_RESET = config->serve_expired_ttl_reset;
|
||||
SERVE_EXPIRED_REPLY_TTL = (time_t)config->serve_expired_reply_ttl;
|
||||
SERVE_ORIGINAL_TTL = config->serve_original_ttl;
|
||||
MAX_NEG_TTL = (time_t)config->max_negative_ttl;
|
||||
@ -2389,10 +2419,12 @@ config_apply(struct config_file* config)
|
||||
MINIMAL_RESPONSES = config->minimal_responses;
|
||||
RRSET_ROUNDROBIN = config->rrset_roundrobin;
|
||||
LOG_TAG_QUERYREPLY = config->log_tag_queryreply;
|
||||
MAX_GLOBAL_QUOTA = config->max_global_quota;
|
||||
UNKNOWN_SERVER_NICENESS = config->unknown_server_time_limit;
|
||||
USEFUL_SERVER_TOP_TIMEOUT = RTT_MAX_TIMEOUT;
|
||||
BLACKLIST_PENALTY = USEFUL_SERVER_TOP_TIMEOUT*4;
|
||||
log_set_time_asc(config->log_time_ascii);
|
||||
log_set_time_iso(config->log_time_iso);
|
||||
autr_permit_small_holddown = config->permit_small_holddown;
|
||||
stream_wait_max = config->stream_wait_size;
|
||||
http2_query_buffer_max = config->http_query_buffer_size;
|
||||
@ -2795,3 +2827,22 @@ if_is_dnscrypt(const char* ifname, const char* port, int dnscrypt_port)
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
/** see if interface is quic, its port number == the quic port number */
|
||||
int
|
||||
if_is_quic(const char* ifname, const char* port, int quic_port)
|
||||
{
|
||||
#ifndef HAVE_NGTCP2
|
||||
(void)ifname;
|
||||
(void)port;
|
||||
(void)quic_port;
|
||||
return 0;
|
||||
#else
|
||||
char* p = strchr(ifname, '@');
|
||||
if(!p && atoi(port) == quic_port)
|
||||
return 1;
|
||||
if(p && atoi(p+1) == quic_port)
|
||||
return 1;
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
@ -161,6 +161,11 @@ struct config_file {
|
||||
/** Disable TLS for http sockets downstream */
|
||||
int http_notls_downstream;
|
||||
|
||||
/** port on which to provide DNS over QUIC service */
|
||||
int quic_port;
|
||||
/** size of the quic data, max bytes */
|
||||
size_t quic_size;
|
||||
|
||||
/** outgoing port range number of ports (per thread) */
|
||||
int outgoing_num_ports;
|
||||
/** number of outgoing tcp buffers per (per thread) */
|
||||
@ -288,6 +293,8 @@ struct config_file {
|
||||
int harden_large_queries;
|
||||
/** harden against spoofed glue (out of zone data) */
|
||||
int harden_glue;
|
||||
/** harden against unverified glue */
|
||||
int harden_unverified_glue;
|
||||
/** harden against receiving no DNSSEC data for trust anchor */
|
||||
int harden_dnssec_stripped;
|
||||
/** harden against queries that fall under known nxdomain names */
|
||||
@ -339,6 +346,8 @@ struct config_file {
|
||||
int use_syslog;
|
||||
/** log timestamp in ascii UTC */
|
||||
int log_time_ascii;
|
||||
/** log timestamp in ISO8601 format */
|
||||
int log_time_iso;
|
||||
/** log queries with one line per query */
|
||||
int log_queries;
|
||||
/** log replies with one line per reply */
|
||||
@ -737,6 +746,10 @@ struct config_file {
|
||||
char* redis_server_password;
|
||||
/** timeout (in ms) for communication with the redis server */
|
||||
int redis_timeout;
|
||||
/** timeout (in ms) for redis commands */
|
||||
int redis_command_timeout;
|
||||
/** timeout (in ms) for redis connection set up */
|
||||
int redis_connect_timeout;
|
||||
/** set timeout on redis records based on DNS response ttl */
|
||||
int redis_expire_records;
|
||||
/** set the redis logical database upon connection */
|
||||
@ -760,6 +773,12 @@ struct config_file {
|
||||
#endif
|
||||
/** respond with Extended DNS Errors (RFC8914) */
|
||||
int ede;
|
||||
/** limit on NS RRs in RRset for the iterator scrubber. */
|
||||
size_t iter_scrub_ns;
|
||||
/** limit on CNAME, DNAME RRs in answer for the iterator scrubber. */
|
||||
int iter_scrub_cname;
|
||||
/** limit on upstream queries for an incoming query and subqueries. */
|
||||
int max_global_quota;
|
||||
};
|
||||
|
||||
/** from cfg username, after daemonize setup performed */
|
||||
@ -1392,6 +1411,10 @@ int if_is_pp2(const char* ifname, const char* port,
|
||||
|
||||
/** see if interface is DNSCRYPT, its port number == the dnscrypt port number */
|
||||
int if_is_dnscrypt(const char* ifname, const char* port, int dnscrypt_port);
|
||||
|
||||
/** see if interface is quic, its port number == the quic port number */
|
||||
int if_is_quic(const char* ifname, const char* port, int quic_port);
|
||||
|
||||
#ifdef USE_LINUX_IP_LOCAL_PORT_RANGE
|
||||
#define LINUX_IP_LOCAL_PORT_RANGE_PATH "/proc/sys/net/ipv4/ip_local_port_range"
|
||||
#endif
|
||||
|
File diff suppressed because it is too large
Load Diff
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user