diff --git a/contrib/unbound/testcode/doqclient.c b/contrib/unbound/testcode/doqclient.c deleted file mode 100644 index 1a2fd418359b..000000000000 --- a/contrib/unbound/testcode/doqclient.c +++ /dev/null @@ -1,2701 +0,0 @@ -/* - * testcode/doqclient.c - debug program. Perform multiple DNS queries using DoQ. - * - * Copyright (c) 2022, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * \file - * - * Simple DNS-over-QUIC client. For testing and debugging purposes. - * No authentication of TLS cert. - */ - -#include "config.h" -#ifdef HAVE_GETOPT_H -#include -#endif - -#ifdef HAVE_NGTCP2 -#include -#include -#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H -#include -#else -#include -#endif -#include -#include -#ifdef HAVE_TIME_H -#include -#endif -#include -#include "util/locks.h" -#include "util/net_help.h" -#include "sldns/sbuffer.h" -#include "sldns/str2wire.h" -#include "sldns/wire2str.h" -#include "util/data/msgreply.h" -#include "util/data/msgencode.h" -#include "util/data/msgparse.h" -#include "util/data/dname.h" -#include "util/random.h" -#include "util/ub_event.h" -struct doq_client_stream_list; -struct doq_client_stream; - -/** the local client data for the DoQ connection */ -struct doq_client_data { - /** file descriptor */ - int fd; - /** the event base for the events */ - struct ub_event_base* base; - /** the ub event */ - struct ub_event* ev; - /** the expiry timer */ - struct ub_event* expire_timer; - /** is the expire_timer added */ - int expire_timer_added; - /** the ngtcp2 connection information */ - struct ngtcp2_conn* conn; - /** random state */ - struct ub_randstate* rnd; - /** server connected to as a string */ - const char* svr; - /** the static secret */ - uint8_t* static_secret_data; - /** the static secret size */ - size_t static_secret_size; - /** destination address sockaddr */ - struct sockaddr_storage dest_addr; - /** length of dest addr */ - socklen_t dest_addr_len; - /** local address sockaddr */ - struct sockaddr_storage local_addr; - /** length of local addr */ - socklen_t local_addr_len; - /** SSL context */ - SSL_CTX* ctx; - /** SSL object */ - SSL* ssl; -#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT - /** the connection reference for ngtcp2_conn and userdata in ssl */ - struct ngtcp2_crypto_conn_ref conn_ref; -#endif - /** the quic version to use */ - uint32_t quic_version; - /** the last error */ -#ifdef HAVE_NGTCP2_CCERR_DEFAULT - struct ngtcp2_ccerr ccerr; -#else - struct ngtcp2_connection_close_error last_error; -#endif - /** the recent tls alert error code */ - uint8_t tls_alert; - /** the buffer for packet operations */ - struct sldns_buffer* pkt_buf; - /** The list of queries to start. They have no stream associated. - * Once they do, they move to the send list. */ - struct doq_client_stream_list* query_list_start; - /** The list of queries to send. They have a stream, and they are - * sending data. Data could also be received, like errors. */ - struct doq_client_stream_list* query_list_send; - /** The list of queries to receive. They have a stream, and the - * send is done, it is possible to read data. */ - struct doq_client_stream_list* query_list_receive; - /** The list of queries that are stopped. They have no stream - * active any more. Write and read are done. The query is done, - * and it may be in error and then have no answer or partial answer. */ - struct doq_client_stream_list* query_list_stop; - /** is there a blocked packet in the blocked_pkt buffer */ - int have_blocked_pkt; - /** store blocked packet, a packet that could not be sent on the - * nonblocking socket. */ - struct sldns_buffer* blocked_pkt; - /** ecn info for the blocked packet */ - struct ngtcp2_pkt_info blocked_pkt_pi; - /** the congestion control algorithm */ - ngtcp2_cc_algo cc_algo; - /** the transport parameters file, for early data transmission */ - const char* transport_file; - /** the tls session file, for session resumption */ - const char* session_file; - /** if early data is enabled for the connection */ - int early_data_enabled; - /** how quiet is the output */ - int quiet; - /** the configured port for the destination */ - int port; -}; - -/** the local client stream list, for appending streams to */ -struct doq_client_stream_list { - /** first and last members of the list */ - struct doq_client_stream* first, *last; -}; - -/** the local client data for a DoQ stream */ -struct doq_client_stream { - /** next stream in list, and prev in list */ - struct doq_client_stream* next, *prev; - /** the data buffer */ - uint8_t* data; - /** length of the data buffer */ - size_t data_len; - /** if the client query has a stream, that is active, associated with - * it. The stream_id is in stream_id. */ - int has_stream; - /** the stream id */ - int64_t stream_id; - /** data written position */ - size_t nwrite; - /** the data length for write, in network format */ - uint16_t data_tcplen; - /** if the write of the query data is done. That means the - * write channel has FIN, is closed for writing. */ - int write_is_done; - /** data read position */ - size_t nread; - /** the answer length, in network byte order */ - uint16_t answer_len; - /** the answer buffer */ - struct sldns_buffer* answer; - /** the answer is complete */ - int answer_is_complete; - /** the query has an error, it has no answer, or no complete answer */ - int query_has_error; - /** if the query is done */ - int query_is_done; -}; - -#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT -/** the quic method struct, must remain valid during the QUIC connection. */ -static SSL_QUIC_METHOD quic_method; -#endif - -/** Get the connection ngtcp2_conn from the ssl app data - * ngtcp2_crypto_conn_ref */ -static ngtcp2_conn* conn_ref_get_conn(ngtcp2_crypto_conn_ref* conn_ref) -{ - struct doq_client_data* data = (struct doq_client_data*) - conn_ref->user_data; - return data->conn; -} - -static void -set_app_data(SSL* ssl, struct doq_client_data* data) -{ -#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT - data->conn_ref.get_conn = &conn_ref_get_conn; - data->conn_ref.user_data = data; - SSL_set_app_data(ssl, &data->conn_ref); -#else - SSL_set_app_data(ssl, data); -#endif -} - -static struct doq_client_data* -get_app_data(SSL* ssl) -{ - struct doq_client_data* data; -#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT - data = (struct doq_client_data*)((struct ngtcp2_crypto_conn_ref*) - SSL_get_app_data(ssl))->user_data; -#else - data = (struct doq_client_data*) SSL_get_app_data(ssl); -#endif - return data; -} - - - -/** write handle routine */ -static void on_write(struct doq_client_data* data); -/** update the timer */ -static void update_timer(struct doq_client_data* data); -/** disconnect we are done */ -static void disconnect(struct doq_client_data* data); -/** fetch and write the transport file */ -static void early_data_write_transport(struct doq_client_data* data); - -/** usage of doqclient */ -static void usage(char* argv[]) -{ - printf("usage: %s [options] name type class ...\n", argv[0]); - printf(" sends the name-type-class queries over " - "DNS-over-QUIC.\n"); - printf("-s server IP address to send the queries to, " - "default: 127.0.0.1\n"); - printf("-p Port to connect to, default: %d\n", - UNBOUND_DNS_OVER_QUIC_PORT); - printf("-v verbose output\n"); - printf("-q quiet, short output of answer\n"); - printf("-x file transport file, for read/write of transport parameters.\n\t\tIf it exists, it is used to send early data. It is then\n\t\twritten to contain the last used transport parameters.\n\t\tAlso -y must be enabled for early data to succeed.\n"); - printf("-y file session file, for read/write of TLS session. If it exists,\n\t\tit is used for TLS session resumption. It is then written\n\t\tto contain the last session used.\n\t\tOn its own, without also -x, resumes TLS session.\n"); - printf("-h This help text\n"); - exit(1); -} - -/** get the dest address */ -static void -get_dest_addr(struct doq_client_data* data, const char* svr, int port) -{ - if(!ipstrtoaddr(svr, port, &data->dest_addr, &data->dest_addr_len)) { - printf("fatal: bad server specs '%s'\n", svr); - exit(1); - } -} - -/** open UDP socket to svr */ -static int -open_svr_udp(struct doq_client_data* data) -{ - int fd = -1; - int r; - fd = socket(addr_is_ip6(&data->dest_addr, data->dest_addr_len)? - PF_INET6:PF_INET, SOCK_DGRAM, 0); - if(fd == -1) { - perror("socket() error"); - exit(1); - } - r = connect(fd, (struct sockaddr*)&data->dest_addr, - data->dest_addr_len); - if(r < 0 && r != EINPROGRESS) { - perror("connect() error"); - exit(1); - } - fd_set_nonblock(fd); - return fd; -} - -/** get the local address of the connection */ -static void -get_local_addr(struct doq_client_data* data) -{ - memset(&data->local_addr, 0, sizeof(data->local_addr)); - data->local_addr_len = (socklen_t)sizeof(data->local_addr); - if(getsockname(data->fd, (struct sockaddr*)&data->local_addr, - &data->local_addr_len) == -1) { - perror("getsockname() error"); - exit(1); - } - log_addr(1, "local_addr", &data->local_addr, data->local_addr_len); - log_addr(1, "dest_addr", &data->dest_addr, data->dest_addr_len); -} - -static sldns_buffer* -make_query(char* qname, char* qtype, char* qclass) -{ - struct query_info qinfo; - struct edns_data edns; - sldns_buffer* buf = sldns_buffer_new(65553); - if(!buf) fatal_exit("out of memory"); - qinfo.qname = sldns_str2wire_dname(qname, &qinfo.qname_len); - if(!qinfo.qname) { - printf("cannot parse query name: '%s'\n", qname); - exit(1); - } - - qinfo.qtype = sldns_get_rr_type_by_name(qtype); - qinfo.qclass = sldns_get_rr_class_by_name(qclass); - qinfo.local_alias = NULL; - - qinfo_query_encode(buf, &qinfo); /* flips buffer */ - free(qinfo.qname); - sldns_buffer_write_u16_at(buf, 0, 0x0000); - sldns_buffer_write_u16_at(buf, 2, BIT_RD); - memset(&edns, 0, sizeof(edns)); - edns.edns_present = 1; - edns.bits = EDNS_DO; - edns.udp_size = 4096; - if(sldns_buffer_capacity(buf) >= - sldns_buffer_limit(buf)+calc_edns_field_size(&edns)) - attach_edns_record(buf, &edns); - return buf; -} - -/** create client stream structure */ -static struct doq_client_stream* -client_stream_create(struct sldns_buffer* query_data) -{ - struct doq_client_stream* str = calloc(1, sizeof(*str)); - if(!str) - fatal_exit("calloc failed: out of memory"); - str->data = memdup(sldns_buffer_begin(query_data), - sldns_buffer_limit(query_data)); - if(!str->data) - fatal_exit("alloc data failed: out of memory"); - str->data_len = sldns_buffer_limit(query_data); - str->stream_id = -1; - return str; -} - -/** free client stream structure */ -static void -client_stream_free(struct doq_client_stream* str) -{ - if(!str) - return; - free(str->data); - sldns_buffer_free(str->answer); - free(str); -} - -/** setup the stream to start the write process */ -static void -client_stream_start_setup(struct doq_client_stream* str, int64_t stream_id) -{ - str->has_stream = 1; - str->stream_id = stream_id; - str->nwrite = 0; - str->nread = 0; - str->answer_len = 0; - str->query_is_done = 0; - str->answer_is_complete = 0; - str->query_has_error = 0; - if(str->answer) { - sldns_buffer_free(str->answer); - str->answer = NULL; - } -} - -/** Return string for log purposes with query name. */ -static char* -client_stream_string(struct doq_client_stream* str) -{ - char* s; - size_t dname_len; - char dname[256], tpstr[32], result[256+32+16]; - uint16_t tp; - if(str->data_len <= LDNS_HEADER_SIZE) { - s = strdup("query_with_no_question"); - if(!s) - fatal_exit("strdup failed: out of memory"); - return s; - } - dname_len = dname_valid(str->data+LDNS_HEADER_SIZE, - str->data_len-LDNS_HEADER_SIZE); - if(!dname_len) { - s = strdup("query_dname_not_valid"); - if(!s) - fatal_exit("strdup failed: out of memory"); - return s; - } - (void)sldns_wire2str_dname_buf(str->data+LDNS_HEADER_SIZE, dname_len, - dname, sizeof(dname)); - tp = sldns_wirerr_get_type(str->data+LDNS_HEADER_SIZE, - str->data_len-LDNS_HEADER_SIZE, dname_len); - (void)sldns_wire2str_type_buf(tp, tpstr, sizeof(tpstr)); - snprintf(result, sizeof(result), "%s %s", dname, tpstr); - s = strdup(result); - if(!s) - fatal_exit("strdup failed: out of memory"); - return s; -} - -/** create query stream list */ -static struct doq_client_stream_list* -stream_list_create(void) -{ - struct doq_client_stream_list* list = calloc(1, sizeof(*list)); - if(!list) - fatal_exit("calloc failed: out of memory"); - return list; -} - -/** free the query stream list */ -static void -stream_list_free(struct doq_client_stream_list* list) -{ - struct doq_client_stream* str; - if(!list) - return; - str = list->first; - while(str) { - struct doq_client_stream* next = str->next; - client_stream_free(str); - str = next; - } - free(list); -} - -/** append item to list */ -static void -stream_list_append(struct doq_client_stream_list* list, - struct doq_client_stream* str) -{ - if(list->last) { - str->prev = list->last; - list->last->next = str; - } else { - str->prev = NULL; - list->first = str; - } - str->next = NULL; - list->last = str; -} - -/** delete the item from the list */ -static void -stream_list_delete(struct doq_client_stream_list* list, - struct doq_client_stream* str) -{ - if(str->next) { - str->next->prev = str->prev; - } else { - list->last = str->prev; - } - if(str->prev) { - str->prev->next = str->next; - } else { - list->first = str->next; - } - str->prev = NULL; - str->next = NULL; -} - -/** move the item from list1 to list2 */ -static void -stream_list_move(struct doq_client_stream* str, - struct doq_client_stream_list* list1, - struct doq_client_stream_list* list2) -{ - stream_list_delete(list1, str); - stream_list_append(list2, str); -} - -/** allocate stream data buffer, then answer length is complete */ -static void -client_stream_datalen_complete(struct doq_client_stream* str) -{ - verbose(1, "answer length %d", (int)ntohs(str->answer_len)); - str->answer = sldns_buffer_new(ntohs(str->answer_len)); - if(!str->answer) - fatal_exit("sldns_buffer_new failed: out of memory"); - sldns_buffer_set_limit(str->answer, ntohs(str->answer_len)); -} - -/** print the answer rrs */ -static void -print_answer_rrs(uint8_t* pkt, size_t pktlen) -{ - char buf[65535]; - char* str; - size_t str_len; - int i, qdcount, ancount; - uint8_t* data = pkt; - size_t data_len = pktlen; - int comprloop = 0; - if(data_len < LDNS_HEADER_SIZE) - return; - qdcount = LDNS_QDCOUNT(data); - ancount = LDNS_ANCOUNT(data); - data += LDNS_HEADER_SIZE; - data_len -= LDNS_HEADER_SIZE; - - for(i=0; iquery_has_error) { - char* logs = client_stream_string(str); - printf("%s has error, there is no answer\n", logs); - free(logs); - return; - } - if(sldns_buffer_limit(str->answer) < LDNS_HEADER_SIZE) { - char* logs = client_stream_string(str); - printf("%s received short packet, smaller than header\n", - logs); - free(logs); - return; - } - rcode = LDNS_RCODE_WIRE(sldns_buffer_begin(str->answer)); - if(rcode != 0) { - char* logs = client_stream_string(str); - char rc[16]; - (void)sldns_wire2str_rcode_buf(rcode, rc, sizeof(rc)); - printf("%s rcode %s\n", logs, rc); - free(logs); - return; - } - ancount = LDNS_ANCOUNT(sldns_buffer_begin(str->answer)); - if(ancount == 0) { - char* logs = client_stream_string(str); - printf("%s nodata answer\n", logs); - free(logs); - return; - } - print_answer_rrs(sldns_buffer_begin(str->answer), - sldns_buffer_limit(str->answer)); -} - -/** print the stream output answer */ -static void -client_stream_print_long(struct doq_client_data* data, - struct doq_client_stream* str) -{ - char* s; - if(str->query_has_error) { - char* logs = client_stream_string(str); - printf("%s has error, there is no answer\n", logs); - free(logs); - return; - } - s = sldns_wire2str_pkt(sldns_buffer_begin(str->answer), - sldns_buffer_limit(str->answer)); - printf("%s", (s?s:";sldns_wire2str_pkt failed\n")); - printf(";; SERVER: %s %d\n", data->svr, data->port); - free(s); -} - -/** the stream has completed the data */ -static void -client_stream_data_complete(struct doq_client_stream* str) -{ - verbose(1, "received all answer content"); - if(verbosity > 0) { - char* logs = client_stream_string(str); - char* s; - log_buf(1, "received answer", str->answer); - s = sldns_wire2str_pkt(sldns_buffer_begin(str->answer), - sldns_buffer_limit(str->answer)); - if(!s) verbose(1, "could not sldns_wire2str_pkt"); - else verbose(1, "query %s received:\n%s", logs, s); - free(s); - free(logs); - } - str->answer_is_complete = 1; -} - -/** the stream has completed but with an error */ -static void -client_stream_answer_error(struct doq_client_stream* str) -{ - if(verbosity > 0) { - char* logs = client_stream_string(str); - if(str->answer) - verbose(1, "query %s has an error. received %d/%d bytes.", - logs, (int)sldns_buffer_position(str->answer), - (int)sldns_buffer_limit(str->answer)); - else - verbose(1, "query %s has an error. received no data.", - logs); - free(logs); - } - str->query_has_error = 1; -} - -/** receive data for a stream */ -static void -client_stream_recv_data(struct doq_client_stream* str, const uint8_t* data, - size_t datalen) -{ - int got_data = 0; - /* read the tcplength uint16_t at the start of the DNS message */ - if(str->nread < 2) { - size_t to_move = datalen; - if(datalen > 2-str->nread) - to_move = 2-str->nread; - memmove(((uint8_t*)&str->answer_len)+str->nread, data, - to_move); - str->nread += to_move; - data += to_move; - datalen -= to_move; - if(str->nread == 2) { - /* we can allocate the data buffer */ - client_stream_datalen_complete(str); - } - } - /* if we have data bytes */ - if(datalen > 0) { - size_t to_write = datalen; - if(datalen > sldns_buffer_remaining(str->answer)) - to_write = sldns_buffer_remaining(str->answer); - if(to_write > 0) { - sldns_buffer_write(str->answer, data, to_write); - str->nread += to_write; - data += to_write; - datalen -= to_write; - got_data = 1; - } - } - /* extra received bytes after end? */ - if(datalen > 0) { - verbose(1, "extra bytes after end of DNS length"); - if(verbosity > 0) - log_hex("extradata", (void*)data, datalen); - } - /* are we done with it? */ - if(got_data && str->nread >= (size_t)(ntohs(str->answer_len))+2) { - client_stream_data_complete(str); - } -} - -/** receive FIN from remote end on client stream, no more data to be - * received on the stream. */ -static void -client_stream_recv_fin(struct doq_client_data* data, - struct doq_client_stream* str, int is_fin) -{ - if(verbosity > 0) { - char* logs = client_stream_string(str); - if(is_fin) - verbose(1, "query %s: received FIN from remote", logs); - else - verbose(1, "query %s: stream reset from remote", logs); - free(logs); - } - if(str->write_is_done) - stream_list_move(str, data->query_list_receive, - data->query_list_stop); - else - stream_list_move(str, data->query_list_send, - data->query_list_stop); - if(!str->answer_is_complete) { - client_stream_answer_error(str); - } - str->query_is_done = 1; - if(data->quiet) - client_stream_print_short(str); - else client_stream_print_long(data, str); - if(data->query_list_send->first==NULL && - data->query_list_receive->first==NULL) - disconnect(data); -} - -/** fill a buffer with random data */ -static void fill_rand(struct ub_randstate* rnd, uint8_t* buf, size_t len) -{ - if(RAND_bytes(buf, len) != 1) { - size_t i; - for(i=0; istatic_secret_data = malloc(len); - if(!data->static_secret_data) - fatal_exit("malloc failed: out of memory"); - data->static_secret_size = len; - fill_rand(data->rnd, data->static_secret_data, len); -} - -/** fill cid structure with random data */ -static void cid_randfill(struct ngtcp2_cid* cid, size_t datalen, - struct ub_randstate* rnd) -{ - uint8_t buf[32]; - if(datalen > sizeof(buf)) - datalen = sizeof(buf); - fill_rand(rnd, buf, datalen); - ngtcp2_cid_init(cid, buf, datalen); -} - -/** send buf on the client stream */ -static int -client_bidi_stream(struct doq_client_data* data, int64_t* ret_stream_id, - void* stream_user_data) -{ - int64_t stream_id; - int rv; - - /* open new bidirectional stream */ - rv = ngtcp2_conn_open_bidi_stream(data->conn, &stream_id, - stream_user_data); - if(rv != 0) { - if(rv == NGTCP2_ERR_STREAM_ID_BLOCKED) { - /* no bidi stream count for this new stream */ - return 0; - } - fatal_exit("could not ngtcp2_conn_open_bidi_stream: %s", - ngtcp2_strerror(rv)); - } - *ret_stream_id = stream_id; - return 1; -} - -/** See if we can start query streams, by creating bidirectional streams - * on the QUIC transport for them. */ -static void -query_streams_start(struct doq_client_data* data) -{ - while(data->query_list_start->first) { - struct doq_client_stream* str = data->query_list_start->first; - int64_t stream_id = 0; - if(!client_bidi_stream(data, &stream_id, str)) { - /* no more bidi streams allowed */ - break; - } - if(verbosity > 0) { - char* logs = client_stream_string(str); - verbose(1, "query %s start on bidi stream id %lld", - logs, (long long int)stream_id); - free(logs); - } - /* setup the stream to start */ - client_stream_start_setup(str, stream_id); - /* move the query entry to the send list to write it */ - stream_list_move(str, data->query_list_start, - data->query_list_send); - } -} - -/** the rand callback routine from ngtcp2 */ -static void rand_cb(uint8_t* dest, size_t destlen, - const ngtcp2_rand_ctx* rand_ctx) -{ - struct ub_randstate* rnd = (struct ub_randstate*) - rand_ctx->native_handle; - fill_rand(rnd, dest, destlen); -} - -/** the get_new_connection_id callback routine from ngtcp2 */ -static int get_new_connection_id_cb(struct ngtcp2_conn* ATTR_UNUSED(conn), - struct ngtcp2_cid* cid, uint8_t* token, size_t cidlen, void* user_data) -{ - struct doq_client_data* data = (struct doq_client_data*)user_data; - cid_randfill(cid, cidlen, data->rnd); - if(ngtcp2_crypto_generate_stateless_reset_token(token, - data->static_secret_data, data->static_secret_size, cid) != 0) - return NGTCP2_ERR_CALLBACK_FAILURE; - return 0; -} - -/** handle that early data is rejected */ -static void -early_data_is_rejected(struct doq_client_data* data) -{ - int rv; - verbose(1, "early data was rejected by the server"); -#ifdef HAVE_NGTCP2_CONN_TLS_EARLY_DATA_REJECTED - rv = ngtcp2_conn_tls_early_data_rejected(data->conn); -#else - rv = ngtcp2_conn_early_data_rejected(data->conn); -#endif - if(rv != 0) { - log_err("ngtcp2_conn_early_data_rejected failed: %s", - ngtcp2_strerror(rv)); - return; - } - /* move the streams back to the start state */ - while(data->query_list_send->first) { - struct doq_client_stream* str = data->query_list_send->first; - /* move it back to the start list */ - stream_list_move(str, data->query_list_send, - data->query_list_start); - str->has_stream = 0; - /* remove stream id */ - str->stream_id = 0; - /* initialise other members, in case they are altered, - * but unlikely, because early streams are rejected. */ - str->nwrite = 0; - str->nread = 0; - str->answer_len = 0; - str->query_is_done = 0; - str->answer_is_complete = 0; - str->query_has_error = 0; - if(str->answer) { - sldns_buffer_free(str->answer); - str->answer = NULL; - } - } -} - -/** the handshake completed callback from ngtcp2 */ -static int -handshake_completed(ngtcp2_conn* ATTR_UNUSED(conn), void* user_data) -{ - struct doq_client_data* data = (struct doq_client_data*)user_data; - verbose(1, "handshake_completed callback"); - verbose(1, "ngtcp2_conn_get_max_data_left is %d", - (int)ngtcp2_conn_get_max_data_left(data->conn)); -#ifdef HAVE_NGTCP2_CONN_GET_MAX_LOCAL_STREAMS_UNI - verbose(1, "ngtcp2_conn_get_max_local_streams_uni is %d", - (int)ngtcp2_conn_get_max_local_streams_uni(data->conn)); -#endif - verbose(1, "ngtcp2_conn_get_streams_uni_left is %d", - (int)ngtcp2_conn_get_streams_uni_left(data->conn)); - verbose(1, "ngtcp2_conn_get_streams_bidi_left is %d", - (int)ngtcp2_conn_get_streams_bidi_left(data->conn)); - verbose(1, "negotiated cipher name is %s", - SSL_get_cipher_name(data->ssl)); - if(verbosity > 0) { - const unsigned char* alpn = NULL; - unsigned int alpnlen = 0; - char alpnstr[128]; - SSL_get0_alpn_selected(data->ssl, &alpn, &alpnlen); - if(alpnlen > sizeof(alpnstr)-1) - alpnlen = sizeof(alpnstr)-1; - memmove(alpnstr, alpn, alpnlen); - alpnstr[alpnlen]=0; - verbose(1, "negotiated ALPN is '%s'", alpnstr); - } - /* The SSL_get_early_data_status call works after the handshake - * completes. */ - if(data->early_data_enabled) { - if(SSL_get_early_data_status(data->ssl) != - SSL_EARLY_DATA_ACCEPTED) { - early_data_is_rejected(data); - } else { - verbose(1, "early data was accepted by the server"); - } - } -#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT - if(data->transport_file) { - early_data_write_transport(data); - } -#endif - return 0; -} - -/** the extend_max_local_streams_bidi callback from ngtcp2 */ -static int -extend_max_local_streams_bidi(ngtcp2_conn* ATTR_UNUSED(conn), - uint64_t max_streams, void* user_data) -{ - struct doq_client_data* data = (struct doq_client_data*)user_data; - verbose(1, "extend_max_local_streams_bidi callback, %d max_streams", - (int)max_streams); - verbose(1, "ngtcp2_conn_get_max_data_left is %d", - (int)ngtcp2_conn_get_max_data_left(data->conn)); -#ifdef HAVE_NGTCP2_CONN_GET_MAX_LOCAL_STREAMS_UNI - verbose(1, "ngtcp2_conn_get_max_local_streams_uni is %d", - (int)ngtcp2_conn_get_max_local_streams_uni(data->conn)); -#endif - verbose(1, "ngtcp2_conn_get_streams_uni_left is %d", - (int)ngtcp2_conn_get_streams_uni_left(data->conn)); - verbose(1, "ngtcp2_conn_get_streams_bidi_left is %d", - (int)ngtcp2_conn_get_streams_bidi_left(data->conn)); - query_streams_start(data); - return 0; -} - -/** the recv_stream_data callback from ngtcp2 */ -static int -recv_stream_data(ngtcp2_conn* ATTR_UNUSED(conn), uint32_t flags, - int64_t stream_id, uint64_t offset, const uint8_t* data, - size_t datalen, void* user_data, void* stream_user_data) -{ - struct doq_client_data* doqdata = (struct doq_client_data*)user_data; - struct doq_client_stream* str = (struct doq_client_stream*) - stream_user_data; - verbose(1, "recv_stream_data stream %d offset %d datalen %d%s%s", - (int)stream_id, (int)offset, (int)datalen, - ((flags&NGTCP2_STREAM_DATA_FLAG_FIN)!=0?" FIN":""), -#ifdef NGTCP2_STREAM_DATA_FLAG_0RTT - ((flags&NGTCP2_STREAM_DATA_FLAG_0RTT)!=0?" 0RTT":"") -#else - ((flags&NGTCP2_STREAM_DATA_FLAG_EARLY)!=0?" EARLY":"") -#endif - ); - if(verbosity > 0) - log_hex("data", (void*)data, datalen); - if(verbosity > 0) { - char* logs = client_stream_string(str); - verbose(1, "the stream_user_data is %s stream id %d, nread %d", - logs, (int)str->stream_id, (int)str->nread); - free(logs); - } - - /* append the data, if there is data */ - if(datalen > 0) { - client_stream_recv_data(str, data, datalen); - } - if((flags&NGTCP2_STREAM_DATA_FLAG_FIN)!=0) { - client_stream_recv_fin(doqdata, str, 1); - } - ngtcp2_conn_extend_max_stream_offset(doqdata->conn, stream_id, datalen); - ngtcp2_conn_extend_max_offset(doqdata->conn, datalen); - return 0; -} - -/** the stream reset callback from ngtcp2 */ -static int -stream_reset(ngtcp2_conn* ATTR_UNUSED(conn), int64_t stream_id, - uint64_t final_size, uint64_t app_error_code, void* user_data, - void* stream_user_data) -{ - struct doq_client_data* doqdata = (struct doq_client_data*)user_data; - struct doq_client_stream* str = (struct doq_client_stream*) - stream_user_data; - verbose(1, "stream reset for stream %d final size %d app error code %d", - (int)stream_id, (int)final_size, (int)app_error_code); - client_stream_recv_fin(doqdata, str, 0); - return 0; -} - -/** copy sockaddr into ngtcp2 addr */ -static void -copy_ngaddr(struct ngtcp2_addr* ngaddr, struct sockaddr_storage* addr, - socklen_t addrlen) -{ - if(addr_is_ip6(addr, addrlen)) { -#if defined(NGTCP2_USE_GENERIC_SOCKADDR) || defined(NGTCP2_USE_GENERIC_IPV6_SOCKADDR) - struct sockaddr_in* i6 = (struct sockaddr_in6*)addr; - struct ngtcp2_sockaddr_in6 a6; - ngaddr->addr = calloc(1, sizeof(a6)); - if(!ngaddr->addr) fatal_exit("calloc failed: out of memory"); - ngaddr->addrlen = sizeof(a6); - memset(&a6, 0, sizeof(a6)); - a6.sin6_family = i6->sin6_family; - a6.sin6_port = i6->sin6_port; - a6.sin6_flowinfo = i6->sin6_flowinfo; - memmove(&a6.sin6_addr, i6->sin6_addr, sizeof(a6.sin6_addr); - a6.sin6_scope_id = i6->sin6_scope_id; - memmove(ngaddr->addr, &a6, sizeof(a6)); -#else - ngaddr->addr = (ngtcp2_sockaddr*)addr; - ngaddr->addrlen = addrlen; -#endif - } else { -#ifdef NGTCP2_USE_GENERIC_SOCKADDR - struct sockaddr_in* i4 = (struct sockaddr_in*)addr; - struct ngtcp2_sockaddr_in a4; - ngaddr->addr = calloc(1, sizeof(a4)); - if(!ngaddr->addr) fatal_exit("calloc failed: out of memory"); - ngaddr->addrlen = sizeof(a4); - memset(&a4, 0, sizeof(a4)); - a4.sin_family = i4->sin_family; - a4.sin_port = i4->sin_port; - memmove(&a4.sin_addr, i4->sin_addr, sizeof(a4.sin_addr); - memmove(ngaddr->addr, &a4, sizeof(a4)); -#else - ngaddr->addr = (ngtcp2_sockaddr*)addr; - ngaddr->addrlen = addrlen; -#endif - } -} - -/** debug log printf for ngtcp2 connections */ -static void log_printf_for_doq(void* ATTR_UNUSED(user_data), - const char* fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - fprintf(stderr, "libngtcp2: "); - vfprintf(stderr, fmt, ap); - va_end(ap); - fprintf(stderr, "\n"); -} - -/** get a timestamp in nanoseconds */ -static ngtcp2_tstamp get_timestamp_nanosec(void) -{ -#ifdef CLOCK_REALTIME - struct timespec tp; - memset(&tp, 0, sizeof(tp)); -#ifdef CLOCK_MONOTONIC - if(clock_gettime(CLOCK_MONOTONIC, &tp) == -1) { -#endif - if(clock_gettime(CLOCK_REALTIME, &tp) == -1) { - log_err("clock_gettime failed: %s", strerror(errno)); - } -#ifdef CLOCK_MONOTONIC - } -#endif - return ((uint64_t)tp.tv_sec)*((uint64_t)1000000000) + - ((uint64_t)tp.tv_nsec); -#else - struct timeval tv; - if(gettimeofday(&tv, NULL) < 0) { - log_err("gettimeofday failed: %s", strerror(errno)); - } - return ((uint64_t)tv.tv_sec)*((uint64_t)1000000000) + - ((uint64_t)tv.tv_usec)*((uint64_t)1000); -#endif /* CLOCK_REALTIME */ -} - -/** create ngtcp2 client connection and set up. */ -static struct ngtcp2_conn* conn_client_setup(struct doq_client_data* data) -{ - struct ngtcp2_conn* conn = NULL; - int rv; - struct ngtcp2_cid dcid, scid; - struct ngtcp2_path path; - uint32_t client_chosen_version = NGTCP2_PROTO_VER_V1; - struct ngtcp2_callbacks cbs; - struct ngtcp2_settings settings; - struct ngtcp2_transport_params params; - - memset(&cbs, 0, sizeof(cbs)); - memset(&settings, 0, sizeof(settings)); - memset(¶ms, 0, sizeof(params)); - memset(&dcid, 0, sizeof(dcid)); - memset(&scid, 0, sizeof(scid)); - memset(&path, 0, sizeof(path)); - - data->quic_version = client_chosen_version; - ngtcp2_settings_default(&settings); - if(str_is_ip6(data->svr)) { -#ifdef HAVE_STRUCT_NGTCP2_SETTINGS_MAX_TX_UDP_PAYLOAD_SIZE - settings.max_tx_udp_payload_size = 1232; -#else - settings.max_udp_payload_size = 1232; -#endif - } - settings.rand_ctx.native_handle = data->rnd; - if(verbosity > 0) { - /* make debug logs */ - settings.log_printf = log_printf_for_doq; - } - settings.initial_ts = get_timestamp_nanosec(); - ngtcp2_transport_params_default(¶ms); - params.initial_max_stream_data_bidi_local = 256*1024; - params.initial_max_stream_data_bidi_remote = 256*1024; - params.initial_max_stream_data_uni = 256*1024; - params.initial_max_data = 1024*1024; - params.initial_max_streams_bidi = 0; - params.initial_max_streams_uni = 100; - params.max_idle_timeout = 30*NGTCP2_SECONDS; - params.active_connection_id_limit = 7; - cid_randfill(&dcid, 16, data->rnd); - cid_randfill(&scid, 16, data->rnd); - cbs.client_initial = ngtcp2_crypto_client_initial_cb; - cbs.recv_crypto_data = ngtcp2_crypto_recv_crypto_data_cb; - cbs.encrypt = ngtcp2_crypto_encrypt_cb; - cbs.decrypt = ngtcp2_crypto_decrypt_cb; - cbs.hp_mask = ngtcp2_crypto_hp_mask_cb; - cbs.recv_retry = ngtcp2_crypto_recv_retry_cb; - cbs.update_key = ngtcp2_crypto_update_key_cb; - cbs.delete_crypto_aead_ctx = ngtcp2_crypto_delete_crypto_aead_ctx_cb; - cbs.delete_crypto_cipher_ctx = - ngtcp2_crypto_delete_crypto_cipher_ctx_cb; - cbs.get_path_challenge_data = ngtcp2_crypto_get_path_challenge_data_cb; - cbs.version_negotiation = ngtcp2_crypto_version_negotiation_cb; - cbs.get_new_connection_id = get_new_connection_id_cb; - cbs.handshake_completed = handshake_completed; - cbs.extend_max_local_streams_bidi = extend_max_local_streams_bidi; - cbs.rand = rand_cb; - cbs.recv_stream_data = recv_stream_data; - cbs.stream_reset = stream_reset; - copy_ngaddr(&path.local, &data->local_addr, data->local_addr_len); - copy_ngaddr(&path.remote, &data->dest_addr, data->dest_addr_len); - - rv = ngtcp2_conn_client_new(&conn, &dcid, &scid, &path, - client_chosen_version, &cbs, &settings, ¶ms, - NULL, /* ngtcp2_mem allocator, use default */ - data /* callback argument */); - if(!conn) fatal_exit("could not ngtcp2_conn_client_new: %s", - ngtcp2_strerror(rv)); - data->cc_algo = settings.cc_algo; - return conn; -} - -#ifndef HAVE_NGTCP2_CONN_ENCODE_0RTT_TRANSPORT_PARAMS -/** write the transport file */ -static void -transport_file_write(const char* file, struct ngtcp2_transport_params* params) -{ - FILE* out; - out = fopen(file, "w"); - if(!out) { - perror(file); - return; - } - fprintf(out, "initial_max_streams_bidi=%u\n", - (unsigned)params->initial_max_streams_bidi); - fprintf(out, "initial_max_streams_uni=%u\n", - (unsigned)params->initial_max_streams_uni); - fprintf(out, "initial_max_stream_data_bidi_local=%u\n", - (unsigned)params->initial_max_stream_data_bidi_local); - fprintf(out, "initial_max_stream_data_bidi_remote=%u\n", - (unsigned)params->initial_max_stream_data_bidi_remote); - fprintf(out, "initial_max_stream_data_uni=%u\n", - (unsigned)params->initial_max_stream_data_uni); - fprintf(out, "initial_max_data=%u\n", - (unsigned)params->initial_max_data); - fprintf(out, "active_connection_id_limit=%u\n", - (unsigned)params->active_connection_id_limit); - fprintf(out, "max_datagram_frame_size=%u\n", - (unsigned)params->max_datagram_frame_size); - if(ferror(out)) { - verbose(1, "There was an error writing %s: %s", - file, strerror(errno)); - fclose(out); - return; - } - fclose(out); -} -#endif /* HAVE_NGTCP2_CONN_ENCODE_0RTT_TRANSPORT_PARAMS */ - -/** fetch and write the transport file */ -static void -early_data_write_transport(struct doq_client_data* data) -{ -#ifdef HAVE_NGTCP2_CONN_ENCODE_0RTT_TRANSPORT_PARAMS - FILE* out; - uint8_t buf[1024]; - ngtcp2_ssize len = ngtcp2_conn_encode_0rtt_transport_params(data->conn, - buf, sizeof(buf)); - if(len < 0) { - log_err("ngtcp2_conn_encode_0rtt_transport_params failed: %s", - ngtcp2_strerror(len)); - return; - } - out = fopen(data->transport_file, "w"); - if(!out) { - perror(data->transport_file); - return; - } - if(fwrite(buf, 1, len, out) != (size_t)len) { - log_err("fwrite %s failed: %s", data->transport_file, - strerror(errno)); - } - if(ferror(out)) { - verbose(1, "There was an error writing %s: %s", - data->transport_file, strerror(errno)); - } - fclose(out); -#else - struct ngtcp2_transport_params params; - memset(¶ms, 0, sizeof(params)); - ngtcp2_conn_get_remote_transport_params(data->conn, ¶ms); - transport_file_write(data->transport_file, ¶ms); -#endif -} - -#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT -/** applicatation rx key callback, this is where the rx key is set, - * and streams can be opened, like http3 unidirectional streams, like - * the http3 control and http3 qpack encode and decoder streams. */ -static int -application_rx_key_cb(struct doq_client_data* data) -{ - verbose(1, "application_rx_key_cb callback"); - verbose(1, "ngtcp2_conn_get_max_data_left is %d", - (int)ngtcp2_conn_get_max_data_left(data->conn)); -#ifdef HAVE_NGTCP2_CONN_GET_MAX_LOCAL_STREAMS_UNI - verbose(1, "ngtcp2_conn_get_max_local_streams_uni is %d", - (int)ngtcp2_conn_get_max_local_streams_uni(data->conn)); -#endif - verbose(1, "ngtcp2_conn_get_streams_uni_left is %d", - (int)ngtcp2_conn_get_streams_uni_left(data->conn)); - verbose(1, "ngtcp2_conn_get_streams_bidi_left is %d", - (int)ngtcp2_conn_get_streams_bidi_left(data->conn)); - if(data->transport_file) { - early_data_write_transport(data); - } - return 1; -} - -/** quic_method set_encryption_secrets function */ -static int -set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level, - const uint8_t *read_secret, const uint8_t *write_secret, - size_t secret_len) -{ - struct doq_client_data* data = get_app_data(ssl); -#ifdef HAVE_NGTCP2_ENCRYPTION_LEVEL - ngtcp2_encryption_level -#else - ngtcp2_crypto_level -#endif - level = -#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL - ngtcp2_crypto_quictls_from_ossl_encryption_level(ossl_level); -#else - ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level); -#endif - - if(read_secret) { - if(ngtcp2_crypto_derive_and_install_rx_key(data->conn, NULL, - NULL, NULL, level, read_secret, secret_len) != 0) { - log_err("ngtcp2_crypto_derive_and_install_rx_key failed"); - return 0; - } - if(level == NGTCP2_CRYPTO_LEVEL_APPLICATION) { - if(!application_rx_key_cb(data)) - return 0; - } - } - - if(write_secret) { - if(ngtcp2_crypto_derive_and_install_tx_key(data->conn, NULL, - NULL, NULL, level, write_secret, secret_len) != 0) { - log_err("ngtcp2_crypto_derive_and_install_tx_key failed"); - return 0; - } - } - return 1; -} - -/** quic_method add_handshake_data function */ -static int -add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level, - const uint8_t *data, size_t len) -{ - struct doq_client_data* doqdata = get_app_data(ssl); -#ifdef HAVE_NGTCP2_ENCRYPTION_LEVEL - ngtcp2_encryption_level -#else - ngtcp2_crypto_level -#endif - level = -#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL - ngtcp2_crypto_quictls_from_ossl_encryption_level(ossl_level); -#else - ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level); -#endif - int rv; - - rv = ngtcp2_conn_submit_crypto_data(doqdata->conn, level, data, len); - if(rv != 0) { - log_err("ngtcp2_conn_submit_crypto_data failed: %s", - ngtcp2_strerror(rv)); - ngtcp2_conn_set_tls_error(doqdata->conn, rv); - return 0; - } - return 1; -} - -/** quic_method flush_flight function */ -static int -flush_flight(SSL* ATTR_UNUSED(ssl)) -{ - return 1; -} - -/** quic_method send_alert function */ -static int -send_alert(SSL *ssl, enum ssl_encryption_level_t ATTR_UNUSED(level), - uint8_t alert) -{ - struct doq_client_data* data = get_app_data(ssl); - data->tls_alert = alert; - return 1; -} -#endif /* HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT */ - -/** new session callback. We can write it to file for resumption later. */ -static int -new_session_cb(SSL* ssl, SSL_SESSION* session) -{ - struct doq_client_data* data = get_app_data(ssl); - BIO *f; - log_assert(data->session_file); - verbose(1, "new session cb: the ssl session max_early_data_size is %u", - (unsigned)SSL_SESSION_get_max_early_data(session)); - f = BIO_new_file(data->session_file, "w"); - if(!f) { - log_err("Could not open %s: %s", data->session_file, - strerror(errno)); - return 0; - } - PEM_write_bio_SSL_SESSION(f, session); - BIO_free(f); - verbose(1, "written tls session to %s", data->session_file); - return 0; -} - -/** setup the TLS context */ -static SSL_CTX* -ctx_client_setup(void) -{ - SSL_CTX* ctx = SSL_CTX_new(TLS_client_method()); - if(!ctx) { - log_crypto_err("Could not SSL_CTX_new"); - exit(1); - } - SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION); - SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); - SSL_CTX_set_default_verify_paths(ctx); -#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT - if(ngtcp2_crypto_quictls_configure_client_context(ctx) != 0) { - log_err("ngtcp2_crypto_quictls_configure_client_context failed"); - exit(1); - } -#else - memset(&quic_method, 0, sizeof(quic_method)); - quic_method.set_encryption_secrets = &set_encryption_secrets; - quic_method.add_handshake_data = &add_handshake_data; - quic_method.flush_flight = &flush_flight; - quic_method.send_alert = &send_alert; - SSL_CTX_set_quic_method(ctx, &quic_method); -#endif - return ctx; -} - - -/* setup the TLS object */ -static SSL* -ssl_client_setup(struct doq_client_data* data) -{ - SSL* ssl = SSL_new(data->ctx); - if(!ssl) { - log_crypto_err("Could not SSL_new"); - exit(1); - } - set_app_data(ssl, data); - SSL_set_connect_state(ssl); - if(!SSL_set_fd(ssl, data->fd)) { - log_crypto_err("Could not SSL_set_fd"); - exit(1); - } - if((data->quic_version & 0xff000000) == 0xff000000) { - SSL_set_quic_use_legacy_codepoint(ssl, 1); - } else { - SSL_set_quic_use_legacy_codepoint(ssl, 0); - } - SSL_set_alpn_protos(ssl, (const unsigned char *)"\x03""doq", 4); - /* send the SNI host name */ - SSL_set_tlsext_host_name(ssl, "localhost"); - return ssl; -} - -/** get packet ecn information */ -static uint32_t -msghdr_get_ecn(struct msghdr* msg, int family) -{ -#ifndef S_SPLINT_S - struct cmsghdr* cmsg; - if(family == AF_INET6) { - for(cmsg = CMSG_FIRSTHDR(msg); cmsg != NULL; - cmsg = CMSG_NXTHDR(msg, cmsg)) { - if(cmsg->cmsg_level == IPPROTO_IPV6 && - cmsg->cmsg_type == IPV6_TCLASS && - cmsg->cmsg_len != 0) { - uint8_t* ecn = (uint8_t*)CMSG_DATA(cmsg); - return *ecn; - } - } - return 0; - } - for(cmsg = CMSG_FIRSTHDR(msg); cmsg != NULL; - cmsg = CMSG_NXTHDR(msg, cmsg)) { - if(cmsg->cmsg_level == IPPROTO_IP && - cmsg->cmsg_type == IP_TOS && - cmsg->cmsg_len != 0) { - uint8_t* ecn = (uint8_t*)CMSG_DATA(cmsg); - return *ecn; - } - } - return 0; -#endif /* S_SPLINT_S */ -} - -/** set the ecn on the transmission */ -static void -set_ecn(int fd, int family, uint32_t ecn) -{ - unsigned int val = ecn; - if(family == AF_INET6) { - if(setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &val, - (socklen_t)sizeof(val)) == -1) { - log_err("setsockopt(.. IPV6_TCLASS ..): %s", - strerror(errno)); - } - return; - } - if(setsockopt(fd, IPPROTO_IP, IP_TOS, &val, - (socklen_t)sizeof(val)) == -1) { - log_err("setsockopt(.. IP_TOS ..): %s", - strerror(errno)); - } -} - -/** send a packet */ -static int -doq_client_send_pkt(struct doq_client_data* data, uint32_t ecn, uint8_t* buf, - size_t buf_len, int is_blocked_pkt, int* send_is_blocked) -{ - struct msghdr msg; - struct iovec iov[1]; - ssize_t ret; - iov[0].iov_base = buf; - iov[0].iov_len = buf_len; - memset(&msg, 0, sizeof(msg)); - msg.msg_name = (void*)&data->dest_addr; - msg.msg_namelen = data->dest_addr_len; - msg.msg_iov = iov; - msg.msg_iovlen = 1; - set_ecn(data->fd, data->dest_addr.ss_family, ecn); - - for(;;) { - ret = sendmsg(data->fd, &msg, MSG_DONTWAIT); - if(ret == -1 && errno == EINTR) - continue; - break; - } - if(ret == -1) { - if(errno == EAGAIN) { - if(buf_len > - sldns_buffer_capacity(data->blocked_pkt)) - return 0; /* Cannot store it, but the buffers - are equal length and large enough, so this - should not happen. */ - data->have_blocked_pkt = 1; - if(send_is_blocked) - *send_is_blocked = 1; - /* If we already send the previously blocked packet, - * no need to copy it, otherwise store the packet for - * later. */ - if(!is_blocked_pkt) { - data->blocked_pkt_pi.ecn = ecn; - sldns_buffer_clear(data->blocked_pkt); - sldns_buffer_write(data->blocked_pkt, buf, - buf_len); - sldns_buffer_flip(data->blocked_pkt); - } - return 0; - } - log_err("doq sendmsg: %s", strerror(errno)); -#ifdef HAVE_NGTCP2_CCERR_DEFAULT - ngtcp2_ccerr_set_application_error(&data->ccerr, -1, NULL, 0); -#else - ngtcp2_connection_close_error_set_application_error(&data->last_error, -1, NULL, 0); -#endif - return 0; - } - return 1; -} - -/** change event write on fd to when we have data or when congested */ -static void -event_change_write(struct doq_client_data* data, int do_write) -{ - ub_event_del(data->ev); - if(do_write) { - ub_event_add_bits(data->ev, UB_EV_WRITE); - } else { - ub_event_del_bits(data->ev, UB_EV_WRITE); - } - if(ub_event_add(data->ev, NULL) != 0) { - fatal_exit("could not ub_event_add"); - } -} - -/** write the connection close, with possible error */ -static void -write_conn_close(struct doq_client_data* data) -{ - struct ngtcp2_path_storage ps; - struct ngtcp2_pkt_info pi; - ngtcp2_ssize ret; - if(!data->conn || -#ifdef HAVE_NGTCP2_CONN_IN_CLOSING_PERIOD - ngtcp2_conn_in_closing_period(data->conn) || -#else - ngtcp2_conn_is_in_closing_period(data->conn) || -#endif -#ifdef HAVE_NGTCP2_CONN_IN_DRAINING_PERIOD - ngtcp2_conn_in_draining_period(data->conn) -#else - ngtcp2_conn_is_in_draining_period(data->conn) -#endif - ) - return; - /* Drop blocked packet if there is one, the connection is being - * closed. And thus no further data traffic. */ - data->have_blocked_pkt = 0; - if( -#ifdef HAVE_NGTCP2_CCERR_DEFAULT - data->ccerr.type == NGTCP2_CCERR_TYPE_IDLE_CLOSE -#else - data->last_error.type == - NGTCP2_CONNECTION_CLOSE_ERROR_CODE_TYPE_TRANSPORT_IDLE_CLOSE -#endif - ) { - /* do not call ngtcp2_conn_write_connection_close on the - * connection because the ngtcp2_conn_handle_expiry call - * has returned NGTCP2_ERR_IDLE_CLOSE. But continue to close - * the connection. */ - return; - } - verbose(1, "write connection close"); - ngtcp2_path_storage_zero(&ps); - sldns_buffer_clear(data->pkt_buf); - ret = ngtcp2_conn_write_connection_close( - data->conn, &ps.path, &pi, sldns_buffer_begin(data->pkt_buf), - sldns_buffer_remaining(data->pkt_buf), -#ifdef HAVE_NGTCP2_CCERR_DEFAULT - &data->ccerr -#else - &data->last_error -#endif - , get_timestamp_nanosec()); - if(ret < 0) { - log_err("ngtcp2_conn_write_connection_close failed: %s", - ngtcp2_strerror(ret)); - return; - } - verbose(1, "write connection close packet length %d", (int)ret); - if(ret == 0) - return; - doq_client_send_pkt(data, pi.ecn, sldns_buffer_begin(data->pkt_buf), - ret, 0, NULL); -} - -/** disconnect we are done */ -static void -disconnect(struct doq_client_data* data) -{ - verbose(1, "disconnect"); - write_conn_close(data); - ub_event_base_loopexit(data->base); -} - -/** the expire timer callback */ -void doq_client_timer_cb(int ATTR_UNUSED(fd), - short ATTR_UNUSED(bits), void* arg) -{ - struct doq_client_data* data = (struct doq_client_data*)arg; - ngtcp2_tstamp now = get_timestamp_nanosec(); - int rv; - - verbose(1, "doq expire_timer"); - data->expire_timer_added = 0; - rv = ngtcp2_conn_handle_expiry(data->conn, now); - if(rv != 0) { - log_err("ngtcp2_conn_handle_expiry failed: %s", - ngtcp2_strerror(rv)); -#ifdef HAVE_NGTCP2_CCERR_DEFAULT - ngtcp2_ccerr_set_liberr(&data->ccerr, rv, NULL, 0); -#else - ngtcp2_connection_close_error_set_transport_error_liberr( - &data->last_error, rv, NULL, 0); -#endif - disconnect(data); - return; - } - update_timer(data); - on_write(data); -} - -/** update the timers */ -static void -update_timer(struct doq_client_data* data) -{ - ngtcp2_tstamp expiry = ngtcp2_conn_get_expiry(data->conn); - ngtcp2_tstamp now = get_timestamp_nanosec(); - ngtcp2_tstamp t; - struct timeval tv; - - if(expiry <= now) { - /* the timer has already expired, add with zero timeout */ - t = 0; - } else { - t = expiry - now; - } - - /* set the timer */ - if(data->expire_timer_added) { - ub_timer_del(data->expire_timer); - data->expire_timer_added = 0; - } - memset(&tv, 0, sizeof(tv)); - tv.tv_sec = t / NGTCP2_SECONDS; - tv.tv_usec = (t / NGTCP2_MICROSECONDS)%1000000; - verbose(1, "update_timer in %d.%6.6d secs", (int)tv.tv_sec, - (int)tv.tv_usec); - if(ub_timer_add(data->expire_timer, data->base, - &doq_client_timer_cb, data, &tv) != 0) { - log_err("timer_add failed: could not add expire timer"); - return; - } - data->expire_timer_added = 1; -} - -/** perform read operations on fd */ -static void -on_read(struct doq_client_data* data) -{ - struct sockaddr_storage addr; - struct iovec iov[1]; - struct msghdr msg; - union { - struct cmsghdr hdr; - char buf[256]; - } ancil; - int i; - ssize_t rcv; - ngtcp2_pkt_info pi; - int rv; - struct ngtcp2_path path; - - for(i=0; i<10; i++) { - msg.msg_name = &addr; - msg.msg_namelen = (socklen_t)sizeof(addr); - iov[0].iov_base = sldns_buffer_begin(data->pkt_buf); - iov[0].iov_len = sldns_buffer_remaining(data->pkt_buf); - msg.msg_iov = iov; - msg.msg_iovlen = 1; - msg.msg_control = ancil.buf; -#ifndef S_SPLINT_S - msg.msg_controllen = sizeof(ancil.buf); -#endif /* S_SPLINT_S */ - msg.msg_flags = 0; - - rcv = recvmsg(data->fd, &msg, MSG_DONTWAIT); - if(rcv == -1) { - if(errno == EINTR || errno == EAGAIN) - break; - log_err_addr("doq recvmsg", strerror(errno), - &data->dest_addr, sizeof(data->dest_addr_len)); - break; - } - - pi.ecn = msghdr_get_ecn(&msg, addr.ss_family); - verbose(1, "recvmsg %d ecn=0x%x", (int)rcv, (int)pi.ecn); - - memset(&path, 0, sizeof(path)); - path.local.addr = (void*)&data->local_addr; - path.local.addrlen = data->local_addr_len; - path.remote.addr = (void*)msg.msg_name; - path.remote.addrlen = msg.msg_namelen; - rv = ngtcp2_conn_read_pkt(data->conn, &path, &pi, - iov[0].iov_base, rcv, get_timestamp_nanosec()); - if(rv != 0) { - log_err("ngtcp2_conn_read_pkt failed: %s", - ngtcp2_strerror(rv)); - if( -#ifdef HAVE_NGTCP2_CCERR_DEFAULT - data->ccerr.error_code == 0 -#else - data->last_error.error_code == 0 -#endif - ) { - if(rv == NGTCP2_ERR_CRYPTO) { - /* in picotls the tls alert may need - * to be copied, but this is with - * openssl. And we have the value - * data.tls_alert. */ -#ifdef HAVE_NGTCP2_CCERR_DEFAULT - ngtcp2_ccerr_set_tls_alert( - &data->ccerr, data->tls_alert, - NULL, 0); -#else - ngtcp2_connection_close_error_set_transport_error_tls_alert( - &data->last_error, - data->tls_alert, NULL, 0); -#endif - } else { -#ifdef HAVE_NGTCP2_CCERR_DEFAULT - ngtcp2_ccerr_set_liberr(&data->ccerr, - rv, NULL, 0); -#else - ngtcp2_connection_close_error_set_transport_error_liberr( - &data->last_error, rv, NULL, - 0); -#endif - } - } - disconnect(data); - return; - } - } - - update_timer(data); -} - -/** the write of this query has completed, it has spooled to packets, - * set it to have the write done and move it to the list of receive streams. */ -static void -query_write_is_done(struct doq_client_data* data, - struct doq_client_stream* str) -{ - if(verbosity > 0) { - char* logs = client_stream_string(str); - verbose(1, "query %s write is done", logs); - free(logs); - } - str->write_is_done = 1; - stream_list_move(str, data->query_list_send, data->query_list_receive); -} - -/** write the data streams, if possible */ -static int -write_streams(struct doq_client_data* data) -{ - ngtcp2_path_storage ps; - ngtcp2_tstamp ts = get_timestamp_nanosec(); - struct doq_client_stream* str, *next; - uint32_t flags; - /* number of bytes that can be sent without packet pacing */ - size_t send_quantum = ngtcp2_conn_get_send_quantum(data->conn); - /* Overhead is the stream overhead of adding a header onto the data, - * this make sure the number of bytes to send in data bytes plus - * the overhead overshoots the target quantum by a smaller margin, - * and then it stops sending more bytes. With zero it would overshoot - * more, an accurate number would not overshoot. It is based on the - * stream frame header size. */ - size_t accumulated_send = 0, overhead_stream = 24, overhead_pkt = 60, - max_packet_size = 1200; - size_t num_packets = 0, max_packets = 65535; - ngtcp2_path_storage_zero(&ps); - str = data->query_list_send->first; - - if(data->cc_algo != NGTCP2_CC_ALGO_BBR -#ifdef NGTCP2_CC_ALGO_BBR_V2 - && data->cc_algo != NGTCP2_CC_ALGO_BBR_V2 -#endif -#ifdef NGTCP2_CC_ALGO_BBR2 - && data->cc_algo != NGTCP2_CC_ALGO_BBR2 -#endif - ) { - /* If we do not have a packet pacing congestion control - * algorithm, limit the number of packets. */ - max_packets = 10; - } - - /* loop like this, because at the start, the send list is empty, - * and we want to send handshake packets. But when there is a - * send_list, loop through that. */ - for(;;) { - int64_t stream_id; - ngtcp2_pkt_info pi; - ngtcp2_vec datav[2]; - size_t datav_count = 0; - int fin; - ngtcp2_ssize ret; - ngtcp2_ssize ndatalen = 0; - int send_is_blocked = 0; - - if(str) { - /* pick up next in case this one is deleted */ - next = str->next; - if(verbosity > 0) { - char* logs = client_stream_string(str); - verbose(1, "query %s write stream", logs); - free(logs); - } - stream_id = str->stream_id; - fin = 1; - if(str->nwrite < 2) { - str->data_tcplen = htons(str->data_len); - datav[0].base = ((uint8_t*)&str->data_tcplen)+str->nwrite; - datav[0].len = 2-str->nwrite; - datav[1].base = str->data; - datav[1].len = str->data_len; - datav_count = 2; - } else { - datav[0].base = str->data + (str->nwrite-2); - datav[0].len = str->data_len - (str->nwrite-2); - datav_count = 1; - } - } else { - next = NULL; - verbose(1, "write stream -1."); - stream_id = -1; - fin = 0; - datav[0].base = NULL; - datav[0].len = 0; - datav_count = 1; - } - - /* Does the first data entry fit into the send quantum? */ - /* Check if the data size sent, with a max of one full packet, - * with added stream header and packet header is allowed - * within the send quantum number of bytes. If not, it does - * not fit, and wait. */ - if(accumulated_send == 0 && ((datav_count == 1 && - (datav[0].len>max_packet_size?max_packet_size: - datav[0].len)+overhead_stream+overhead_pkt > - send_quantum) || - (datav_count == 2 && - (datav[0].len+datav[1].len>max_packet_size? - max_packet_size:datav[0].len+datav[1].len) - +overhead_stream+overhead_pkt > send_quantum))) { - /* congestion limited */ - ngtcp2_conn_update_pkt_tx_time(data->conn, ts); - event_change_write(data, 0); - /* update the timer to wait until it is possible to - * write again */ - update_timer(data); - return 0; - } - flags = 0; - if(str && str->next != NULL) { - /* Coalesce more data from more streams into this - * packet, if possible */ - /* There is more than one data entry in this send - * quantum, does the next one fit in the quantum? */ - size_t this_send, possible_next_send; - if(datav_count == 1) - this_send = datav[0].len; - else this_send = datav[0].len + datav[1].len; - if(this_send > max_packet_size) - this_send = max_packet_size; - if(str->next->nwrite < 2) - possible_next_send = (2-str->next->nwrite) + - str->next->data_len; - else possible_next_send = str->next->data_len - - (str->next->nwrite - 2); - if(possible_next_send > max_packet_size) - possible_next_send = max_packet_size; - /* Check if the data lengths that writev returned - * with stream headers added up so far, in - * accumulated_send, with added the data length - * of this send, with a max of one full packet, and - * the data length of the next possible send, with - * a max of one full packet, with a stream header for - * this_send and a stream header for the next possible - * send and a packet header, fit in the send quantum - * number of bytes. If so, ask to add more content - * to the packet with the more flag. */ - if(accumulated_send + this_send + possible_next_send - +2*overhead_stream+ overhead_pkt < send_quantum) - flags |= NGTCP2_WRITE_STREAM_FLAG_MORE; - } - if(fin) { - /* This is the final part of data for this stream */ - flags |= NGTCP2_WRITE_STREAM_FLAG_FIN; - } - sldns_buffer_clear(data->pkt_buf); - ret = ngtcp2_conn_writev_stream(data->conn, &ps.path, &pi, - sldns_buffer_begin(data->pkt_buf), - sldns_buffer_remaining(data->pkt_buf), &ndatalen, - flags, stream_id, datav, datav_count, ts); - if(ret < 0) { - if(ret == NGTCP2_ERR_WRITE_MORE) { - if(str) { - str->nwrite += ndatalen; - if(str->nwrite >= str->data_len+2) - query_write_is_done(data, str); - str = next; - accumulated_send += ndatalen + overhead_stream; - continue; - } - } - log_err("ngtcp2_conn_writev_stream failed: %s", - ngtcp2_strerror(ret)); -#ifdef HAVE_NGTCP2_CCERR_DEFAULT - ngtcp2_ccerr_set_liberr(&data->ccerr, ret, NULL, 0); -#else - ngtcp2_connection_close_error_set_transport_error_liberr( - &data->last_error, ret, NULL, 0); -#endif - disconnect(data); - return 0; - } - verbose(1, "writev_stream pkt size %d ndatawritten %d", - (int)ret, (int)ndatalen); - if(ndatalen >= 0 && str) { - /* add the new write offset */ - str->nwrite += ndatalen; - if(str->nwrite >= str->data_len+2) - query_write_is_done(data, str); - } - if(ret == 0) { - /* congestion limited */ - ngtcp2_conn_update_pkt_tx_time(data->conn, ts); - event_change_write(data, 0); - /* update the timer to wait until it is possible to - * write again */ - update_timer(data); - return 0; - } - if(!doq_client_send_pkt(data, pi.ecn, - sldns_buffer_begin(data->pkt_buf), ret, 0, - &send_is_blocked)) { - if(send_is_blocked) { - /* Blocked packet, wait until it is possible - * to write again and also set a timer. */ - event_change_write(data, 1); - update_timer(data); - return 0; - } - /* Packet could not be sent. Like lost and timeout. */ - ngtcp2_conn_update_pkt_tx_time(data->conn, ts); - event_change_write(data, 0); - update_timer(data); - return 0; - } - /* continue */ - if((size_t)ret >= send_quantum) - break; - send_quantum -= ret; - accumulated_send = 0; - str = next; - if(str == NULL) - break; - if(++num_packets == max_packets) - break; - } - ngtcp2_conn_update_pkt_tx_time(data->conn, ts); - event_change_write(data, 1); - return 1; -} - -/** send the blocked packet now that the stream is writable again. */ -static int -send_blocked_pkt(struct doq_client_data* data) -{ - ngtcp2_tstamp ts = get_timestamp_nanosec(); - int send_is_blocked = 0; - if(!doq_client_send_pkt(data, data->blocked_pkt_pi.ecn, - sldns_buffer_begin(data->pkt_buf), - sldns_buffer_limit(data->pkt_buf), 1, &send_is_blocked)) { - if(send_is_blocked) { - /* Send was blocked, again. Wait, again to retry. */ - event_change_write(data, 1); - /* make sure the timer is set while waiting */ - update_timer(data); - return 0; - } - /* The packed could not be sent. Like it was lost, timeout. */ - data->have_blocked_pkt = 0; - ngtcp2_conn_update_pkt_tx_time(data->conn, ts); - event_change_write(data, 0); - update_timer(data); - return 0; - } - /* The blocked packet has been sent, the holding buffer can be - * cleared. */ - data->have_blocked_pkt = 0; - ngtcp2_conn_update_pkt_tx_time(data->conn, ts); - return 1; -} - -/** perform write operations, if any, on fd */ -static void -on_write(struct doq_client_data* data) -{ - if(data->have_blocked_pkt) { - if(!send_blocked_pkt(data)) - return; - } - if( -#ifdef HAVE_NGTCP2_CONN_IN_CLOSING_PERIOD - ngtcp2_conn_in_closing_period(data->conn) -#else - ngtcp2_conn_is_in_closing_period(data->conn) -#endif - ) - return; - if(!write_streams(data)) - return; - update_timer(data); -} - -/** callback for main listening file descriptor */ -void -doq_client_event_cb(int ATTR_UNUSED(fd), short bits, void* arg) -{ - struct doq_client_data* data = (struct doq_client_data*)arg; - verbose(1, "doq_client_event_cb %s%s%s", - ((bits&UB_EV_READ)!=0?"EV_READ":""), - ((bits&(UB_EV_READ|UB_EV_WRITE))==(UB_EV_READ|UB_EV_WRITE)? - " ":""), - ((bits&UB_EV_WRITE)!=0?"EV_WRITE":"")); - if((bits&UB_EV_READ)) { - on_read(data); - } - /* Perform the write operation anyway. The read operation may - * have produced data, or there is content waiting and it is possible - * to write that. */ - on_write(data); -} - -/** read the TLS session from file */ -static int -early_data_setup_session(struct doq_client_data* data) -{ - SSL_SESSION* session; - BIO* f = BIO_new_file(data->session_file, "r"); - if(f == NULL) { - if(errno == ENOENT) { - verbose(1, "session file %s does not exist", - data->session_file); - return 0; - } - log_err("Could not read %s: %s", data->session_file, - strerror(errno)); - return 0; - } - session = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL); - if(session == NULL) { - log_crypto_err("Could not read session file with PEM_read_bio_SSL_SESSION"); - BIO_free(f); - return 0; - } - BIO_free(f); - if(!SSL_set_session(data->ssl, session)) { - log_crypto_err("Could not SSL_set_session"); - SSL_SESSION_free(session); - return 0; - } - if(SSL_SESSION_get_max_early_data(session) == 0) { - log_err("TLS session early data is 0"); - SSL_SESSION_free(session); - return 0; - } - SSL_set_quic_early_data_enabled(data->ssl, 1); - SSL_SESSION_free(session); - return 1; -} - -#ifndef HAVE_NGTCP2_CONN_ENCODE_0RTT_TRANSPORT_PARAMS -/** parse one line from the transport file */ -static int -transport_parse_line(struct ngtcp2_transport_params* params, char* line) -{ - if(strncmp(line, "initial_max_streams_bidi=", 25) == 0) { - params->initial_max_streams_bidi = atoi(line+25); - return 1; - } - if(strncmp(line, "initial_max_streams_uni=", 24) == 0) { - params->initial_max_streams_uni = atoi(line+24); - return 1; - } - if(strncmp(line, "initial_max_stream_data_bidi_local=", 35) == 0) { - params->initial_max_stream_data_bidi_local = atoi(line+35); - return 1; - } - if(strncmp(line, "initial_max_stream_data_bidi_remote=", 36) == 0) { - params->initial_max_stream_data_bidi_remote = atoi(line+36); - return 1; - } - if(strncmp(line, "initial_max_stream_data_uni=", 28) == 0) { - params->initial_max_stream_data_uni = atoi(line+28); - return 1; - } - if(strncmp(line, "initial_max_data=", 17) == 0) { - params->initial_max_data = atoi(line+17); - return 1; - } - if(strncmp(line, "active_connection_id_limit=", 27) == 0) { - params->active_connection_id_limit = atoi(line+27); - return 1; - } - if(strncmp(line, "max_datagram_frame_size=", 24) == 0) { - params->max_datagram_frame_size = atoi(line+24); - return 1; - } - return 0; -} -#endif /* HAVE_NGTCP2_CONN_ENCODE_0RTT_TRANSPORT_PARAMS */ - -/** setup the early data transport file and read it */ -static int -early_data_setup_transport(struct doq_client_data* data) -{ -#ifdef HAVE_NGTCP2_CONN_ENCODE_0RTT_TRANSPORT_PARAMS - FILE* in; - uint8_t buf[1024]; - size_t len; - int rv; - in = fopen(data->transport_file, "r"); - if(!in) { - if(errno == ENOENT) { - verbose(1, "transport file %s does not exist", - data->transport_file); - return 0; - } - perror(data->transport_file); - return 0; - } - len = fread(buf, 1, sizeof(buf), in); - if(ferror(in)) { - log_err("%s: read failed: %s", data->transport_file, - strerror(errno)); - fclose(in); - return 0; - } - fclose(in); - rv = ngtcp2_conn_decode_and_set_0rtt_transport_params(data->conn, - buf, len); - if(rv != 0) { - log_err("ngtcp2_conn_decode_and_set_0rtt_transport_params failed: %s", - ngtcp2_strerror(rv)); - return 0; - } - return 1; -#else - FILE* in; - char buf[1024]; - struct ngtcp2_transport_params params; - memset(¶ms, 0, sizeof(params)); - in = fopen(data->transport_file, "r"); - if(!in) { - if(errno == ENOENT) { - verbose(1, "transport file %s does not exist", - data->transport_file); - return 0; - } - perror(data->transport_file); - return 0; - } - while(!feof(in)) { - if(!fgets(buf, sizeof(buf), in)) { - log_err("%s: read failed: %s", data->transport_file, - strerror(errno)); - fclose(in); - return 0; - } - if(!transport_parse_line(¶ms, buf)) { - log_err("%s: could not parse line '%s'", - data->transport_file, buf); - fclose(in); - return 0; - } - } - fclose(in); - ngtcp2_conn_set_early_remote_transport_params(data->conn, ¶ms); -#endif - return 1; -} - -/** setup for early data, read the transport file and session file */ -static void -early_data_setup(struct doq_client_data* data) -{ - if(!early_data_setup_session(data)) { - verbose(1, "TLS session resumption failed, early data is disabled"); - data->early_data_enabled = 0; - return; - } - if(!early_data_setup_transport(data)) { - verbose(1, "Transport parameters set failed, early data is disabled"); - data->early_data_enabled = 0; - return; - } -} - -/** start the early data transmission */ -static void -early_data_start(struct doq_client_data* data) -{ - query_streams_start(data); - on_write(data); -} - -/** create doq_client_data */ -static struct doq_client_data* -create_doq_client_data(const char* svr, int port, struct ub_event_base* base, - const char* transport_file, const char* session_file, int quiet) -{ - struct doq_client_data* data; - data = calloc(1, sizeof(*data)); - if(!data) fatal_exit("calloc failed: out of memory"); - data->base = base; - data->rnd = ub_initstate(NULL); - if(!data->rnd) fatal_exit("ub_initstate failed: out of memory"); - data->svr = svr; - get_dest_addr(data, svr, port); - data->port = port; - data->quiet = quiet; - data->pkt_buf = sldns_buffer_new(65552); - if(!data->pkt_buf) - fatal_exit("sldns_buffer_new failed: out of memory"); - data->blocked_pkt = sldns_buffer_new(65552); - if(!data->blocked_pkt) - fatal_exit("sldns_buffer_new failed: out of memory"); - data->fd = open_svr_udp(data); - get_local_addr(data); - data->conn = conn_client_setup(data); -#ifdef HAVE_NGTCP2_CCERR_DEFAULT - ngtcp2_ccerr_default(&data->ccerr); -#else - ngtcp2_connection_close_error_default(&data->last_error); -#endif - data->transport_file = transport_file; - data->session_file = session_file; - if(data->transport_file && data->session_file) - data->early_data_enabled = 1; - - generate_static_secret(data, 32); - data->ctx = ctx_client_setup(); - if(data->session_file) { - SSL_CTX_set_session_cache_mode(data->ctx, - SSL_SESS_CACHE_CLIENT | - SSL_SESS_CACHE_NO_INTERNAL_STORE); - SSL_CTX_sess_set_new_cb(data->ctx, new_session_cb); - } - data->ssl = ssl_client_setup(data); - ngtcp2_conn_set_tls_native_handle(data->conn, data->ssl); - if(data->early_data_enabled) - early_data_setup(data); - - data->ev = ub_event_new(base, data->fd, UB_EV_READ | UB_EV_WRITE | - UB_EV_PERSIST, doq_client_event_cb, data); - if(!data->ev) { - fatal_exit("could not ub_event_new"); - } - if(ub_event_add(data->ev, NULL) != 0) { - fatal_exit("could not ub_event_add"); - } - data->expire_timer = ub_event_new(data->base, -1, - UB_EV_TIMEOUT, &doq_client_timer_cb, data); - if(!data->expire_timer) - fatal_exit("could not ub_event_new"); - data->query_list_start = stream_list_create(); - data->query_list_send = stream_list_create(); - data->query_list_receive = stream_list_create(); - data->query_list_stop = stream_list_create(); - return data; -} - -/** delete doq_client_data */ -static void -delete_doq_client_data(struct doq_client_data* data) -{ - if(!data) - return; -#if defined(NGTCP2_USE_GENERIC_SOCKADDR) || defined(NGTCP2_USE_GENERIC_IPV6_SOCKADDR) - if(data->conn && data->dest_addr_len != 0) { - if(addr_is_ip6(&data->dest_addr, data->dest_addr_len)) { -# if defined(NGTCP2_USE_GENERIC_SOCKADDR) || defined(NGTCP2_USE_GENERIC_IPV6_SOCKADDR) - const struct ngtcp2_path* path6 = ngtcp2_conn_get_path(data->conn); - free(path6->local.addr); - free(path6->remote.addr); -# endif - } else { -# if defined(NGTCP2_USE_GENERIC_SOCKADDR) - const struct ngtcp2_path* path = ngtcp2_conn_get_path(data->conn); - free(path->local.addr); - free(path->remote.addr); -# endif - } - } -#endif - ngtcp2_conn_del(data->conn); - SSL_free(data->ssl); - sldns_buffer_free(data->pkt_buf); - sldns_buffer_free(data->blocked_pkt); - if(data->fd != -1) - sock_close(data->fd); - SSL_CTX_free(data->ctx); - stream_list_free(data->query_list_start); - stream_list_free(data->query_list_send); - stream_list_free(data->query_list_receive); - stream_list_free(data->query_list_stop); - ub_randfree(data->rnd); - if(data->ev) { - ub_event_del(data->ev); - ub_event_free(data->ev); - } - if(data->expire_timer_added) - ub_timer_del(data->expire_timer); - ub_event_free(data->expire_timer); - free(data->static_secret_data); - free(data); -} - -/** create the event base that registers events and timers */ -static struct ub_event_base* -create_event_base(time_t* secs, struct timeval* now) -{ - struct ub_event_base* base; - const char *evnm="event", *evsys="", *evmethod=""; - - memset(now, 0, sizeof(*now)); - base = ub_default_event_base(1, secs, now); - if(!base) fatal_exit("could not create ub_event base"); - - ub_get_event_sys(base, &evnm, &evsys, &evmethod); - if(verbosity) log_info("%s %s uses %s method", evnm, evsys, evmethod); - - return base; -} - -/** enter a query into the query list */ -static void -client_enter_query_buf(struct doq_client_data* data, struct sldns_buffer* buf) -{ - struct doq_client_stream* str; - str = client_stream_create(buf); - if(!str) - fatal_exit("client_stream_create failed: out of memory"); - stream_list_append(data->query_list_start, str); -} - -/** enter the queries into the query list */ -static void -client_enter_queries(struct doq_client_data* data, char** qs, int count) -{ - int i; - for(i=0; i 0) { - char* str; - log_buf(1, "send query", buf); - str = sldns_wire2str_pkt(sldns_buffer_begin(buf), - sldns_buffer_limit(buf)); - if(!str) verbose(1, "could not sldns_wire2str_pkt"); - else verbose(1, "send query:\n%s", str); - free(str); - } - client_enter_query_buf(data, buf); - sldns_buffer_free(buf); - } -} - -/** run the dohclient queries */ -static void run(const char* svr, int port, char** qs, int count, - const char* transport_file, const char* session_file, int quiet) -{ - time_t secs = 0; - struct timeval now; - struct ub_event_base* base; - struct doq_client_data* data; - - /* setup */ - base = create_event_base(&secs, &now); - data = create_doq_client_data(svr, port, base, transport_file, - session_file, quiet); - client_enter_queries(data, qs, count); - if(data->early_data_enabled) - early_data_start(data); - - /* run the queries */ - ub_event_base_dispatch(base); - - /* cleanup */ - delete_doq_client_data(data); - ub_event_base_free(base); -} -#endif /* HAVE_NGTCP2 */ - -#ifdef HAVE_NGTCP2 -/** getopt global, in case header files fail to declare it. */ -extern int optind; -/** getopt global, in case header files fail to declare it. */ -extern char* optarg; -int main(int ATTR_UNUSED(argc), char** ATTR_UNUSED(argv)) -{ - int c; - int port = UNBOUND_DNS_OVER_QUIC_PORT, quiet = 0; - const char* svr = "127.0.0.1", *transport_file = NULL, - *session_file = NULL; -#ifdef USE_WINSOCK - WSADATA wsa_data; - if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) { - printf("WSAStartup failed\n"); - return 1; - } -#endif - checklock_set_output_name("ublocktrace-doqclient"); - checklock_start(); - log_init(0, 0, 0); - log_ident_set("doqclient"); - - while((c=getopt(argc, argv, "hp:qs:vx:y:")) != -1) { - switch(c) { - case 'p': - if(atoi(optarg)==0 && strcmp(optarg,"0")!=0) { - printf("error parsing port, " - "number expected: %s\n", optarg); - return 1; - } - port = atoi(optarg); - break; - case 'q': - quiet++; - break; - case 's': - svr = optarg; - break; - case 'v': - verbosity++; - break; - case 'x': - transport_file = optarg; - break; - case 'y': - session_file = optarg; - break; - case 'h': - case '?': - default: - usage(argv); - } - } - - argc -= optind; - argv += optind; - - if(argc%3!=0) { - printf("Invalid input. Specify qname, qtype, and qclass.\n"); - return 1; - } - if(port == 53) { - printf("Error: port number 53 not for DNS over QUIC. Port number 53 is not allowed to be used with DNS over QUIC. It is used for DNS datagrams.\n"); - return 1; - } - - run(svr, port, argv, argc, transport_file, session_file, quiet); - - checklock_stop(); -#ifdef USE_WINSOCK - WSACleanup(); -#endif - return 0; -} -#else /* HAVE_NGTCP2 */ -int main(int ATTR_UNUSED(argc), char** ATTR_UNUSED(argv)) -{ - printf("Compiled without ngtcp2 for QUIC, cannot run doqclient.\n"); - return 1; -} -#endif /* HAVE_NGTCP2 */ - -/***--- definitions to make fptr_wlist work. ---***/ -/* These are callbacks, similar to smallapp callbacks, except the debug - * tool callbacks are not in it */ -struct tube; -struct query_info; -#include "util/data/packed_rrset.h" -#include "daemon/worker.h" -#include "daemon/remote.h" -#include "util/fptr_wlist.h" -#include "libunbound/context.h" - -void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), - uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), - int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -int worker_handle_request(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(repinfo)) -{ - log_assert(0); - return 0; -} - -int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -int remote_accept_callback(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(repinfo)) -{ - log_assert(0); - return 0; -} - -int remote_control_callback(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(repinfo)) -{ - log_assert(0); - return 0; -} - -void worker_sighandler(int ATTR_UNUSED(sig), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -struct outbound_entry* worker_send_query( - struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), - int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), - int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit), - struct sockaddr_storage* ATTR_UNUSED(addr), - socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), - size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream), - int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name), - struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited)) -{ - log_assert(0); - return 0; -} - -#ifdef UB_ON_WINDOWS -void -worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), void* - ATTR_UNUSED(arg)) { - log_assert(0); -} - -void -wsvc_cron_cb(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} -#endif /* UB_ON_WINDOWS */ - -void -worker_alloc_cleanup(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -struct outbound_entry* libworker_send_query( - struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), - int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), - int ATTR_UNUSED(nocaps), int ATTR_UNUSED(check_ratelimit), - struct sockaddr_storage* ATTR_UNUSED(addr), - socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), - size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(tcp_upstream), - int ATTR_UNUSED(ssl_upstream), char* ATTR_UNUSED(tls_auth_name), - struct module_qstate* ATTR_UNUSED(q), int* ATTR_UNUSED(was_ratelimited)) -{ - log_assert(0); - return 0; -} - -int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - -void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), - uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), - int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), - struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), - char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) -{ - log_assert(0); -} - -void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), - struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), - char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) -{ - log_assert(0); -} - -void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), - struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), - char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) -{ - log_assert(0); -} - -int context_query_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} - -void worker_stat_timer_cb(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void worker_probe_timer_cb(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void worker_start_accept(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -void worker_stop_accept(void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -/** keep track of lock id in lock-verify application */ -struct order_id { - /** the thread id that created it */ - int thr; - /** the instance number of creation */ - int instance; -}; - -int order_lock_cmp(const void* e1, const void* e2) -{ - const struct order_id* o1 = e1; - const struct order_id* o2 = e2; - if(o1->thr < o2->thr) return -1; - if(o1->thr > o2->thr) return 1; - if(o1->instance < o2->instance) return -1; - if(o1->instance > o2->instance) return 1; - return 0; -} - -int -codeline_cmp(const void* a, const void* b) -{ - return strcmp(a, b); -} - -int replay_var_compare(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) -{ - log_assert(0); - return 0; -} - -void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} - -#ifdef USE_DNSTAP -void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), - void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} -#endif - -#ifdef USE_DNSTAP -void dtio_mainfdcallback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), - void* ATTR_UNUSED(arg)) -{ - log_assert(0); -} -#endif diff --git a/contrib/unbound/testcode/unitdoq.c b/contrib/unbound/testcode/unitdoq.c deleted file mode 100644 index 2b9160970493..000000000000 --- a/contrib/unbound/testcode/unitdoq.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * testcode/unitdoq.c - unit test for doq routines. - * - * Copyright (c) 2022, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * \file - * Calls doq related unit tests. Exits with code 1 on a failure. - */ - -#include "config.h" - -#ifdef HAVE_NGTCP2 - -#include "util/netevent.h" -#include "services/listen_dnsport.h" -#include "testcode/unitmain.h" - -/** check the size of a connection for doq */ -static void -doq_size_conn_check() -{ - /* Printout the size of one doq connection, in memory usage. - * A connection with a couple cids, of type doq_conid, and - * it has one stream, and that has a query and an answer. */ - size_t answer_size = 233; /* size of www.nlnetlabs.nl minimal answer - with dnssec and one A record. The unsigned answer is 176 with - additional data, 61 bytes minimal response one A record. */ - size_t query_size = 45; /* size of query for www.nlnetlabs.nl, with - an EDNS record with DO flag. */ - size_t conn_size = sizeof(struct doq_conn); - size_t conid_size = sizeof(struct doq_conid); - size_t stream_size = sizeof(struct doq_stream); - - conn_size += 16; /* DCID len in the conn key */ - conn_size += 0; /* the size of the ngtcp2_conn */ - conn_size += 0; /* the size of the SSL record */ - conn_size += 0; /* size of the close pkt, - but we do not count it here. Only if the conn gets closed. */ - conid_size += 16; /* the dcid of the conn key */ - conid_size += 16; /* the cid */ - stream_size += query_size; /* size of in buffer */ - stream_size += answer_size; /* size of out buffer */ - printf("doq connection size %u bytes\n", (unsigned)(conn_size + - conid_size*3 + stream_size)); -} - -void doq_test(void) -{ - unit_show_feature("doq"); - doq_size_conn_check(); -} -#endif /* HAVE_NGTCP2 */ diff --git a/contrib/unbound/testdata/00-lint.tdir/00-lint.pre b/contrib/unbound/testdata/00-lint.tdir/00-lint.pre deleted file mode 100644 index 507f5e1e9454..000000000000 --- a/contrib/unbound/testdata/00-lint.tdir/00-lint.pre +++ /dev/null @@ -1,14 +0,0 @@ -# #-- 00-lint.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh -PRE="../.." - -if test -f $PRE/unbound_test_00-lint ; then - echo test enabled -else - skip_test "test skipped; clang linter preferred over splint" -fi diff --git a/contrib/unbound/testdata/09-unbound-control.tdir/conf.bad_credentials b/contrib/unbound/testdata/09-unbound-control.tdir/conf.bad_credentials deleted file mode 100644 index 11a131130000..000000000000 --- a/contrib/unbound/testdata/09-unbound-control.tdir/conf.bad_credentials +++ /dev/null @@ -1,5 +0,0 @@ -remote-control: - server-key-file: bad_server.key - server-cert-file: bad_server.pem - control-key-file: bad_control.key - control-cert-file: bad_control.pem diff --git a/contrib/unbound/testdata/09-unbound-control.tdir/conf.spoofed_credentials b/contrib/unbound/testdata/09-unbound-control.tdir/conf.spoofed_credentials deleted file mode 100644 index 25cb830dca4e..000000000000 --- a/contrib/unbound/testdata/09-unbound-control.tdir/conf.spoofed_credentials +++ /dev/null @@ -1,5 +0,0 @@ -remote-control: - server-key-file: unbound_server.key - server-cert-file: unbound_server.pem - control-key-file: bad_control.key - control-cert-file: bad_control.pem diff --git a/contrib/unbound/testdata/09-unbound-control.tdir/view_local_data b/contrib/unbound/testdata/09-unbound-control.tdir/view_local_data deleted file mode 100644 index 7958d139be99..000000000000 --- a/contrib/unbound/testdata/09-unbound-control.tdir/view_local_data +++ /dev/null @@ -1,4 +0,0 @@ -viewlocaldatafromfile 3600 TXT "view local data from file OK" -viewlocaldatafromfile1 3600 A 1.1.1.1 -viewlocaldatafromfile2 3600 A 2.2.2.2 -viewlocaldatafromfile3 3600 A 3.3.3.3 diff --git a/contrib/unbound/testdata/09-unbound-control.tdir/view_local_data_remove b/contrib/unbound/testdata/09-unbound-control.tdir/view_local_data_remove deleted file mode 100644 index fd5e37f2e4e3..000000000000 --- a/contrib/unbound/testdata/09-unbound-control.tdir/view_local_data_remove +++ /dev/null @@ -1,4 +0,0 @@ -viewlocaldatafromfile -viewlocaldatafromfile1 -viewlocaldatafromfile2 -viewlocaldatafromfile3 diff --git a/contrib/unbound/testdata/acl_interface.tdir/rpz-nx.zone b/contrib/unbound/testdata/acl_interface.tdir/rpz-nx.zone deleted file mode 100644 index a5c828d18eec..000000000000 --- a/contrib/unbound/testdata/acl_interface.tdir/rpz-nx.zone +++ /dev/null @@ -1,3 +0,0 @@ -$ORIGIN rpz-nx. -@ IN SOA no.no no.no 1 2 3 4 5 -local IN CNAME . diff --git a/contrib/unbound/testdata/acl_interface.tdir/rpz-one.zone b/contrib/unbound/testdata/acl_interface.tdir/rpz-one.zone deleted file mode 100644 index f5dabab659ab..000000000000 --- a/contrib/unbound/testdata/acl_interface.tdir/rpz-one.zone +++ /dev/null @@ -1,3 +0,0 @@ -$ORIGIN rpz-one. -@ IN SOA no.no no.no 1 2 3 4 5 -local IN A 11.11.11.11 diff --git a/contrib/unbound/testdata/acl_interface.tdir/rpz-two.zone b/contrib/unbound/testdata/acl_interface.tdir/rpz-two.zone deleted file mode 100644 index 9578dde8f928..000000000000 --- a/contrib/unbound/testdata/acl_interface.tdir/rpz-two.zone +++ /dev/null @@ -1,3 +0,0 @@ -$ORIGIN rpz-two. -@ IN SOA no.no no.no 1 2 3 4 5 -local IN A 22.22.22.22 diff --git a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.dsc b/contrib/unbound/testdata/auth_tls.tdir/auth_tls.dsc deleted file mode 100644 index 0caf949e88e4..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: auth_tls -Version: 1.0 -Description: Perform AXFR over tls for authority zone -CreationDate: Thu 29 Aug 09:35:40 CEST 2024 -Maintainer: dr. W.C.A. Wijngaards -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: auth_tls.pre -Post: auth_tls.post -Test: auth_tls.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.nsd.conf b/contrib/unbound/testdata/auth_tls.tdir/auth_tls.nsd.conf deleted file mode 100644 index c20ed21dfe29..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.nsd.conf +++ /dev/null @@ -1,21 +0,0 @@ -server: - logfile: "/dev/stderr" - xfrdfile: xfrd.state - username: "" - chroot: "" - zonesdir: "" - pidfile: "nsd.pid" - zonelistfile: "zone.list" - verbosity: 5 - port: @NSD_PORT@ - interface: 127.0.0.1@@NSD_PORT@ - - tls-port: @NSD_PORT@ - tls-service-key: "nsd_server.key" - tls-service-pem: "nsd_server.pem" - -zone: - name: "example.com" - zonefile: "example.com.zone" - provide-xfr: 0.0.0.0/0 NOKEY - provide-xfr: ::0/0 NOKEY diff --git a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.post b/contrib/unbound/testdata/auth_tls.tdir/auth_tls.post deleted file mode 100644 index 19de9f46f9e2..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.post +++ /dev/null @@ -1,14 +0,0 @@ -# #-- auth_tls.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -kill_pid $NSD_PID -kill_pid $UNBOUND_PID -echo "nsd.log" -cat nsd.log -echo "unbound.log" -cat unbound.log diff --git a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.pre b/contrib/unbound/testdata/auth_tls.tdir/auth_tls.pre deleted file mode 100644 index ebeee24c5658..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.pre +++ /dev/null @@ -1,47 +0,0 @@ -# #-- auth_tls.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh -PRE="../.." -if test -n "$NSD"; then - : -else - if `which nsd >/dev/null 2>&1`; then - # need nsd >= 4.2.0 - NSD="nsd" - else - if test -f $PRE/../nsd/nsd; then - NSD="$PRE/../nsd/nsd" - else - skip_test "need nsd" - fi - fi -fi -echo "NSD=$NSD" - -get_random_port 2 -UNBOUND_PORT=$RND_PORT -NSD_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test - -# make config file -sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls.ub.conf > ub.conf -sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls.nsd.conf > nsd.conf - -# start nsd -$NSD -d -c nsd.conf >nsd.log 2>&1 & -NSD_PID=$! -echo "NSD_PID=$NSD_PID" >> .tpkg.var.test - -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_nsd_up nsd.log -wait_unbound_up unbound.log diff --git a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.test b/contrib/unbound/testdata/auth_tls.tdir/auth_tls.test deleted file mode 100644 index 030212f52850..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.test +++ /dev/null @@ -1,48 +0,0 @@ -# #-- auth_tls.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -# do the test -echo "> dig www.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -if grep SERVFAIL outfile; then - echo "> try again" - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 10 - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 10 - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -echo "> check answer" -if grep "1.2.3.4" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.ub.conf b/contrib/unbound/testdata/auth_tls.tdir/auth_tls.ub.conf deleted file mode 100644 index 0220c60af58c..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.ub.conf +++ /dev/null @@ -1,22 +0,0 @@ -server: - verbosity: 7 - # num-threads: 1 - interface: 127.0.0.1 - port: @UNBOUND_PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - tls-service-key: "unbound_server.key" - tls-service-pem: "unbound_server.pem" - tls-cert-bundle: "nsd_server.pem" - -auth-zone: - name: "example.com" - for-upstream: yes - for-downstream: yes - primary: "127.0.0.1@@NSD_PORT@#nsd" - allow-notify: "127.0.0.2@@NSD_PORT@" - allow-notify: 127.0.0.1 diff --git a/contrib/unbound/testdata/auth_tls.tdir/example.com.zone b/contrib/unbound/testdata/auth_tls.tdir/example.com.zone deleted file mode 100644 index 18b5b407eedd..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/example.com.zone +++ /dev/null @@ -1,4 +0,0 @@ -example.com. 240 IN SOA ns.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2024082400 28800 7200 604800 240 -example.com. NS ns.example.com. -ns.example.com. IN A 192.0.2.1 -www.example.com. A 1.2.3.4 diff --git a/contrib/unbound/testdata/auth_tls.tdir/nsd_server.key b/contrib/unbound/testdata/auth_tls.tdir/nsd_server.key deleted file mode 100644 index 5d9f6103134e..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/nsd_server.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG5QIBAAKCAYEAxLy5fFUI1OjXXbPcQ13303/K5AliTq6bCnS57edzQIbmPZj7 -XbGZ0RnU47cZ11GSAI9ptDIrSidNTsHzaqWZn431/IVjwrIkRgz95/aOWRov4fwm -cS5qvbYV60l384NZLqmF4BDDxSt2MLT2+jWxFEK2iUm2YXZewifQ8zaHmjfAWlo8 -TlK5jzt0Qc0qPv5nCC6mwtjb7OHul3N3QolW6hZOc1KZVEeBdELedoU9TyMyzhPB -vkqAXWoti/CwWj3YMTj/L7zNfQ9F1HW6n67Y+ltO8IadILPiZiiAVIrLqUh3EL2X -fq+BcJ3QvADjyL9F5TH3AaWoi6iYgMGcgdqK9k6hj+ziuMxX6OsgzfzxTEzZCHhP -Er39SX6j/fHzJP4aGQxAAHLAmv2p9P/oEZeZsvWPsBWYpULKgMZ0JDZhf26ddrB1 -mpTaqRQsG384dUZR9f/iyzTszwgc2PQ7JG6gVg723KoBhlD0g+DlC8XdxiRyaDbJ -PXzSoXgLWumx02OhAgMBAAECggGBAMS7MARriBRX7hzuYaEgE1V0oe+cjqi9o542 -EUMcQjzRaOVJ2HrdwUG+wgsgKwAMuqJCxuIBlRZm7MCH5CDODivmKohk3thviSRf -k3tlKv1g2Wby3YIqd2TT82FAK2nf+8tUi+H/AbVl+59DJwIXtMbc22m3w1/8nU8r -v5+l9L27aGcxesKbqKDZRC0Uu10YyvD8rZeEgY+EcjESrrxjV/1nZvWdMGR9yK74 -uzrri95aBVDbos7l8yz2oysf+UmUMp5U9rWwuU4M/34pFSGeo7CHjtliwbBF4FHn -uyompXaOr7Qrgeg4fc9NbZNaB4OAOV2d1sI202q6j3kEkhG4pD8LAG/RRnugCj7D -PKGJL3iZKxknjA+tAKkgq50EbMpLHHv1qSiKWy8p+bR5FyBYPSheOSkOKTywpqnd -OU+VDTi4iLDvkENt6E0TghSyhncl8yIcomYPktqepaNekCHquK5sX8NUhOzRe3WH -gX7l3e/o8JRvbwXJ8UWfQlKhPO/hvQKBwQDiLXVMf+Hjl/OoXHtF6huerNBux5CS -KYha5BLARs9W74kd9mTJ9F5IflenpzQJc1b/PnvvlcDDlniUvlgk463EA2th4qWp -50jFniq/l4rUMFk1vZBXldvuUaL6f+Ihi8WmoUAyguEVAB9G/EJ1bXqHKdJtxuz+ -/TXGBsXrF5+sZOTjfq96CgQtBmbPXMncPto0NndoMqcEB0bjsFywQXGCk6ZZZ3Ac -vwnZFqVwqro3aTwD+xllzVz+xBNK8GU+zW8CgcEA3q2EepAT7dlZAveC7VSLnFF/ -w86ziynGEuhoJly+zedDPkFIGxYje1SPaKhpMH2jOdCajyHPOGuWEeVfKMbzCrHP -GdFyiTQDk3Pq0JRXpUUJSPGPusAQnPruE68XccDb+eBiJR6y+0vXHd1J3F8B4BMQ -AloZZtlx9BkEZaaRjROxM7Ilbev4IjOcScTREb2GL8gU3vnI2FJjBMy6fI5cm4QK -XEgiLcxGniM77bAZTeoVFbpd4SSICDXVn/NM/XfvAoHBAMHbjKphAc/9MY6gldg6 -7Cl4nb4VtshQaNremWPMTXKKJNBVm9WtahJgl+jO2z8uaOalO70CchIyKm/zJcGY -lBtpguSHSs7xueIHy0QkM43jUtNJAyrO+46s0jA65Cs0jdhgZZHls944GJbTKHNV -vquTIRWOZxu3FBwDOihiOy2b3MNQlj7XzvR4hC4/rZTlGkmeVYItyBEf25bUVt2L -eisdOntuuR0qcNptGqgS7UEJJbOTyRUEjCyhCpg0q9LEaQKBwDF7N1wQ1gzdZlUt -cO+SAO/8gDqfnPAImVYsRLB5nYCdqiiUUxSJx9qpALEN80nuMS4wt5ekuKpd5dwW -Lx4dj3ZJ6q5fB2eLolvKv1wYCp3UCGsoGnsyIL7xV6QSHVCOvZL6FHURLE6BHM0r -FjWc+wqy0bTkFo7vNM48HOkFqYRC4vaM2JpjfCEFfO47iQW7Kq1FdbXSpZnEPPKd -F7eD3vpDzhWRhd7NbMfJJpD7t7PDl2nbnu7fska4x76iTvJoCwKBwQCcqj2yhl69 -1GfpzsOtfzh9rECrnKjAhmVbwRfKB1ivwe8G2tobgQjOUajBqkCYKpZgTy3wyhWn -0D4AdwonGu1XYLZWX+Hw/ZWhNEg/6Ju2wfiMJfFWmy5pvTSvmOlNWvYKwmH/TDjX -tEctSVj6D67xE5v6s3donTI0NFa1u7i1hwoGu4POCockbau52YN4n20R5K7enu2+ -YYpXfcUOmCi91Hpv+X1YbmY1tOo0m1ItYqupbuRFXnHVXJhKxsYXqlA= ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/auth_tls.tdir/nsd_server.pem b/contrib/unbound/testdata/auth_tls.tdir/nsd_server.pem deleted file mode 100644 index 5d41ad2d6477..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/nsd_server.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDozCCAgsCFCAZislHgIerlrBBkLFt/ZOkKYVZMA0GCSqGSIb3DQEBCwUAMA4x -DDAKBgNVBAMMA25zZDAeFw0xOTA0MjUxNTEzMjdaFw0yOTA0MjIxNTEzMjdaMA4x -DDAKBgNVBAMMA25zZDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMS8 -uXxVCNTo112z3ENd99N/yuQJYk6umwp0ue3nc0CG5j2Y+12xmdEZ1OO3GddRkgCP -abQyK0onTU7B82qlmZ+N9fyFY8KyJEYM/ef2jlkaL+H8JnEuar22FetJd/ODWS6p -heAQw8UrdjC09vo1sRRCtolJtmF2XsIn0PM2h5o3wFpaPE5SuY87dEHNKj7+Zwgu -psLY2+zh7pdzd0KJVuoWTnNSmVRHgXRC3naFPU8jMs4Twb5KgF1qLYvwsFo92DE4 -/y+8zX0PRdR1up+u2PpbTvCGnSCz4mYogFSKy6lIdxC9l36vgXCd0LwA48i/ReUx -9wGlqIuomIDBnIHaivZOoY/s4rjMV+jrIM388UxM2Qh4TxK9/Ul+o/3x8yT+GhkM -QABywJr9qfT/6BGXmbL1j7AVmKVCyoDGdCQ2YX9unXawdZqU2qkULBt/OHVGUfX/ -4ss07M8IHNj0OyRuoFYO9tyqAYZQ9IPg5QvF3cYkcmg2yT180qF4C1rpsdNjoQID -AQABMA0GCSqGSIb3DQEBCwUAA4IBgQB+WGMopDqNkv7yDAO8Ik2EWieDqxTshqR4 -bT1do9zsC9WDrIVxoVcn+dtlIpEQl8MN9U5DTKBbRgk3grOwUsg2kC0Gujv3vAyQ -bF+jxjHWd1xzrbQ+QUgz07P1OMFWxMzECL2L2078UZbawFqKqlmNv5avUk27G8nB -GrujT/pUOIpRXC+rao8e14R84dPJLZuGm9IAeEBQIIdhY9sjFRyoQdCUubyKPpkm -/fpcDMkt7PzZ4nTovj4NUxnnoUGonpXuj0pHA/RDDJkPYaRrND4OGldQXdZ9LJNM -pROL6aCZ5iog74OY8yutVzCgGge9vZLkysceVP7Lyks9/fEAtIuozmulp9TUQAeR -MVdDOcREWRd0vFNtAC9xSloRqV+66CzrFHwkSMpLo+gdgcAZ8s33rgQk+I4gfavU -jPWMZVcZHXevtWuTRnxfOpMkbwiRyr2J8m549K7OKZgr+JRhdJTev4lvXVyfFia4 -zr6UOK4exZWP6VDXb4IyZbJh+LMjmws= ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/auth_tls.tdir/unbound_server.key b/contrib/unbound/testdata/auth_tls.tdir/unbound_server.key deleted file mode 100644 index 370a7bbb2f22..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/unbound_server.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI -0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq -GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z -uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K -WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 -FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP -q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL -A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP -7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf -XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 -iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 -2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo -MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj -WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz -O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI -IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN -qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU -dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs -bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr -YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km -7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr -gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z -5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG -ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN -oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ -s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW -zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx -ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 -oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 -BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS -mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 -kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 -7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 -RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O -jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp -O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre -MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/auth_tls.tdir/unbound_server.pem b/contrib/unbound/testdata/auth_tls.tdir/unbound_server.pem deleted file mode 100644 index 986807310f2b..000000000000 --- a/contrib/unbound/testdata/auth_tls.tdir/unbound_server.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 -WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB -igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 -a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 -4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot -aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 -TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ -uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 -+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz -XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx -dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW -84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 -JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca -fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg -XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF -qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 -sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD -yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe -CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.dsc b/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.dsc deleted file mode 100644 index ba11e2b8c93b..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: auth_tls_failcert -Version: 1.0 -Description: Perform AXFR over tls for authority zone where the cert fails -CreationDate: Thu 29 Aug 10:35:40 CEST 2024 -Maintainer: dr. W.C.A. Wijngaards -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: auth_tls_failcert.pre -Post: auth_tls_failcert.post -Test: auth_tls_failcert.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.nsd.conf b/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.nsd.conf deleted file mode 100644 index c20ed21dfe29..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.nsd.conf +++ /dev/null @@ -1,21 +0,0 @@ -server: - logfile: "/dev/stderr" - xfrdfile: xfrd.state - username: "" - chroot: "" - zonesdir: "" - pidfile: "nsd.pid" - zonelistfile: "zone.list" - verbosity: 5 - port: @NSD_PORT@ - interface: 127.0.0.1@@NSD_PORT@ - - tls-port: @NSD_PORT@ - tls-service-key: "nsd_server.key" - tls-service-pem: "nsd_server.pem" - -zone: - name: "example.com" - zonefile: "example.com.zone" - provide-xfr: 0.0.0.0/0 NOKEY - provide-xfr: ::0/0 NOKEY diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.post b/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.post deleted file mode 100644 index db103df70056..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.post +++ /dev/null @@ -1,14 +0,0 @@ -# #-- auth_tls_failcert.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -kill_pid $NSD_PID -kill_pid $UNBOUND_PID -echo "nsd.log" -cat nsd.log -echo "unbound.log" -cat unbound.log diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.pre b/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.pre deleted file mode 100644 index 519c363dbb7a..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.pre +++ /dev/null @@ -1,47 +0,0 @@ -# #-- auth_tls_failcert.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh -PRE="../.." -if test -n "$NSD"; then - : -else - if `which nsd >/dev/null 2>&1`; then - # need nsd >= 4.2.0 - NSD="nsd" - else - if test -f $PRE/../nsd/nsd; then - NSD="$PRE/../nsd/nsd" - else - skip_test "need nsd" - fi - fi -fi -echo "NSD=$NSD" - -get_random_port 2 -UNBOUND_PORT=$RND_PORT -NSD_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test - -# make config file -sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls_failcert.ub.conf > ub.conf -sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls_failcert.nsd.conf > nsd.conf - -# start nsd -$NSD -d -c nsd.conf >nsd.log 2>&1 & -NSD_PID=$! -echo "NSD_PID=$NSD_PID" >> .tpkg.var.test - -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_nsd_up nsd.log -wait_unbound_up unbound.log diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.test b/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.test deleted file mode 100644 index 1f9e8e201c9e..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.test +++ /dev/null @@ -1,56 +0,0 @@ -# #-- auth_tls_failcert.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -# do the test -echo "> dig www.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -if grep SERVFAIL outfile; then - echo "> try again" - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -fi -echo "> check answer" -if grep "1.2.3.4" outfile; then - echo "Not OK" - exit 1 -else - echo "OK not present" -fi - -# But the server should be up -if grep "SERVFAIL" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.ub.conf b/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.ub.conf deleted file mode 100644 index 57e3dcfcbc33..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.ub.conf +++ /dev/null @@ -1,23 +0,0 @@ -server: - verbosity: 7 - # num-threads: 1 - interface: 127.0.0.1 - port: @UNBOUND_PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - tls-service-key: "unbound_server.key" - tls-service-pem: "unbound_server.pem" - tls-cert-bundle: "nsd_server.pem" - -auth-zone: - name: "example.com" - for-upstream: yes - for-downstream: yes - # actual working primary: "127.0.0.1@@NSD_PORT@#nsd" - primary: "127.0.0.1@@NSD_PORT@#wrongname" - allow-notify: "127.0.0.2@@NSD_PORT@" - allow-notify: 127.0.0.1 diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/example.com.zone b/contrib/unbound/testdata/auth_tls_failcert.tdir/example.com.zone deleted file mode 100644 index 18b5b407eedd..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/example.com.zone +++ /dev/null @@ -1,4 +0,0 @@ -example.com. 240 IN SOA ns.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2024082400 28800 7200 604800 240 -example.com. NS ns.example.com. -ns.example.com. IN A 192.0.2.1 -www.example.com. A 1.2.3.4 diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.key b/contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.key deleted file mode 100644 index 5d9f6103134e..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG5QIBAAKCAYEAxLy5fFUI1OjXXbPcQ13303/K5AliTq6bCnS57edzQIbmPZj7 -XbGZ0RnU47cZ11GSAI9ptDIrSidNTsHzaqWZn431/IVjwrIkRgz95/aOWRov4fwm -cS5qvbYV60l384NZLqmF4BDDxSt2MLT2+jWxFEK2iUm2YXZewifQ8zaHmjfAWlo8 -TlK5jzt0Qc0qPv5nCC6mwtjb7OHul3N3QolW6hZOc1KZVEeBdELedoU9TyMyzhPB -vkqAXWoti/CwWj3YMTj/L7zNfQ9F1HW6n67Y+ltO8IadILPiZiiAVIrLqUh3EL2X -fq+BcJ3QvADjyL9F5TH3AaWoi6iYgMGcgdqK9k6hj+ziuMxX6OsgzfzxTEzZCHhP -Er39SX6j/fHzJP4aGQxAAHLAmv2p9P/oEZeZsvWPsBWYpULKgMZ0JDZhf26ddrB1 -mpTaqRQsG384dUZR9f/iyzTszwgc2PQ7JG6gVg723KoBhlD0g+DlC8XdxiRyaDbJ -PXzSoXgLWumx02OhAgMBAAECggGBAMS7MARriBRX7hzuYaEgE1V0oe+cjqi9o542 -EUMcQjzRaOVJ2HrdwUG+wgsgKwAMuqJCxuIBlRZm7MCH5CDODivmKohk3thviSRf -k3tlKv1g2Wby3YIqd2TT82FAK2nf+8tUi+H/AbVl+59DJwIXtMbc22m3w1/8nU8r -v5+l9L27aGcxesKbqKDZRC0Uu10YyvD8rZeEgY+EcjESrrxjV/1nZvWdMGR9yK74 -uzrri95aBVDbos7l8yz2oysf+UmUMp5U9rWwuU4M/34pFSGeo7CHjtliwbBF4FHn -uyompXaOr7Qrgeg4fc9NbZNaB4OAOV2d1sI202q6j3kEkhG4pD8LAG/RRnugCj7D -PKGJL3iZKxknjA+tAKkgq50EbMpLHHv1qSiKWy8p+bR5FyBYPSheOSkOKTywpqnd -OU+VDTi4iLDvkENt6E0TghSyhncl8yIcomYPktqepaNekCHquK5sX8NUhOzRe3WH -gX7l3e/o8JRvbwXJ8UWfQlKhPO/hvQKBwQDiLXVMf+Hjl/OoXHtF6huerNBux5CS -KYha5BLARs9W74kd9mTJ9F5IflenpzQJc1b/PnvvlcDDlniUvlgk463EA2th4qWp -50jFniq/l4rUMFk1vZBXldvuUaL6f+Ihi8WmoUAyguEVAB9G/EJ1bXqHKdJtxuz+ -/TXGBsXrF5+sZOTjfq96CgQtBmbPXMncPto0NndoMqcEB0bjsFywQXGCk6ZZZ3Ac -vwnZFqVwqro3aTwD+xllzVz+xBNK8GU+zW8CgcEA3q2EepAT7dlZAveC7VSLnFF/ -w86ziynGEuhoJly+zedDPkFIGxYje1SPaKhpMH2jOdCajyHPOGuWEeVfKMbzCrHP -GdFyiTQDk3Pq0JRXpUUJSPGPusAQnPruE68XccDb+eBiJR6y+0vXHd1J3F8B4BMQ -AloZZtlx9BkEZaaRjROxM7Ilbev4IjOcScTREb2GL8gU3vnI2FJjBMy6fI5cm4QK -XEgiLcxGniM77bAZTeoVFbpd4SSICDXVn/NM/XfvAoHBAMHbjKphAc/9MY6gldg6 -7Cl4nb4VtshQaNremWPMTXKKJNBVm9WtahJgl+jO2z8uaOalO70CchIyKm/zJcGY -lBtpguSHSs7xueIHy0QkM43jUtNJAyrO+46s0jA65Cs0jdhgZZHls944GJbTKHNV -vquTIRWOZxu3FBwDOihiOy2b3MNQlj7XzvR4hC4/rZTlGkmeVYItyBEf25bUVt2L -eisdOntuuR0qcNptGqgS7UEJJbOTyRUEjCyhCpg0q9LEaQKBwDF7N1wQ1gzdZlUt -cO+SAO/8gDqfnPAImVYsRLB5nYCdqiiUUxSJx9qpALEN80nuMS4wt5ekuKpd5dwW -Lx4dj3ZJ6q5fB2eLolvKv1wYCp3UCGsoGnsyIL7xV6QSHVCOvZL6FHURLE6BHM0r -FjWc+wqy0bTkFo7vNM48HOkFqYRC4vaM2JpjfCEFfO47iQW7Kq1FdbXSpZnEPPKd -F7eD3vpDzhWRhd7NbMfJJpD7t7PDl2nbnu7fska4x76iTvJoCwKBwQCcqj2yhl69 -1GfpzsOtfzh9rECrnKjAhmVbwRfKB1ivwe8G2tobgQjOUajBqkCYKpZgTy3wyhWn -0D4AdwonGu1XYLZWX+Hw/ZWhNEg/6Ju2wfiMJfFWmy5pvTSvmOlNWvYKwmH/TDjX -tEctSVj6D67xE5v6s3donTI0NFa1u7i1hwoGu4POCockbau52YN4n20R5K7enu2+ -YYpXfcUOmCi91Hpv+X1YbmY1tOo0m1ItYqupbuRFXnHVXJhKxsYXqlA= ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.pem b/contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.pem deleted file mode 100644 index 5d41ad2d6477..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/nsd_server.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDozCCAgsCFCAZislHgIerlrBBkLFt/ZOkKYVZMA0GCSqGSIb3DQEBCwUAMA4x -DDAKBgNVBAMMA25zZDAeFw0xOTA0MjUxNTEzMjdaFw0yOTA0MjIxNTEzMjdaMA4x -DDAKBgNVBAMMA25zZDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMS8 -uXxVCNTo112z3ENd99N/yuQJYk6umwp0ue3nc0CG5j2Y+12xmdEZ1OO3GddRkgCP -abQyK0onTU7B82qlmZ+N9fyFY8KyJEYM/ef2jlkaL+H8JnEuar22FetJd/ODWS6p -heAQw8UrdjC09vo1sRRCtolJtmF2XsIn0PM2h5o3wFpaPE5SuY87dEHNKj7+Zwgu -psLY2+zh7pdzd0KJVuoWTnNSmVRHgXRC3naFPU8jMs4Twb5KgF1qLYvwsFo92DE4 -/y+8zX0PRdR1up+u2PpbTvCGnSCz4mYogFSKy6lIdxC9l36vgXCd0LwA48i/ReUx -9wGlqIuomIDBnIHaivZOoY/s4rjMV+jrIM388UxM2Qh4TxK9/Ul+o/3x8yT+GhkM -QABywJr9qfT/6BGXmbL1j7AVmKVCyoDGdCQ2YX9unXawdZqU2qkULBt/OHVGUfX/ -4ss07M8IHNj0OyRuoFYO9tyqAYZQ9IPg5QvF3cYkcmg2yT180qF4C1rpsdNjoQID -AQABMA0GCSqGSIb3DQEBCwUAA4IBgQB+WGMopDqNkv7yDAO8Ik2EWieDqxTshqR4 -bT1do9zsC9WDrIVxoVcn+dtlIpEQl8MN9U5DTKBbRgk3grOwUsg2kC0Gujv3vAyQ -bF+jxjHWd1xzrbQ+QUgz07P1OMFWxMzECL2L2078UZbawFqKqlmNv5avUk27G8nB -GrujT/pUOIpRXC+rao8e14R84dPJLZuGm9IAeEBQIIdhY9sjFRyoQdCUubyKPpkm -/fpcDMkt7PzZ4nTovj4NUxnnoUGonpXuj0pHA/RDDJkPYaRrND4OGldQXdZ9LJNM -pROL6aCZ5iog74OY8yutVzCgGge9vZLkysceVP7Lyks9/fEAtIuozmulp9TUQAeR -MVdDOcREWRd0vFNtAC9xSloRqV+66CzrFHwkSMpLo+gdgcAZ8s33rgQk+I4gfavU -jPWMZVcZHXevtWuTRnxfOpMkbwiRyr2J8m549K7OKZgr+JRhdJTev4lvXVyfFia4 -zr6UOK4exZWP6VDXb4IyZbJh+LMjmws= ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.key b/contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.key deleted file mode 100644 index 370a7bbb2f22..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI -0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq -GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z -uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K -WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 -FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP -q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL -A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP -7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf -XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 -iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 -2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo -MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj -WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz -O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI -IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN -qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU -dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs -bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr -YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km -7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr -gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z -5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG -ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN -oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ -s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW -zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx -ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 -oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 -BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS -mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 -kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 -7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 -RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O -jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp -O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre -MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.pem b/contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.pem deleted file mode 100644 index 986807310f2b..000000000000 --- a/contrib/unbound/testdata/auth_tls_failcert.tdir/unbound_server.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 -WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB -igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 -a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 -4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot -aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 -TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ -uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 -+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz -XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx -dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW -84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 -JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca -fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg -XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF -qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 -sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD -yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe -CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/cachedb_cached_ede.crpl b/contrib/unbound/testdata/cachedb_cached_ede.crpl deleted file mode 100644 index 5eade545105f..000000000000 --- a/contrib/unbound/testdata/cachedb_cached_ede.crpl +++ /dev/null @@ -1,91 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - module-config: "cachedb validator iterator" - trust-anchor-signaling: no - verbosity: 4 - ede: yes - val-log-level: 2 - trust-anchor: "example.nl. DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1" - - -cachedb: - backend: "testframe" - secret-seed: "testvalue" - -stub-zone: - name: "example.nl" - stub-addr: 193.0.14.129 -CONFIG_END - -SCENARIO_BEGIN Test cachedb support for caching EDEs. - -RANGE_BEGIN 0 10 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.nl. IN DNSKEY -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.nl. IN A -SECTION ANSWER -example.nl. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; get the entry in cache. -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -example.nl. IN A -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - FF FE ; option code = 65534 (LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST) - 00 00 ; option length - HEX_EDNSDATA_END -ENTRY_END - -; get the answer for it -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=9 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -example.nl. IN A -ENTRY_END - -; query again for the cached entry -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -example.nl. IN A -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - FF FE ; option code = 65534 (LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST) - 00 00 ; option length - HEX_EDNSDATA_END -ENTRY_END - -; this must be a cached answer since stub is not answering in this range -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=9 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -example.nl. IN A -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/cachedb_expired.crpl b/contrib/unbound/testdata/cachedb_expired.crpl deleted file mode 100644 index 9f9ff677c6d1..000000000000 --- a/contrib/unbound/testdata/cachedb_expired.crpl +++ /dev/null @@ -1,324 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - serve-expired: yes - module-config: "cachedb iterator" - -cachedb: - backend: "testframe" - secret-seed: "testvalue" - cachedb-check-when-serve-expired: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 -CONFIG_END - -SCENARIO_BEGIN Test cachedb and serve expired. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 400 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 400 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns2.example.com. -SECTION ADDITIONAL -ns2.example.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.com. IN NS -SECTION AUTHORITY -foo.com. IN NS ns.example.com. -ENTRY_END -RANGE_END - -; ns2.example.com. -RANGE_BEGIN 0 400 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; Get an entry in cache, to make it expired. -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; Get another query in cache to make it expired. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.5 -ENTRY_END - -; it is now expired -STEP 40 TIME_PASSES ELAPSE 20 - -; cache is expired, and cachedb is expired. -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 30 IN A 1.2.3.5 -ENTRY_END - -; cache is expired, cachedb has no answer -STEP 70 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 80 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 1.2.3.4 -ENTRY_END - -STEP 90 TRAFFIC -; the entry should be refreshed in cache now. -; cache is valid and cachedb is valid. -STEP 100 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 110 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; flush the entry from cache -STEP 120 FLUSH_MESSAGE www.example.com. IN A - -; cache has no answer, cachedb valid -STEP 130 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 140 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; it is now expired -STEP 150 TIME_PASSES ELAPSE 20 -; flush the entry from cache -STEP 160 FLUSH_MESSAGE www.example.com. IN A - -; cache has no answer, cachedb is expired -STEP 170 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 180 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 1.2.3.4 -ENTRY_END - -STEP 190 TRAFFIC -; the expired message is updated. - -; cache is valid, cachedb is valid -STEP 200 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 210 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; expire the entry in cache -STEP 220 EXPIRE_MESSAGE www.example.com. IN A - -; cache is expired, cachedb valid -STEP 230 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 240 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; it is now expired -STEP 250 TIME_PASSES ELAPSE 20 -; expire the entry in cache -STEP 260 EXPIRE_MESSAGE www.example.com. IN A - -; cache is expired, cachedb is expired -STEP 270 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 280 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 1.2.3.4 -ENTRY_END - -STEP 290 TRAFFIC -; the expired message is updated. - -; cache is valid, cachedb is valid -STEP 300 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 310 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/cachedb_expired_client_timeout.crpl b/contrib/unbound/testdata/cachedb_expired_client_timeout.crpl deleted file mode 100644 index 78ddf4d8f698..000000000000 --- a/contrib/unbound/testdata/cachedb_expired_client_timeout.crpl +++ /dev/null @@ -1,343 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - serve-expired: yes - serve-expired-reply-ttl: 30 - ; at least one second, so we can time skip past the timer in the - ; testbound script steps, but also reply within the time. - serve-expired-client-timeout: 1200 - module-config: "cachedb iterator" - discard-timeout: 3000 - -cachedb: - backend: "testframe" - secret-seed: "testvalue" - cachedb-check-when-serve-expired: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 -CONFIG_END - -SCENARIO_BEGIN Test cachedb and serve-expired-client-timeout. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 400 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 400 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns2.example.com. -SECTION ADDITIONAL -ns2.example.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.com. IN NS -SECTION AUTHORITY -foo.com. IN NS ns.example.com. -ENTRY_END -RANGE_END - -; ns2.example.com. -RANGE_BEGIN 0 60 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns2.example.com. - after a change -RANGE_BEGIN 80 90 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.6 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.7 -ENTRY_END -RANGE_END - -; ns2.example.com. - steps 90-120 not responding. - -; ns2.example.com. - after a change -RANGE_BEGIN 130 140 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.9 -ENTRY_END -RANGE_END - -; ns2.example.com. - steps 150-160 not responding. - -; ns2.example.com. - after a change -RANGE_BEGIN 170 200 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.11 -ENTRY_END -RANGE_END - -; make time not 0 -STEP 2 TIME_PASSES ELAPSE 212 - -; Get an entry in cache. -STEP 4 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; Get another query in cache. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.5 -ENTRY_END - -; www.example.com and www2.example.com are in cache, www2 in cachedb. -STEP 40 FLUSH_MESSAGE www2.example.com. IN A -; now www in cache, www2 not in cache, www2 in cachedb. -; because of the client timeout, it should be able to use the -; response from cachedb for www2. - -; make 2 seconds pass to decrement the TTL on the response, -; the upstream TTL would be 10, cachedb 8. -STEP 48 TIME_PASSES ELAPSE 2 - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 8 IN A 1.2.3.5 -ENTRY_END - -; make both cache and cachedb expired -STEP 70 TIME_PASSES ELAPSE 20 - -; www and www2 expired in cache, www2 expired in cachedb. -; the query should now try to resolve and complete within the -; client timeout, and return the upstream version. -; the upstream is changed to give a different one now. -STEP 80 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -STEP 90 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.7 -ENTRY_END - -; expire the data again -STEP 100 TIME_PASSES ELAPSE 20 - -; the query should now try to resolve, but the upstream is not -; responsive for several testbound steps. When the timer expires, -; the expired answer should be returned. - -; www2 expired in cache and www2 expired in cachedb. -STEP 110 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -; make 2 seconds pass to go past the client timeout -STEP 112 TIME_PASSES ELAPSE 2 - -STEP 120 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 30 IN A 1.2.3.7 -ENTRY_END - -; make traffic flow to resolve the query, server responds. -STEP 130 TRAFFIC - -; expire the data again -STEP 140 TIME_PASSES ELAPSE 20 - -; The client query tries to resolve, but gets no immediate answer, -; so the expired data is used. But the expired data is in cache and -; the query is not in cachedb. -STEP 150 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; make 2 seconds pass to go past the client timeout -STEP 152 TIME_PASSES ELAPSE 2 - -STEP 160 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 1.2.3.4 -ENTRY_END - -; make traffic flow to resolve the query, server responds. -STEP 170 TRAFFIC - -; now the client query tries to resolve, and completes within the client -; timeout, but there is expired data in cache but not in cachedb. -STEP 180 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -STEP 190 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.11 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/cachedb_expired_reply_ttl.crpl b/contrib/unbound/testdata/cachedb_expired_reply_ttl.crpl deleted file mode 100644 index b5f34050594e..000000000000 --- a/contrib/unbound/testdata/cachedb_expired_reply_ttl.crpl +++ /dev/null @@ -1,259 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - serve-expired: yes - serve-expired-reply-ttl: 30 - module-config: "cachedb iterator" - -cachedb: - backend: "testframe" - secret-seed: "testvalue" - cachedb-check-when-serve-expired: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 -CONFIG_END - -SCENARIO_BEGIN Test cachedb and serve-expired-reply-ttl. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 400 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 400 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns2.example.com. -SECTION ADDITIONAL -ns2.example.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.com. IN NS -SECTION AUTHORITY -foo.com. IN NS ns.example.com. -ENTRY_END -RANGE_END - -; ns2.example.com. -RANGE_BEGIN 0 400 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; make time not 0 -STEP 2 TIME_PASSES ELAPSE 212 - -; Get an entry in cache, to make it expired. -STEP 4 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; Get another query in cache to make it expired. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.5 -ENTRY_END - -; it is now expired -STEP 40 TIME_PASSES ELAPSE 20 - -; cache is expired, and cachedb is expired. -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 30 IN A 1.2.3.5 -ENTRY_END - -; got an answer from upstream -STEP 61 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -STEP 62 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.5 -ENTRY_END - -; cache is expired, cachedb has no answer -STEP 70 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 80 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 1.2.3.4 -ENTRY_END - -STEP 90 TRAFFIC -; the entry should be refreshed in cache now. -; cache is valid and cachedb is valid. -STEP 100 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 110 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; make both cache and cachedb expired. -STEP 120 TIME_PASSES ELAPSE 20 -STEP 130 FLUSH_MESSAGE www.example.com. IN A - -; cache has no entry and cachedb is expired. -STEP 140 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 150 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 1.2.3.4 -ENTRY_END - -; the name is resolved -STEP 160 TRAFFIC - -; the resolve name has been updated. -STEP 170 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 180 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.conf b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.conf deleted file mode 100644 index ff76cc37970c..000000000000 --- a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.conf +++ /dev/null @@ -1,29 +0,0 @@ -server: - verbosity: 4 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - module-config: "cachedb iterator" - do-not-query-localhost: no - qname-minimisation: no - -forward-zone: - name: "." - forward-addr: 127.0.0.1@@TOPORT@ - -stub-zone: - name: "example.com" - stub-addr: 127.0.0.1@@TOPORT@ - -remote-control: - control-enable: yes - control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@ - control-use-cert: no - -cachedb: - backend: "testframe" - secret-seed: "testvalue" diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.dsc b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.dsc deleted file mode 100644 index 9d267436edf6..000000000000 --- a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: cachedb_no_store -Version: 1.0 -Description: cachedb test the cachedb-no-store option -CreationDate: Wed 11 Oct 11:00:00 CEST 2023 -Maintainer: dr. W.C.A. Wijngaards -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: cachedb_no_store.pre -Post: cachedb_no_store.post -Test: cachedb_no_store.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.post b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.post deleted file mode 100644 index 320dcc3e3e3b..000000000000 --- a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.post +++ /dev/null @@ -1,20 +0,0 @@ -# #-- cachedb_no_store.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -PRE="../.." -. ../common.sh - -echo "> cat logfiles" -cat fwd.log -if test -f fwd2.log; then cat fwd2.log; else echo "no fwd2.log"; fi -if test -f fwd3.log; then cat fwd3.log; else echo "no fwd3.log"; fi -if test -f fwd4.log; then cat fwd4.log; else echo "no fwd4.log"; fi -cat unbound.log -if test -f unbound2.log; then cat unbound2.log; else echo "no unbound2.log"; fi -kill_pid $FWD_PID -kill_from_pidfile "unbound.pid" -rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.pre b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.pre deleted file mode 100644 index e59d3b8da759..000000000000 --- a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.pre +++ /dev/null @@ -1,36 +0,0 @@ -# #-- cachedb_no_store.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -if grep "define USE_CACHEDB 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi - -get_random_port 2 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -# make config file -CONTROL_PATH=/tmp -CONTROL_PID=$$ -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < cachedb_no_store.conf > ub.conf -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test -echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test -echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.servfail.testns b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.servfail.testns deleted file mode 100644 index b41abb0ff629..000000000000 --- a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.servfail.testns +++ /dev/null @@ -1,8 +0,0 @@ -ENTRY_BEGIN -MATCH opcode -ADJUST copy_id copy_query -REPLY QR AA SERVFAIL -SECTION QUESTION -txt1.example.com. IN TXT -SECTION ANSWER -ENTRY_END diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.test b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.test deleted file mode 100644 index 47a89656c6c2..000000000000 --- a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.test +++ /dev/null @@ -1,132 +0,0 @@ -# #-- cachedb_no_store.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh - -# do the test -get_ldns_testns - -# query for a text record that is stored by unbound's cache and cachedb -# in the testframe cache. -echo "> dig txt1.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile -if grep "example text message" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -# stop the forwarder with servfail, to check the answer came from the cache -echo "> stop ldns-testns" -kill_pid $FWD_PID -echo "> start ldns-testns with servfails" -$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.servfail.testns >fwd2.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test -wait_ldns_testns_up fwd2.log - -echo "> dig txt1.example.com. from unbound cache" -dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile -if grep "example text message" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -# clear the cache of unbound, but not cachedb testframe cache -echo "> unbound-control flush" -$PRE/unbound-control -c ub.conf flush_type txt1.example.com. TXT -if test $? -ne 0; then - echo "wrong exit value." - exit 1 -else - echo "exit value: OK" -fi - -echo "> dig txt1.example.com. from cachedb" -dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile -if grep "example text message" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -# start the forwarder again. -echo "> stop ldns-testns" -kill_pid $FWD_PID -echo "> start ldns-testns" -$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.testns >fwd3.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test -wait_ldns_testns_up fwd3.log - -# stop unbound to flush the cachedb cache -echo "> stop unbound" -kill_from_pidfile "unbound.pid" - -echo "" -echo "> config unbound with cachedb-no-store: yes" -echo "cachedb: cachedb-no-store: yes" >> ub.conf - -# start unbound again. -echo "> start unbound" -$PRE/unbound -d -c ub.conf >unbound2.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test -wait_unbound_up unbound2.log - -echo "" -echo "> dig txt1.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile -if grep "example text message" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -# stop the forwarder with servfail, to check the answer came from the cache -echo "> stop ldns-testns" -kill_pid $FWD_PID -echo "> start ldns-testns with servfails" -$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.servfail.testns >fwd4.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test -wait_ldns_testns_up fwd4.log - -echo "> dig txt1.example.com. from unbound cache" -dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile -if grep "example text message" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -# clear the cache of unbound, but not cachedb testframe cache -echo "> unbound-control flush" -$PRE/unbound-control -c ub.conf flush_type txt1.example.com. TXT -if test $? -ne 0; then - echo "wrong exit value." - exit 1 -else - echo "exit value: OK" -fi - -echo "> dig txt1.example.com. from cachedb, but that has no message stored" -dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile -if grep "SERVFAIL" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.testns b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.testns deleted file mode 100644 index 282b224f82bd..000000000000 --- a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.testns +++ /dev/null @@ -1,9 +0,0 @@ -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -txt1.example.com. IN TXT -SECTION ANSWER -txt1.example.com. IN TXT "example text message" -ENTRY_END diff --git a/contrib/unbound/testdata/cachedb_servfail_cname.crpl b/contrib/unbound/testdata/cachedb_servfail_cname.crpl deleted file mode 100644 index 221f00d4df54..000000000000 --- a/contrib/unbound/testdata/cachedb_servfail_cname.crpl +++ /dev/null @@ -1,181 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - ;serve-expired: yes - module-config: "cachedb iterator" - -cachedb: - backend: "testframe" - secret-seed: "testvalue" - -stub-zone: - name: "." - stub-addr: 193.0.14.129 -CONFIG_END - -SCENARIO_BEGIN Test cachedb store and servfail reply from cname. -; the servfail reply should not overwrite the cache contents. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns2.example.com. -SECTION ADDITIONAL -ns2.example.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.com. IN NS -SECTION AUTHORITY -foo.com. IN NS ns.example.com. -ENTRY_END -RANGE_END - -; ns2.example.com. -RANGE_BEGIN 0 20 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns2.example.com., now failing -RANGE_BEGIN 20 100 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME foo.example.com. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA SERVFAIL -SECTION QUESTION -foo.example.com. IN A -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA SERVFAIL -SECTION QUESTION -ns2.example.com. IN A -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA SERVFAIL -SECTION QUESTION -ns2.example.com. IN AAAA -SECTION ANSWER -ENTRY_END -RANGE_END - -; get and entry in cache, to make it expired. -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; it is now expired -STEP 20 TIME_PASSES ELAPSE 20 - -; get a servfail in cache for the destination -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -foo.example.com. IN A -ENTRY_END - -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -foo.example.com. IN A -ENTRY_END - -; the query is now a CNAME to servfail. -; there is a valid, but expired, entry in cache. -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME foo.example.com. -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/cachedb_subnet_change.crpl b/contrib/unbound/testdata/cachedb_subnet_change.crpl deleted file mode 100644 index 73584305ce60..000000000000 --- a/contrib/unbound/testdata/cachedb_subnet_change.crpl +++ /dev/null @@ -1,304 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - serve-expired: yes - serve-expired-reply-ttl: 30 - - ; disable the serve expired client timeout. - serve-expired-client-timeout: 0 - send-client-subnet: 1.2.3.4 - max-client-subnet-ipv4: 17 - ; subnetcache is to the left of cachedb, because it sets no cache - ; store for edns subnet content for modules to the right of it. - ; this keeps subnet content out of cachedb as global content. - module-config: "subnetcache cachedb iterator" - -cachedb: - backend: "testframe" - secret-seed: "testvalue" - cachedb-check-when-serve-expired: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 -CONFIG_END - -SCENARIO_BEGIN Test cachedb, subnet and serve-expired, with a domain change from global to subnet. -; So the CNAME first points to a global record, then points to a subnet record. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 400 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 400 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns2.example.com. -SECTION ADDITIONAL -ns2.example.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.com. IN NS -SECTION AUTHORITY -foo.com. IN NS ns.foo.com. -SECTION ADDITIONAL -ns.foo.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -initial.com. IN NS -SECTION AUTHORITY -initial.com. IN NS ns.initial.com. -SECTION ADDITIONAL -ns.initial.com. IN A 1.2.3.6 -ENTRY_END -RANGE_END - -; ns2.example.com. -RANGE_BEGIN 0 30 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME www.initial.com. -ENTRY_END -RANGE_END - -; ns2.example.com. - after change -RANGE_BEGIN 40 80 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME example.foo.com. -ENTRY_END -RANGE_END - -; ns.initial.com. -RANGE_BEGIN 0 400 - ADDRESS 1.2.3.6 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.initial.com. IN A -SECTION ANSWER -www.initial.com. 10 IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.foo.com. -RANGE_BEGIN 40 80 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qname qtype ednsdata -REPLY QR AA NOERROR -SECTION QUESTION -example.foo.com. IN A -SECTION ANSWER -example.foo.com. 10 IN A 1.2.3.5 -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END -ENTRY_END -RANGE_END - -; ns2.example.com. - later -RANGE_BEGIN 90 200 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME example.foo.com. -ENTRY_END -RANGE_END - -; ns.foo.com. - later -RANGE_BEGIN 90 200 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qname qtype ednsdata -REPLY QR AA NOERROR -SECTION QUESTION -example.foo.com. IN A -SECTION ANSWER -example.foo.com. 10 IN A 1.2.3.6 -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END -ENTRY_END -RANGE_END - -; make time not 0 -STEP 2 TIME_PASSES ELAPSE 212 - -; Get an entry in cache. -STEP 4 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME www.initial.com. -www.initial.com. 10 IN A 1.2.3.4 -ENTRY_END - -; now valid in cache and valid in cachedb, without subnet. -STEP 30 TIME_PASSES ELAPSE 20 - -; now the cache and cachedb have an expired entry. -; the upstream is updated to CNAME to a subnet zone A record. - -STEP 40 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; the expired answer, while the ECS answer is looked up. -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN CNAME www.initial.com. -www.initial.com. 30 IN A 1.2.3.4 -ENTRY_END - -; check that subnet has the query in cache. -STEP 58 TIME_PASSES ELAPSE 2 -STEP 60 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 8 IN CNAME example.foo.com. -example.foo.com. 8 IN A 1.2.3.5 -ENTRY_END - -; everything is expired, cache, subnetcache and cachedb. -STEP 80 TIME_PASSES ELAPSE 20 - -STEP 90 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 100 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME example.foo.com. -example.foo.com. 10 IN A 1.2.3.6 -ENTRY_END - -; see the entry now in cache, from the subnetcache. -STEP 142 TIME_PASSES ELAPSE 2 -STEP 150 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 160 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 8 IN CNAME example.foo.com. -example.foo.com. 8 IN A 1.2.3.6 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/cachedb_subnet_expired.crpl b/contrib/unbound/testdata/cachedb_subnet_expired.crpl deleted file mode 100644 index eddff1002dd8..000000000000 --- a/contrib/unbound/testdata/cachedb_subnet_expired.crpl +++ /dev/null @@ -1,322 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - serve-expired: yes - serve-expired-reply-ttl: 30 - ; at least one second, so we can time skip past the timer in the - ; testbound script steps, but also reply within the time. - serve-expired-client-timeout: 1200 - send-client-subnet: 1.2.3.4 - max-client-subnet-ipv4: 17 - ; subnetcache is to the left of cachedb, because it sets no cache - ; store for edns subnet content for modules to the right of it. - ; this keeps subnet content out of cachedb as global content. - module-config: "subnetcache cachedb iterator" - discard-timeout: 3000 - -cachedb: - backend: "testframe" - secret-seed: "testvalue" - cachedb-check-when-serve-expired: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 -CONFIG_END - -SCENARIO_BEGIN Test cachedb, subnet and serve-expired-client-timeout. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 400 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 400 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns2.example.com. -SECTION ADDITIONAL -ns2.example.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.com. IN NS -SECTION AUTHORITY -foo.com. IN NS ns.foo.com. -SECTION ADDITIONAL -ns.foo.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns2.example.com. -RANGE_BEGIN 0 30 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns2.example.com. - after change -RANGE_BEGIN 40 100 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME example.foo.com. -ENTRY_END -RANGE_END - -; ns.foo.com. -RANGE_BEGIN 40 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qname qtype ednsdata -REPLY QR AA NOERROR -SECTION QUESTION -example.foo.com. IN A -SECTION ANSWER -example.foo.com. 10 IN A 1.2.3.5 -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END -ENTRY_END -RANGE_END - -; ns2.example.com. and ns.foo.com - no answer in 110-130. - -; ns2.example.com. - later -RANGE_BEGIN 140 200 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME example.foo.com. -ENTRY_END -RANGE_END - -; ns.foo.com. - later -RANGE_BEGIN 140 200 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qname qtype ednsdata -REPLY QR AA NOERROR -SECTION QUESTION -example.foo.com. IN A -SECTION ANSWER -example.foo.com. 10 IN A 1.2.3.6 -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END -ENTRY_END -RANGE_END - - -; make time not 0 -STEP 2 TIME_PASSES ELAPSE 212 - -; Get an entry in cache. -STEP 4 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; now valid in cache and valid in cachedb, without subnet. -STEP 20 FLUSH_MESSAGE www.example.com. IN A -STEP 30 TIME_PASSES ELAPSE 20 - -; now nothing in cache and cachedb has an expired entry. -; the upstream is updated to CNAME to a subnet zone A record. - -STEP 40 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME example.foo.com. -example.foo.com. 10 IN A 1.2.3.5 -ENTRY_END - -; check that subnet has the query in cache. -STEP 58 TIME_PASSES ELAPSE 2 -STEP 60 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 8 IN CNAME example.foo.com. -example.foo.com. 8 IN A 1.2.3.5 -ENTRY_END - -; everything is expired, cache, subnetcache and cachedb. -STEP 80 TIME_PASSES ELAPSE 20 - -; send the query, reply arrives quickly. -STEP 90 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 100 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME example.foo.com. -example.foo.com. 10 IN A 1.2.3.5 -ENTRY_END - -; everything is expired, cache, subnetcache and cachedb. -STEP 110 TIME_PASSES ELAPSE 20 - -; send the query, but the reply is late, and there is expired data, -; the expired entry from cachedb is used to reply with. -STEP 120 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 122 TIME_PASSES ELAPSE 2 - -; But the entry has been deleted, so it cannot be served, the reply -; at step 141 is returned instead. -;STEP 130 CHECK_ANSWER -;ENTRY_BEGIN -;MATCH all -;REPLY QR RD RA NOERROR -;SECTION QUESTION -;www.example.com. IN A -;SECTION ANSWER -;www.example.com. 30 IN A 1.2.3.4 -;ENTRY_END - -; reply can flow again. -STEP 140 TRAFFIC - -STEP 141 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME example.foo.com. -example.foo.com. 10 IN A 1.2.3.6 -ENTRY_END - -; see the entry now in cache, from the subnetcache. -STEP 142 TIME_PASSES ELAPSE 2 -STEP 150 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 160 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 8 IN CNAME example.foo.com. -example.foo.com. 8 IN A 1.2.3.6 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/cachedb_subnet_toecs_timeout.crpl b/contrib/unbound/testdata/cachedb_subnet_toecs_timeout.crpl deleted file mode 100644 index f53fd9658e21..000000000000 --- a/contrib/unbound/testdata/cachedb_subnet_toecs_timeout.crpl +++ /dev/null @@ -1,229 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - serve-expired: yes - serve-expired-reply-ttl: 30 - ; at least one second, so we can time skip past the timer in the - ; testbound script steps, but also reply within the time. - serve-expired-client-timeout: 1200 - send-client-subnet: 1.2.3.4 - max-client-subnet-ipv4: 17 - ; subnetcache is to the left of cachedb, because it sets no cache - ; store for edns subnet content for modules to the right of it. - ; this keeps subnet content out of cachedb as global content. - module-config: "subnetcache cachedb iterator" - -cachedb: - backend: "testframe" - secret-seed: "testvalue" - cachedb-check-when-serve-expired: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 -CONFIG_END - -SCENARIO_BEGIN Test cachedb, subnet and serve-expired, with a domain change from global to subnet with serve-expired-client-timeout enabled. -; So the CNAME first points to a global record, then points to a subnet record. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 400 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 400 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns2.example.com. -SECTION ADDITIONAL -ns2.example.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.com. IN NS -SECTION AUTHORITY -foo.com. IN NS ns.foo.com. -SECTION ADDITIONAL -ns.foo.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -initial.com. IN NS -SECTION AUTHORITY -initial.com. IN NS ns.initial.com. -SECTION ADDITIONAL -ns.initial.com. IN A 1.2.3.6 -ENTRY_END -RANGE_END - -; ns2.example.com. -RANGE_BEGIN 0 30 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME www.initial.com. -ENTRY_END -RANGE_END - -; ns2.example.com. - after change -RANGE_BEGIN 40 100 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME example.foo.com. -ENTRY_END -RANGE_END - -; ns.initial.com. -RANGE_BEGIN 0 400 - ADDRESS 1.2.3.6 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.initial.com. IN A -SECTION ANSWER -www.initial.com. 10 IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.foo.com. -RANGE_BEGIN 40 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qname qtype ednsdata -REPLY QR AA NOERROR -SECTION QUESTION -example.foo.com. IN A -SECTION ANSWER -example.foo.com. 10 IN A 1.2.3.5 -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END -ENTRY_END -RANGE_END - -; make time not 0 -STEP 2 TIME_PASSES ELAPSE 212 - -; Get an entry in cache. -STEP 4 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME www.initial.com. -www.initial.com. 10 IN A 1.2.3.4 -ENTRY_END - -; now valid in cache and valid in cachedb, without subnet. -STEP 30 TIME_PASSES ELAPSE 20 - -; now the cache and cachedb have an expired entry. -; the upstream is updated to CNAME to a subnet zone A record. - -STEP 40 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; this answer is returned by the subnet lookup within -; the serve-expired-client-timeout. -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN CNAME example.foo.com. -example.foo.com. 10 IN A 1.2.3.5 -ENTRY_END - -; check that subnet has the query in cache. -STEP 58 TIME_PASSES ELAPSE 2 -STEP 60 QUERY ADDRESS 127.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 8 IN CNAME example.foo.com. -example.foo.com. 8 IN A 1.2.3.5 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/cachedb_val_expired.crpl b/contrib/unbound/testdata/cachedb_val_expired.crpl deleted file mode 100644 index 4a51e8272379..000000000000 --- a/contrib/unbound/testdata/cachedb_val_expired.crpl +++ /dev/null @@ -1,327 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: yes - serve-expired: yes - ;module-config: "subnetcache validator cachedb iterator" - module-config: "validator cachedb iterator" - -cachedb: - backend: "testframe" - secret-seed: "testvalue" - cachedb-check-when-serve-expired: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 -CONFIG_END - -SCENARIO_BEGIN Test cachedb, validator and serve expired. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 400 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 400 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns2.example.com. -SECTION ADDITIONAL -ns2.example.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.com. IN NS -SECTION AUTHORITY -foo.com. IN NS ns.example.com. -ENTRY_END -RANGE_END - -; ns2.example.com. -RANGE_BEGIN 0 400 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -REPLY QR AA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; Get an entry in cache, to make it expired. -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; Get another query in cache to make it expired. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -; get the answer for it -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 10 IN A 1.2.3.5 -ENTRY_END - -; it is now expired -STEP 40 TIME_PASSES ELAPSE 20 - -; cache is expired, and cachedb is expired. -; The expired reply, from cachedb, needs a validation status, -; because the validator module set that validation is needed. -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 30 IN A 1.2.3.5 -ENTRY_END - -; cache is expired, cachedb has no answer -STEP 70 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 80 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 1.2.3.4 -ENTRY_END - -STEP 90 TRAFFIC -; the entry should be refreshed in cache now. -; cache is valid and cachedb is valid. -STEP 100 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 110 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; flush the entry from cache -STEP 120 FLUSH_MESSAGE www.example.com. IN A - -; cache has no answer, cachedb valid -STEP 130 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 140 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; it is now expired -STEP 150 TIME_PASSES ELAPSE 20 -; flush the entry from cache -STEP 160 FLUSH_MESSAGE www.example.com. IN A - -; cache has no answer, cachedb is expired -STEP 170 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 180 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 1.2.3.4 -ENTRY_END - -STEP 190 TRAFFIC -; the expired message is updated. - -; cache is valid, cachedb is valid -STEP 200 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 210 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; expire the entry in cache -STEP 220 EXPIRE_MESSAGE www.example.com. IN A - -; cache is expired, cachedb valid -STEP 230 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 240 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -; it is now expired -STEP 250 TIME_PASSES ELAPSE 20 -; expire the entry in cache -STEP 260 EXPIRE_MESSAGE www.example.com. IN A - -; cache is expired, cachedb is expired -STEP 270 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 280 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 1.2.3.4 -ENTRY_END - -STEP 290 TRAFFIC -; the expired message is updated. - -; cache is valid, cachedb is valid -STEP 300 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 310 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/cookie_file.tdir/cookie_file.conf b/contrib/unbound/testdata/cookie_file.tdir/cookie_file.conf deleted file mode 100644 index 25dd93f52667..000000000000 --- a/contrib/unbound/testdata/cookie_file.tdir/cookie_file.conf +++ /dev/null @@ -1,19 +0,0 @@ -server: - verbosity: 7 - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - use-caps-for-id: no - port: @SERVER_PORT@ - interface: 127.0.0.1 - cookie-secret-file: "cookie_secrets.txt" - answer-cookie: yes - access-control: 127.0.0.0/8 allow_cookie # BADCOOKIE for incomplete/invalid cookies - -remote-control: - control-enable: yes - control-port: @CONTROL_PORT@ - control-use-cert: no diff --git a/contrib/unbound/testdata/cookie_file.tdir/cookie_file.dsc b/contrib/unbound/testdata/cookie_file.tdir/cookie_file.dsc deleted file mode 100644 index 4f321bd2ef96..000000000000 --- a/contrib/unbound/testdata/cookie_file.tdir/cookie_file.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: cookie_file -Version: 1.0 -Description: Check the cookie rollover -CreationDate: Fri 14 Jun 11:00:00 CEST 2024 -Maintainer: -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: cookie_file.pre -Post: cookie_file.post -Test: cookie_file.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/cookie_file.tdir/cookie_file.pre b/contrib/unbound/testdata/cookie_file.tdir/cookie_file.pre deleted file mode 100644 index 61da5425a447..000000000000 --- a/contrib/unbound/testdata/cookie_file.tdir/cookie_file.pre +++ /dev/null @@ -1,24 +0,0 @@ -# #-- cookie_file.pre--# -PRE="../.." -. ../common.sh - -get_random_port 2 -SERVER_PORT=$RND_PORT -CONTROL_PORT=$(($RND_PORT + 1)) -echo "SERVER_PORT=$SERVER_PORT" >> .tpkg.var.test -echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test - -# make config file -sed \ - -e 's/@SERVER_PORT\@/'$SERVER_PORT'/' \ - -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' \ - < cookie_file.conf > ub.conf - -# empty cookie file -touch cookie_secrets.txt - -# start unbound in the background -$PRE/unbound -d -c ub.conf > unbound.log 2>&1 & - -cat .tpkg.var.test -wait_unbound_up unbound.log diff --git a/contrib/unbound/testdata/cookie_file.tdir/cookie_file.test b/contrib/unbound/testdata/cookie_file.tdir/cookie_file.test deleted file mode 100644 index d5d2c2d1fab8..000000000000 --- a/contrib/unbound/testdata/cookie_file.tdir/cookie_file.test +++ /dev/null @@ -1,250 +0,0 @@ -# #-- cookie_file.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test -PRE="../.." -. ../common.sh - -first_secret=dd3bdf9344b678b185a6f5cb60fca715 -second_secret=445536bcd2513298075a5d379663c962 - - -teststep "Add first secret" -echo ">> add_cookie_secret $first_secret" -$PRE/unbound-control -c ub.conf add_cookie_secret $first_secret -# check secret is persisted -outfile=cookie_secrets.1 -$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -if ! grep -q "$first_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if ! grep -q "$first_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if ! grep -q "$first_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if ! grep -q "^active.*$first_secret" $outfile -then - cat $outfile - echo "First secret was not provisioned" - exit 1 -fi -echo ">> print_cookie_secrets" -cat $outfile - - -teststep "Get a valid cookie for this secret" -outfile=dig.output.1 -dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=3132333435363738 > $outfile -if ! grep -q "BADCOOKIE" $outfile -then - cat $outfile - echo "Did not get a BADCOOKIE response for a client-only cookie" - exit 1 -fi -if ! grep -q "COOKIE: 3132333435363738" $outfile -then - cat $outfile - echo "Did not get a cookie in the response" - exit 1 -fi -first_cookie=$(grep "; COOKIE:" $outfile | cut -d ' ' -f 3) -cat $outfile -echo "first cookie: $first_cookie" - - -teststep "Verify the first cookie can be reused" -outfile=dig.output.2 -dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile -if grep -q "BADCOOKIE" $outfile -then - cat $outfile - echo "Got BADCOOKIE response for a valid cookie" - exit 1 -fi -if ! grep -q "COOKIE: $first_cookie" $outfile -then - cat $outfile - echo "Did not get the same first cookie in the response" - exit 1 -fi - - -teststep "Add second secret" -outfile=cookie_secrets.2 -echo ">> add_cookie_secret $second_secret" -$PRE/unbound-control -c ub.conf add_cookie_secret $second_secret -$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -if ! grep -q "$second_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if ! grep -q "$second_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if ! grep -q "$second_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if ! grep -q "^staging.*$second_secret" $outfile \ - || ! grep -q "^active.*$first_secret" $outfile -then - cat $outfile - echo "Secrets were not provisioned" - exit 1 -fi -echo ">> print_cookie_secrets" -cat $outfile -echo ">> cookie_secrets.txt" -cat cookie_secrets.txt - - -teststep "Verify the first cookie can be reused" -outfile=dig.output.3 -dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile -if grep -q "BADCOOKIE" $outfile -then - cat $outfile - echo "Got BADCOOKIE response for a valid cookie" - exit 1 -fi -if ! grep -q "COOKIE: $first_cookie" $outfile -then - cat $outfile - echo "Did not get the same first cookie in the response" - exit 1 -fi - - -teststep "Secret rollover" -outfile=cookie_secrets.3 -$PRE/unbound-control -c ub.conf activate_cookie_secret -$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -if ! grep -q "^active.*$second_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if ! grep -q "^active.*$second_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if ! grep -q "^active.*$second_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if ! grep -q "^active.*$second_secret" $outfile \ - || ! grep -q "^staging.*$first_secret" $outfile -then - cat $outfile - echo "Second secret was not activated" - exit 1 -fi -echo ">> activate cookie secret, printout" -cat $outfile -echo ">> cookie_secrets.txt" -cat cookie_secrets.txt - - -teststep "Verify the first cookie can be reused but a new cookie is returned from the second secret" -outfile=dig.output.4 -dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile -if grep -q "BADCOOKIE" $outfile -then - cat $outfile - echo "Got BADCOOKIE response for a valid cookie" - exit 1 -fi -if ! grep -q "COOKIE: 3132333435363738" $outfile -then - cat $outfile - echo "Did not get a cookie in the response" - exit 1 -fi -if grep -q "COOKIE: $first_cookie" $outfile -then - cat $outfile - echo "Got the same first cookie in the response while the second secret is active" - exit 1 -fi -second_cookie=$(grep "; COOKIE:" $outfile | cut -d ' ' -f 3) -cat $outfile -echo "second cookie: $second_cookie" - - -teststep "Drop cookie secret" -outfile=cookie_secrets.4 -$PRE/unbound-control -c ub.conf drop_cookie_secret -$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -if grep -q "^staging.*$first_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if grep -q "^staging.*$first_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if grep -q "^staging.*$first_secret" $outfile -then - sleep 1 - $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile -fi -if grep -q "^staging.*$first_secret" $outfile -then - cat $outfile - echo "First secret was not dropped" - exit 1 -fi -echo ">> drop cookie secret, printout" -cat $outfile -echo ">> cookie_secrets.txt" -cat cookie_secrets.txt - - -teststep "Verify the first cookie can not be reused and the second cookie is returned instead" -outfile=dig.output.4 -dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile -if ! grep -q "BADCOOKIE" $outfile -then - cat $outfile - echo "Did not get BADCOOKIE response for an invalid cookie" - exit 1 -fi -if ! grep -q "COOKIE: 3132333435363738" $outfile -then - cat $outfile - echo "Did not get a cookie in the response" - exit 1 -fi -if grep -q "COOKIE: $first_cookie" $outfile -then - cat $outfile - echo "Got the same first cookie in the response while the second secret is active" - exit 1 -fi -if ! grep -q "COOKIE: .* (good)$" $outfile -then - # dig can generate a different cookie value here than previous cookies. - # but make sure the output contains a valid cookie - cat $outfile - echo "Did not get a valid cookie in the response" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/disable_edns_do.rpl b/contrib/unbound/testdata/disable_edns_do.rpl deleted file mode 100644 index 82a16da062f1..000000000000 --- a/contrib/unbound/testdata/disable_edns_do.rpl +++ /dev/null @@ -1,164 +0,0 @@ -; config options -; The island of trust is at example.com -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - trust-anchor-signaling: no - minimal-responses: no - disable-edns-do: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test lookup with disable-edns-do - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to query of interest, when sent with EDNS DO -ENTRY_BEGIN -MATCH opcode qtype qname DO -ADJUST copy_id -REPLY QR AA DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -ENTRY_END - -; response to query of interest, when sent without DO -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/dns64_prefetch_cache.rpl b/contrib/unbound/testdata/dns64_prefetch_cache.rpl deleted file mode 100644 index a23b92f08d42..000000000000 --- a/contrib/unbound/testdata/dns64_prefetch_cache.rpl +++ /dev/null @@ -1,195 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - module-config: "dns64 iterator" - dns64-prefix: 64:ff9b::0/96 - minimal-responses: no - prefetch: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test dns64 with prefetch and cache store. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 200 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 200 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 3600 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3600 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 3600 IN A 1.2.3.4 -ENTRY_END - -STEP 20 TIME_PASSES ELAPSE 3500 - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; the prefetch is started, the older cache reply is returned. -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 100 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 100 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 100 IN A 1.2.3.4 -ENTRY_END - -; check what is in the cache -STEP 42 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 43 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 3600 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3600 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 3600 IN A 1.2.3.4 -ENTRY_END - -STEP 50 TIME_PASSES ELAPSE 300 - -; now the upstream is offline, the prefetched answer should be in the cache. -STEP 110 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 120 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 3300 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3300 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 3300 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.conf b/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.conf deleted file mode 100644 index babd3504123a..000000000000 --- a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.conf +++ /dev/null @@ -1,21 +0,0 @@ -server: - verbosity: 2 - # num-threads: 1 - interface: 127.0.0.1@@PORT@ - quic-port: @PORT@ - tls-service-key: "unbound_server.key" - tls-service-pem: "unbound_server.pem" - use-syslog: no - directory: . - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - - local-zone: "example.net" static - local-data: "www.example.net. IN A 1.2.3.4" - local-zone: "drop.net" deny - -forward-zone: - name: "." - forward-addr: "127.0.0.1@@TOPORT@" diff --git a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.dsc b/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.dsc deleted file mode 100644 index 1e0b19d509d1..000000000000 --- a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: doq_downstream -Version: 1.0 -Description: Test DNS-over-QUIC query processing -CreationDate: Mon Aug 01 16:00:00 CEST 2022 -Maintainer: -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: doq_downstream.pre -Post: doq_downstream.post -Test: doq_downstream.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.post b/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.post deleted file mode 100644 index f1a31be3cd81..000000000000 --- a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.post +++ /dev/null @@ -1,13 +0,0 @@ -# #-- doq_downstream.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -PRE="../.." -. ../common.sh -kill_pid $FWD_PID -if test -f unbound.pid; then - kill_pid $UNBOUND_PID -fi diff --git a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.pre b/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.pre deleted file mode 100644 index f748cc1f5cf3..000000000000 --- a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.pre +++ /dev/null @@ -1,44 +0,0 @@ -# #-- doq_downstream.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -if grep "define HAVE_NGTCP2 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi - -if test -f $PRE/unbound_do_valgrind_in_test; then - do_valgrind=yes -else - do_valgrind=no -fi -VALGRIND_FLAGS="--leak-check=full --show-leak-kinds=all" - -get_random_port 2 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT doq_downstream.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doq_downstream.conf > ub.conf -# start unbound in the background -if test $do_valgrind = "yes"; then -valgrind $VALGRIND_FLAGS $PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & -else -$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & -fi -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log - diff --git a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.test b/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.test deleted file mode 100644 index a302e8da6b62..000000000000 --- a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.test +++ /dev/null @@ -1,109 +0,0 @@ -# #-- doq_downstream.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -get_make -(cd $PRE; $MAKE doqclient) - -# test query from local-data, immediate like from cache -echo "> query www.example.net." -$PRE/doqclient -s 127.0.0.1 -p $UNBOUND_PORT www.example.net. A IN >outfile 2>&1 -cat outfile -if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi -if grep "www.example.net" outfile | grep "1.2.3.4"; then - echo "content OK" -else - echo "result contents not OK" - echo "> cat logfiles" - cat outfile - cat fwd.log - cat unbound.log - echo "result contents not OK" - exit 1 -fi -echo "OK" - -# test query that is resolved -echo "> query www.example.com." -$PRE/doqclient -s 127.0.0.1 -p $UNBOUND_PORT www.example.com. A IN >outfile 2>&1 -cat outfile -if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi -if grep "www.example.com" outfile | grep "10.20.30.40"; then - echo "content OK" -else - echo "result contents not OK" - echo "> cat logfiles" - cat outfile - cat fwd.log - cat unbound.log - echo "result contents not OK" - exit 1 -fi -echo "OK" - -# Perform the lock verify tests, stop the server first. -kill_pid $UNBOUND_PID -cat unbound.log -# Remove pidfile so that the post script does not try to stop the server, -# it is already stopped. -rm -f unbound.pid -if test -f ublocktrace-doqclient.0; then - if $PRE/lock-verify ublocktrace-doqclient.* 2>&1; then - echo "lock-verify test ublocktrace-doqclient worked." - else - echo "lock-verify test ublocktrace-doqclient failed." - exit 1 - fi -fi -if test -f ublocktrace.0; then - if $PRE/lock-verify ublocktrace.* 2>&1; then - echo "lock-verify test ublocktrace worked." - else - echo "lock-verify test ublocktrace failed." - exit 1 - fi - if grep "lock error" unbound.log >/dev/null; then - echo "lock error" - exit 1 - fi -fi -# check valgrind output -if test -f $PRE/unbound_do_valgrind_in_test; then - if grep "All heap blocks were freed -- no leaks are possible" unbound.log; then - : # clean - else - grep "^==" unbound.log - echo "Memory leaked" - grep "in use at exit" unbound.log - exit 1 - fi - if grep "ERROR SUMMARY: 0 errors from 0 contexts" unbound.log; then - : # clean - else - grep "^==" unbound.log - echo "Errors" - grep "ERROR SUMMARY" unbound.log - exit 1 - fi -fi -exit 0 diff --git a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.testns b/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.testns deleted file mode 100644 index 2d0ea45a4c3d..000000000000 --- a/contrib/unbound/testdata/doq_downstream.tdir/doq_downstream.testns +++ /dev/null @@ -1,13 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www IN A -SECTION ANSWER -www IN A 10.20.30.40 -ENTRY_END diff --git a/contrib/unbound/testdata/doq_downstream.tdir/unbound_server.key b/contrib/unbound/testdata/doq_downstream.tdir/unbound_server.key deleted file mode 100644 index 4256c421dd0d..000000000000 --- a/contrib/unbound/testdata/doq_downstream.tdir/unbound_server.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/doq_downstream.tdir/unbound_server.pem b/contrib/unbound/testdata/doq_downstream.tdir/unbound_server.pem deleted file mode 100644 index aeda3ff11882..000000000000 --- a/contrib/unbound/testdata/doq_downstream.tdir/unbound_server.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/edns_downstream_cookies.rpl b/contrib/unbound/testdata/edns_downstream_cookies.rpl deleted file mode 100644 index 820bc5a7ca70..000000000000 --- a/contrib/unbound/testdata/edns_downstream_cookies.rpl +++ /dev/null @@ -1,235 +0,0 @@ -; config options -server: - answer-cookie: yes - cookie-secret: "000102030405060708090a0b0c0d0e0f" - access-control: 127.0.0.1 allow_cookie - access-control: 1.2.3.4 allow - local-data: "test. TXT test" - -CONFIG_END - -SCENARIO_BEGIN Test downstream DNS Cookies - -; Note: When a valid hash was required, it was generated by running this test -; with an invalid one and checking the output for the valid one. -; Actual hash generation is tested with unit tests. - -; Query without a client cookie ... -STEP 0 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test. IN TXT -ENTRY_END -; ... get TC and refused -STEP 1 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA TC REFUSED -SECTION QUESTION -test. IN TXT -ENTRY_END - -; Query without a client cookie on TCP ... -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -MATCH TCP -SECTION QUESTION -test. IN TXT -ENTRY_END -; ... get an answer -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -test. IN TXT -SECTION ANSWER -test. IN TXT "test" -ENTRY_END - -; Query with only a client cookie ... -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test. IN TXT -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 0a ; Opcode 10 - 00 08 ; Length 8 - 31 32 33 34 35 36 37 38 ; Random bits -HEX_EDNSDATA_END -ENTRY_END -; ... get BADCOOKIE and a new cookie -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all server_cookie -REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode -SECTION QUESTION -test. IN TXT -ENTRY_END - -; Query with an invalid cookie ... -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test. IN TXT -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 0a ; Opcode 10 - 00 18 ; Length 24 - 31 32 33 34 35 36 37 38 ; Random bits - 02 00 00 00 ; wrong version - 00 00 00 00 ; Timestamp - 31 32 33 34 35 36 37 38 ; wrong hash -HEX_EDNSDATA_END -ENTRY_END -; ... get BADCOOKIE and a new cookie -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all server_cookie -REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode -SECTION QUESTION -test. IN TXT -ENTRY_END - -; Query with an invalid cookie from a non-cookie protected address ... -STEP 40 QUERY ADDRESS 1.2.3.4 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test. IN TXT -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 0a ; Opcode 10 - 00 18 ; Length 24 - 31 32 33 34 35 36 37 38 ; Random bits - 02 00 00 00 ; wrong version - 00 00 00 00 ; Timestamp - 31 32 33 34 35 36 37 38 ; wrong hash -HEX_EDNSDATA_END -ENTRY_END -; ... get answer and a cookie -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all server_cookie -REPLY QR RD RA AA DO NOERROR -SECTION QUESTION -test. IN TXT -SECTION ANSWER -test. IN TXT "test" -ENTRY_END - -; Query with a valid cookie ... -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test. IN TXT -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 0a ; Opcode 10 - 00 18 ; Length 24 - 31 32 33 34 35 36 37 38 ; Random bits - 01 00 00 00 ; Version/Reserved - 00 00 00 00 ; Timestamp - 38 52 7b a8 c6 a4 ea 96 ; Hash -HEX_EDNSDATA_END -ENTRY_END -; ... get answer and the cookie -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all server_cookie -REPLY QR RD RA AA DO NOERROR -SECTION QUESTION -test. IN TXT -SECTION ANSWER -test. IN TXT "test" -ENTRY_END - -; Query with a valid >30 minutes old cookie ... -STEP 59 TIME_PASSES ELAPSE 1801 -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test. IN TXT -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 0a ; Opcode 10 - 00 18 ; Length 24 - 31 32 33 34 35 36 37 38 ; Random bits - 01 00 00 00 ; Version/Reserved - 00 00 00 00 ; Timestamp - 38 52 7b a8 c6 a4 ea 96 ; Hash -HEX_EDNSDATA_END -ENTRY_END -; ... Get answer and a refreshed cookie -; (we don't check the re-freshness here; it has its own unit test) -STEP 61 CHECK_ANSWER -ENTRY_BEGIN -MATCH all server_cookie -REPLY QR RD RA AA DO NOERROR -SECTION QUESTION -test. IN TXT -SECTION ANSWER -test. IN TXT "test" -ENTRY_END - -; Query with a hash-valid >60 minutes old cookie ... -STEP 69 TIME_PASSES ELAPSE 3601 -STEP 70 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test. IN TXT -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 0a ; Opcode 10 - 00 18 ; Length 24 - 31 32 33 34 35 36 37 38 ; Random bits - 01 00 00 00 ; Version/Reserved - 00 00 07 09 ; Timestamp (1801) - 77 81 38 e3 8f aa 72 86 ; Hash -HEX_EDNSDATA_END -ENTRY_END -; ... get BADCOOKIE and a new cookie -STEP 71 CHECK_ANSWER -ENTRY_BEGIN -MATCH all server_cookie -REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode -SECTION QUESTION -test. IN TXT -ENTRY_END - -; Query with a valid future (<5 minutes) cookie ... -STEP 80 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test. IN TXT -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 0a ; Opcode 10 - 00 18 ; Length 24 - 31 32 33 34 35 36 37 38 ; Random bits - 01 00 00 00 ; Version/Reserved - 00 00 16 45 ; Timestamp (1801 + 3601 + 299) - 4a f5 0f df f0 e8 c7 09 ; Hash -HEX_EDNSDATA_END -ENTRY_END -; ... get an answer -STEP 81 CHECK_ANSWER -ENTRY_BEGIN -MATCH all server_cookie -REPLY QR RD RA AA DO NOERROR -SECTION QUESTION -test. IN TXT -SECTION ANSWER -test. IN TXT "test" -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/fwd_name_lookup.rpl b/contrib/unbound/testdata/fwd_name_lookup.rpl deleted file mode 100644 index dbcfffba524a..000000000000 --- a/contrib/unbound/testdata/fwd_name_lookup.rpl +++ /dev/null @@ -1,152 +0,0 @@ -; config options -server: - # must have target-fetch-policy to fetch forward-host name. - target-fetch-policy: "3 2 1 0 0" - qname-minimisation: no - minimal-responses: no - -forward-zone: - name: "." - forward-addr: 1.2.3.4 - forward-host: ns.example.com -CONFIG_END - -SCENARIO_BEGIN Test forward with forward-host lookup for more addresses - -; Forward server -RANGE_BEGIN 0 15 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.com. IN A -SECTION ANSWER -ns.example.com. IN A 1.2.3.4 -ns.example.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA ns.example.com. host.example.com. 3 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 1.2.3.6 -ENTRY_END -RANGE_END - -; The forward server gives no answers. -RANGE_BEGIN 20 55 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR SERVFAIL -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR SERVFAIL -SECTION QUESTION -www3.example.com. IN A -SECTION ANSWER -ENTRY_END -RANGE_END - -; The other forward server. -RANGE_BEGIN 20 55 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. IN A 1.2.3.7 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www3.example.com. IN A -SECTION ANSWER -www3.example.com. IN A 1.2.3.8 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 1.2.3.6 -ENTRY_END - -; The address 1.2.3.4 is not responding so it has to fail over to the -; address from the name lookup. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. IN A 1.2.3.7 -ENTRY_END - -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www3.example.com. IN A -ENTRY_END - -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www3.example.com. IN A -SECTION ANSWER -www3.example.com. IN A 1.2.3.8 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.conf b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.conf deleted file mode 100644 index ae7d0cda0d9d..000000000000 --- a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.conf +++ /dev/null @@ -1,28 +0,0 @@ -server: - verbosity: 5 - # num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: . - pidfile: "unbound.pid" - chroot: "" - username: "" - local-data: "test. IN TXT localdata" - - ip-ratelimit: 1 - ip-ratelimit-cookie: 0 - ip-ratelimit-factor: 0 - ip-ratelimit-backoff: yes - answer-cookie: yes - access-control: 127.0.0.0/8 allow_cookie - -remote-control: - control-enable: yes - control-interface: 127.0.0.1 - # control-interface: ::1 - control-port: @CONTROL_PORT@ - server-key-file: "unbound_server.key" - server-cert-file: "unbound_server.pem" - control-key-file: "unbound_control.key" - control-cert-file: "unbound_control.pem" diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc deleted file mode 100644 index a6f6192360cd..000000000000 --- a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: ip_ratelimit -Version: 1.0 -Description: Test IP source ratelimit. -CreationDate: Tue Aug 8 00:00:00 CET 2023 -Maintainer: Yorgos Thessalonikefs -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: ip_ratelimit.pre -Post: ip_ratelimit.post -Test: ip_ratelimit.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.post b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.post deleted file mode 100644 index 1f86d008587d..000000000000 --- a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.post +++ /dev/null @@ -1,13 +0,0 @@ -# #-- ip_ratelimit.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -kill_pid $UNBOUND_PID -if test -f unbound.log; then - echo ">>> unbound log" - cat unbound.log -fi diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.pre b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.pre deleted file mode 100644 index c4589a0ea4fe..000000000000 --- a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.pre +++ /dev/null @@ -1,24 +0,0 @@ -# #-- ip_ratelimit.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -get_random_port 2 -UNBOUND_PORT=$RND_PORT -CONTROL_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < ip_ratelimit.conf > ub.conf -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -wait_unbound_up unbound.log - -cat .tpkg.var.test diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.test b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.test deleted file mode 100644 index f58b7edcbe2a..000000000000 --- a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.test +++ /dev/null @@ -1,165 +0,0 @@ -# #-- ip_ratelimit.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh - -get_make -(cd $PRE; $MAKE streamtcp) - -# These tests rely on second time precision. To combat false negatives the -# tests run multiple times and we allow 1/3 of the runs to fail. -total_runs=6 -success_threshold=4 # 2/3*total_runs - -if dig -h 2>&1 | grep "cookie" >/dev/null; then - nocookie="+nocookie" -else - nocookie="" -fi - -echo "> First get a valid cookie" -dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:0102030405060708 $nocookie +tcp +retry=0 +time=1 test. TXT >outfile 2>&1 -if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 -fi -if test `grep "COOKIE: " outfile | wc -l` -ne 1; then - echo "Could not get cookie" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 -fi -cookie=`grep "COOKIE: " outfile | cut -d ' ' -f 3` - -successes=0 -echo "> Three parallel queries with backoff and cookie" -# For this test we send three parallel queries. The ratelimit should be reached -# for that second. We send a query to verify that there is no reply. -# Then for the next second we again send three parallel queries and we expect -# none of them to be allowed through because of the backoff logic that keeps -# rolling the RATE_WINDOW based on demand. -# Again we send another query but with a valid cookie and we expect to receive -# an answer. -for i in $(seq 1 $total_runs); do - # Try to hit limit - $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - # Expect no answer because of limit - dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 - if test "$?" -eq 0; then - continue - fi - # Try to keep limit - $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - # Expect answer because of DNS cookie - dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:$cookie $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 - if test "$?" -ne 0; then - continue - fi - ((successes++)) - # We don't have to wait for all the runs to complete if we know - # we passed the threshold. - if test $successes -ge $success_threshold; then - break - fi -done - -if test $successes -ge $success_threshold; then - echo "Three parallel queries with backoff and cookie OK" -else - echo "Three parallel queries with backoff and cookie NOT OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Three parallel queries with backoff and cookie NOT OK" - exit 1 -fi - -echo "> Activating ip-ratelimit-cookie" -echo "$PRE/unbound-control -c ub.conf set_option ip-ratelimit-cookie: 1" -$PRE/unbound-control -c ub.conf set_option ip-ratelimit-cookie: 1 -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -successes=0 -echo "> Three parallel queries with backoff and cookie with ip-ratelimit-cookie" -# This is the exact same test as above with the exception that we don't expect -# an answer on the last query because ip-ratelimit-cookie is now enabled. -for i in $(seq 1 $total_runs); do - # Try to hit limit - $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - # Expect no answer because of limit - dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 - if test "$?" -eq 0; then - continue - fi - # Try to keep limit - $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - # Expect no answer because of ip-ratelimit-cookie - dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:$cookie $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 - if test "$?" -eq 0; then - continue - fi - ((successes++)) - # We don't have to wait for all the runs to complete if we know - # we passed the threshold. - if test $successes -ge $success_threshold; then - break - fi -done - -if test $successes -ge $success_threshold; then - echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie OK" -else - echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie NOT OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie NOT OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.key b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.key deleted file mode 100644 index 753a4ef6162e..000000000000 --- a/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA -1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ -F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR -ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm -vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb -IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL -cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr -lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov -15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf -LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ -Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 -YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 -whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c -lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax -tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ -U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 -Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc -Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 -ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ -1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN -b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz -ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C -TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF -tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y -aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 -A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU -LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U -R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy -7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj -7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw -jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 -BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar -kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR -qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 -VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 -MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa -C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.pem b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.pem deleted file mode 100644 index a1edf7017f1d..000000000000 --- a/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw -WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA -A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv -OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj -1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl -NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht -A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ -Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB -TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ -nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My -+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj -4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 -hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU -9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn -ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ -pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD -72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ -muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP -uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.key b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.key deleted file mode 100644 index 370a7bbb2f22..000000000000 --- a/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI -0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq -GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z -uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K -WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 -FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP -q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL -A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP -7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf -XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 -iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 -2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo -MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj -WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz -O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI -IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN -qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU -dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs -bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr -YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km -7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr -gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z -5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG -ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN -oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ -s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW -zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx -ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 -oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 -BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS -mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 -kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 -7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 -RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O -jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp -O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre -MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.pem b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.pem deleted file mode 100644 index 986807310f2b..000000000000 --- a/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 -WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB -igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 -a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 -4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot -aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 -TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ -uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 -+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz -XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx -dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW -84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 -JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca -fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg -XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF -qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 -sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD -yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe -CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/iter_cname_minimise_nx.rpl b/contrib/unbound/testdata/iter_cname_minimise_nx.rpl deleted file mode 100644 index a04eb8b24791..000000000000 --- a/contrib/unbound/testdata/iter_cname_minimise_nx.rpl +++ /dev/null @@ -1,245 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: yes - module-config: "validator iterator" - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test cname chain resolution of nxdomain with qname minimisation. -; the qtype CNAME lookup has NXDOMAIN. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.com. IN A -SECTION ANSWER -ns.example.com. IN A 1.2.3.44 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -SECTION AUTHORITY -example.com. 300 IN SOA a. b. 1 2 3 4 300 -example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= -v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC -v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= -example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -c.example.com. IN A -SECTION ANSWER -c.example.com. 10 IN CNAME www.example.com. -c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= -SECTION AUTHORITY -example.com. 300 IN SOA a. b. 1 2 3 4 300 -example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= -v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC -v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= -example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c.example.com. IN CNAME -SECTION ANSWER -c.example.com. 10 IN CNAME www.example.com. -c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -c.example.com. IN CNAME -ENTRY_END - -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -c.example.com. IN CNAME -SECTION ANSWER -c.example.com. 10 IN CNAME www.example.com. -c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -c.example.com. IN CNAME -ENTRY_END - -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -c.example.com. IN CNAME -SECTION ANSWER -c.example.com. 10 IN CNAME www.example.com. -c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= -ENTRY_END - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -c.example.com. IN A -ENTRY_END - -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -c.example.com. IN A -SECTION ANSWER -c.example.com. 10 IN CNAME www.example.com. -c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= -SECTION AUTHORITY -example.com. 300 IN SOA a. b. 1 2 3 4 300 -example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= -v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC -v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= -example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_dname_ttl.rpl b/contrib/unbound/testdata/iter_dname_ttl.rpl deleted file mode 100644 index 71934c39fd69..000000000000 --- a/contrib/unbound/testdata/iter_dname_ttl.rpl +++ /dev/null @@ -1,271 +0,0 @@ -; config options -; The island of trust is at example.com -; validation is enabled because the pickup of DNAME from cache wants -; a DNSSEC signed DNAME. -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test iterator for TTL of synthesized CNAME of a DNAME from cache. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -foo.test-dname.example.com. IN A -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo.test-dname.example.com. 3600 IN CNAME foo.example.net. -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -foo.example.net. IN A -SECTION ANSWER -foo.example.net. IN A 11.12.13.15 -foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA== -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -foo2.example.net. IN A -SECTION ANSWER -foo2.example.net. IN A 11.12.13.16 -foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ== -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -STEP 1 TIME_PASSES ELAPSE 10 -; Get DNAME in cache and then pick it up again from cache. -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -foo.test-dname.example.com. IN A -ENTRY_END - -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -foo.test-dname.example.com. IN A -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo.test-dname.example.com. 3600 IN CNAME foo.example.net. -foo.example.net. IN A 11.12.13.15 -foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA== -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 - -; Use DNAME from cache -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -foo2.test-dname.example.com. IN A -ENTRY_END - -; Test the TTL on the synthesized CNAME for the DNAME record from cache. -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -foo2.test-dname.example.com. IN A -SECTION ANSWER -test-dname.example.com. 3590 IN DNAME example.net. -test-dname.example.com. 3590 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo2.test-dname.example.com. 3590 IN CNAME foo2.example.net. -foo2.example.net. 3600 IN A 11.12.13.16 -foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ== -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_failreply.rpl b/contrib/unbound/testdata/iter_failreply.rpl deleted file mode 100644 index 393714196d89..000000000000 --- a/contrib/unbound/testdata/iter_failreply.rpl +++ /dev/null @@ -1,132 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - minimal-responses: no - log-servfail: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test iterator fail_reply report - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NS ns2.example.net. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. IN AAAA ::1 -ns2.example.net. IN AAAA ::1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns2.example.net. IN A -SECTION ANSWER -ns2.example.net. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns2.example.net. IN AAAA -SECTION ANSWER -ns2.example.net. IN AAAA ::1 -ENTRY_END - -RANGE_END - -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR SERVFAIL -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR SERVFAIL -SECTION QUESTION -ns.example.com. IN A -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR SERVFAIL -SECTION QUESTION -ns.example.com. IN AAAA -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 20 CHECK_OUT_QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 21 TIMEOUT -STEP 22 TIMEOUT -STEP 23 TIMEOUT -STEP 24 TIMEOUT -STEP 25 TIMEOUT - -STEP 31 TIMEOUT -STEP 32 TIMEOUT -STEP 33 TIMEOUT -STEP 34 TIMEOUT - -; recursion happens here. -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_ghost_grandchild_delegation.rpl b/contrib/unbound/testdata/iter_ghost_grandchild_delegation.rpl deleted file mode 100644 index d1e521b57e9c..000000000000 --- a/contrib/unbound/testdata/iter_ghost_grandchild_delegation.rpl +++ /dev/null @@ -1,256 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test that deep delegation from the parent deletes intermediate delegations to avoid triggering the ghost domain countermeasure. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 19 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. 86400 IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. 86400 IN A 193.0.14.129 -ENTRY_END - -; we will explicitly ask for this -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. 10 IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. 86400 IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. 86400 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 86400 IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. 10 IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. 86400 IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.com. IN A -SECTION ANSWER -ns.example.com. IN A 1.2.3.4 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.example.com. IN A -SECTION ANSWER -a.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -b.example.com. IN A -SECTION ANSWER -b.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c.example.com. IN A -SECTION ANSWER -c.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; get the com. IN NS delegation in cache -STEP 0 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -com. IN NS -ENTRY_END - -STEP 1 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. 10 IN NS a.gtld-servers.net. -ENTRY_END - -STEP 2 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.example.com. IN A -ENTRY_END - -STEP 3 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -a.example.com. IN A -SECTION ANSWER -a.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -; time passes for com. IN NS to expire. -STEP 9 TIME_PASSES ELAPSE 11 - -; the following query should go to the root instead of example.com. IN NS -; because com. IN NS is expired -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -b.example.com. IN A -ENTRY_END - -; root replies with the example.com IN NS delegation -; the expired com. IN NS delegation should be deleted -STEP 12 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -b.example.com. IN A -SECTION ANSWER -b.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -; root is offline in this range. -; the following query should go straight to the example.com. IN NS delegation -; because the expired com. IN NS should not be in the cache anymore -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -c.example.com. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -c.example.com. IN A -SECTION ANSWER -c.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_ignore_empty.rpl b/contrib/unbound/testdata/iter_ignore_empty.rpl deleted file mode 100644 index 4b2f695b8501..000000000000 --- a/contrib/unbound/testdata/iter_ignore_empty.rpl +++ /dev/null @@ -1,248 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test ignore of an empty response. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NS ns2.example2.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example2.com. IN NS -SECTION AUTHORITY -example2.com. IN NS ns2.example2.com. -SECTION ADDITIONAL -ns2.example2.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.com. IN NS -SECTION AUTHORITY -foo.com. IN NS ns.foo.com. -SECTION ADDITIONAL -ns.foo.com. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. IN NS ns2.example.net. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.com. IN A -SECTION ANSWER -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION AUTHORITY -example.com. IN SOA ns root 4 14400 3600 604800 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; ns2.example2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example2.com. IN NS -SECTION ANSWER -example2.com. IN NS ns2.example2.com. -SECTION ADDITIONAL -ns2.example2.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns2.example2.com. IN A -SECTION ANSWER -ns2.example2.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns2.example2.com. IN AAAA -SECTION AUTHORITY -example2.com. IN SOA ns2 root 4 14400 3600 604800 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -; foo.com -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.foo.com. IN A -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.foo.com. IN AAAA -SECTION ANSWER -SECTION AUTHORITY -;foo.com. IN SOA ns2.foo.com root.foo.com 4 14400 3600 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -; wait for pending nameserver lookups. -STEP 20 TRAFFIC - -; Test that a nodata stays a nodata. -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.foo.com. IN A -ENTRY_END - -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.foo.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_max_global_quota.rpl b/contrib/unbound/testdata/iter_max_global_quota.rpl deleted file mode 100644 index 2dddf035a70b..000000000000 --- a/contrib/unbound/testdata/iter_max_global_quota.rpl +++ /dev/null @@ -1,2236 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - ; Move it down to make it exceeded. - max-global-quota: 10 - ; With this limit the resolution succeeds. - ; max-global-quota: 250 - -stub-zone: - name: "." - stub-addr: 193.0.14.129 -CONFIG_END - -SCENARIO_BEGIN Test the max-global-quota limit. -; It looks up a name with 10 CNAMEs, and every cname needs 10 delegations. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.com. IN NS -SECTION AUTHORITY -foo.com. IN NS ns.foo.com. -SECTION ADDITIONAL -ns.foo.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -c1.com. IN NS -SECTION AUTHORITY -c1.com. IN NS ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c1.com. -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -c2.com. IN NS -SECTION AUTHORITY -c2.com. IN NS ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c2.com. -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -c3.com. IN NS -SECTION AUTHORITY -c3.com. IN NS ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c3.com. -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -c4.com. IN NS -SECTION AUTHORITY -c4.com. IN NS ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c4.com. -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -c5.com. IN NS -SECTION AUTHORITY -c5.com. IN NS ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c5.com. -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -c6.com. IN NS -SECTION AUTHORITY -c6.com. IN NS ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c6.com. -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -c7.com. IN NS -SECTION AUTHORITY -c7.com. IN NS ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c7.com. -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -c8.com. IN NS -SECTION AUTHORITY -c8.com. IN NS ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c8.com. -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -c9.com. IN NS -SECTION AUTHORITY -c9.com. IN NS ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c9.com. -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -c10.com. IN NS -SECTION AUTHORITY -c10.com. IN NS ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c10.com. -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l10c1.com. IN NS -SECTION AUTHORITY -l10c1.com. IN NS ns.l10c1.com. -SECTION ADDITIONAL -ns.l10c1.com. IN A 1.3.1.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l10c2.com. IN NS -SECTION AUTHORITY -l10c2.com. IN NS ns.l10c2.com. -SECTION ADDITIONAL -ns.l10c2.com. IN A 1.3.2.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l10c3.com. IN NS -SECTION AUTHORITY -l10c3.com. IN NS ns.l10c3.com. -SECTION ADDITIONAL -ns.l10c3.com. IN A 1.3.3.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l10c4.com. IN NS -SECTION AUTHORITY -l10c4.com. IN NS ns.l10c4.com. -SECTION ADDITIONAL -ns.l10c4.com. IN A 1.3.4.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l10c5.com. IN NS -SECTION AUTHORITY -l10c5.com. IN NS ns.l10c5.com. -SECTION ADDITIONAL -ns.l10c5.com. IN A 1.3.5.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l10c6.com. IN NS -SECTION AUTHORITY -l10c6.com. IN NS ns.l10c6.com. -SECTION ADDITIONAL -ns.l10c6.com. IN A 1.3.6.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l10c7.com. IN NS -SECTION AUTHORITY -l10c7.com. IN NS ns.l10c7.com. -SECTION ADDITIONAL -ns.l10c7.com. IN A 1.3.7.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l10c8.com. IN NS -SECTION AUTHORITY -l10c8.com. IN NS ns.l10c8.com. -SECTION ADDITIONAL -ns.l10c8.com. IN A 1.3.8.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l10c9.com. IN NS -SECTION AUTHORITY -l10c9.com. IN NS ns.l10c9.com. -SECTION ADDITIONAL -ns.l10c9.com. IN A 1.3.9.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l10c10.com. IN NS -SECTION AUTHORITY -l10c10.com. IN NS ns.l10c10.com. -SECTION ADDITIONAL -ns.l10c10.com. IN A 1.3.10.10 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN CNAME www.c1.com. -ENTRY_END -RANGE_END - -; ns.foo.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.foo.com. IN A -SECTION ANSWER -www.foo.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.l10c1.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.1.10 -$ORIGIN l10c1.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l9 IN NS -SECTION AUTHORITY -l9 IN NS ns.l9 -SECTION ADDITIONAL -ns.l9 IN A 1.3.1.9 -ENTRY_END -RANGE_END - -; ns.l9.l10c1.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.1.9 -$ORIGIN l9.l10c1.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l8 IN NS -SECTION AUTHORITY -l8 IN NS ns.l8 -SECTION ADDITIONAL -ns.l8 IN A 1.3.1.8 -ENTRY_END -RANGE_END - -; ns.l8.l9.l10c1.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.1.8 -$ORIGIN l8.l9.l10c1.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l7 IN NS -SECTION AUTHORITY -l7 IN NS ns.l7 -SECTION ADDITIONAL -ns.l7 IN A 1.3.1.7 -ENTRY_END -RANGE_END - -; ns.l7.l8.l9.l10c1.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.1.7 -$ORIGIN l7.l8.l9.l10c1.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l6 IN NS -SECTION AUTHORITY -l6 IN NS ns.l6 -SECTION ADDITIONAL -ns.l6 IN A 1.3.1.6 -ENTRY_END -RANGE_END - -; ns.l6.l7.l8.l9.l10c1.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.1.6 -$ORIGIN l6.l7.l8.l9.l10c1.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l5 IN NS -SECTION AUTHORITY -l5 IN NS ns.l5 -SECTION ADDITIONAL -ns.l5 IN A 1.3.1.5 -ENTRY_END -RANGE_END - -; ns.l5.l6.l7.l8.l9.l10c1.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.1.5 -$ORIGIN l5.l6.l7.l8.l9.l10c1.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l4 IN NS -SECTION AUTHORITY -l4 IN NS ns.l4 -SECTION ADDITIONAL -ns.l4 IN A 1.3.1.4 -ENTRY_END -RANGE_END - -; ns.l4.l5.l6.l7.l8.l9.l10c1.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.1.4 -$ORIGIN l4.l5.l6.l7.l8.l9.l10c1.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l3 IN NS -SECTION AUTHORITY -l3 IN NS ns.l3 -SECTION ADDITIONAL -ns.l3 IN A 1.3.1.3 -ENTRY_END -RANGE_END - -; ns.l3.l4.l5.l6.l7.l8.l9.l10c1.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.1.3 -$ORIGIN l3.l4.l5.l6.l7.l8.l9.l10c1.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l2 IN NS -SECTION AUTHORITY -l2 IN NS ns.l2 -SECTION ADDITIONAL -ns.l2 IN A 1.3.1.2 -ENTRY_END -RANGE_END - -; ns.l2.l3.l4.l5.l6.l7.l8.l9.l10c1.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.1.2 -$ORIGIN l2.l3.l4.l5.l6.l7.l8.l9.l10c1.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l1 IN NS -SECTION AUTHORITY -l1 IN NS ns.l1 -SECTION ADDITIONAL -ns.l1 IN A 1.3.1.1 -ENTRY_END -RANGE_END - -; ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c1.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.1.1 -$ORIGIN l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c1.com. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN A -SECTION ANSWER -ns IN A 1.3.1.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN AAAA -SECTION AUTHORITY -@ SOA ns host 2018060423 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.c1.com. IN A -SECTION ANSWER -www.c1.com. IN CNAME www.c2.com. -ENTRY_END -RANGE_END - -; ns.l10c2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.2.10 -$ORIGIN l10c2.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l9 IN NS -SECTION AUTHORITY -l9 IN NS ns.l9 -SECTION ADDITIONAL -ns.l9 IN A 1.3.2.9 -ENTRY_END -RANGE_END - -; ns.l9.l10c2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.2.9 -$ORIGIN l9.l10c2.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l8 IN NS -SECTION AUTHORITY -l8 IN NS ns.l8 -SECTION ADDITIONAL -ns.l8 IN A 1.3.2.8 -ENTRY_END -RANGE_END - -; ns.l8.l9.l10c2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.2.8 -$ORIGIN l8.l9.l10c2.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l7 IN NS -SECTION AUTHORITY -l7 IN NS ns.l7 -SECTION ADDITIONAL -ns.l7 IN A 1.3.2.7 -ENTRY_END -RANGE_END - -; ns.l7.l8.l9.l10c2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.2.7 -$ORIGIN l7.l8.l9.l10c2.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l6 IN NS -SECTION AUTHORITY -l6 IN NS ns.l6 -SECTION ADDITIONAL -ns.l6 IN A 1.3.2.6 -ENTRY_END -RANGE_END - -; ns.l6.l7.l8.l9.l10c2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.2.6 -$ORIGIN l6.l7.l8.l9.l10c2.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l5 IN NS -SECTION AUTHORITY -l5 IN NS ns.l5 -SECTION ADDITIONAL -ns.l5 IN A 1.3.2.5 -ENTRY_END -RANGE_END - -; ns.l5.l6.l7.l8.l9.l10c2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.2.5 -$ORIGIN l5.l6.l7.l8.l9.l10c2.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l4 IN NS -SECTION AUTHORITY -l4 IN NS ns.l4 -SECTION ADDITIONAL -ns.l4 IN A 1.3.2.4 -ENTRY_END -RANGE_END - -; ns.l4.l5.l6.l7.l8.l9.l10c2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.2.4 -$ORIGIN l4.l5.l6.l7.l8.l9.l10c2.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l3 IN NS -SECTION AUTHORITY -l3 IN NS ns.l3 -SECTION ADDITIONAL -ns.l3 IN A 1.3.2.3 -ENTRY_END -RANGE_END - -; ns.l3.l4.l5.l6.l7.l8.l9.l10c2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.2.3 -$ORIGIN l3.l4.l5.l6.l7.l8.l9.l10c2.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l2 IN NS -SECTION AUTHORITY -l2 IN NS ns.l2 -SECTION ADDITIONAL -ns.l2 IN A 1.3.2.2 -ENTRY_END -RANGE_END - -; ns.l2.l3.l4.l5.l6.l7.l8.l9.l10c2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.2.2 -$ORIGIN l2.l3.l4.l5.l6.l7.l8.l9.l10c2.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l1 IN NS -SECTION AUTHORITY -l1 IN NS ns.l1 -SECTION ADDITIONAL -ns.l1 IN A 1.3.2.1 -ENTRY_END -RANGE_END - -; ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c2.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.2.1 -$ORIGIN l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c2.com. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN A -SECTION ANSWER -ns IN A 1.3.2.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN AAAA -SECTION AUTHORITY -@ SOA ns host 2018060423 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.c2.com. IN A -SECTION ANSWER -www.c2.com. IN CNAME www.c3.com. -ENTRY_END -RANGE_END - -; ns.l10c3.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.3.10 -$ORIGIN l10c3.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l9 IN NS -SECTION AUTHORITY -l9 IN NS ns.l9 -SECTION ADDITIONAL -ns.l9 IN A 1.3.3.9 -ENTRY_END -RANGE_END - -; ns.l9.l10c3.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.3.9 -$ORIGIN l9.l10c3.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l8 IN NS -SECTION AUTHORITY -l8 IN NS ns.l8 -SECTION ADDITIONAL -ns.l8 IN A 1.3.3.8 -ENTRY_END -RANGE_END - -; ns.l8.l9.l10c3.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.3.8 -$ORIGIN l8.l9.l10c3.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l7 IN NS -SECTION AUTHORITY -l7 IN NS ns.l7 -SECTION ADDITIONAL -ns.l7 IN A 1.3.3.7 -ENTRY_END -RANGE_END - -; ns.l7.l8.l9.l10c3.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.3.7 -$ORIGIN l7.l8.l9.l10c3.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l6 IN NS -SECTION AUTHORITY -l6 IN NS ns.l6 -SECTION ADDITIONAL -ns.l6 IN A 1.3.3.6 -ENTRY_END -RANGE_END - -; ns.l6.l7.l8.l9.l10c3.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.3.6 -$ORIGIN l6.l7.l8.l9.l10c3.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l5 IN NS -SECTION AUTHORITY -l5 IN NS ns.l5 -SECTION ADDITIONAL -ns.l5 IN A 1.3.3.5 -ENTRY_END -RANGE_END - -; ns.l5.l6.l7.l8.l9.l10c3.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.3.5 -$ORIGIN l5.l6.l7.l8.l9.l10c3.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l4 IN NS -SECTION AUTHORITY -l4 IN NS ns.l4 -SECTION ADDITIONAL -ns.l4 IN A 1.3.3.4 -ENTRY_END -RANGE_END - -; ns.l4.l5.l6.l7.l8.l9.l10c3.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.3.4 -$ORIGIN l4.l5.l6.l7.l8.l9.l10c3.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l3 IN NS -SECTION AUTHORITY -l3 IN NS ns.l3 -SECTION ADDITIONAL -ns.l3 IN A 1.3.3.3 -ENTRY_END -RANGE_END - -; ns.l3.l4.l5.l6.l7.l8.l9.l10c3.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.3.3 -$ORIGIN l3.l4.l5.l6.l7.l8.l9.l10c3.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l2 IN NS -SECTION AUTHORITY -l2 IN NS ns.l2 -SECTION ADDITIONAL -ns.l2 IN A 1.3.3.2 -ENTRY_END -RANGE_END - -; ns.l2.l3.l4.l5.l6.l7.l8.l9.l10c3.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.3.2 -$ORIGIN l2.l3.l4.l5.l6.l7.l8.l9.l10c3.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l1 IN NS -SECTION AUTHORITY -l1 IN NS ns.l1 -SECTION ADDITIONAL -ns.l1 IN A 1.3.3.1 -ENTRY_END -RANGE_END - -; ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c3.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.3.1 -$ORIGIN l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c3.com. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN A -SECTION ANSWER -ns IN A 1.3.3.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN AAAA -SECTION AUTHORITY -@ SOA ns host 2018060423 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.c3.com. IN A -SECTION ANSWER -www.c3.com. IN CNAME www.c4.com. -ENTRY_END -RANGE_END -; ns.l10c4.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.4.10 -$ORIGIN l10c4.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l9 IN NS -SECTION AUTHORITY -l9 IN NS ns.l9 -SECTION ADDITIONAL -ns.l9 IN A 1.3.4.9 -ENTRY_END -RANGE_END - -; ns.l9.l10c4.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.4.9 -$ORIGIN l9.l10c4.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l8 IN NS -SECTION AUTHORITY -l8 IN NS ns.l8 -SECTION ADDITIONAL -ns.l8 IN A 1.3.4.8 -ENTRY_END -RANGE_END - -; ns.l8.l9.l10c4.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.4.8 -$ORIGIN l8.l9.l10c4.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l7 IN NS -SECTION AUTHORITY -l7 IN NS ns.l7 -SECTION ADDITIONAL -ns.l7 IN A 1.3.4.7 -ENTRY_END -RANGE_END - -; ns.l7.l8.l9.l10c4.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.4.7 -$ORIGIN l7.l8.l9.l10c4.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l6 IN NS -SECTION AUTHORITY -l6 IN NS ns.l6 -SECTION ADDITIONAL -ns.l6 IN A 1.3.4.6 -ENTRY_END -RANGE_END - -; ns.l6.l7.l8.l9.l10c4.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.4.6 -$ORIGIN l6.l7.l8.l9.l10c4.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l5 IN NS -SECTION AUTHORITY -l5 IN NS ns.l5 -SECTION ADDITIONAL -ns.l5 IN A 1.3.4.5 -ENTRY_END -RANGE_END - -; ns.l5.l6.l7.l8.l9.l10c4.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.4.5 -$ORIGIN l5.l6.l7.l8.l9.l10c4.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l4 IN NS -SECTION AUTHORITY -l4 IN NS ns.l4 -SECTION ADDITIONAL -ns.l4 IN A 1.3.4.4 -ENTRY_END -RANGE_END - -; ns.l4.l5.l6.l7.l8.l9.l10c4.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.4.4 -$ORIGIN l4.l5.l6.l7.l8.l9.l10c4.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l3 IN NS -SECTION AUTHORITY -l3 IN NS ns.l3 -SECTION ADDITIONAL -ns.l3 IN A 1.3.4.3 -ENTRY_END -RANGE_END - -; ns.l3.l4.l5.l6.l7.l8.l9.l10c4.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.4.3 -$ORIGIN l3.l4.l5.l6.l7.l8.l9.l10c4.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l2 IN NS -SECTION AUTHORITY -l2 IN NS ns.l2 -SECTION ADDITIONAL -ns.l2 IN A 1.3.4.2 -ENTRY_END -RANGE_END - -; ns.l2.l3.l4.l5.l6.l7.l8.l9.l10c4.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.4.2 -$ORIGIN l2.l3.l4.l5.l6.l7.l8.l9.l10c4.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l1 IN NS -SECTION AUTHORITY -l1 IN NS ns.l1 -SECTION ADDITIONAL -ns.l1 IN A 1.3.4.1 -ENTRY_END -RANGE_END - -; ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c4.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.4.1 -$ORIGIN l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c4.com. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN A -SECTION ANSWER -ns IN A 1.3.4.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN AAAA -SECTION AUTHORITY -@ SOA ns host 2018060423 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.c4.com. IN A -SECTION ANSWER -www.c4.com. IN CNAME www.c5.com. -ENTRY_END -RANGE_END -; ns.l10c5.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.5.10 -$ORIGIN l10c5.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l9 IN NS -SECTION AUTHORITY -l9 IN NS ns.l9 -SECTION ADDITIONAL -ns.l9 IN A 1.3.5.9 -ENTRY_END -RANGE_END - -; ns.l9.l10c5.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.5.9 -$ORIGIN l9.l10c5.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l8 IN NS -SECTION AUTHORITY -l8 IN NS ns.l8 -SECTION ADDITIONAL -ns.l8 IN A 1.3.5.8 -ENTRY_END -RANGE_END - -; ns.l8.l9.l10c5.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.5.8 -$ORIGIN l8.l9.l10c5.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l7 IN NS -SECTION AUTHORITY -l7 IN NS ns.l7 -SECTION ADDITIONAL -ns.l7 IN A 1.3.5.7 -ENTRY_END -RANGE_END - -; ns.l7.l8.l9.l10c5.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.5.7 -$ORIGIN l7.l8.l9.l10c5.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l6 IN NS -SECTION AUTHORITY -l6 IN NS ns.l6 -SECTION ADDITIONAL -ns.l6 IN A 1.3.5.6 -ENTRY_END -RANGE_END - -; ns.l6.l7.l8.l9.l10c5.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.5.6 -$ORIGIN l6.l7.l8.l9.l10c5.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l5 IN NS -SECTION AUTHORITY -l5 IN NS ns.l5 -SECTION ADDITIONAL -ns.l5 IN A 1.3.5.5 -ENTRY_END -RANGE_END - -; ns.l5.l6.l7.l8.l9.l10c5.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.5.5 -$ORIGIN l5.l6.l7.l8.l9.l10c5.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l4 IN NS -SECTION AUTHORITY -l4 IN NS ns.l4 -SECTION ADDITIONAL -ns.l4 IN A 1.3.5.4 -ENTRY_END -RANGE_END - -; ns.l4.l5.l6.l7.l8.l9.l10c5.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.5.4 -$ORIGIN l4.l5.l6.l7.l8.l9.l10c5.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l3 IN NS -SECTION AUTHORITY -l3 IN NS ns.l3 -SECTION ADDITIONAL -ns.l3 IN A 1.3.5.3 -ENTRY_END -RANGE_END - -; ns.l3.l4.l5.l6.l7.l8.l9.l10c5.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.5.3 -$ORIGIN l3.l4.l5.l6.l7.l8.l9.l10c5.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l2 IN NS -SECTION AUTHORITY -l2 IN NS ns.l2 -SECTION ADDITIONAL -ns.l2 IN A 1.3.5.2 -ENTRY_END -RANGE_END - -; ns.l2.l3.l4.l5.l6.l7.l8.l9.l10c5.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.5.2 -$ORIGIN l2.l3.l4.l5.l6.l7.l8.l9.l10c5.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l1 IN NS -SECTION AUTHORITY -l1 IN NS ns.l1 -SECTION ADDITIONAL -ns.l1 IN A 1.3.5.1 -ENTRY_END -RANGE_END - -; ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c5.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.5.1 -$ORIGIN l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c5.com. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN A -SECTION ANSWER -ns IN A 1.3.5.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN AAAA -SECTION AUTHORITY -@ SOA ns host 2018060423 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.c5.com. IN A -SECTION ANSWER -www.c5.com. IN CNAME www.c6.com. -ENTRY_END -RANGE_END -; ns.l10c6.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.6.10 -$ORIGIN l10c6.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l9 IN NS -SECTION AUTHORITY -l9 IN NS ns.l9 -SECTION ADDITIONAL -ns.l9 IN A 1.3.6.9 -ENTRY_END -RANGE_END - -; ns.l9.l10c6.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.6.9 -$ORIGIN l9.l10c6.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l8 IN NS -SECTION AUTHORITY -l8 IN NS ns.l8 -SECTION ADDITIONAL -ns.l8 IN A 1.3.6.8 -ENTRY_END -RANGE_END - -; ns.l8.l9.l10c6.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.6.8 -$ORIGIN l8.l9.l10c6.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l7 IN NS -SECTION AUTHORITY -l7 IN NS ns.l7 -SECTION ADDITIONAL -ns.l7 IN A 1.3.6.7 -ENTRY_END -RANGE_END - -; ns.l7.l8.l9.l10c6.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.6.7 -$ORIGIN l7.l8.l9.l10c6.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l6 IN NS -SECTION AUTHORITY -l6 IN NS ns.l6 -SECTION ADDITIONAL -ns.l6 IN A 1.3.6.6 -ENTRY_END -RANGE_END - -; ns.l6.l7.l8.l9.l10c6.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.6.6 -$ORIGIN l6.l7.l8.l9.l10c6.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l5 IN NS -SECTION AUTHORITY -l5 IN NS ns.l5 -SECTION ADDITIONAL -ns.l5 IN A 1.3.6.5 -ENTRY_END -RANGE_END - -; ns.l5.l6.l7.l8.l9.l10c6.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.6.5 -$ORIGIN l5.l6.l7.l8.l9.l10c6.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l4 IN NS -SECTION AUTHORITY -l4 IN NS ns.l4 -SECTION ADDITIONAL -ns.l4 IN A 1.3.6.4 -ENTRY_END -RANGE_END - -; ns.l4.l5.l6.l7.l8.l9.l10c6.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.6.4 -$ORIGIN l4.l5.l6.l7.l8.l9.l10c6.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l3 IN NS -SECTION AUTHORITY -l3 IN NS ns.l3 -SECTION ADDITIONAL -ns.l3 IN A 1.3.6.3 -ENTRY_END -RANGE_END - -; ns.l3.l4.l5.l6.l7.l8.l9.l10c6.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.6.3 -$ORIGIN l3.l4.l5.l6.l7.l8.l9.l10c6.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l2 IN NS -SECTION AUTHORITY -l2 IN NS ns.l2 -SECTION ADDITIONAL -ns.l2 IN A 1.3.6.2 -ENTRY_END -RANGE_END - -; ns.l2.l3.l4.l5.l6.l7.l8.l9.l10c6.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.6.2 -$ORIGIN l2.l3.l4.l5.l6.l7.l8.l9.l10c6.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l1 IN NS -SECTION AUTHORITY -l1 IN NS ns.l1 -SECTION ADDITIONAL -ns.l1 IN A 1.3.6.1 -ENTRY_END -RANGE_END - -; ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c6.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.6.1 -$ORIGIN l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c6.com. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN A -SECTION ANSWER -ns IN A 1.3.6.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN AAAA -SECTION AUTHORITY -@ SOA ns host 2018060423 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.c6.com. IN A -SECTION ANSWER -www.c6.com. IN CNAME www.c7.com. -ENTRY_END -RANGE_END -; ns.l10c7.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.7.10 -$ORIGIN l10c7.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l9 IN NS -SECTION AUTHORITY -l9 IN NS ns.l9 -SECTION ADDITIONAL -ns.l9 IN A 1.3.7.9 -ENTRY_END -RANGE_END - -; ns.l9.l10c7.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.7.9 -$ORIGIN l9.l10c7.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l8 IN NS -SECTION AUTHORITY -l8 IN NS ns.l8 -SECTION ADDITIONAL -ns.l8 IN A 1.3.7.8 -ENTRY_END -RANGE_END - -; ns.l8.l9.l10c7.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.7.8 -$ORIGIN l8.l9.l10c7.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l7 IN NS -SECTION AUTHORITY -l7 IN NS ns.l7 -SECTION ADDITIONAL -ns.l7 IN A 1.3.7.7 -ENTRY_END -RANGE_END - -; ns.l7.l8.l9.l10c7.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.7.7 -$ORIGIN l7.l8.l9.l10c7.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l6 IN NS -SECTION AUTHORITY -l6 IN NS ns.l6 -SECTION ADDITIONAL -ns.l6 IN A 1.3.7.6 -ENTRY_END -RANGE_END - -; ns.l6.l7.l8.l9.l10c7.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.7.6 -$ORIGIN l6.l7.l8.l9.l10c7.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l5 IN NS -SECTION AUTHORITY -l5 IN NS ns.l5 -SECTION ADDITIONAL -ns.l5 IN A 1.3.7.5 -ENTRY_END -RANGE_END - -; ns.l5.l6.l7.l8.l9.l10c7.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.7.5 -$ORIGIN l5.l6.l7.l8.l9.l10c7.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l4 IN NS -SECTION AUTHORITY -l4 IN NS ns.l4 -SECTION ADDITIONAL -ns.l4 IN A 1.3.7.4 -ENTRY_END -RANGE_END - -; ns.l4.l5.l6.l7.l8.l9.l10c7.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.7.4 -$ORIGIN l4.l5.l6.l7.l8.l9.l10c7.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l3 IN NS -SECTION AUTHORITY -l3 IN NS ns.l3 -SECTION ADDITIONAL -ns.l3 IN A 1.3.7.3 -ENTRY_END -RANGE_END - -; ns.l3.l4.l5.l6.l7.l8.l9.l10c7.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.7.3 -$ORIGIN l3.l4.l5.l6.l7.l8.l9.l10c7.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l2 IN NS -SECTION AUTHORITY -l2 IN NS ns.l2 -SECTION ADDITIONAL -ns.l2 IN A 1.3.7.2 -ENTRY_END -RANGE_END - -; ns.l2.l3.l4.l5.l6.l7.l8.l9.l10c7.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.7.2 -$ORIGIN l2.l3.l4.l5.l6.l7.l8.l9.l10c7.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l1 IN NS -SECTION AUTHORITY -l1 IN NS ns.l1 -SECTION ADDITIONAL -ns.l1 IN A 1.3.7.1 -ENTRY_END -RANGE_END - -; ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c7.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.7.1 -$ORIGIN l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c7.com. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN A -SECTION ANSWER -ns IN A 1.3.7.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN AAAA -SECTION AUTHORITY -@ SOA ns host 2018060423 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.c7.com. IN A -SECTION ANSWER -www.c7.com. IN CNAME www.c8.com. -ENTRY_END -RANGE_END -; ns.l10c8.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.8.10 -$ORIGIN l10c8.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l9 IN NS -SECTION AUTHORITY -l9 IN NS ns.l9 -SECTION ADDITIONAL -ns.l9 IN A 1.3.8.9 -ENTRY_END -RANGE_END - -; ns.l9.l10c8.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.8.9 -$ORIGIN l9.l10c8.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l8 IN NS -SECTION AUTHORITY -l8 IN NS ns.l8 -SECTION ADDITIONAL -ns.l8 IN A 1.3.8.8 -ENTRY_END -RANGE_END - -; ns.l8.l9.l10c8.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.8.8 -$ORIGIN l8.l9.l10c8.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l7 IN NS -SECTION AUTHORITY -l7 IN NS ns.l7 -SECTION ADDITIONAL -ns.l7 IN A 1.3.8.7 -ENTRY_END -RANGE_END - -; ns.l7.l8.l9.l10c8.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.8.7 -$ORIGIN l7.l8.l9.l10c8.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l6 IN NS -SECTION AUTHORITY -l6 IN NS ns.l6 -SECTION ADDITIONAL -ns.l6 IN A 1.3.8.6 -ENTRY_END -RANGE_END - -; ns.l6.l7.l8.l9.l10c8.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.8.6 -$ORIGIN l6.l7.l8.l9.l10c8.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l5 IN NS -SECTION AUTHORITY -l5 IN NS ns.l5 -SECTION ADDITIONAL -ns.l5 IN A 1.3.8.5 -ENTRY_END -RANGE_END - -; ns.l5.l6.l7.l8.l9.l10c8.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.8.5 -$ORIGIN l5.l6.l7.l8.l9.l10c8.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l4 IN NS -SECTION AUTHORITY -l4 IN NS ns.l4 -SECTION ADDITIONAL -ns.l4 IN A 1.3.8.4 -ENTRY_END -RANGE_END - -; ns.l4.l5.l6.l7.l8.l9.l10c8.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.8.4 -$ORIGIN l4.l5.l6.l7.l8.l9.l10c8.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l3 IN NS -SECTION AUTHORITY -l3 IN NS ns.l3 -SECTION ADDITIONAL -ns.l3 IN A 1.3.8.3 -ENTRY_END -RANGE_END - -; ns.l3.l4.l5.l6.l7.l8.l9.l10c8.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.8.3 -$ORIGIN l3.l4.l5.l6.l7.l8.l9.l10c8.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l2 IN NS -SECTION AUTHORITY -l2 IN NS ns.l2 -SECTION ADDITIONAL -ns.l2 IN A 1.3.8.2 -ENTRY_END -RANGE_END - -; ns.l2.l3.l4.l5.l6.l7.l8.l9.l10c8.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.8.2 -$ORIGIN l2.l3.l4.l5.l6.l7.l8.l9.l10c8.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l1 IN NS -SECTION AUTHORITY -l1 IN NS ns.l1 -SECTION ADDITIONAL -ns.l1 IN A 1.3.8.1 -ENTRY_END -RANGE_END - -; ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c8.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.8.1 -$ORIGIN l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c8.com. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN A -SECTION ANSWER -ns IN A 1.3.8.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN AAAA -SECTION AUTHORITY -@ SOA ns host 2018060423 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.c8.com. IN A -SECTION ANSWER -www.c8.com. IN CNAME www.c9.com. -ENTRY_END -RANGE_END -; ns.l10c9.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.9.10 -$ORIGIN l10c9.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l9 IN NS -SECTION AUTHORITY -l9 IN NS ns.l9 -SECTION ADDITIONAL -ns.l9 IN A 1.3.9.9 -ENTRY_END -RANGE_END - -; ns.l9.l10c9.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.9.9 -$ORIGIN l9.l10c9.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l8 IN NS -SECTION AUTHORITY -l8 IN NS ns.l8 -SECTION ADDITIONAL -ns.l8 IN A 1.3.9.8 -ENTRY_END -RANGE_END - -; ns.l8.l9.l10c9.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.9.8 -$ORIGIN l8.l9.l10c9.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l7 IN NS -SECTION AUTHORITY -l7 IN NS ns.l7 -SECTION ADDITIONAL -ns.l7 IN A 1.3.9.7 -ENTRY_END -RANGE_END - -; ns.l7.l8.l9.l10c9.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.9.7 -$ORIGIN l7.l8.l9.l10c9.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l6 IN NS -SECTION AUTHORITY -l6 IN NS ns.l6 -SECTION ADDITIONAL -ns.l6 IN A 1.3.9.6 -ENTRY_END -RANGE_END - -; ns.l6.l7.l8.l9.l10c9.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.9.6 -$ORIGIN l6.l7.l8.l9.l10c9.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l5 IN NS -SECTION AUTHORITY -l5 IN NS ns.l5 -SECTION ADDITIONAL -ns.l5 IN A 1.3.9.5 -ENTRY_END -RANGE_END - -; ns.l5.l6.l7.l8.l9.l10c9.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.9.5 -$ORIGIN l5.l6.l7.l8.l9.l10c9.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l4 IN NS -SECTION AUTHORITY -l4 IN NS ns.l4 -SECTION ADDITIONAL -ns.l4 IN A 1.3.9.4 -ENTRY_END -RANGE_END - -; ns.l4.l5.l6.l7.l8.l9.l10c9.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.9.4 -$ORIGIN l4.l5.l6.l7.l8.l9.l10c9.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l3 IN NS -SECTION AUTHORITY -l3 IN NS ns.l3 -SECTION ADDITIONAL -ns.l3 IN A 1.3.9.3 -ENTRY_END -RANGE_END - -; ns.l3.l4.l5.l6.l7.l8.l9.l10c9.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.9.3 -$ORIGIN l3.l4.l5.l6.l7.l8.l9.l10c9.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l2 IN NS -SECTION AUTHORITY -l2 IN NS ns.l2 -SECTION ADDITIONAL -ns.l2 IN A 1.3.9.2 -ENTRY_END -RANGE_END - -; ns.l2.l3.l4.l5.l6.l7.l8.l9.l10c9.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.9.2 -$ORIGIN l2.l3.l4.l5.l6.l7.l8.l9.l10c9.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l1 IN NS -SECTION AUTHORITY -l1 IN NS ns.l1 -SECTION ADDITIONAL -ns.l1 IN A 1.3.9.1 -ENTRY_END -RANGE_END - -; ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c9.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.9.1 -$ORIGIN l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c9.com. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN A -SECTION ANSWER -ns IN A 1.3.9.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN AAAA -SECTION AUTHORITY -@ SOA ns host 2018060423 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.c9.com. IN A -SECTION ANSWER -www.c9.com. IN CNAME www.c10.com. -ENTRY_END -RANGE_END -; ns.l10c10.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.10.10 -$ORIGIN l10c10.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l9 IN NS -SECTION AUTHORITY -l9 IN NS ns.l9 -SECTION ADDITIONAL -ns.l9 IN A 1.3.10.9 -ENTRY_END -RANGE_END - -; ns.l9.l10c10.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.10.9 -$ORIGIN l9.l10c10.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l8 IN NS -SECTION AUTHORITY -l8 IN NS ns.l8 -SECTION ADDITIONAL -ns.l8 IN A 1.3.10.8 -ENTRY_END -RANGE_END - -; ns.l8.l9.l10c10.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.10.8 -$ORIGIN l8.l9.l10c10.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l7 IN NS -SECTION AUTHORITY -l7 IN NS ns.l7 -SECTION ADDITIONAL -ns.l7 IN A 1.3.10.7 -ENTRY_END -RANGE_END - -; ns.l7.l8.l9.l10c10.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.10.7 -$ORIGIN l7.l8.l9.l10c10.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l6 IN NS -SECTION AUTHORITY -l6 IN NS ns.l6 -SECTION ADDITIONAL -ns.l6 IN A 1.3.10.6 -ENTRY_END -RANGE_END - -; ns.l6.l7.l8.l9.l10c10.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.10.6 -$ORIGIN l6.l7.l8.l9.l10c10.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l5 IN NS -SECTION AUTHORITY -l5 IN NS ns.l5 -SECTION ADDITIONAL -ns.l5 IN A 1.3.10.5 -ENTRY_END -RANGE_END - -; ns.l5.l6.l7.l8.l9.l10c10.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.10.5 -$ORIGIN l5.l6.l7.l8.l9.l10c10.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l4 IN NS -SECTION AUTHORITY -l4 IN NS ns.l4 -SECTION ADDITIONAL -ns.l4 IN A 1.3.10.4 -ENTRY_END -RANGE_END - -; ns.l4.l5.l6.l7.l8.l9.l10c10.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.10.4 -$ORIGIN l4.l5.l6.l7.l8.l9.l10c10.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l3 IN NS -SECTION AUTHORITY -l3 IN NS ns.l3 -SECTION ADDITIONAL -ns.l3 IN A 1.3.10.3 -ENTRY_END -RANGE_END - -; ns.l3.l4.l5.l6.l7.l8.l9.l10c10.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.10.3 -$ORIGIN l3.l4.l5.l6.l7.l8.l9.l10c10.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l2 IN NS -SECTION AUTHORITY -l2 IN NS ns.l2 -SECTION ADDITIONAL -ns.l2 IN A 1.3.10.2 -ENTRY_END -RANGE_END - -; ns.l2.l3.l4.l5.l6.l7.l8.l9.l10c10.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.10.2 -$ORIGIN l2.l3.l4.l5.l6.l7.l8.l9.l10c10.com. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -l1 IN NS -SECTION AUTHORITY -l1 IN NS ns.l1 -SECTION ADDITIONAL -ns.l1 IN A 1.3.10.1 -ENTRY_END -RANGE_END - -; ns.l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c10.com. -RANGE_BEGIN 0 100 - ADDRESS 1.3.10.1 -$ORIGIN l1.l2.l3.l4.l5.l6.l7.l8.l9.l10c10.com. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN A -SECTION ANSWER -ns IN A 1.3.10.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns IN AAAA -SECTION AUTHORITY -@ SOA ns host 2018060423 3600 300 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.c10.com. IN A -SECTION ANSWER -www.c10.com. IN CNAME www.foo.com. -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -; This is the answer that is exceeding the global quota. -; www.example.com. IN CNAME www.c1.com. -; www.c1.com. IN CNAME www.c2.com. -; www.c2.com. IN CNAME www.c3.com. -; www.c3.com. IN CNAME www.c4.com. -; www.c4.com. IN CNAME www.c5.com. -; www.c5.com. IN CNAME www.c6.com. -; www.c6.com. IN CNAME www.c7.com. -; www.c7.com. IN CNAME www.c8.com. -; www.c8.com. IN CNAME www.c9.com. -; www.c9.com. IN CNAME www.c10.com. -; www.c10.com. IN CNAME www.foo.com. -; www.foo.com. IN A 1.2.3.4 -ENTRY_END - -STEP 20 TRAFFIC - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_nat64.rpl b/contrib/unbound/testdata/iter_nat64.rpl deleted file mode 100644 index dde0a25596c1..000000000000 --- a/contrib/unbound/testdata/iter_nat64.rpl +++ /dev/null @@ -1,117 +0,0 @@ -; config options -server: - do-nat64: yes - target-fetch-policy: "0 0 0 0 0" - -stub-zone: - name: "." - stub-addr: 2001:db8::1 -CONFIG_END - -SCENARIO_BEGIN Test NAT64 transport for a v4-only server. - -RANGE_BEGIN 0 100 - ADDRESS 2001:db8::1 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS FAKE.ROOT. -SECTION ADDITIONAL -FAKE.ROOT. IN AAAA 2001:db8::1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -v4only. IN NS -SECTION AUTHORITY -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -RANGE_END - -; replies from NS over "NAT64" - -RANGE_BEGIN 0 100 - ADDRESS 64:ff9b::c000:0201 - -; A over NAT64 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -ns.v4only. IN A -SECTION ANSWER -ns.v4only. IN A 192.0.2.1 -SECTION AUTHORITY -v4only. IN NS ns.v4only. -ENTRY_END - -; no AAAA -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -ns.v4only. IN AAAA -SECTION AUTHORITY -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -v4only. IN NS -SECTION ANSWER -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -test.v4only. IN A -SECTION ANSWER -test.v4only. IN A 192.0.2.2 -SECTION AUTHORITY -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test.v4only. IN A -ENTRY_END - -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -test.v4only. IN A -SECTION ANSWER -test.v4only. IN A 192.0.2.2 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_nat64_prefix.rpl b/contrib/unbound/testdata/iter_nat64_prefix.rpl deleted file mode 100644 index ecb6508dcf55..000000000000 --- a/contrib/unbound/testdata/iter_nat64_prefix.rpl +++ /dev/null @@ -1,119 +0,0 @@ -; config options -server: - do-nat64: yes - nat64-prefix: 2001:db8:1234::/96 - target-fetch-policy: "0 0 0 0 0" - do-ip4: no - -stub-zone: - name: "." - stub-addr: 2001:db8::1 -CONFIG_END - -SCENARIO_BEGIN Test NAT64 transport for a v4-only server, custom NAT64 prefix. - -RANGE_BEGIN 0 100 - ADDRESS 2001:db8::1 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS FAKE.ROOT. -SECTION ADDITIONAL -FAKE.ROOT. IN AAAA 2001:db8::1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -v4only. IN NS -SECTION AUTHORITY -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -RANGE_END - -; replies from NS over "NAT64" - -RANGE_BEGIN 0 100 - ADDRESS 2001:db8:1234::c000:0201 - -; A over NAT64 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -ns.v4only. IN A -SECTION ANSWER -ns.v4only. IN A 192.0.2.1 -SECTION AUTHORITY -v4only. IN NS ns.v4only. -ENTRY_END - -; no AAAA -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -ns.v4only. IN AAAA -SECTION AUTHORITY -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -v4only. IN NS -SECTION ANSWER -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -test.v4only. IN A -SECTION ANSWER -test.v4only. IN A 192.0.2.2 -SECTION AUTHORITY -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test.v4only. IN A -ENTRY_END - -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -test.v4only. IN A -SECTION ANSWER -test.v4only. IN A 192.0.2.2 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_nat64_prefix48.rpl b/contrib/unbound/testdata/iter_nat64_prefix48.rpl deleted file mode 100644 index e7c32e8ffc6a..000000000000 --- a/contrib/unbound/testdata/iter_nat64_prefix48.rpl +++ /dev/null @@ -1,118 +0,0 @@ -; config options -server: - do-nat64: yes - nat64-prefix: 2001:db8:2345::/48 - target-fetch-policy: "0 0 0 0 0" - -stub-zone: - name: "." - stub-addr: 2001:db8::1 -CONFIG_END - -SCENARIO_BEGIN Test NAT64 transport, this time with /48 NAT64 prefix. - -RANGE_BEGIN 0 100 - ADDRESS 2001:db8::1 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS FAKE.ROOT. -SECTION ADDITIONAL -FAKE.ROOT. IN AAAA 2001:db8::1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -v4only. IN NS -SECTION AUTHORITY -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -RANGE_END - -; replies from NS over "NAT64" - -RANGE_BEGIN 0 100 - ADDRESS 2001:db8:2345:c000:0002:0100:: - -; A over NAT64 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -ns.v4only. IN A -SECTION ANSWER -ns.v4only. IN A 192.0.2.1 -SECTION AUTHORITY -v4only. IN NS ns.v4only. -ENTRY_END - -; no AAAA -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -ns.v4only. IN AAAA -SECTION AUTHORITY -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -v4only. IN NS -SECTION ANSWER -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY AA QR NOERROR -SECTION QUESTION -test.v4only. IN A -SECTION ANSWER -test.v4only. IN A 192.0.2.2 -SECTION AUTHORITY -v4only. IN NS ns.v4only. -SECTION ADDITIONAL -ns.v4only. IN A 192.0.2.1 -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -test.v4only. IN A -ENTRY_END - -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -test.v4only. IN A -SECTION ANSWER -test.v4only. IN A 192.0.2.2 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_scrub_rr_length.rpl b/contrib/unbound/testdata/iter_scrub_rr_length.rpl deleted file mode 100644 index 2ef73c2fe152..000000000000 --- a/contrib/unbound/testdata/iter_scrub_rr_length.rpl +++ /dev/null @@ -1,298 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - minimal-responses: no - rrset-roundrobin: no - ede: yes - log-servfail: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test scrub of RRs of inappropriate length - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 200 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 200 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 200 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -www.example.com. IN A \# 3 030405 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN AAAA -SECTION ANSWER -www.example.com. IN AAAA 2001:db8::1234 -www.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -broken1.example.com. IN A -SECTION ANSWER -broken1.example.com. IN A \# 3 030405 -broken1.example.com. IN A \# 3 030406 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -broken1.example.com. IN AAAA -SECTION ANSWER -broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F -broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E30 -broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E31 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -broken2.example.com. IN A -SECTION ANSWER -broken2.example.com. IN A 1.2.3.4 -broken2.example.com. IN A \# 3 030405 -broken2.example.com. IN A 1.2.3.5 -broken2.example.com. IN A \# 3 030406 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A \# 3 030407 -ns.example.com. IN A 1.2.3.6 -ns.example.com. IN A \# 3 030408 -ns.example.com. IN A \# 3 030409 -ns.example.com. IN A 1.2.3.7 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN AAAA -ENTRY_END - -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN AAAA -SECTION ANSWER -www.example.com. IN AAAA 2001:db8::1234 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -broken1.example.com. IN A -ENTRY_END - -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -broken1.example.com. IN A -SECTION ANSWER -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -broken1.example.com. IN AAAA -ENTRY_END - -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -broken1.example.com. IN AAAA -SECTION ANSWER -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -STEP 80 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -broken2.example.com. IN A -ENTRY_END - -STEP 90 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -broken2.example.com. IN A -SECTION ANSWER -broken2.example.com. IN A 1.2.3.4 -broken2.example.com. IN A 1.2.3.5 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.6 -ns.example.com. IN A 1.2.3.7 -ENTRY_END - -STEP 100 QUERY -ENTRY_BEGIN -REPLY RD CD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 110 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=0 -REPLY QR RD CD RA DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.6 -ns.example.com. IN A 1.2.3.7 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_unverified_glue.rpl b/contrib/unbound/testdata/iter_unverified_glue.rpl deleted file mode 100644 index 017f220b6f1c..000000000000 --- a/contrib/unbound/testdata/iter_unverified_glue.rpl +++ /dev/null @@ -1,188 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - do-ip6: no - harden-unverified-glue: yes -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test iterative resolve with lame hints. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR RA NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR RA NOERROR -SECTION QUESTION -a.gtld-servers.net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.gtld-servers.net. IN A -SECTION ANSWER -a.gtld-servers.net. IN A 192.5.6.30 -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns1.examplesibling.com. -SECTION ADDITIONAL -ns1.examplesibling.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns1.examplesibling.com. IN A -SECTION ANSWER -ns1.examplesibling.com. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; stale ns1.examplesibling.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns1.examplesibling.com. -SECTION ADDITIONAL -ns1.examplesibling.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns1.examplesibling.com. -SECTION ADDITIONAL -ns1.examplesibling.com. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; actual ns1.examplesibling.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns1.examplesibling.com. -SECTION ADDITIONAL -ns1.examplesibling.com. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.50 -SECTION AUTHORITY -example.com. IN NS ns1.examplesibling.com. -SECTION ADDITIONAL -ns1.examplesibling.com. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.50 -SECTION AUTHORITY -example.com. IN NS ns1.examplesibling.com. -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_unverified_glue_fallback.rpl b/contrib/unbound/testdata/iter_unverified_glue_fallback.rpl deleted file mode 100644 index 386186d48b0c..000000000000 --- a/contrib/unbound/testdata/iter_unverified_glue_fallback.rpl +++ /dev/null @@ -1,138 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - do-ip6: no - harden-unverified-glue: yes -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test iterative resolve with lame hints. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR RA NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR RA NOERROR -SECTION QUESTION -a.gtld-servers.net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.gtld-servers.net. IN A -SECTION ANSWER -a.gtld-servers.net. IN A 192.5.6.30 -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns1.examplesibling.com. -SECTION ADDITIONAL -ns1.examplesibling.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -ns1.examplesibling.com. IN A -ENTRY_END -RANGE_END - -; stale ns1.examplesibling.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/local_cnameother.rpl b/contrib/unbound/testdata/local_cnameother.rpl deleted file mode 100644 index d86ba4f9d81a..000000000000 --- a/contrib/unbound/testdata/local_cnameother.rpl +++ /dev/null @@ -1,67 +0,0 @@ -; config options -server: - local-zone: "a." static - local-data: "myd.a. NSEC myd2.a. CNAME NSEC" - local-data: "myd.a. CNAME myd.target.a." - - ; Switches the types first one then the other. - local-data: "myd2.a. CNAME myd2.target.a." - local-data: "myd2.a. NSEC myd3.a. CNAME NSEC" - -stub-zone: - name: "a" - stub-addr: 1.2.3.4 - -CONFIG_END -SCENARIO_BEGIN Test local data queries with CNAME and other data. - -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.refuse.top. IN A -SECTION ANSWER -www.refuse.top. IN A 5.5.5.5 -ENTRY_END -RANGE_END - -; local data query for type next to CNAME, the specific type should -; be preferred over the CNAME. -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -myd.a. IN NSEC -ENTRY_END - -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA -SECTION QUESTION -myd.a. IN NSEC -SECTION ANSWER -myd.a. NSEC myd2.a. CNAME NSEC -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -myd2.a. IN NSEC -ENTRY_END - -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA -SECTION QUESTION -myd2.a. IN NSEC -SECTION ANSWER -myd2.a. NSEC myd3.a. CNAME NSEC -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.conf b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.conf deleted file mode 100644 index befb4fbe97b3..000000000000 --- a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.conf +++ /dev/null @@ -1,34 +0,0 @@ -server: - verbosity: 7 - # num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - # for the test, so that DNSSEC verification works. - #val-override-date: 20230929090000 - trust-anchor: ". DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D" - -remote-control: - control-enable: yes - control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@ - control-use-cert: no - -# for the test, an upstream server in the test setup. -stub-zone: - name: "." - stub-addr: 127.0.0.1@@TOPORT@ - -# hyperlocal root zone -auth-zone: - name: "." - fallback-enabled: yes - for-downstream: no - for-upstream: yes - zonefile: "root.zone" - zonemd-check: yes - zonemd-reject-absence: yes diff --git a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.dsc b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.dsc deleted file mode 100644 index 8015ac2d13ad..000000000000 --- a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: root_zonemd -Version: 1.0 -Description: ZONEMD check for root zone -CreationDate: Fri 29 Sep 09:00:00 CEST 2023 -Maintainer: dr. W.C.A. Wijngaards -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: root_zonemd.pre -Post: root_zonemd.post -Test: root_zonemd.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.post b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.post deleted file mode 100644 index a28599fafe7a..000000000000 --- a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.post +++ /dev/null @@ -1,14 +0,0 @@ -# #-- root_zonemd.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -echo "> cat logfiles" -cat fwd.log -cat unbound.log -kill_pid $FWD_PID -kill_pid $UNBOUND_PID -rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID diff --git a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.pre b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.pre deleted file mode 100644 index fe369bb20bbb..000000000000 --- a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.pre +++ /dev/null @@ -1,50 +0,0 @@ -# #-- root_zonemd.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh - -# attempt to download the root zone -from=k.root-servers.net -dig @$from . AXFR > root.txt -if test $? -ne 0; then - echo "could not fetch root zone" - skip_test "could not fetch root zone" -fi -grep " SOA " root.txt | head -1 > root.soa -cat root.soa >> root.zone -grep -v " SOA " root.txt >> root.zone -echo "fetched root.zone" -ls -l root.zone -cat root.soa - -get_random_port 2 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT root_zonemd.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -# make config file -CONTROL_PATH=/tmp -CONTROL_PID=$$ -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < root_zonemd.conf > ub.conf -# start unbound in the background -PRE="../.." -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test -echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test -echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log - diff --git a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.test b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.test deleted file mode 100644 index 2745b5009e8f..000000000000 --- a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.test +++ /dev/null @@ -1,63 +0,0 @@ -# #-- root_zonemd.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -# do the test -echo "> dig . SOA" -dig @127.0.0.1 -p $UNBOUND_PORT . SOA | tee outfile -echo "> check answer" -if grep root-servers outfile | grep "nstld.verisign-grs.com"; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -echo "> unbound-control status" -$PRE/unbound-control -c ub.conf status -if test $? -ne 0; then - echo "wrong exit value." - exit 1 -else - echo "exit value: OK" -fi - -# This is the output when an unsupported algorithm is used. -if grep "auth zone . zonemd DNSSEC verification of SOA and ZONEMD RRsets secure" unbound.log; then - echo "OK" -else - echo "ZONEMD verification not OK" - exit 1 -fi -if grep "auth-zone . ZONEMD hash is correct" unbound.log; then - echo "OK" -else - echo "ZONEMD verification not OK" - exit 1 -fi -if grep "auth zone . ZONEMD verification successful" unbound.log; then - echo "OK" -else - echo "ZONEMD verification not OK" - exit 1 -fi - -echo "> unbound-control auth_zone_reload ." -$PRE/unbound-control -c ub.conf auth_zone_reload . 2>&1 | tee outfile -if test $? -ne 0; then - echo "wrong exit value." - exit 1 -fi -# The output of the reload can be checked. -echo "> check unbound-control output" -if grep ".: ZONEMD verification successful" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.testns b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.testns deleted file mode 100644 index d538f2215ecf..000000000000 --- a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.testns +++ /dev/null @@ -1,9 +0,0 @@ -# reply to everything -ENTRY_BEGIN -MATCH opcode -ADJUST copy_id copy_query -REPLY QR SERVFAIL -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -ENTRY_END diff --git a/contrib/unbound/testdata/rpz_cached_cname.rpl b/contrib/unbound/testdata/rpz_cached_cname.rpl deleted file mode 100644 index 198b946310bf..000000000000 --- a/contrib/unbound/testdata/rpz_cached_cname.rpl +++ /dev/null @@ -1,122 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - rrset-roundrobin: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com" - rpz-log: yes - rpz-log-name: "rpz.example.com" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -rpz.example.com. 3600 IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 1 3600 900 86400 3600 -rpz.example.com. 3600 IN NS ns.rpz.example.net. -a.foo.rpz.example.com. 120 IN A 10.99.99.99 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 10.20.30.40 - -CONFIG_END - -SCENARIO_BEGIN Test RPZ with cached CNAME to A record - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR NOERROR AA -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS ns. -SECTION ADDITIONAL -ns. IN NS 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR NOERROR AA -SECTION QUESTION -b.foo. IN A -SECTION ANSWER -b.foo. 30 CNAME a.foo. -a.foo. 30 A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR NOERROR AA -SECTION QUESTION -a.foo. IN A -SECTION ANSWER -a.foo. A 1.2.3.4 -ENTRY_END - -RANGE_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.foo. IN A -ENTRY_END - -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -a.foo. IN A -SECTION ANSWER -a.foo. 120 A 10.99.99.99 -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -b.foo. IN A -ENTRY_END - -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -b.foo. IN A -SECTION ANSWER -b.foo. 30 CNAME a.foo. -a.foo. 120 A 10.99.99.99 -ENTRY_END - -STEP 50 TIME_PASSES ELAPSE 3 - -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -b.foo. IN A -ENTRY_END - -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -b.foo. IN A -SECTION ANSWER -b.foo. 30 CNAME a.foo. -a.foo. 120 A 10.99.99.99 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_clientip_override.rpl b/contrib/unbound/testdata/rpz_clientip_override.rpl deleted file mode 100644 index 20e5213ff626..000000000000 --- a/contrib/unbound/testdata/rpz_clientip_override.rpl +++ /dev/null @@ -1,269 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - rpz-action-override: "nxdomain" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -32.1.5.0.192.rpz-client-ip CNAME rpz-passthru. -32.2.5.0.192.rpz-client-ip A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz2.example.com." - rpz-log: yes - rpz-log-name: "rpz2.example.com" - rpz-action-override: "nodata" - zonefile: -TEMPFILE_NAME rpz2.example.com -TEMPFILE_CONTENTS rpz2.example.com -$ORIGIN example.com. -rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz2.example.com. - 3600 IN NS ns2.rpz2.example.com. -$ORIGIN rpz2.example.com. -32.4.5.0.192.rpz-client-ip A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz3.example.com." - rpz-log: yes - rpz-log-name: "rpz3.example.com" - rpz-action-override: "passthru" - zonefile: -TEMPFILE_NAME rpz3.example.com -TEMPFILE_CONTENTS rpz3.example.com -$ORIGIN example.com. -rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz3.example.com. - 3600 IN NS ns2.rpz3.example.com. -$ORIGIN rpz3.example.com. -32.5.5.0.192.rpz-client-ip A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz4.example.com." - rpz-log: yes - rpz-log-name: "rpz4.example.com" - rpz-action-override: "drop" - zonefile: -TEMPFILE_NAME rpz4.example.com -TEMPFILE_CONTENTS rpz4.example.com -$ORIGIN example.com. -rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz4.example.com. - 3600 IN NS ns2.rpz4.example.com. -$ORIGIN rpz4.example.com. -32.5.5.0.192.rpz-client-ip A 1.2.3.5 -32.6.5.0.192.rpz-client-ip A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz5.example.com." - rpz-log: yes - rpz-log-name: "rpz5.example.com" - rpz-action-override: "cname" - rpz-cname-override: "target.a" - zonefile: -TEMPFILE_NAME rpz5.example.com -TEMPFILE_CONTENTS rpz5.example.com -$ORIGIN example.com. -rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz5.example.com. - 3600 IN NS ns2.rpz5.example.com. -$ORIGIN rpz5.example.com. -32.7.5.0.192.rpz-client-ip A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz6.example.com." - rpz-log: yes - rpz-log-name: "rpz6.example.com" - rpz-action-override: "disabled" - zonefile: -TEMPFILE_NAME rpz6.example.com -TEMPFILE_CONTENTS rpz6.example.com -$ORIGIN example.com. -rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz6.example.com. - 3600 IN NS ns2.rpz6.example.com. -$ORIGIN rpz6.example.com. -32.8.5.0.192.rpz-client-ip A 1.2.3.5 -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ action override with trigger from clientip. - -; a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -d.a. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -target.a. IN A -SECTION ANSWER -target.a. IN A 1.2.3.6 -ENTRY_END -RANGE_END - -STEP 10 QUERY ADDRESS 192.0.5.2 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NXDOMAIN -SECTION QUESTION -d.a. IN A -SECTION ANSWER -ENTRY_END - -STEP 20 QUERY ADDRESS 192.0.5.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NXDOMAIN -SECTION QUESTION -d.a. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY ADDRESS 192.0.5.3 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -d.a. IN A 1.2.3.4 -ENTRY_END - -STEP 40 QUERY ADDRESS 192.0.5.4 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -ENTRY_END - -STEP 50 QUERY ADDRESS 192.0.5.5 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -d.a. IN A 1.2.3.4 -ENTRY_END - -STEP 60 QUERY ADDRESS 192.0.5.6 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END -; dropped. - -STEP 70 QUERY ADDRESS 192.0.5.7 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -STEP 71 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -d.a. CNAME target.a. -target.a. A 1.2.3.6 -ENTRY_END - -STEP 80 QUERY ADDRESS 192.0.5.8 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -STEP 81 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -d.a. IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_cname_handle.rpl b/contrib/unbound/testdata/rpz_cname_handle.rpl deleted file mode 100644 index 38dddf12c52a..000000000000 --- a/contrib/unbound/testdata/rpz_cname_handle.rpl +++ /dev/null @@ -1,779 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -www.gotham.a A 1.2.3.61 -www.gotham2.a CNAME g2.target.a. -g2.target.a A 1.2.3.62 -www.gotham3.a CNAME g3.target.a. -g3.target.a CNAME g3b.target.a. -g3b.target.a A 1.2.3.63 -www.gotham4.a CNAME g4.target.a. -g4.target.a CNAME g4b.target.a. -g4b.target.a CNAME g4c.target.a. -g4c.target.a A 1.2.3.64 -w2.gotham5.a A 1.2.3.65 -w2.gotham6.a CNAME g6.target.a. -g6.target.a A 1.2.3.66 -w2.gotham7.a CNAME g7.target.a. -g7.target.a CNAME g7b.target.a. -g7b.target.a A 1.2.3.66 -; ns1.gotham8.a -32.48.30.20.10.rpz-nsip A 1.2.3.68 -; ns1.gotham9.a -32.49.30.20.10.rpz-nsip CNAME g9.target.a. -g9.target.a A 1.2.3.69 -; ns1.gotham10.a -32.50.30.20.10.rpz-nsip CNAME g10.target.a. -g10.target.a CNAME g10b.target.a. -g10b.target.a A 1.2.3.70 -www.gotham11.a CNAME g11.target.a. -www.gotham12.a CNAME g12.target.a. -g12.target.a CNAME g12b.target.a. -www.gotham13.a CNAME g13.target.a. -g13.target.a CNAME g13b.target.a. -g13b.target.a CNAME g13c.target.a. -w2.gotham14.a CNAME g14.target.a. -w2.gotham15.a CNAME g15.target.a. -g15.target.a CNAME g15b.target.a. -; ns1.gotham16.a -32.56.30.20.10.rpz-nsip CNAME g16.target.a. -; ns1.gotham17.a -32.57.30.20.10.rpz-nsip CNAME g17.target.a. -g17.target.a CNAME g17b.target.a. -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ handling of CNAMEs. - -; a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham5.a. IN NS -SECTION AUTHORITY -gotham5.a. NS ns1.gotham5.a. -SECTION ADDITIONAL -ns1.gotham5.a. A 10.20.30.45 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham6.a. IN NS -SECTION AUTHORITY -gotham6.a. NS ns1.gotham6.a. -SECTION ADDITIONAL -ns1.gotham6.a. A 10.20.30.46 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham7.a. IN NS -SECTION AUTHORITY -gotham7.a. NS ns1.gotham7.a. -SECTION ADDITIONAL -ns1.gotham7.a. A 10.20.30.47 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham8.a. IN NS -SECTION AUTHORITY -gotham8.a. NS ns1.gotham8.a. -SECTION ADDITIONAL -ns1.gotham8.a. A 10.20.30.48 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham9.a. IN NS -SECTION AUTHORITY -gotham9.a. NS ns1.gotham9.a. -SECTION ADDITIONAL -ns1.gotham9.a. A 10.20.30.49 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham10.a. IN NS -SECTION AUTHORITY -gotham10.a. NS ns1.gotham10.a. -SECTION ADDITIONAL -ns1.gotham10.a. A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham14.a. IN NS -SECTION AUTHORITY -gotham14.a. NS ns1.gotham14.a. -SECTION ADDITIONAL -ns1.gotham14.a. A 10.20.30.54 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham15.a. IN NS -SECTION AUTHORITY -gotham15.a. NS ns1.gotham15.a. -SECTION ADDITIONAL -ns1.gotham15.a. A 10.20.30.55 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham16.a. IN NS -SECTION AUTHORITY -gotham16.a. NS ns1.gotham16.a. -SECTION ADDITIONAL -ns1.gotham16.a. A 10.20.30.56 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham17.a. IN NS -SECTION AUTHORITY -gotham17.a. NS ns1.gotham17.a. -SECTION ADDITIONAL -ns1.gotham17.a. A 10.20.30.57 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -target.a. IN A -SECTION ANSWER -target.a. IN A 1.2.3.6 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -g11.target.a. IN A -SECTION ANSWER -g11.target.a. IN A 1.2.3.11 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -g12b.target.a. IN A -SECTION ANSWER -g12b.target.a. A 1.2.3.12 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -g13c.target.a. IN A -SECTION ANSWER -g13c.target.a. A 1.2.3.13 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -g14.target.a. IN A -SECTION ANSWER -g14.target.a. A 1.2.3.14 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -g15b.target.a. IN A -SECTION ANSWER -g15b.target.a. A 1.2.3.15 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -g16.target.a. IN A -SECTION ANSWER -g16.target.a. A 1.2.3.16 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -g17b.target.a. IN A -SECTION ANSWER -g17b.target.a. A 1.2.3.17 -ENTRY_END -RANGE_END - -; gotham5.a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.45 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.gotham5.a. IN A -SECTION ANSWER -www.gotham5.a. CNAME w2.gotham5.a. -ENTRY_END -RANGE_END - -; gotham6.a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.46 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham6.a. IN A -SECTION ANSWER -www.gotham6.a. CNAME w2.gotham6.a. -ENTRY_END -RANGE_END - -; gotham7.a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.47 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.gotham7.a. IN A -SECTION ANSWER -www.gotham7.a. CNAME w2.gotham7.a. -ENTRY_END -RANGE_END - -; gotham14.a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.54 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.gotham14.a. IN A -SECTION ANSWER -www.gotham14.a. CNAME w2.gotham14.a. -ENTRY_END -RANGE_END - -; gotham15.a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.55 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.gotham15.a. IN A -SECTION ANSWER -www.gotham15.a. CNAME w2.gotham15.a. -ENTRY_END -RANGE_END - -; Test with zero rpz CNAMEs, rpz answer. -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham.a. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham.a. IN A -SECTION ANSWER -www.gotham.a. A 1.2.3.61 -ENTRY_END - -; Test with one rpz CNAME, rpz answer. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham2.a. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham2.a. IN A -SECTION ANSWER -www.gotham2.a. CNAME g2.target.a. -g2.target.a. A 1.2.3.62 -ENTRY_END - -; Test with two rpz CNAMEs, rpz answer. -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham3.a. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham3.a. IN A -SECTION ANSWER -www.gotham3.a. CNAME g3.target.a. -g3.target.a. CNAME g3b.target.a. -g3b.target.a. A 1.2.3.63 -ENTRY_END - -; Test with three rpz CNAMEs, rpz answer. -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham4.a. IN A -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham4.a. IN A -SECTION ANSWER -www.gotham4.a. CNAME g4.target.a. -g4.target.a. CNAME g4b.target.a. -g4b.target.a. CNAME g4c.target.a. -g4c.target.a. A 1.2.3.64 -ENTRY_END - -; Test with a CNAME from upstream, zero rpz CNAMEs, rpz answer. -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham5.a. IN A -ENTRY_END - -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham5.a. IN A -SECTION ANSWER -www.gotham5.a. CNAME w2.gotham5.a. -w2.gotham5.a. A 1.2.3.65 -ENTRY_END - -; Test with a CNAME from upstream, one rpz CNAME, rpz answer. -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham6.a. IN A -ENTRY_END - -STEP 61 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham6.a. IN A -SECTION ANSWER -www.gotham6.a. CNAME w2.gotham6.a. -w2.gotham6.a. CNAME g6.target.a. -g6.target.a. A 1.2.3.66 -ENTRY_END - -; Test with a CNAME from upstream, two rpz CNAMEs, rpz answer. -STEP 70 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham7.a. IN A -ENTRY_END - -STEP 71 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham7.a. IN A -SECTION ANSWER -www.gotham7.a. CNAME w2.gotham7.a. -w2.gotham7.a. CNAME g7.target.a. -g7.target.a. CNAME g7b.target.a. -g7b.target.a. A 1.2.3.66 -ENTRY_END - -; Test with a CNAME from cache, zero rpz CNAMEs, rpz answer. -STEP 80 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham5.a. IN A -ENTRY_END - -STEP 81 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham5.a. IN A -SECTION ANSWER -www.gotham5.a. CNAME w2.gotham5.a. -w2.gotham5.a. A 1.2.3.65 -ENTRY_END - -; Test with a CNAME from cache, one rpz CNAME, rpz answer. -STEP 90 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham6.a. IN A -ENTRY_END - -STEP 91 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham6.a. IN A -SECTION ANSWER -www.gotham6.a. CNAME w2.gotham6.a. -w2.gotham6.a. CNAME g6.target.a. -g6.target.a. A 1.2.3.66 -ENTRY_END - -; Test with a CNAME from cache, two rpz CNAMEs, rpz answer. -STEP 100 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham7.a. IN A -ENTRY_END - -STEP 101 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham7.a. IN A -SECTION ANSWER -www.gotham7.a. CNAME w2.gotham7.a. -w2.gotham7.a. CNAME g7.target.a. -g7.target.a. CNAME g7b.target.a. -g7b.target.a. A 1.2.3.66 -ENTRY_END - -; Test with lookup from nameserver, zero rpz CNAMEs, rpz nsip answer. -STEP 110 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham8.a. IN A -ENTRY_END - -STEP 111 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham8.a. IN A -SECTION ANSWER -www.gotham8.a. A 1.2.3.68 -ENTRY_END - -; Test with lookup from nameserver, one rpz CNAME, rpz nsip answer. -STEP 120 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham9.a. IN A -ENTRY_END - -STEP 121 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham9.a. IN A -SECTION ANSWER -www.gotham9.a. CNAME g9.target.a. -g9.target.a. A 1.2.3.69 -ENTRY_END - -; Test with lookup from nameserver, two rpz CNAMEs, rpz nsip answer. -STEP 130 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham10.a. IN A -ENTRY_END - -STEP 131 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham10.a. IN A -SECTION ANSWER -www.gotham10.a. CNAME g10.target.a. -g10.target.a. CNAME g10b.target.a. -g10b.target.a. A 1.2.3.70 -ENTRY_END - -; Test with one rpz CNAME, upstream answer. -STEP 140 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham11.a. IN A -ENTRY_END - -STEP 141 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham11.a. IN A -SECTION ANSWER -www.gotham11.a. CNAME g11.target.a. -g11.target.a. A 1.2.3.11 -ENTRY_END - -; Test with two rpz CNAMEs, upstream answer. -STEP 150 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham12.a. IN A -ENTRY_END - -STEP 151 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham12.a. IN A -SECTION ANSWER -www.gotham12.a. CNAME g12.target.a. -g12.target.a. CNAME g12b.target.a. -g12b.target.a. A 1.2.3.12 -ENTRY_END - -; Test with three rpz CNAMEs, upstream answer. -STEP 160 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham13.a. IN A -ENTRY_END - -STEP 161 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham13.a. IN A -SECTION ANSWER -www.gotham13.a. CNAME g13.target.a. -g13.target.a. CNAME g13b.target.a. -g13b.target.a. CNAME g13c.target.a. -g13c.target.a. A 1.2.3.13 -ENTRY_END - -; Test with a CNAME from upstream, one rpz CNAME, upstream answer. -STEP 170 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham14.a. IN A -ENTRY_END - -STEP 171 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham14.a. IN A -SECTION ANSWER -www.gotham14.a. CNAME w2.gotham14.a. -w2.gotham14.a. CNAME g14.target.a. -g14.target.a. A 1.2.3.14 -ENTRY_END - -; Test with a CNAME from upstream, two rpz CNAMEs, upstream answer. -STEP 180 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham15.a. IN A -ENTRY_END - -STEP 181 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham15.a. IN A -SECTION ANSWER -www.gotham15.a. CNAME w2.gotham15.a. -w2.gotham15.a. CNAME g15.target.a. -g15.target.a. CNAME g15b.target.a. -g15b.target.a. A 1.2.3.15 -ENTRY_END - -; Test with a CNAME from cache, one rpz CNAME, upstream answer. -STEP 190 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham14.a. IN A -ENTRY_END - -STEP 191 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham14.a. IN A -SECTION ANSWER -www.gotham14.a. CNAME w2.gotham14.a. -w2.gotham14.a. CNAME g14.target.a. -g14.target.a. A 1.2.3.14 -ENTRY_END - -; Test with a CNAME from cache, two rpz CNAMEs, upstream answer. -STEP 200 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham15.a. IN A -ENTRY_END - -STEP 201 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham15.a. IN A -SECTION ANSWER -www.gotham15.a. CNAME w2.gotham15.a. -w2.gotham15.a. CNAME g15.target.a. -g15.target.a. CNAME g15b.target.a. -g15b.target.a. A 1.2.3.15 -ENTRY_END - -; Test with lookup from nameserver, one rpz nsip CNAME, upstream answer. -STEP 210 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham16.a. IN A -ENTRY_END - -STEP 211 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham16.a. IN A -SECTION ANSWER -www.gotham16.a. CNAME g16.target.a. -g16.target.a. A 1.2.3.16 -ENTRY_END - -; Test with lookup from nameserver, two rpz nsip CNAMEs, upstream answer. -STEP 220 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham17.a. IN A -ENTRY_END - -STEP 221 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham17.a. IN A -SECTION ANSWER -www.gotham17.a. CNAME g17.target.a. -g17.target.a. CNAME g17b.target.a. -g17b.target.a. A 1.2.3.17 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_cname_tag.rpl b/contrib/unbound/testdata/rpz_cname_tag.rpl deleted file mode 100644 index fb782b685ac7..000000000000 --- a/contrib/unbound/testdata/rpz_cname_tag.rpl +++ /dev/null @@ -1,281 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - access-control: 193.0.0.0/8 allow - define-tag: "internal server" - access-control-tag: 192.0.0.0/8 "internal" - access-control-tag: 127.0.0.0/8 "server" - ; 193.0.0.0/8 has no tags - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - tags: "internal" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -www.gotham.a A 1.2.3.61 -www.gotham2.a CNAME g2.target.a. -g2.target.a A 1.2.3.62 -www.gotham3.a CNAME g3.target.a. -g3.target.a CNAME g3b.target.a. -g3b.target.a A 1.2.3.63 -www.gotham4.a CNAME g4.target.a. -g4.target.a CNAME g4b.target.a. -g4b.target.a CNAME g4c.target.a. -g4c.target.a A 1.2.3.64 -; server for a. -32.40.30.20.10.rpz-nsip A 1.2.3.68 -www.gotham5.a TXT "txt5" -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ handling of CNAMEs and tags. - -; a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -target.a. IN A -SECTION ANSWER -target.a. IN A 1.2.3.6 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham.a. IN A -SECTION ANSWER -www.gotham.a. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham2.a. IN A -SECTION ANSWER -www.gotham2.a. IN A 1.2.3.52 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham3.a. IN A -SECTION ANSWER -www.gotham3.a. IN A 1.2.3.53 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham4.a. IN A -SECTION ANSWER -www.gotham4.a. IN A 1.2.3.54 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham5.a. IN TXT -SECTION ANSWER -www.gotham5.a. IN TXT "gotham5" -ENTRY_END -RANGE_END - -; Test with zero rpz CNAMEs, no tag match for rpz answer. -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham.a. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham.a. IN A -SECTION ANSWER -www.gotham.a. A 1.2.3.5 -ENTRY_END - -; Test with one rpz CNAME, no tag match for rpz answer. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham2.a. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham2.a. IN A -SECTION ANSWER -www.gotham2.a. A 1.2.3.52 -ENTRY_END - -; Test with two rpz CNAMEs, no tag match for rpz answer. -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham3.a. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham3.a. IN A -SECTION ANSWER -www.gotham3.a. A 1.2.3.53 -ENTRY_END - -; Test with three rpz CNAMEs, no tag match for rpz answer. -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham4.a. IN A -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham4.a. IN A -SECTION ANSWER -www.gotham4.a. A 1.2.3.54 -ENTRY_END - -; Test with zero rpz CNAMEs, rpz answer. Tag "internal" -STEP 50 QUERY ADDRESS 192.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham.a. IN A -ENTRY_END - -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham.a. IN A -SECTION ANSWER -www.gotham.a. A 1.2.3.61 -ENTRY_END - -; Test with one rpz CNAME, rpz answer. Tag "internal" -STEP 60 QUERY ADDRESS 192.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham2.a. IN A -ENTRY_END - -STEP 61 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham2.a. IN A -SECTION ANSWER -www.gotham2.a. CNAME g2.target.a. -g2.target.a. A 1.2.3.62 -ENTRY_END - -; Test with two rpz CNAMEs, rpz answer. Tag "internal" -STEP 70 QUERY ADDRESS 192.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham3.a. IN A -ENTRY_END - -STEP 71 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham3.a. IN A -SECTION ANSWER -www.gotham3.a. CNAME g3.target.a. -g3.target.a. CNAME g3b.target.a. -g3b.target.a. A 1.2.3.63 -ENTRY_END - -; Test with three rpz CNAMEs, rpz answer. Tag "internal" -STEP 80 QUERY ADDRESS 192.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham4.a. IN A -ENTRY_END - -STEP 81 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham4.a. IN A -SECTION ANSWER -www.gotham4.a. CNAME g4.target.a. -g4.target.a. CNAME g4b.target.a. -g4b.target.a. CNAME g4c.target.a. -g4c.target.a. A 1.2.3.64 -ENTRY_END - -; Test with zero rpz CNAMEs, no tags for the query, and so no rpz answer. -STEP 90 QUERY ADDRESS 193.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham5.a. IN TXT -ENTRY_END - -STEP 91 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham5.a. IN TXT -SECTION ANSWER -www.gotham5.a. IN TXT "gotham5" -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_nsdname_override.rpl b/contrib/unbound/testdata/rpz_nsdname_override.rpl deleted file mode 100644 index d662e55c7775..000000000000 --- a/contrib/unbound/testdata/rpz_nsdname_override.rpl +++ /dev/null @@ -1,325 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - rpz-action-override: "nxdomain" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -ns1.gotham.a.rpz-nsdname A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz2.example.com." - rpz-log: yes - rpz-log-name: "rpz2.example.com" - rpz-action-override: "nodata" - zonefile: -TEMPFILE_NAME rpz2.example.com -TEMPFILE_CONTENTS rpz2.example.com -$ORIGIN example.com. -rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz2.example.com. - 3600 IN NS ns2.rpz2.example.com. -$ORIGIN rpz2.example.com. -ns1.gotham2.a.rpz-nsdname A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz3.example.com." - rpz-log: yes - rpz-log-name: "rpz3.example.com" - rpz-action-override: "passthru" - zonefile: -TEMPFILE_NAME rpz3.example.com -TEMPFILE_CONTENTS rpz3.example.com -$ORIGIN example.com. -rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz3.example.com. - 3600 IN NS ns2.rpz3.example.com. -$ORIGIN rpz3.example.com. -ns1.gotham3.a.rpz-nsdname A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz4.example.com." - rpz-log: yes - rpz-log-name: "rpz4.example.com" - rpz-action-override: "drop" - zonefile: -TEMPFILE_NAME rpz4.example.com -TEMPFILE_CONTENTS rpz4.example.com -$ORIGIN example.com. -rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz4.example.com. - 3600 IN NS ns2.rpz4.example.com. -$ORIGIN rpz4.example.com. -ns1.gotham3.a.rpz-nsdname A 1.2.3.5 -ns1.gotham4.a.rpz-nsdname A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz5.example.com." - rpz-log: yes - rpz-log-name: "rpz5.example.com" - rpz-action-override: "cname" - rpz-cname-override: "target.a" - zonefile: -TEMPFILE_NAME rpz5.example.com -TEMPFILE_CONTENTS rpz5.example.com -$ORIGIN example.com. -rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz5.example.com. - 3600 IN NS ns2.rpz5.example.com. -$ORIGIN rpz5.example.com. -ns1.gotham5.a.rpz-nsdname A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz6.example.com." - rpz-log: yes - rpz-log-name: "rpz6.example.com" - rpz-action-override: "disabled" - zonefile: -TEMPFILE_NAME rpz6.example.com -TEMPFILE_CONTENTS rpz6.example.com -$ORIGIN example.com. -rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz6.example.com. - 3600 IN NS ns2.rpz6.example.com. -$ORIGIN rpz6.example.com. -ns1.gotham6.a.rpz-nsdname A 1.2.3.5 -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ action override with trigger from nsdname. - -; a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham.a. IN A -SECTION AUTHORITY -gotham.a. NS ns1.gotham.a. -SECTION ADDITIONAL -ns1.gotham.a. A 10.20.30.41 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham2.a. IN A -SECTION AUTHORITY -gotham2.a. NS ns1.gotham2.a. -SECTION ADDITIONAL -ns1.gotham2.a. A 10.20.30.42 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham3.a. IN A -SECTION AUTHORITY -gotham3.a. NS ns1.gotham3.a. -SECTION ADDITIONAL -ns1.gotham3.a. A 10.20.30.43 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham4.a. IN A -SECTION AUTHORITY -gotham4.a. NS ns1.gotham4.a. -SECTION ADDITIONAL -ns1.gotham4.a. A 10.20.30.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham5.a. IN A -SECTION AUTHORITY -gotham5.a. NS ns1.gotham5.a. -SECTION ADDITIONAL -ns1.gotham5.a. A 10.20.30.45 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham6.a. IN A -SECTION AUTHORITY -gotham6.a. NS ns1.gotham6.a. -SECTION ADDITIONAL -ns1.gotham6.a. A 10.20.30.46 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -target.a. IN A -SECTION ANSWER -target.a. IN A 1.2.3.6 -ENTRY_END -RANGE_END - -; gotham3.a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.43 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham3.a. IN A -SECTION ANSWER -www.gotham3.a. A 1.2.3.4 -ENTRY_END -RANGE_END - -; gotham6.a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.46 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham6.a. IN A -SECTION ANSWER -www.gotham6.a. A 1.2.3.4 -ENTRY_END -RANGE_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham.a. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NXDOMAIN -SECTION QUESTION -www.gotham.a. IN A -SECTION ANSWER -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham2.a. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham2.a. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham3.a. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham3.a. IN A -SECTION ANSWER -www.gotham3.a. A 1.2.3.4 -ENTRY_END - -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham4.a. IN A -ENTRY_END -;dropped - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham5.a. IN A -ENTRY_END - -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham5.a. IN A -SECTION ANSWER -www.gotham5.a. CNAME target.a -target.a A 1.2.3.6 -ENTRY_END - -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham6.a. IN A -ENTRY_END - -STEP 61 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham6.a. IN A -SECTION ANSWER -www.gotham6.a. A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_nsip_override.rpl b/contrib/unbound/testdata/rpz_nsip_override.rpl deleted file mode 100644 index 8c3b20be381c..000000000000 --- a/contrib/unbound/testdata/rpz_nsip_override.rpl +++ /dev/null @@ -1,332 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - rpz-action-override: "nxdomain" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -; ns1.gotham.a -32.41.30.20.10.rpz-nsip A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz2.example.com." - rpz-log: yes - rpz-log-name: "rpz2.example.com" - rpz-action-override: "nodata" - zonefile: -TEMPFILE_NAME rpz2.example.com -TEMPFILE_CONTENTS rpz2.example.com -$ORIGIN example.com. -rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz2.example.com. - 3600 IN NS ns2.rpz2.example.com. -$ORIGIN rpz2.example.com. -; ns1.gotham2.a -32.42.30.20.10.rpz-nsip A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz3.example.com." - rpz-log: yes - rpz-log-name: "rpz3.example.com" - rpz-action-override: "passthru" - zonefile: -TEMPFILE_NAME rpz3.example.com -TEMPFILE_CONTENTS rpz3.example.com -$ORIGIN example.com. -rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz3.example.com. - 3600 IN NS ns2.rpz3.example.com. -$ORIGIN rpz3.example.com. -; ns1.gotham3.a -32.43.30.20.10.rpz-nsip A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz4.example.com." - rpz-log: yes - rpz-log-name: "rpz4.example.com" - rpz-action-override: "drop" - zonefile: -TEMPFILE_NAME rpz4.example.com -TEMPFILE_CONTENTS rpz4.example.com -$ORIGIN example.com. -rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz4.example.com. - 3600 IN NS ns2.rpz4.example.com. -$ORIGIN rpz4.example.com. -; ns1.gotham3.a -32.43.30.20.10.rpz-nsip A 1.2.3.5 -; ns1.gotham4.a -32.44.30.20.10.rpz-nsip A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz5.example.com." - rpz-log: yes - rpz-log-name: "rpz5.example.com" - rpz-action-override: "cname" - rpz-cname-override: "target.a" - zonefile: -TEMPFILE_NAME rpz5.example.com -TEMPFILE_CONTENTS rpz5.example.com -$ORIGIN example.com. -rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz5.example.com. - 3600 IN NS ns2.rpz5.example.com. -$ORIGIN rpz5.example.com. -; ns1.gotham5.a -32.45.30.20.10.rpz-nsip A 1.2.3.5 -TEMPFILE_END - -rpz: - name: "rpz6.example.com." - rpz-log: yes - rpz-log-name: "rpz6.example.com" - rpz-action-override: "disabled" - zonefile: -TEMPFILE_NAME rpz6.example.com -TEMPFILE_CONTENTS rpz6.example.com -$ORIGIN example.com. -rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz6.example.com. - 3600 IN NS ns2.rpz6.example.com. -$ORIGIN rpz6.example.com. -; ns1.gotham6.a -32.46.30.20.10.rpz-nsip A 1.2.3.5 -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ action override with trigger from nsip. - -; a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham.a. IN A -SECTION AUTHORITY -gotham.a. NS ns1.gotham.a. -SECTION ADDITIONAL -ns1.gotham.a. A 10.20.30.41 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham2.a. IN A -SECTION AUTHORITY -gotham2.a. NS ns1.gotham2.a. -SECTION ADDITIONAL -ns1.gotham2.a. A 10.20.30.42 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham3.a. IN A -SECTION AUTHORITY -gotham3.a. NS ns1.gotham3.a. -SECTION ADDITIONAL -ns1.gotham3.a. A 10.20.30.43 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham4.a. IN A -SECTION AUTHORITY -gotham4.a. NS ns1.gotham4.a. -SECTION ADDITIONAL -ns1.gotham4.a. A 10.20.30.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham5.a. IN A -SECTION AUTHORITY -gotham5.a. NS ns1.gotham5.a. -SECTION ADDITIONAL -ns1.gotham5.a. A 10.20.30.45 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham6.a. IN A -SECTION AUTHORITY -gotham6.a. NS ns1.gotham6.a. -SECTION ADDITIONAL -ns1.gotham6.a. A 10.20.30.46 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -target.a. IN A -SECTION ANSWER -target.a. IN A 1.2.3.6 -ENTRY_END -RANGE_END - -; gotham3.a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.43 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham3.a. IN A -SECTION ANSWER -www.gotham3.a. A 1.2.3.4 -ENTRY_END -RANGE_END - -; gotham6.a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.46 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham6.a. IN A -SECTION ANSWER -www.gotham6.a. A 1.2.3.4 -ENTRY_END -RANGE_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham.a. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NXDOMAIN -SECTION QUESTION -www.gotham.a. IN A -SECTION ANSWER -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham2.a. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham2.a. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham3.a. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham3.a. IN A -SECTION ANSWER -www.gotham3.a. A 1.2.3.4 -ENTRY_END - -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham4.a. IN A -ENTRY_END -;dropped - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham5.a. IN A -ENTRY_END - -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham5.a. IN A -SECTION ANSWER -www.gotham5.a. CNAME target.a -target.a A 1.2.3.6 -ENTRY_END - -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham6.a. IN A -ENTRY_END - -STEP 61 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.gotham6.a. IN A -SECTION ANSWER -www.gotham6.a. A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_passthru_clientip.rpl b/contrib/unbound/testdata/rpz_passthru_clientip.rpl deleted file mode 100644 index 1ffb79a00575..000000000000 --- a/contrib/unbound/testdata/rpz_passthru_clientip.rpl +++ /dev/null @@ -1,90 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -d.a A 127.0.0.1 -32.1.5.0.192.rpz-client-ip CNAME rpz-passthru. -32.2.5.0.192.rpz-client-ip CNAME rpz-drop. -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ passthru ends processing after clientip. - -; a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -d.a. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -STEP 10 QUERY ADDRESS 192.0.5.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -d.a. A 1.2.3.4 -ENTRY_END - -; This reply should get the rpz data -STEP 20 QUERY ADDRESS 192.0.5.3 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -d.a. A 127.0.0.1 -ENTRY_END - -; This reply should be dropped. -STEP 30 QUERY ADDRESS 192.0.5.2 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_qtype_cname.rpl b/contrib/unbound/testdata/rpz_qtype_cname.rpl deleted file mode 100644 index fa5674a0fba8..000000000000 --- a/contrib/unbound/testdata/rpz_qtype_cname.rpl +++ /dev/null @@ -1,120 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -www.gotham.a CNAME foo.target.a. -32.42.30.20.10.rpz-nsip CNAME foo.target.a. -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ with qtype CNAME. - -; a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham.a. IN A -SECTION AUTHORITY -gotham.a. NS ns1.gotham.a. -SECTION ADDITIONAL -ns1.gotham.a. A 10.20.30.41 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham2.a. IN NS -SECTION AUTHORITY -gotham2.a. NS ns1.gotham2.a. -SECTION ADDITIONAL -ns1.gotham2.a. A 10.20.30.42 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -target.a. IN A -SECTION ANSWER -target.a. IN A 1.2.3.6 -ENTRY_END -RANGE_END - -; gotham2.a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.42 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.gotham2.a. IN CNAME -SECTION ANSWER -www.gotham2.a. CNAME foo2.target.a. -ENTRY_END -RANGE_END - -; Query for type CNAME, from the RPZ response -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham.a. IN CNAME -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA -SECTION QUESTION -www.gotham.a. IN CNAME -SECTION ANSWER -www.gotham.a. IN CNAME foo.target.a. -ENTRY_END - -; Query for type CNAME, the answer is nameserver lookup, CNAME from rpz nsip. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.gotham2.a. IN CNAME -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -www.gotham2.a. IN CNAME -SECTION ANSWER -www.gotham2.a. IN CNAME foo.target.a. -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_reload.tdir/example.org.zone b/contrib/unbound/testdata/rpz_reload.tdir/example.org.zone deleted file mode 100644 index 21dd8993880a..000000000000 --- a/contrib/unbound/testdata/rpz_reload.tdir/example.org.zone +++ /dev/null @@ -1,2 +0,0 @@ -example.org. 3600 IN SOA ns1.example.org. hostmaster.example.org. 1379078166 28800 7200 604800 7200 -www.example.org. A 1.2.3.5 diff --git a/contrib/unbound/testdata/rpz_reload.tdir/rpz.example.com.zone b/contrib/unbound/testdata/rpz_reload.tdir/rpz.example.com.zone deleted file mode 100644 index ad075b18b359..000000000000 --- a/contrib/unbound/testdata/rpz_reload.tdir/rpz.example.com.zone +++ /dev/null @@ -1,6 +0,0 @@ -; example rpz file -rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. 1379078166 28800 7200 604800 7200 - NS ns1.rpz.example.com. - NS ns2.rpz.example.com. -foo.example.net CNAME . -www.example.net A 1.2.3.4 diff --git a/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.conf b/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.conf deleted file mode 100644 index d3c81e486cdd..000000000000 --- a/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.conf +++ /dev/null @@ -1,30 +0,0 @@ -server: - verbosity: 7 - # num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - module-config: "respip iterator" - log-time-ascii: yes - -remote-control: - control-enable: yes - control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@ - control-use-cert: no - -rpz: - name: "rpz.example.com" - zonefile: "rpz.example.com.zone" - rpz-action-override: cname - rpz-cname-override: "www.example.org" - rpz-log: yes - rpz-log-name: "example policy" - -auth-zone: - name: "example.org" - zonefile: "example.org.zone" - for-upstream: yes diff --git a/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.dsc b/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.dsc deleted file mode 100644 index 27f31cff19df..000000000000 --- a/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: rpz_reload -Version: 1.0 -Description: check rpz reload change -CreationDate: Mon 11 Mar 16:00:00 CET 2024 -Maintainer: dr. W.C.A. Wijngaards -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: rpz_reload.pre -Post: rpz_reload.post -Test: rpz_reload.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.post b/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.post deleted file mode 100644 index ef93cd46bc59..000000000000 --- a/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.post +++ /dev/null @@ -1,12 +0,0 @@ -# #-- rpz_reload.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -echo "> cat logfiles" -cat unbound.log -kill_pid $UNBOUND_PID -rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID diff --git a/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.pre b/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.pre deleted file mode 100644 index 8f88b6094264..000000000000 --- a/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.pre +++ /dev/null @@ -1,26 +0,0 @@ -# #-- rpz_reload.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh - -get_random_port 1 -UNBOUND_PORT=$RND_PORT -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test - -# make config file -CONTROL_PATH=/tmp -CONTROL_PID=$$ -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < rpz_reload.conf > ub.conf -# start unbound in the background -PRE="../.." -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test -echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test -echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_unbound_up unbound.log diff --git a/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.test b/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.test deleted file mode 100644 index f3cf9b29ef51..000000000000 --- a/contrib/unbound/testdata/rpz_reload.tdir/rpz_reload.test +++ /dev/null @@ -1,109 +0,0 @@ -# #-- rpz_reload.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -# do the test -echo "> dig . SOA" -dig @127.0.0.1 -p $UNBOUND_PORT localhost. A | tee outfile -echo "> check answer" -if grep localhost outfile | grep "127.0.0.1"; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -echo "" -echo "> unbound-control status" -$PRE/unbound-control -c ub.conf status -if test $? -ne 0; then - echo "wrong exit value." - exit 1 -else - echo "exit value: OK" -fi - -# Have the RPZ block some things. -dig @127.0.0.1 -p $UNBOUND_PORT foo.example.net. A | tee outfile -echo "> check answer" -if grep "www.example.org" outfile | grep "1.2.3.5"; then - echo "OK" -else - echo "Not OK" - exit 1 -fi -if grep "rpz: applied .example policy." unbound.log | grep "foo.example.net. A"; then - echo "log line OK" -else - echo "log line not OK" - exit 1 -fi - -dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. A | tee outfile -if grep "www.example.org" outfile | grep "1.2.3.5"; then - echo "OK" -else - echo "Not OK" - exit 1 -fi -if grep "rpz: applied .example policy." unbound.log | grep "www.example.net. A"; then - echo "log line OK" -else - echo "log line not OK" - exit 1 -fi - -# Modify the config -cp ub.conf ub2.conf -sed -e 's/rpz-action-override: cname/#rpz-action-override: ""/' \ - -e 's/rpz-cname-override: "www.example.org"/rpz-cname-override: ""/' \ - -e 's/rpz-log-name: "example policy"/rpz-log-name: "exrpz"/' \ - < ub2.conf > ub.conf -echo "" -echo "> Modified config" -grep "rpz" ub.conf -echo "" - -echo "> unbound-control reload" -$PRE/unbound-control -c ub.conf reload 2>&1 | tee outfile -if test $? -ne 0; then - echo "wrong exit value." - exit 1 -fi -wait_logfile unbound.log "Restart of unbound" 60 - -# Check the output after reload -dig @127.0.0.1 -p $UNBOUND_PORT foo.example.net. A | tee outfile -echo "> check answer" -if grep "NXDOMAIN" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi -if grep "rpz: applied .exrpz." unbound.log | grep "foo.example.net. A"; then - echo "log line OK" -else - echo "log line not OK" - exit 1 -fi - -dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. A | tee outfile -if grep "1.2.3.4" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi -if grep "rpz: applied .exrpz." unbound.log | grep "www.example.net. A"; then - echo "log line OK" -else - echo "log line not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/rpz_val_block.rpl b/contrib/unbound/testdata/rpz_val_block.rpl deleted file mode 100644 index acde15294adb..000000000000 --- a/contrib/unbound/testdata/rpz_val_block.rpl +++ /dev/null @@ -1,643 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - trust-anchor: "org. DS 1444 8 2 5224fb17d630a2e3efdc863a05a4032c5db415b5de3f32472ee9abed42e10146" - val-override-date: "20070916134226" - trust-anchor-signaling: no - log-servfail: yes - val-log-level: 2 - ede: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -foo.org CNAME . -foo2.org CNAME . -foo3.org CNAME . -bok.foo4.org A 4.0.5.5 -www.foo5.org CNAME alt.foo5.org. -TEMPFILE_END - -CONFIG_END - -SCENARIO_BEGIN Test RPZ with validator handles blocked zone. -; The DNSKEY and DS lookups are stopped. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 1000 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -org. IN NS -SECTION AUTHORITY -org. IN NS ns1.servers.org. -SECTION ADDITIONAL -ns1.servers.org. IN A 1.2.3.51 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS ns1.servers.com. -SECTION ADDITIONAL -ns1.servers.com. IN A 1.2.3.52 -ENTRY_END -RANGE_END - -; ns1.servers.org for .org -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.51 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -org. IN NS -SECTION ANSWER -org. 3600 IN NS ns1.servers.org. -org. 3600 IN RRSIG NS 8 1 3600 20070926134150 20070829134150 1444 org. arkVLr3b2Ip4bkWpjPTywYWzoVqay11KLB+ZygfoIWtq7mKW20SjRGI+AzIviHHWPv8iibzA8nwcTehuSmqIuRTmZXYj58hpi/AxrqqzJNiwE60swi1dKn3ti0SZKZaLMRnxrrAv7yu3PR6zGt7CD7gJgxfMfQMc6QryQJQbiyM= -SECTION ADDITIONAL -ns1.servers.org. 3600 IN A 1.2.3.51 -ns1.servers.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1444 org. k+9JSbFm5GWSzEbVckC9bVXvzQYwbLvMbHMYmL5tIjt8RMhVhbkyqu+XER5m8xUFL0nrUqJ8ad6SKI9X/8FYGk1iSegpAjIh4bHGzea7vvM7CWw0HfTmmwDhS569IvUfxHyjH4TjSVlM1x9o/d8NGSLAa7h34b0s+NXLEEjNNbI= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -org. IN DNSKEY -SECTION ANSWER -org. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -org. 3600 IN RRSIG DNSKEY 8 1 3600 20070926134150 20070829134150 1444 org. pJVKrXD3veTg0qOB2PSQAWdeTEyFFzSbMHJ2F9J9WyxVuMMIDj119aJrkHtkXTmLT7wdOd9RZxDfG0A1H30lQeQdvaJoymaVUgWLXfiwIAYg+4Uk7vZrP7UzHJO2BgDnGdf42h2vgBoboyP9szNMHTGGQdpUk7VkhtE6djonzwg= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.org. IN NS -SECTION AUTHORITY -foo.org. 3600 IN DS 29332 8 2 d38b124648bd7e32033a7fe9fd94ceab56e971ea9e61b3365566ccc028c15c98 -foo.org. 3600 IN RRSIG DS 8 2 3600 20070926134150 20070829134150 1444 org. BE2cR03ecUYk/nRsJNMcNfsOWnSoOfkwx4zmF9eEqwoRn/i5QzsrRBEUdorfBsFjpdKqB2R6jSu53CTQAGv392w8AE0cRANPBxcDUiWaRyFZ7CaqspKorPijOJCKEtgztEfFgC9YXab3xvRkJVUZzZRJ4nCrpmNIGzvmf7LlCTg= -foo.org. IN NS ns.foo.org. -SECTION ADDITIONAL -ns.foo.org. IN A 1.2.3.53 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo2.org. IN NS -SECTION AUTHORITY -foo2.org. 3600 IN NSEC foo3.org. NS RRSIG NSEC -foo2.org. 3600 IN RRSIG NSEC 8 2 3600 20070926134150 20070829134150 1444 org. RfkRfmLeyLYtdDKrLBaXTk/KXTkUn9/4dMZtm3Kl5k5oa9/LkbPmnPb0z+zZ/3aBBKZu0QIevS7w++fdYWfIQiK+DIgG9hhp+lNxakLKp4M5SiWuh+zlTjwbRzlf4abWe/c/FR4bjesgObUdLnaIoM4h3aQUS1KsjyGFmLOCUGM= -foo2.org. IN NS ns.foo2.org. -SECTION ADDITIONAL -ns.foo2.org. IN A 1.2.3.54 -ENTRY_END - -; for this entry the org zone is suddenly resigned with NSEC3. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo3.org. IN NS -SECTION AUTHORITY -; org. NSEC3PARAM 1 0 0 - -; org. -> mvnq25j8mo8ge527pikocn5rl72s2o0s. -; foo3.org. -> n3dm0vverfek5tl6klsp0k0gduj0gk92. -mvnq25j8mo8ge527pikocn5rl72s2o0s.org. IN NSEC3 1 0 0 - mvnq25j8mo8ge527pikocn5rl72s2o0t NS SOA RRSIG DNSKEY -mvnq25j8mo8ge527pikocn5rl72s2o0s.org. 3600 IN RRSIG NSEC3 8 2 3600 20070926134150 20070829134150 1444 org. MBmDCmjCeXShkwoDI/I04KK7w33FkNs7vci+SKoR5uWS24E3yt2AVgfkwFkKh42+MgqZnBUJEdRPOfATc80XDwxDhdymB3Ff4W1KAVFpJAkU42ii3bdiyYr+YPWVWdCYG2EfSpLcJiD6E21mW2DNRR7Lj9/W89WmndeUEgpjALA= -n3dm0vverfek5tl6klsp0k0gduj0gk91.org. IN NSEC3 1 0 0 - n3dm0vverfek5tl6klsp0k0gduj0gk93 NS DS RRSIG -n3dm0vverfek5tl6klsp0k0gduj0gk91.org. 3600 IN RRSIG NSEC3 8 2 3600 20070926134150 20070829134150 1444 org. H5aeeVc6k8fTSwUYDA9BW4ScHazb2b3NfvdQwRbKYj97tlJnJa+cojgOnyvP3qW9YoqO0aRT8rzUjFPJajOIRoS/6XVWCZ3ymDNQIi8oW6vT8qQYA2ldmoWDvFK9fHSgiwqJzQiKXtNGdqTfj2HEyVKVbFTv/Cgxh5jLcB6r9jM= -foo3.org. IN NS ns.foo3.org. -SECTION ADDITIONAL -ns.foo3.org. IN A 1.2.3.55 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo4.org. IN NS -SECTION AUTHORITY -foo4.org. 3600 IN DS 55567 8 2 db658962fbd0a03e81f1a68c33bb53eef3bc30e980040cb476fb191b24dfdd5a -foo4.org. 3600 IN RRSIG DS 8 2 3600 20070926134150 20070829134150 1444 org. kO2d+9du+9y0HcAUq056qnqBoXLwT+/EN82lEocJjCE7lx9qxv4YpwfNd1Sr3J9lwvZbfEm5uRPmSwtrythlI4+qmlsEWE90mfUntH+JqlXj7t2E514AZ/SZPSUd6h6AKPlB/DIhHuI/fAEKB+S263NnvVMccaHh8ScJMsY9nGI= -foo4.org. IN NS ns.foo4.org. -SECTION ADDITIONAL -ns.foo4.org. IN A 1.2.3.56 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo5.org. IN NS -SECTION AUTHORITY -foo5.org. 3600 IN DS 55567 8 2 4046e908302813cad9b4448cd4c243be118b7c18f8414b820bce0a1eab6f6889 -foo5.org. 3600 IN RRSIG DS 8 2 3600 20070926134150 20070829134150 1444 org. e0+FRSrwoSeQxd35dcvsEFGQIO9nz+H6p52LAwPDUTOSwFcbR+q+x4OKX+eG8dbFXK7MGztdGdpPji95HzlezXRTt/66sXqYeDM61NezxVM6N/OjPIOL3VTGeyG4nvDj4ycvBbgjJqdhmev6aWYmTQwFa0+6Nxrlsldrl5/chW4= -foo5.org. IN NS ns.foo5.org. -SECTION ADDITIONAL -ns.foo5.org. IN A 1.2.3.57 -ENTRY_END -RANGE_END - -; ns1.servers.com for .com -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.52 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS ns1.servers.com. -SECTION ADDITIONAL -ns1.servers.com. IN A 1.2.3.52 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.com. IN TXT -SECTION ANSWER -foo.com. IN CNAME www.foo.org. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo2.com. IN TXT -SECTION ANSWER -foo2.com. IN CNAME www.foo2.org. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo4.com. IN A -SECTION ANSWER -foo4.com. IN CNAME www.foo4.org. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo5.com. IN A -SECTION ANSWER -foo5.com. IN CNAME www.foo5.org. -ENTRY_END -RANGE_END - -; ns.foo.org for foo.org -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.53 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.org. IN NS -SECTION ANSWER -foo.org. 3600 IN NS ns.foo.org. -foo.org. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 29332 foo.org. WfSshqIf/LdScUjw5uyB10t3yoF36aOc+lkhTQsAiR7gat14Un+F1s8bQiG3gU8mnMirsu7M1aMBeQlbJncFhLu4av6ZkkI5L/qvojBAL0AF7Rj0gUWKbMc2NsAeAKY8ySzDXqF7ol9YEskHWW35aL+r5DB91u4joZVsANSqeAfLWAhm47hDGlWgzQ1us72dWOPxPqNBG0sx48xaFxiZJjowXVs/zbRQ1TyIFPeKztayc6HL2gaOPPUoOuHp/AEecySqjamXI28mqBBs8MGJoArFaJ05wIuWEdOzsfc+BcYnmuCaTVgEHUvZMbNvi2CYCY4l0jcl1UD7i4FzPhC4jQ== -SECTION ADDITIONAL -ns.foo.org. 3600 IN A 1.2.3.53 -ns.foo.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 29332 foo.org. pScBuh9fyXazJLV4yPGQsDKAnNgAGe5G5712sQ46V9CA4Rv+STTI9p6JDyqu1EWVJupLwbL7dqqypSwcSy8CpCO1nH/n/yBnT/9txduEpzvr4OtVJnRZS1LMMlpb4NrT+QPpzxXZH5Zlc+Axevbxj7FVeFIAUq9Fh2+yO6lYXffIy9BW85VOZa1S08/O/2ZyZwPh6pdxB7HRGe/KuD86TMjfjVsveYL4w7UFC+wk1XGQA+zuXOIm+9MQC+UzM/cVR38nW/7Oj1hY2iAgvevFrT75tesf+H927uaHaPrWqSVJLPRIfm4O5wT5K1bgvfYDSlpU/YLf7vaCtJ+kKSOpJw== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.org. IN DNSKEY -SECTION ANSWER -foo.org. 3600 IN DNSKEY 257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b} -foo.org. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 29332 foo.org. qlZQpZG+prXK6vsd+zObdHj8DbPBCpjB16B7UgTwsgmVxGRX9nSBnkqUqcIrnszJMHvEwu7VPWjegPX3E8LESgz2Slepa5T8hWmcoega2vWakIzIRNtDxH9PXDy804Dmduk/fxBzMlbbFLfsSrG5+cK5PhingjjxNbEuG3V124xTjFUGHKu4NM6kMfPcHOwjTTQLt6azJ10i6CeyaUXCSYz5xGE7Z4PSLYAstlLsM64EtLTGQHAZIEr2Dq6C23u23sRrj/0qcMFo0Nv8E3rjnkfJIo+RYuqqAznFsLMqfveX42ElWBl5YVLQHSo+kFbXcvgX7gzL8X9u4Z6MJ9zUkw== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.org. IN TXT -SECTION ANSWER -foo.org. 3600 IN TXT "a.b.c." -foo.org. 3600 IN RRSIG TXT 8 2 3600 20070926134150 20070829134150 29332 foo.org. UW/T+M0crcfzQ6PVM/0o1ZtXF2o26VTm/V/9/+F873aQnDwfRLH+tzYSC+yfWZ/0niuif6fv9FYWisE8CyAIIMZ8mrxM7M4JgEZ0/vFOC2sN0qnmqSoZoZaeOEjJIAS6F2om+L6AAFtAH2Khbm0wkHc0jBWj3vK8HoXO38iLe1pPnuBK6BhE2+tyDIcUCoABFrycT0E5NBKFERQL+CzYMEzMUS/joSeWloFw1AB1X9Z94ezgmD+g2MnbW78DR6TRZXGD4DWXuxYNswRnfp4VENSOsSbhX9ixtuxwGn1fhiZeTxN84zE/ERiLK59Yo1bQ3TFjOY0cCvj+c2NulTAr9w== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.foo.org. IN TXT -SECTION ANSWER -www.foo.org. 3600 IN TXT "a.b.d." -www.foo.org. 3600 IN RRSIG TXT 8 3 3600 20070926134150 20070829134150 29332 foo.org. EjFHdpJdlFFLDWabiMsMzUPE1+brzq/0ecRG39bpPuU/6MW4HCQs4rlLlZNmmJP/vj+kLTGfguSrKyLQt8n9Tf1fKbvD6NUOIOwiVUOE4kb54JghbiBhWeCnRLmUQwi7DKy0UEw8niX3SY6WwJxO/e7+leQJY7Gpg3S00vKskTAjnKeDYiHcrO69Dpyc0l/qtR1Bb98xcs4vMsh6//BBklSlPTMKBcu2uK6sK7G2ZR1lOtShoginq5UHa+EZWR6Pxn8pLkfQGOXTjGq5WaTeEdcinBlvXYBGhAPKWXHwcEtEjClkWi1ZXOnSgwHu9dRxgSk/jcfSmjBFzw2bycq2Lg== -ENTRY_END -RANGE_END - -; ns.foo2.org for foo2.org -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.54 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo2.org. IN NS -SECTION ANSWER -foo2.org. IN NS ns.foo2.org. -SECTION ADDITIONAL -ns.foo2.org. IN A 1.2.3.54 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.foo2.org. IN TXT -SECTION ANSWER -www.foo2.org. IN TXT "a.b.e." -ENTRY_END -RANGE_END - -; ns.foo3.org for foo3.org -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.55 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo3.org. IN NS -SECTION ANSWER -foo3.org. IN NS ns.foo3.org. -SECTION ADDITIONAL -ns.foo3.org. IN A 1.2.3.55 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.foo3.org. IN A -SECTION ANSWER -ns.foo3.org. IN A 1.2.3.55 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.foo3.org. IN AAAA -SECTION AUTHORITY -foo3.org. IN SOA ns.foo3.org. host.foo3.org. 2007090422 3600 300 604800 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.foo3.org. IN TXT -SECTION ANSWER -www.foo3.org. IN TXT "a.b.f." -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www2.foo3.org. IN TXT -SECTION ANSWER -www2.foo3.org. IN TXT "a.b.g." -ENTRY_END -RANGE_END - -; ns.foo4.org for foo4.org -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.56 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo4.org. IN NS -SECTION ANSWER -foo4.org. 3600 IN NS ns.foo4.org. -foo4.org. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55567 foo4.org. FXwXqJ8EW2XZDzHiMSiqiUpkk6tHGsJdlH1pfuOO6yPsmAmg6sSnyE9UsIDeW1bGwanYxbZGiD4YR9ED/NzdlMUrCI0fs4c0fa0yJjcF5WY0yZCL9OZbyn/dPIcqZ3D6UWjVVMW6EhZSPqzuz5gWYEiXkBDEc1s2BEjIYSwZo4g= -SECTION ADDITIONAL -ns.foo4.org. 3600 IN A 1.2.3.56 -ns.foo4.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo4.org. MgKROh4mE6pUyp0ik2CHTZuf7n9M4WaDvTLdI9qb+AvvpJJiwA1+7/v004A3PADvohsUytQttldYKwK6J9+c8R48lpieT+e/WzeyoCM1ieFhbP73By32Bl/akH+8cOUxfqqLD8Y+1z/oKV55LyqKP0H0DCb6vfYtSxWAYQym9PQ= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo4.org. IN DNSKEY -SECTION ANSWER -foo4.org. IN DNSKEY 257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b} -foo4.org. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 55567 foo4.org. Hy1tP0xBPp23e+w2YJ49e09e8AB9hLDP3ksWI/8ujNFK51Kuwo8HBx4R6zbcuOELlqWxr6IQU2w6AwB6UqClS88mc2sIgeEbw7Nm+nCDWPSPklPP4qa9pdXFh2M4txF4NxymrgRABjTTJiXK4oeWtFBNKkUu0hf6RGb9OJmdzF0= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.foo4.org. IN A -SECTION ANSWER -www.foo4.org. 3600 IN CNAME bok.foo4.org. -www.foo4.org. 3600 IN RRSIG CNAME 8 3 3600 20070926134150 20070829134150 55567 foo4.org. ZRY/v7TPmkuKVNB739kTMiqPh84jtDO01hx2EtuPI2YwG4EnhWFV0fuz86FDMPKUD17MXRHKsi0+RUopqGUEbuZ7G9MzUFtuuTnVD8f9lNJVp2AfE2RAr1le8zZpdSvlmB1Y07HsrFPxxZAPYdBC2IY3VcpI0xaT1nHGsSpcoXc= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -bok.foo4.org. IN A -SECTION ANSWER -bok.foo4.org. 3600 IN A 1.2.3.4 -bok.foo4.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo4.org. xDPRNYlwWTxfQaX6kKHbYeKC/ro/U1TAQzEexUoQb/GDpx1zB1oqvYBuauivIjHyKwjrGg7f9WHyyzMxSby0G62hJLPoMJMLscLce17mwkWcG2AuojBiDwLBr5QXvJXhvT21LpOFt8xplLZuzNRyw4EsUau0ecd2nQ/5vtIz5aU= -ENTRY_END -RANGE_END - -; ns.foo5.org for foo5.org -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.57 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo5.org. IN NS -SECTION ANSWER -foo5.org. 3600 IN NS ns.foo5.org. -foo5.org. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55567 foo5.org. Zv/zSvsLucTxX2LL+i4IZfFw/D/5HvzNKmRcohBjmP2W+F53KddGJpRHb2FPqcBzKhvjL/Awf0x1mhHUUBCSQcHA3FZQ9q2kfXK4pzg4XbI03U/hsY5b/1M8SC/DfGE+4jN59QadXZ6N4ouV4Ka9sqRfqXiQFED1Rz9WuMyHfXY= -SECTION ADDITIONAL -ns.foo5.org. 3600 IN A 1.2.3.57 -ns.foo5.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. TcHl2qjwwcfoM1kJ+rwje/VRmPJT62RvJvjHwri5NqJopKp9tcaKz1dYByTlhbGbB0tGihWPa271ja3s31dHuOlZsuWd8hdMr7Hq/COpyn7iVOoeU8bLRtkvReLyiD3Ju9IMmzLMyWCGNNzpuZrEBfbBwTC4ali5iL4OgPjMdhc= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo5.org. IN DNSKEY -SECTION ANSWER -foo5.org. IN DNSKEY 257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b} -foo5.org. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 55567 foo5.org. wq5nET6vQal5aXvNr6lhUI5VzGJNM52k9RVdNsntiN25GehtBKF/+O2OhrD4YoLCIkMM4dzSSlO/nbbtx/8V8Y5LlA5Kxx3DU+QWpn4iwJg01VwXhJaw8KqK20bUS+PbkG+ZwAqVD1veAdtKR7lfYI35XZojZQ1ReSMWb/vLv4s= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname -ADJUST copy_id copy_query -REPLY QR AA NOERROR -SECTION QUESTION -www.foo5.org. IN A -SECTION ANSWER -www.foo5.org. 3600 IN CNAME bok.foo5.org. -www.foo5.org. 3600 IN RRSIG CNAME 8 3 3600 20070926134150 20070829134150 55567 foo5.org. L/KOVafKFY401Y2k3J+QjkX0XcBTsMperFyhKfTmyQYY3lI5shvdJT0UGu6ogZ9cCWM+tLNyVr804+dfK6QL/wdYOx9hkK/fiePUhAU6lzepJBdg7wotw560Eu6J7UhhtopHKrWa5ElQFG1UFR/qjcx/m4Ms6BgCWh8yWy20N1E= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -alt.foo5.org. IN A -SECTION ANSWER -alt.foo5.org. 3600 IN A 4.0.5.6 -alt.foo5.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. vG+qffAmazC38iBE2QsZq5kFxNW5Mo+65epMjAA/06syLzjOKkfh8dbe++jQqvwqCqrIBb56miVFDCW1VEYOdh8vReptt9KtbQjXXMfRF39V3ccvbhEfP1xMG8Z8B7tkIBtLvfCNrsfYaccvYgq+gkPeeL1JEiK3ntOukJUbapM= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -bok.foo5.org. IN A -SECTION ANSWER -bok.foo5.org. 3600 IN A 1.2.3.4 -bok.foo5.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. rlBgWgq0R4yT+bK0CyuZfFJ36dCsZnpvc9/7tShcMAzDPDu4+hgbXuyMWcsnsZjX3ZfR0a4wRwOwH86ZNLLxdkXNO1/bSDq+IsLyXesoVBDmcNvtdq5PgupCNW5I/cBP4tK0DCytXDLRFtU7LOxdgPps4dFANhHU6Q6LboqW4t8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -alt.foo5.org. IN DS -SECTION ANSWER -SECTION AUTHORITY -foo5.org. 3600 IN SOA ns.foo5.org. host.foo5.org. 2007090422 3600 300 604800 3600 -foo5.org. 3600 IN RRSIG SOA 8 2 3600 20070926134150 20070829134150 55567 foo5.org. cHo00Jg0OI9sRaQV9t6WMybhkRwG6UFx6gEq87HOeOm2gPSbXFjIImyH6l1u8MPdXj8kYcGsUotWUEPuBTfA88bGb/lKfbu4aMD9GaqjB9oZF1iOCf7IdkXqHg/0iZNHOXbUNyNlCJgjkrVdZysJ1D1tAx7qmJgmzsJHerDuQzA= -alt.foo5.org. 3600 IN NSEC alt2.foo5.org. A RRSIG NSEC -alt.foo5.org. 3600 IN RRSIG NSEC 8 3 3600 20070926134150 20070829134150 55567 foo5.org. fgOxxCj+ZnRWyfVFlNCS/9UDg4n8+JaSmMjQzsqUoXk5Db9fMzOd3ScYqVxweXC/ER6Ly+XHz9RFVsAOA4I67eWGL6YJ5sA/MUJd3tB4Dk3xp0ycHH0ARvys9YedG9PLUvBY9B5qT/nhrw2N9yRtkq04z6DhjLh3uC0UJKsSiVc= -ENTRY_END -RANGE_END - -; Test query -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -foo.org. IN TXT -ENTRY_END - -; It is blocked -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NXDOMAIN -SECTION QUESTION -foo.org. IN TXT -SECTION ANSWER -ENTRY_END - -; The foo2.org domain has no DS with NSEC. The queries for foo2.org DS and -; DNSKEY are blocked. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.foo2.org. IN TXT -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.foo2.org. IN TXT -SECTION ANSWER -www.foo2.org. IN TXT "a.b.e." -ENTRY_END - -; The foo3.org domain has no DS with NSEC3. The queries for foo3.org DS and -; DNSKEY are blocked. Because it is nsec3, there is no negative cache entry, -; and a type DS query is made, that is then blocked. -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.foo3.org. IN TXT -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.foo3.org. IN TXT -SECTION ANSWER -www.foo3.org. IN TXT "a.b.f." -ENTRY_END - -; This query would use a validation failure for foo3.org from the key cache, -; if it previously failed. -STEP 32 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www2.foo3.org. IN TXT -ENTRY_END - -STEP 33 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www2.foo3.org. IN TXT -SECTION ANSWER -www2.foo3.org. IN TXT "a.b.g." -ENTRY_END - -; This query has a CNAME to www.foo.org. It is signed, but foo.org is blocked, -; for DS and DNSKEY queries. There is a DS, but the DNSKEY query is blocked. -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -foo.com. IN TXT -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -foo.com. IN TXT -SECTION ANSWER -foo.com. IN CNAME www.foo.org. -www.foo.org. 3600 IN TXT "a.b.d." -ENTRY_END - -; The foo4.com query has a CNAME to a validly signed domain www.foo4.org, -; that has a cname to bok.foo4.org. The bok.foo4.org name is RPZ filtered, -; with a new A record in the response, that is not signed, from RPZ. -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -foo4.com. IN A -ENTRY_END - -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -foo4.com. IN A -SECTION ANSWER -foo4.com. IN CNAME www.foo4.org. -www.foo4.org. IN CNAME bok.foo4.org. -bok.foo4.org IN A 4.0.5.5 -ENTRY_END - -; The foo5.com query has a CNAME to a signed domain www.foo5.org, -; the www.foo5.org is filtered by RPZ with a different CNAME to another, -; DNSSEC signed A record, alt.foo5.org, instead of bok.foo5.org. -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -foo5.com. IN A -ENTRY_END - -STEP 61 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -foo5.com. IN A -SECTION ANSWER -foo5.com. IN CNAME www.foo5.org. -www.foo5.org. IN CNAME alt.foo5.org. -alt.foo5.org IN A 4.0.5.6 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rrset_use_cached.rpl b/contrib/unbound/testdata/rrset_use_cached.rpl deleted file mode 100644 index 8420ae02afe6..000000000000 --- a/contrib/unbound/testdata/rrset_use_cached.rpl +++ /dev/null @@ -1,151 +0,0 @@ -server: - minimal-responses: no - serve-expired: yes - # The value does not matter, we will not simulate delay. - # We do not want only serve-expired because fetches from that - # apply a generous PREFETCH_LEEWAY. - serve-expired-client-timeout: 1000 - # So that we can only have to give one SERVFAIL answer. - outbound-msg-retry: 0 - -forward-zone: name: "." forward-addr: 216.0.0.1 -CONFIG_END - -SCENARIO_BEGIN RRset from cache updates the message TTL. - -STEP 1 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - www.example.com. IN A -ENTRY_END -; the query is sent to the forwarder - no cache yet. -STEP 2 CHECK_OUT_QUERY -ENTRY_BEGIN - MATCH qname qtype opcode - SECTION QUESTION - www.example.com. IN A -ENTRY_END -STEP 3 REPLY -ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - ; authoritative answer - REPLY QR AA RD RA NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 5 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 10.20.30.50 -ENTRY_END -STEP 4 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ttl - REPLY QR RD RA - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 5 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 10.20.30.50 -ENTRY_END - -; Wait for the A RRSET to expire. -STEP 5 TIME_PASSES ELAPSE 6 - -STEP 6 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - www.example.com. IN A -ENTRY_END -; expired answer will not be served due to serve-expired-client-timeout. -STEP 7 CHECK_OUT_QUERY -ENTRY_BEGIN - MATCH qname qtype opcode - SECTION QUESTION - www.example.com. IN A -ENTRY_END -STEP 8 REPLY -ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - ; authoritative answer - REPLY QR AA RD RA NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 5 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 10.20.30.50 -ENTRY_END -; The cached NS related RRSETs will not be overwritten by the fresh answer. -; The message should have a TTL of 4 instead of 5 from above. -STEP 9 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ttl - REPLY QR RD RA - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 5 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. 4 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 4 IN A 10.20.30.50 -ENTRY_END - -; Wait for the NS RRSETs to expire. -STEP 10 TIME_PASSES ELAPSE 5 - -STEP 11 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - www.example.com. IN A -ENTRY_END -; The message should be expired, again no expired answer at this point due to -; serve-expired-client-timeout. -STEP 12 CHECK_OUT_QUERY -ENTRY_BEGIN - MATCH qname qtype opcode - SECTION QUESTION - www.example.com. IN A -ENTRY_END -STEP 13 REPLY -ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR RD RA SERVFAIL - SECTION QUESTION - www.example.com. IN A -ENTRY_END -; The SERVFAIL will trigger the serve-expired-client-timeout logic to try and -; replace the SERVFAIL with a possible cached (expired) answer. -; The A RRSET would be at 0TTL left (not expired) but the message should have -; been updated to use a TTL of 4 so expired by now. -; If the message TTL was not updated (bug), this message would be treated as -; non-expired and the now expired NS related RRSETs would fail sanity checks -; for non-expired messages. The result would be SERVFAIL here. -STEP 14 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ttl - REPLY QR RD RA - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 0 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. 30 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 30 IN A 10.20.30.50 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_0ttl_nodata.rpl b/contrib/unbound/testdata/serve_expired_0ttl_nodata.rpl deleted file mode 100644 index 7f1b5a565853..000000000000 --- a/contrib/unbound/testdata/serve_expired_0ttl_nodata.rpl +++ /dev/null @@ -1,154 +0,0 @@ -; config options -server: - module-config: "validator iterator" - qname-minimisation: "no" - minimal-responses: no - serve-expired: yes - log-servfail: yes - ede: yes - ede-serve-expired: yes - - -stub-zone: - name: "example.com" - stub-addr: 1.2.3.4 -CONFIG_END - -SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL -; Scenario overview: -; - query for 0ttl.example.com. IN A -; - answer from upstream is NODATA; will be cached for the SOA negative TTL. -; - check that the client gets the NODATA; also cached -; - query again right after the TTL expired -; - this time the server answers with a 0 TTL RRset -; - check that we get the correct answer - -; ns.example.com. -RANGE_BEGIN 0 20 - ADDRESS 1.2.3.4 - ; response to A query - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR AA NOERROR - SECTION QUESTION - 0ttl.example.com. IN A - SECTION AUTHORITY - example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 30 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - 0ttl.example.com. IN A - SECTION ANSWER - 0ttl.example.com. 0 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; Query with RD flag -STEP 0 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we get the NODATA (will be cached) -STEP 10 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA NOERROR - SECTION QUESTION - 0ttl.example.com. IN A - SECTION AUTHORITY - example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 -ENTRY_END - -; Query again -STEP 20 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we get the cached NODATA -STEP 30 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA NOERROR - SECTION QUESTION - 0ttl.example.com. IN A - SECTION AUTHORITY - example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 -ENTRY_END - -; Wait for the NXDOMAIN to expire -STEP 31 TIME_PASSES ELAPSE 32 - -; Query again -STEP 40 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we get the cached NODATA -STEP 50 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA NOERROR - SECTION QUESTION - 0ttl.example.com. IN A - SECTION AUTHORITY - example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 -ENTRY_END - -; Query again -STEP 60 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we got the correct answer -STEP 70 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ttl - REPLY QR RD RA NOERROR - SECTION QUESTION - 0ttl.example.com. IN A - SECTION ANSWER - 0ttl.example.com. 0 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_0ttl_nxdomain.rpl b/contrib/unbound/testdata/serve_expired_0ttl_nxdomain.rpl deleted file mode 100644 index 4adb4b839a69..000000000000 --- a/contrib/unbound/testdata/serve_expired_0ttl_nxdomain.rpl +++ /dev/null @@ -1,154 +0,0 @@ -; config options -server: - module-config: "validator iterator" - qname-minimisation: "no" - minimal-responses: no - serve-expired: yes - log-servfail: yes - ede: yes - ede-serve-expired: yes - - -stub-zone: - name: "example.com" - stub-addr: 1.2.3.4 -CONFIG_END - -SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL -; Scenario overview: -; - query for 0ttl.example.com. IN A -; - answer from upstream is NXDOMAIN; will be cached for the SOA negative TTL. -; - check that the client gets the NXDOMAIN; also cached -; - query again right after the TTL expired -; - this time the server answers with a 0 TTL RRset -; - check that we get the correct answer - -; ns.example.com. -RANGE_BEGIN 0 20 - ADDRESS 1.2.3.4 - ; response to A query - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR AA NXDOMAIN - SECTION QUESTION - 0ttl.example.com. IN A - SECTION AUTHORITY - example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 30 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - 0ttl.example.com. IN A - SECTION ANSWER - 0ttl.example.com. 0 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; Query with RD flag -STEP 0 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we get the SERVFAIL (will be cached) -STEP 10 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA NXDOMAIN - SECTION QUESTION - 0ttl.example.com. IN A - SECTION AUTHORITY - example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 -ENTRY_END - -; Query again -STEP 20 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we get the cached NXDOMAIN -STEP 30 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA NXDOMAIN - SECTION QUESTION - 0ttl.example.com. IN A - SECTION AUTHORITY - example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 -ENTRY_END - -; Wait for the NXDOMAIN to expire -STEP 31 TIME_PASSES ELAPSE 32 - -; Query again -STEP 40 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we get the cached NXDOMAIN -STEP 50 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA NXDOMAIN - SECTION QUESTION - 0ttl.example.com. IN A - SECTION AUTHORITY - example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 -ENTRY_END - -; Query again -STEP 60 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we got the correct answer -STEP 70 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ttl - REPLY QR RD RA NOERROR - SECTION QUESTION - 0ttl.example.com. IN A - SECTION ANSWER - 0ttl.example.com. 0 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_0ttl_servfail.rpl b/contrib/unbound/testdata/serve_expired_0ttl_servfail.rpl deleted file mode 100644 index 6833af17b827..000000000000 --- a/contrib/unbound/testdata/serve_expired_0ttl_servfail.rpl +++ /dev/null @@ -1,129 +0,0 @@ -; config options -server: - module-config: "validator iterator" - qname-minimisation: "no" - minimal-responses: no - serve-expired: yes - log-servfail: yes - ede: yes - ede-serve-expired: yes - - -stub-zone: - name: "example.com" - stub-addr: 1.2.3.4 -CONFIG_END - -SCENARIO_BEGIN Test serve-expired with SERVFAIL followed by 0 TTL -; Scenario overview: -; - query for 0ttl.example.com. IN A -; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) -; - check that the client gets the SERVFAIL; also cached -; - query again right after the TTL expired -; - this time the server answers with a 0 TTL RRset -; - check that we get the correct answer - -; ns.example.com. -RANGE_BEGIN 0 20 - ADDRESS 1.2.3.4 - ; response to A query - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR AA SERVFAIL - SECTION QUESTION - 0ttl.example.com. IN A - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 30 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - 0ttl.example.com. IN A - SECTION ANSWER - 0ttl.example.com. 0 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; Query with RD flag -STEP 0 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we get the SERVFAIL (will be cached) -STEP 10 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA SERVFAIL - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Query again -STEP 20 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we get the cached SERVFAIL -STEP 30 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA SERVFAIL - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Wait for the SERVFAIL to expire -STEP 31 TIME_PASSES ELAPSE 32 - -; Query again -STEP 40 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - 0ttl.example.com. IN A -ENTRY_END - -; Check that we got the correct answer -STEP 50 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ttl - REPLY QR RD RA NOERROR - SECTION QUESTION - 0ttl.example.com. IN A - SECTION ANSWER - 0ttl.example.com. 0 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_cached_servfail.rpl b/contrib/unbound/testdata/serve_expired_cached_servfail.rpl deleted file mode 100644 index edec7447940f..000000000000 --- a/contrib/unbound/testdata/serve_expired_cached_servfail.rpl +++ /dev/null @@ -1,130 +0,0 @@ -; config options -server: - module-config: "validator iterator" - qname-minimisation: "no" - minimal-responses: no - serve-expired: yes - serve-expired-reply-ttl: 123 - log-servfail: yes - ede: yes - ede-serve-expired: yes - - -stub-zone: - name: "example.com" - stub-addr: 1.2.3.4 -CONFIG_END - -SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply -; Scenario overview: -; - query for example.com. IN A -; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) -; - check that the client gets the SERVFAIL; also cached -; - query again right after the TTL expired -; - cached SERVFAIL should be ignored and upstream queried -; - check that we get the correct answer - -; ns.example.com. -RANGE_BEGIN 0 20 - ADDRESS 1.2.3.4 - ; response to A query - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR AA SERVFAIL - SECTION QUESTION - example.com. IN A - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 40 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN A - SECTION ANSWER - example.com. 10 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; Query with RD flag -STEP 0 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Check that we get the SERVFAIL (will be cached) -STEP 10 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA SERVFAIL - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Query again -STEP 20 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Check that we get the cached SERVFAIL -STEP 30 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA SERVFAIL - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Wait for the SERVFAIL to expire -STEP 31 TIME_PASSES ELAPSE 6 - -; Query again -STEP 40 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Check that we got the correct answer -STEP 50 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ttl - REPLY QR RD RA NOERROR - SECTION QUESTION - example.com. IN A - SECTION ANSWER - example.com. 10 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_cached_servfail_refresh.rpl b/contrib/unbound/testdata/serve_expired_cached_servfail_refresh.rpl deleted file mode 100644 index 4d14dd948ffb..000000000000 --- a/contrib/unbound/testdata/serve_expired_cached_servfail_refresh.rpl +++ /dev/null @@ -1,145 +0,0 @@ -; config options -server: - module-config: "validator iterator" - qname-minimisation: "no" - minimal-responses: no - serve-expired: yes - serve-expired-reply-ttl: 123 - log-servfail: yes - ede: yes - ede-serve-expired: yes - - -stub-zone: - name: "example.com" - stub-addr: 1.2.3.4 -CONFIG_END - -SCENARIO_BEGIN Test serve-expired without client-timeout and a SERVFAIL upstream reply -; Scenario overview: -; - query for example.com. IN A -; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) -; - check that the client gets the SERVFAIL; also cached -; - query again right after the TTL expired -; - cached SERVFAIL should be ignored and upstream queried -; - answer from upstream is still SERVFAIL; the cached error response will be -; refreshed for another NORR_TTL(5) -; - check that the client gets the SERVFAIL -; - query again; the upstream now has the answer available -; - check that we get the refreshed cached response instead - -; ns.example.com. -RANGE_BEGIN 0 50 - ADDRESS 1.2.3.4 - ; response to A query - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR AA SERVFAIL - SECTION QUESTION - example.com. IN A - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 60 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN A - SECTION ANSWER - example.com. 10 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. 10 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 10 IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; Query with RD flag -STEP 0 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Check that we get the SERVFAIL (will be cached) -STEP 10 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA SERVFAIL - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Query again -STEP 20 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Check that we get the cached SERVFAIL -STEP 30 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA SERVFAIL - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Wait for the SERVFAIL to expire -STEP 31 TIME_PASSES ELAPSE 6 - -; Query again -STEP 40 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Check that we get the SERVFAIL (will be refreshed) -STEP 50 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA SERVFAIL - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Query again, upstream has the real answer available -STEP 60 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Check that we get the refreshed cached SERVFAIL -STEP 70 CHECK_ANSWER -ENTRY_BEGIN - MATCH all - REPLY QR RD RA SERVFAIL - SECTION QUESTION - example.com. IN A -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_client_timeout_val_bogus.rpl b/contrib/unbound/testdata/serve_expired_client_timeout_val_bogus.rpl deleted file mode 100644 index f4937a16c538..000000000000 --- a/contrib/unbound/testdata/serve_expired_client_timeout_val_bogus.rpl +++ /dev/null @@ -1,317 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - - serve-expired: yes - serve-expired-client-timeout: 1 - serve-expired-reply-ttl: 123 - ede: yes - ede-serve-expired: yes - - # No need for AAAA nameserver queries - do-ip6: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test serve-expired with client-timeout and bogus answer -; Scenario overview: -; - query for www.example.com. IN A -; - check the answer -; - wait for the record to expire -; - (upstream now has a bogus response) -; - query again for www.example.com. IN A -; - check that we get the expired valid response instead -; - query once more -; - (upstream has the valid response again) -; - check that we get the immediate expired valid response -; - (the prefetch query updates the cache with the valid response) -; - query one last time -; - check that we get the immediate valid cache response; upstream does not have an answer at this moment - -;; -;; K.ROOT-SERVERS.NET. -;; -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - . IN NS - SECTION ANSWER - . IN NS K.ROOT-SERVERS.NET. - SECTION ADDITIONAL - K.ROOT-SERVERS.NET. IN A 193.0.14.129 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode - ADJUST copy_id copy_query - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END -RANGE_END - -;; -;; a.gtld-servers.net. -;; -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - com. IN NS - SECTION ANSWER - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode - ADJUST copy_id copy_query - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -;; -;; ns.example.com. with generic valid data -;; -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} - ENTRY_END - - ; response to DNSKEY priming query - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN DNSKEY - SECTION ANSWER - example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} - example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} - ENTRY_END -RANGE_END - -;; -;; ns.example.com with valid data -;; -RANGE_BEGIN 0 10 - ADDRESS 1.2.3.4 - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} - ENTRY_END -RANGE_END - -;; -;; ns.example.com. with bogus data -;; -RANGE_BEGIN 20 30 - ADDRESS 1.2.3.4 - ; response to query of interest (bogus answer) - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ;; (valid signature) - ;; www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} - ;; (bogus signature) - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. - ENTRY_END -RANGE_END - -;; -;; ns.example.com. with valid data again -;; -RANGE_BEGIN 40 60 - ADDRESS 1.2.3.4 - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} - ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -STEP 11 TIME_PASSES ELAPSE 3601 - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; expired answer because upstream is bogus -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl ede=3 -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 123 IN A 10.20.30.40 -www.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -SECTION AUTHORITY -example.com. 123 IN NS ns.example.com. -example.com. 123 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. 123 IN A 1.2.3.4 -ns.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; immediate cached answer because upstream is valid again -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl ede=3 -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 123 IN A 10.20.30.40 -www.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -SECTION AUTHORITY -example.com. 123 IN NS ns.example.com. -example.com. 123 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. 123 IN A 1.2.3.4 -ns.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -; upstream query is resolved before this query comes in -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; prefetch query updated the cache, since there is no upstream response in this range -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_client_timeout_val_insecure_delegation.rpl b/contrib/unbound/testdata/serve_expired_client_timeout_val_insecure_delegation.rpl deleted file mode 100644 index 6654a2c68409..000000000000 --- a/contrib/unbound/testdata/serve_expired_client_timeout_val_insecure_delegation.rpl +++ /dev/null @@ -1,247 +0,0 @@ -; config options -server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" - val-override-date: "20120420235959" - val-max-restart: 0 - outbound-msg-retry: 0 - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - rrset-roundrobin: no - - serve-expired: yes - serve-expired-client-timeout: 1 - serve-expired-reply-ttl: 123 - ede: yes - ede-serve-expired: yes - - # No need for AAAA nameserver queries - do-ip6: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test serve-expired with client-timeout and failed DNSSEC parent of insecure zone -; Scenario overview: -; - query for mc.c.example. IN MX -; - check the answer -; - wait for all the records to expire -; - (example. now has a bogus DNSKEY response) -; - query again for mc.c.example. IN MX -; - (validator fails priming the trust anchor because of the bogus DNSKEY) -; - check that we get the expired insecure response instead - -;; -;; K.ROOT-SERVERS.NET. -;; -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -. IN A -SECTION AUTHORITY -example. IN NS ns1.example. -SECTION ADDITIONAL -ns1.example. IN A 192.0.2.1 -ENTRY_END -RANGE_END - -;; -;; ns1.example. generic data -;; -RANGE_BEGIN 0 100 - ADDRESS 192.0.2.1 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id copy_query -REPLY QR REFUSED -SECTION QUESTION -example. IN NS -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns1.example. IN A -SECTION ANSWER -ns1.example. IN A 192.0.2.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA DO NOERROR -SECTION QUESTION -mc.c.example. IN MX -SECTION AUTHORITY -;; NSEC3 RR that covers the "next closer" name (c.example) -;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck -35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) -35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) -;; NSEC3 RR that matches the closest encloser (example) -;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom -0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) -0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) -c.example. NS ns1.c.example. -SECTION ADDITIONAL -ns1.c.example. A 192.0.2.7 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA DO NOERROR -SECTION QUESTION -c.example. IN DS -SECTION AUTHORITY -;; NSEC3 RR that covers the "next closer" name (c.example) -;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck -35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) -35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) -;; NSEC3 RR that matches the closest encloser (example) -;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom -0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) -0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) -ENTRY_END -RANGE_END - -;; -;; ns1.example. with valid DNSKEY data -;; -RANGE_BEGIN 0 20 - ADDRESS 192.0.2.1 -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example. IN DNSKEY -SECTION ANSWER -example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) -example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) -example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) -ENTRY_END -RANGE_END - -;; -;; ns1.example. with bogus DNSKEY data -;; -RANGE_BEGIN 30 40 - ADDRESS 192.0.2.1 -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example. IN DNSKEY -SECTION ANSWER -example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) -example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) -;; (bogus signature) -example. RRSIG DNSKEY 7 1 3600 20150420235959 20051021000000 12708 example. -ENTRY_END -RANGE_END - -;; -;; ns1.c.example. -;; -RANGE_BEGIN 0 100 - ADDRESS 192.0.2.7 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -c.example. IN NS -SECTION ANSWER -c.example. NS ns1.c.example. -SECTION ADDITIONAL -ns1.c.example. A 192.0.2.7 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -mc.c.example. IN MX -SECTION ANSWER -mc.c.example. IN MX 50 mx.c.example. -SECTION AUTHORITY -c.example. NS ns1.c.example. -SECTION ADDITIONAL -ns1.c.example. A 192.0.2.7 -ENTRY_END -RANGE_END - - -STEP 0 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -mc.c.example. IN MX -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA DO NOERROR -SECTION QUESTION -mc.c.example. IN MX -SECTION ANSWER -mc.c.example. IN MX 50 mx.c.example. -SECTION AUTHORITY -c.example. NS ns1.c.example. -SECTION ADDITIONAL -ns1.c.example. A 192.0.2.7 -ENTRY_END - -STEP 20 TIME_PASSES ELAPSE 3601 - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -mc.c.example. IN MX -ENTRY_END - -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl ede=3 -REPLY QR RD RA DO NOERROR -SECTION QUESTION -mc.c.example. IN MX -SECTION ANSWER -mc.c.example. 123 IN MX 50 mx.c.example. -SECTION AUTHORITY -c.example. 123 NS ns1.c.example. -SECTION ADDITIONAL -ns1.c.example. 123 A 192.0.2.7 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_ttl_reset.rpl b/contrib/unbound/testdata/serve_expired_ttl_reset.rpl deleted file mode 100644 index 521d5a0f04ca..000000000000 --- a/contrib/unbound/testdata/serve_expired_ttl_reset.rpl +++ /dev/null @@ -1,102 +0,0 @@ -; config options go here. -server: - serve-expired: yes - serve-expired-ttl: 1 - serve-expired-ttl-reset: yes - serve-expired-reply-ttl: 123 - ede: yes - ede-serve-expired: yes -forward-zone: name: "." forward-addr: 216.0.0.1 -CONFIG_END -SCENARIO_BEGIN Serve expired ttl with reset on forwarder with a timeout on upstream query -; Scenario overview: -; - Send query -; - Get reply -; - Wait for it to expire (+ serve-expired-ttl) -; - Send query again -; - Upstream timeouts -; - Error response from iterator SERVFAIL, resets expired-ttl on cache -; - Check we are getting the SERVFAIL response -; - Query again -; - Check we are getting the expired answer -; - Upstream still timeouts - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; Upstream reply -STEP 2 REPLY -ENTRY_BEGIN -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 0.0.0.0 -ENTRY_END - -STEP 3 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RA RD NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 10 IN A 0.0.0.0 -ENTRY_END - -; Expire the record (+ serve-expired-ttl) -STEP 4 TIME_PASSES ELAPSE 12 - -STEP 5 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; But the pending query times out! -; outbound-msg-retry times timeout. -STEP 6 TIMEOUT -STEP 7 TIMEOUT -STEP 8 TIMEOUT -STEP 9 TIMEOUT -STEP 10 TIMEOUT - -; Returns servfail -; but error response from iterator resets the expired ttl -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RA RD SERVFAIL -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; Query again -STEP 12 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; Check that we get the expired answer -STEP 13 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl ede=3 -REPLY QR RA RD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 123 IN A 0.0.0.0 -ENTRY_END - -; But the pending query times out! -; Only one because RTT reached the limit. -STEP 16 TIMEOUT - -SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_val_bogus.rpl b/contrib/unbound/testdata/serve_expired_val_bogus.rpl deleted file mode 100644 index 35365beef973..000000000000 --- a/contrib/unbound/testdata/serve_expired_val_bogus.rpl +++ /dev/null @@ -1,316 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - - serve-expired: yes - serve-expired-reply-ttl: 123 - ede: yes - ede-serve-expired: yes - - # No need for AAAA nameserver queries - do-ip6: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test serve-expired with client-timeout and bogus answer -; Scenario overview: -; - query for www.example.com. IN A -; - check the answer -; - wait for the record to expire -; - (upstream now has a bogus response) -; - query again for www.example.com. IN A -; - check that we get the immediate expired valid response -; - (prefetch response is bogus and is not cached) -; - query once more -; - check that we still get the immediate expired valid response and not the fresh bogus one -; - (upstream has a valid response again; prefetch will update the cache) -; - query one last time -; - check that we get an immediate valid cache response - -;; -;; K.ROOT-SERVERS.NET. -;; -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - . IN NS - SECTION ANSWER - . IN NS K.ROOT-SERVERS.NET. - SECTION ADDITIONAL - K.ROOT-SERVERS.NET. IN A 193.0.14.129 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode - ADJUST copy_id copy_query - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END -RANGE_END - -;; -;; a.gtld-servers.net. -;; -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - com. IN NS - SECTION ANSWER - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode - ADJUST copy_id copy_query - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -;; -;; ns.example.com. with generic data -;; -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} - ENTRY_END - - ; response to DNSKEY priming query - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN DNSKEY - SECTION ANSWER - example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} - example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} - ENTRY_END -RANGE_END - -;; -;; ns.example.com. with valid data -;; -RANGE_BEGIN 0 10 - ADDRESS 1.2.3.4 - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} - ENTRY_END -RANGE_END - -;; -;; ns.example.com. with bogus data -;; -RANGE_BEGIN 20 40 - ADDRESS 1.2.3.4 - ; response to query of interest (bogus answer) - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ;; (valid signature) - ;; www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} - ;; (bogus signature) - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. - ENTRY_END -RANGE_END - -;; -;; ns.example.com. with valid data again -;; -RANGE_BEGIN 50 100 - ADDRESS 1.2.3.4 - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} - ENTRY_END -RANGE_END - - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; this is the valid answer -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -STEP 11 TIME_PASSES ELAPSE 3601 - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; this is the immediate expired cache response -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl ede=3 -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 123 IN A 10.20.30.40 -www.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -SECTION AUTHORITY -example.com. 123 IN NS ns.example.com. -example.com. 123 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. 123 IN A 1.2.3.4 -ns.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; this is still the immediate cache response because the previous upstream response was bogus -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl ede=3 -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 123 IN A 10.20.30.40 -www.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -SECTION AUTHORITY -example.com. 123 IN NS ns.example.com. -example.com. 123 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. 123 IN A 1.2.3.4 -ns.example.com. 123 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; this is the immediate cache response because the previous upstream response was valid -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values_cachedb.conf b/contrib/unbound/testdata/stat_values.tdir/stat_values_cachedb.conf deleted file mode 100644 index b5e9b0e02932..000000000000 --- a/contrib/unbound/testdata/stat_values.tdir/stat_values_cachedb.conf +++ /dev/null @@ -1,36 +0,0 @@ -server: - verbosity: 5 - module-config: "cachedb iterator" - serve-expired: yes - num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - extended-statistics: yes - identity: "stat_values" - outbound-msg-retry: 0 - root-key-sentinel: no - trust-anchor-signaling: no - - local-zone: local.zone static - local-data: "www.local.zone A 192.0.2.1" -remote-control: - control-enable: yes - control-interface: 127.0.0.1 - # control-interface: ::1 - control-port: @CONTROL_PORT@ - server-key-file: "unbound_server.key" - server-cert-file: "unbound_server.pem" - control-key-file: "unbound_control.key" - control-cert-file: "unbound_control.pem" -forward-zone: - name: "." - forward-addr: "127.0.0.1@@TOPORT@" -forward-zone: - name: "expired." - forward-addr: "127.0.0.1@@EXPIREDPORT@" diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values_downstream_cookies.conf b/contrib/unbound/testdata/stat_values.tdir/stat_values_downstream_cookies.conf deleted file mode 100644 index 21e78829fc8e..000000000000 --- a/contrib/unbound/testdata/stat_values.tdir/stat_values_downstream_cookies.conf +++ /dev/null @@ -1,32 +0,0 @@ -server: - verbosity: 5 - module-config: "iterator" - num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - extended-statistics: yes - identity: "stat_values" - outbound-msg-retry: 0 - root-key-sentinel: no - trust-anchor-signaling: no - - local-zone: local.zone static - local-data: "www.local.zone A 192.0.2.1" - - answer-cookie: yes - access-control: 127.0.0.1 allow_cookie - -remote-control: - control-enable: yes - control-interface: 127.0.0.1 - # control-interface: ::1 - control-port: @CONTROL_PORT@ - server-key-file: "unbound_server.key" - server-cert-file: "unbound_server.pem" - control-key-file: "unbound_control.key" - control-cert-file: "unbound_control.pem" diff --git a/contrib/unbound/testdata/subnet_cached_ede.crpl b/contrib/unbound/testdata/subnet_cached_ede.crpl deleted file mode 100644 index 36bb28fcc180..000000000000 --- a/contrib/unbound/testdata/subnet_cached_ede.crpl +++ /dev/null @@ -1,114 +0,0 @@ -; Ask the same question twice. Check to see second is answered -; from cache - -server: - trust-anchor-signaling: no - target-fetch-policy: "0 0 0 0 0" - send-client-subnet: 1.2.3.4 - max-client-subnet-ipv4: 17 - module-config: "subnetcache validator iterator" - verbosity: 3 - qname-minimisation: no - minimal-responses: no - ede: yes - val-log-level: 2 - trust-anchor: "example.nl. DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1" - -stub-zone: - name: "example.nl" - stub-addr: 1.2.3.4 -CONFIG_END - -SCENARIO_BEGIN Test subnetcache support for caching EDEs. - -; ns.example.com. -RANGE_BEGIN 0 10 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.nl. IN DNSKEY -SECTION ANSWER -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.nl. IN A -SECTION ANSWER -example.nl. IN A 1.2.3.4 -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END -ENTRY_END -RANGE_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; get the entry in cache. -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -example.nl. IN A -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - 00 08 00 07 ; OPC, optlen - 00 01 11 00 ; ip4, scope 17, source 0 - 7f 00 00 ; 127.0.0.0/17 - HEX_EDNSDATA_END -ENTRY_END - -; get the answer for it -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=9 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -example.nl. IN A -ENTRY_END - -; query again for the cached entry -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -example.nl. IN A -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - 00 08 00 07 ; OPC, optlen - 00 01 11 00 ; ip4, scope 17, source 0 - 7f 00 00 ; 127.0.0.0/17 - HEX_EDNSDATA_END -ENTRY_END - -; this must be a cached answer since stub is not answering in this range -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=9 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -example.nl. IN A -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_cached_servfail.crpl b/contrib/unbound/testdata/subnet_cached_servfail.crpl deleted file mode 100644 index 9c746d579124..000000000000 --- a/contrib/unbound/testdata/subnet_cached_servfail.crpl +++ /dev/null @@ -1,167 +0,0 @@ -; Check if an expired SERVFAIL answer stored in the global cache does not block -; ECS queries to reach the ECS cache. - -server: - trust-anchor-signaling: no - target-fetch-policy: "0 0 0 0 0" - send-client-subnet: 1.2.3.4 - max-client-subnet-ipv4: 21 - module-config: "subnetcache iterator" - verbosity: 3 - access-control: 127.0.0.1 allow_snoop - qname-minimisation: no - minimal-responses: no - serve-expired: yes - prefetch: yes - -stub-zone: - name: "example.com." - stub-addr: 1.2.3.4 -CONFIG_END - -SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache - -; ns.example.com. -RANGE_BEGIN 0 10 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR SERVFAIL - SECTION QUESTION - www.example.com. IN A - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 11 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id copy_ednsdata_assume_clientsubnet - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 10 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 05 ; option length - 00 01 ; Family - 08 00 ; source mask, scopemask - 7f ; address - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This answer should be in the global cache -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; Bring the cached SERVFAIL to prefetch time -STEP 10 TIME_PASSES ELAPSE 5 - -STEP 11 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 00 05 ; OPC, optlen - 00 01 08 00 ; ip4, source 8, scope 0 - 7f ; 127.0.0.0/8 -HEX_EDNSDATA_END -ENTRY_END - -; This answer was cached but a prefetch was triggerred -STEP 12 CHECK_ANSWER -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; Wait for the SERVFAIL to expire -STEP 13 TIME_PASSES ELAPSE 2 - -; Query again to verify that the record was prefetched and stored in the ECS -; cache (because the server replied with ECS this time) -STEP 14 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 00 05 ; OPC, optlen - 00 01 08 00 ; ip4, source 8, scope 0 - 7f ; 127.0.0.0/8 -HEX_EDNSDATA_END -ENTRY_END - -; This record came from the ECS cache -STEP 15 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 8 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3598 IN NS ns.example.com. -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 00 05 ; OPC, optlen - 00 01 08 08 ; ip4, source 8, scope 0 - 7f ; 127.0.0.0/8 -HEX_EDNSDATA_END -ns.example.com. 3598 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_cached_size.crpl b/contrib/unbound/testdata/subnet_cached_size.crpl deleted file mode 100644 index d221d0d37bc8..000000000000 --- a/contrib/unbound/testdata/subnet_cached_size.crpl +++ /dev/null @@ -1,308 +0,0 @@ -; Ask the same question twice. Check to see second is answered -; from cache - -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - trust-anchor-signaling: no - target-fetch-policy: "0 0 0 0 0" - send-client-subnet: 1.2.3.4 - max-client-subnet-ipv4: 17 - module-config: "subnetcache validator iterator" - verbosity: 3 - fake-sha1: yes - fake-dsa: yes - access-control: 127.0.0.0/8 allow_snoop - qname-minimisation: "no" - minimal-responses: no - ; the size for the edns subnet cache - msg-cache-size: 1500 - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test subnet cached response size - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - . IN NS - SECTION ANSWER - . IN NS K.ROOT-SERVERS.NET. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - K.ROOT-SERVERS.NET. IN A 193.0.14.129 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - com. IN NS - SECTION ANSWER - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} - ENTRY_END - - ; response to DNSKEY priming query - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN DNSKEY - SECTION ANSWER - example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} - example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id copy_ednsdata_assume_clientsubnet - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id copy_ednsdata_assume_clientsubnet - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.43 - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AFC5G+z0jWt132hDuTIFOva59cZ7MTd+ex/osuoiQhIIuWFAr9xoZz8= - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.3.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 00 ; source mask, scopemask - 7f 03 00 ; address - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} - ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN - HEX_ANSWER_BEGIN; - 00 00 01 00 00 01 00 00 ;ID 0 - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 0b - - 00 08 00 07 ; OPC, optlen - 00 01 11 00 ; ip4, scope 17, source 0 - 7f 00 00 ;127.0.0.0/17 - HEX_ANSWER_END -ENTRY_END - -STEP 10 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ednsdata - REPLY QR RD RA AD NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 11 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -STEP 11 QUERY - -ENTRY_BEGIN - HEX_ANSWER_BEGIN; - 00 00 00 00 00 01 00 00 ;ID 0, no RD - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 0b - - 00 08 00 07 ; OPC, optlen - 00 01 12 00 ; ip4, scope 18, source 0 - 7f 00 00 ;127.0.0.0/18 - HEX_ANSWER_END -ENTRY_END - -STEP 20 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ednsdata - REPLY QR RA AD NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 12 11 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -; update the cache entry -STEP 30 QUERY -ENTRY_BEGIN - HEX_ANSWER_BEGIN; - 00 00 01 00 00 01 00 00 ;ID 0 - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 0b - - 00 08 00 07 ; OPC, optlen - 00 01 11 00 ; ip4, scope 17, source 0 - 7f 03 00 ;127.3.0.0/17 - HEX_ANSWER_END -ENTRY_END - -STEP 40 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ednsdata - REPLY QR RD RA AD NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.43 - www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AFC5G+z0jWt132hDuTIFOva59cZ7MTd+ex/osuoiQhIIuWFAr9xoZz8= - SECTION AUTHORITY - example.com. IN NS ns.example.com. - example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.3.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 11 11 ; source mask, scopemask - 7f 03 00 ; address - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_global_prefetch.crpl b/contrib/unbound/testdata/subnet_global_prefetch.crpl deleted file mode 100644 index 2f005d43b905..000000000000 --- a/contrib/unbound/testdata/subnet_global_prefetch.crpl +++ /dev/null @@ -1,236 +0,0 @@ -; Check if the prefetch option works properly for messages stored in the global -; cache for non-ECS clients. The prefetch query needs to result in an ECS -; outgoing query based on the client's IP. - -server: - trust-anchor-signaling: no - target-fetch-policy: "0 0 0 0 0" - send-client-subnet: 1.2.3.4 - max-client-subnet-ipv4: 21 - module-config: "subnetcache iterator" - verbosity: 3 - access-control: 127.0.0.1 allow_snoop - qname-minimisation: no - minimal-responses: no - prefetch: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - . IN NS - SECTION ANSWER - . IN NS K.ROOT-SERVERS.NET. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - K.ROOT-SERVERS.NET. IN A 193.0.14.129 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - com. IN NS - SECTION ANSWER - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 10 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 10 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 11 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id copy_ednsdata_assume_clientsubnet - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 10 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 15 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This answer should be in the global cache (because no ECS from upstream) -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -; Try to trigger a prefetch -STEP 3 TIME_PASSES ELAPSE 9 - -STEP 11 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This record came from the global cache and a prefetch was triggered. -STEP 12 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 1 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3591 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 3591 IN A 1.2.3.4 -ENTRY_END - -; Allow time to pass so that the global cache record is expired. -STEP 13 TIME_PASSES ELAPSE 2 - -; Query again to verify that the record was prefetched and stored in the ECS -; cache. -STEP 15 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This record came from the ECS cache. -STEP 16 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 8 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3598 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 3598 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_global_prefetch_always_forward.crpl b/contrib/unbound/testdata/subnet_global_prefetch_always_forward.crpl deleted file mode 100644 index ccfe5dfd6ea1..000000000000 --- a/contrib/unbound/testdata/subnet_global_prefetch_always_forward.crpl +++ /dev/null @@ -1,167 +0,0 @@ -; Check if the prefetch option works properly when serve-expired is combined -; with client-subnet-always-forward for non-ECS clients. The prefetch query -; needs to result in an outgoing query without ECS. - -server: - trust-anchor-signaling: no - target-fetch-policy: "0 0 0 0 0" - serve-expired: yes - client-subnet-always-forward: yes - module-config: "subnetcache iterator" - verbosity: 3 - access-control: 127.0.0.1 allow_snoop - qname-minimisation: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test serve-expired and client-subnet-always-forward without ECS in the request - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - . IN NS - SECTION ANSWER - . IN NS K.ROOT-SERVERS.NET. - SECTION ADDITIONAL - K.ROOT-SERVERS.NET. IN A 193.0.14.129 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - com. IN NS - SECTION ANSWER - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 10 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This answer should be in the global cache -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -; Wait for the TTL to expire -STEP 3 TIME_PASSES ELAPSE 20 - -STEP 11 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This record came from the global cache and a prefetch was triggered -STEP 12 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3580 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 3580 IN A 1.2.3.4 -ENTRY_END - -STEP 13 CHECK_OUT_QUERY -ENTRY_BEGIN - MATCH all - REPLY NOERROR DO - SECTION QUESTION - www.example.com. IN A -ENTRY_END - -STEP 14 TRAFFIC - -SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_global_prefetch_expired.crpl b/contrib/unbound/testdata/subnet_global_prefetch_expired.crpl deleted file mode 100644 index de1b780553a9..000000000000 --- a/contrib/unbound/testdata/subnet_global_prefetch_expired.crpl +++ /dev/null @@ -1,241 +0,0 @@ -; Check if the prefetch option works properly for messages stored in the global -; cache for non-ECS clients. The prefetch query needs to result in an ECS -; outgoing query based on the client's IP. -; Prefetch initiated via serve-expired. - -server: - trust-anchor-signaling: no - target-fetch-policy: "0 0 0 0 0" - send-client-subnet: 1.2.3.4 - max-client-subnet-ipv4: 21 - module-config: "subnetcache iterator" - verbosity: 3 - access-control: 127.0.0.1 allow_snoop - qname-minimisation: no - minimal-responses: no - serve-expired: yes - serve-expired-ttl: 1 - prefetch: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled (initiated via serve-expired) - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - . IN NS - SECTION ANSWER - . IN NS K.ROOT-SERVERS.NET. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - K.ROOT-SERVERS.NET. IN A 193.0.14.129 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - com. IN NS - SECTION ANSWER - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 10 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 10 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 11 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id copy_ednsdata_assume_clientsubnet - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 10 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 15 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This answer should be in the global cache (because no ECS from upstream) -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -; Try to trigger a prefetch with expired data -STEP 3 TIME_PASSES ELAPSE 11 - -STEP 11 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This expired record came from the global cache and a prefetch is triggered. -STEP 12 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3589 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 3589 IN A 1.2.3.4 -ENTRY_END - -;STEP 13 TRAFFIC -; Allow enough time to pass so that the expired record from the global cache -; cannot be used anymore. -STEP 14 TIME_PASSES ELAPSE 1 - -; Query again to verify that the record was prefetched and stored in the ECS -; cache. -STEP 15 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This record came from the ECS cache. -STEP 16 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 9 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3599 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 3599 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_prezero.crpl b/contrib/unbound/testdata/subnet_prezero.crpl deleted file mode 100644 index 22cdfffb03b3..000000000000 --- a/contrib/unbound/testdata/subnet_prezero.crpl +++ /dev/null @@ -1,155 +0,0 @@ -; subnet unit test -server: - trust-anchor-signaling: no - send-client-subnet: 1.2.3.4 - send-client-subnet: 1.2.3.5 - target-fetch-policy: "0 0 0 0 0" - module-config: "subnetcache validator iterator" - qname-minimisation: no - minimal-responses: no - -stub-zone: - name: "example.com" - stub-addr: 1.2.3.4 -CONFIG_END - -SCENARIO_BEGIN Test subnetcache source prefix zero from client. -; In RFC7871 section-7.1.2 (para. 2). -; It says that the recursor must send no EDNS subnet or its own address -; in the EDNS subnet to the upstream server. And use that answer for the -; source prefix length zero query. That type of query is for privacy. -; The authority server is then going to use the resolver's IP, if any, to -; tailor the answer to the query source address. - -; ns.example.com -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 - -; reply with 0.0.0.0/0 in reply -; For the test the answers for 0.0.0.0/0 queries are SERVFAIL, the normal -; answers are NOERROR. -ENTRY_BEGIN -MATCH opcode qtype qname ednsdata -ADJUST copy_id -REPLY QR AA DO SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN CNAME star.c10r.example.com. -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 00 04 ; OPCODE=subnet, optlen - 00 01 00 00 ; ip4, scope 0, source 0 - ; 0.0.0.0/0 -HEX_EDNSDATA_END -ENTRY_END - -; reply without subnet -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN CNAME star.c10r.example.com. -ENTRY_END - -; delegation answer for c10r.example.com, with subnet /0 -ENTRY_BEGIN -MATCH opcode subdomain ednsdata -ADJUST copy_id copy_query -REPLY QR DO SERVFAIL -SECTION QUESTION -c10r.example.com. IN NS -SECTION AUTHORITY -c10r.example.com. IN NS ns.c10r.example.com. -SECTION ADDITIONAL -ns.c10r.example.com. IN A 1.2.3.5 -HEX_EDNSDATA_BEGIN - 00 08 00 04 ; OPCODE=subnet, optlen - 00 01 00 00 ; ip4, scope 0, source 0 - ; 0.0.0.0/0 -HEX_EDNSDATA_END -ENTRY_END - -; delegation answer for c10r.example.com, without subnet -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR DO NOERROR -SECTION QUESTION -c10r.example.com. IN NS -SECTION AUTHORITY -c10r.example.com. IN NS ns.c10r.example.com. -SECTION ADDITIONAL -ns.c10r.example.com. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.c10r.example.com -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 - -; reply with 0.0.0.0/0 in reply -ENTRY_BEGIN -MATCH opcode qtype qname ednsdata -ADJUST copy_id -REPLY QR AA DO SERVFAIL -SECTION QUESTION -star.c10r.example.com. IN A -SECTION ANSWER -star.c10r.example.com. IN A 1.2.3.6 -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 00 04 ; OPCODE=subnet, optlen - 00 01 00 00 ; ip4, scope 0, source 0 - ; 0.0.0.0/0 -HEX_EDNSDATA_END -ENTRY_END - -; reply without subnet -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA DO NOERROR -SECTION QUESTION -star.c10r.example.com. IN A -SECTION ANSWER -star.c10r.example.com. IN A 1.2.3.6 -ENTRY_END -RANGE_END - -; ask for www.example.com -; server answers with CNAME to a delegation, that then -; returns a /24 answer. -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 00 04 ; OPCODE=subnet, optlen - 00 01 00 00 ; ip4, scope 0, source 0 - ; 0.0.0.0/0 -HEX_EDNSDATA_END -ENTRY_END - -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ednsdata -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN CNAME star.c10r.example.com. -star.c10r.example.com. IN A 1.2.3.6 -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 00 04 ; OPCODE=subnet, optlen - 00 01 00 00 ; ip4, scope 0, source 0 - ; 0.0.0.0/0 -HEX_EDNSDATA_END -ENTRY_END -SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_scopezero_noedns.crpl b/contrib/unbound/testdata/subnet_scopezero_noedns.crpl deleted file mode 100644 index 25df0dd71cf2..000000000000 --- a/contrib/unbound/testdata/subnet_scopezero_noedns.crpl +++ /dev/null @@ -1,441 +0,0 @@ -; scope of 0, if the query also had scope of 0, do not answer this -; to everyone, but only for scope 0 queries. Otherwise can answer cached. - -server: - target-fetch-policy: "0 0 0 0 0" - send-client-subnet: 1.2.3.4 - module-config: "subnetcache validator iterator" - verbosity: 4 - qname-minimisation: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 - -stub-zone: - name: "example.com" - stub-addr: 1.2.3.4 -CONFIG_END - -SCENARIO_BEGIN Test subnet cache with scope zero response without EDNS. - -; the upstream server. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 - -ENTRY_BEGIN -MATCH opcode qtype qname ednsdata -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - ;; we expect to receive empty -HEX_EDNSDATA_END -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END -RANGE_END - -RANGE_BEGIN 0 11 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -;copy_ednsdata_assume_clientsubnet -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 18 11 ; source mask, scopemask - 7f 00 00 ; address -HEX_EDNSDATA_END -ENTRY_END -RANGE_END - -RANGE_BEGIN 20 31 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -;copy_ednsdata_assume_clientsubnet -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.41 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 18 11 ; source mask, scopemask - 7f 01 00 ; address -HEX_EDNSDATA_END -ENTRY_END -RANGE_END - -RANGE_BEGIN 40 51 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -;copy_ednsdata_assume_clientsubnet -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.42 -SECTION AUTHORITY -SECTION ADDITIONAL -;no EDNS in this answer. Tests if the back_parsed callback -;is called to process the lack of edns contents. -;HEX_EDNSDATA_BEGIN - ;00 08 ; OPC - ;00 04 ; option length - ;00 01 ; Family - ;00 00 ; source mask, scopemask - ; ; address 0.0.0.0/0 scope 0 -;HEX_EDNSDATA_END -ENTRY_END -RANGE_END - -RANGE_BEGIN 120 131 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -;copy_ednsdata_assume_clientsubnet -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.43 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 18 00 ; source mask, scopemask - 7f 02 00 ; address 127.2.0.0/24 scope 0 -HEX_EDNSDATA_END -ENTRY_END -RANGE_END - -; query for 127.0.0.0/24 -STEP 1 QUERY -ENTRY_BEGIN -HEX_ANSWER_BEGIN - 00 00 01 00 00 01 00 00 ;ID 0 - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 0b - - 00 08 00 07 ; OPC, optlen - 00 01 18 00 ; ip4, scope 24, source 0 - 7f 00 00 ;127.0.0.0/24 -HEX_ANSWER_END -ENTRY_END - -; answer is 10.20.30.40 for 127.0.0.0/24 scope 17 -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ednsdata -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 18 11 ; source mask, scopemask - 7f 00 00 ; address -HEX_EDNSDATA_END -ENTRY_END - -; query for 127.1.0.0/24 -STEP 20 QUERY -ENTRY_BEGIN -HEX_ANSWER_BEGIN - 00 00 01 00 00 01 00 00 ;ID 0 - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 0b - - 00 08 00 07 ; OPC, optlen - 00 01 18 00 ; ip4, scope 24, source 0 - 7f 01 00 ;127.1.0.0/24 -HEX_ANSWER_END -ENTRY_END - -; answer is 10.20.30.41 for 127.1.0.0/24 scope 17 -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ednsdata -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.41 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - ; client is 127.1.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 18 11 ; source mask, scopemask - 7f 01 00 ; address -HEX_EDNSDATA_END -ENTRY_END - -; query for 0.0.0.0/0 -STEP 40 QUERY -ENTRY_BEGIN -HEX_ANSWER_BEGIN - 00 00 01 00 00 01 00 00 ;ID 0 - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 08 - - 00 08 00 04 ; OPC, optlen - 00 01 00 00 ; ip4, scope 0, source 0 - ;0.0.0.0/0 -HEX_ANSWER_END -ENTRY_END - -; answer is 10.20.30.42 for 0.0.0.0/0 scope 0 -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ednsdata -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.42 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 ; OPC - 00 04 ; option length - 00 01 ; Family - 00 00 ; source mask, scopemask - ; address -HEX_EDNSDATA_END -ENTRY_END - -; query for 127.0.0.0/24, again, it should be in cache. -; and not from the scope 0 answer. -STEP 60 QUERY -ENTRY_BEGIN -HEX_ANSWER_BEGIN - 00 00 01 00 00 01 00 00 ;ID 0 - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 0b - - 00 08 00 07 ; OPC, optlen - 00 01 18 00 ; ip4, scope 24, source 0 - 7f 00 00 ;127.0.0.0/24 -HEX_ANSWER_END -ENTRY_END - -; answer should be 10.20.30.40 for 127.0.0.0/24 scope 17 -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ednsdata -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 18 11 ; source mask, scopemask - 7f 00 00 ; address -HEX_EDNSDATA_END -ENTRY_END - -; query for 127.1.0.0/24, again, it should be in cache. -STEP 80 QUERY -ENTRY_BEGIN -HEX_ANSWER_BEGIN - 00 00 01 00 00 01 00 00 ;ID 0 - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 0b - - 00 08 00 07 ; OPC, optlen - 00 01 18 00 ; ip4, scope 24, source 0 - 7f 01 00 ;127.1.0.0/24 -HEX_ANSWER_END -ENTRY_END - -; answer should be 10.20.30.41 for 127.1.0.0/24 scope 17 -STEP 90 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ednsdata -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.41 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - ; client is 127.1.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 18 11 ; source mask, scopemask - 7f 01 00 ; address -HEX_EDNSDATA_END -ENTRY_END - -; query for 0.0.0.0/0, again. -STEP 100 QUERY -ENTRY_BEGIN -HEX_ANSWER_BEGIN - 00 00 01 00 00 01 00 00 ;ID 0 - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 08 - - 00 08 00 04 ; OPC, optlen - 00 01 00 00 ; ip4, scope 0, source 0 - ;0.0.0.0/0 -HEX_ANSWER_END -ENTRY_END - -; answer should be 10.20.30.42 for 0.0.0.0/0 scope 0 -STEP 110 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ednsdata -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.42 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 ; OPC - 00 04 ; option length - 00 01 ; Family - 00 00 ; source mask, scopemask - ; address -HEX_EDNSDATA_END -ENTRY_END - -; now a query for a /24 that gets an answer for a /0. -STEP 120 QUERY -ENTRY_BEGIN -HEX_ANSWER_BEGIN - 00 00 01 00 00 01 00 00 ;ID 0 - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 0b - - 00 08 00 07 ; OPC, optlen - 00 01 18 00 ; ip4, scope 24, source 0 - 7f 02 00 ;127.2.0.0/24 -HEX_ANSWER_END -ENTRY_END - -; answer should be 10.20.30.43 for 127.2.0.0/24 scope 0 -STEP 130 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ednsdata -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.43 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - ; client is 127.2.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 18 00 ; source mask, scopemask - 7f 02 00 ; address -HEX_EDNSDATA_END -ENTRY_END - -; the scope 0 answer is now used to answer queries from -; query for 127.0.0.0/24 -STEP 140 QUERY -ENTRY_BEGIN -HEX_ANSWER_BEGIN - 00 00 01 00 00 01 00 00 ;ID 0 - 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) - 07 65 78 61 6d 70 6c 65 - 03 63 6f 6d 00 00 01 00 - 01 00 00 29 10 00 00 00 - 80 00 00 0b - - 00 08 00 07 ; OPC, optlen - 00 01 18 00 ; ip4, scope 24, source 0 - 7f 00 00 ;127.0.0.0/24 -HEX_ANSWER_END -ENTRY_END - -STEP 150 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ednsdata -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.43 -SECTION AUTHORITY -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 18 00 ; source mask, scopemask - 7f 00 00 ; address -HEX_EDNSDATA_END -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/ttl_max_negative.rpl b/contrib/unbound/testdata/ttl_max_negative.rpl deleted file mode 100644 index 243b66fe39b6..000000000000 --- a/contrib/unbound/testdata/ttl_max_negative.rpl +++ /dev/null @@ -1,206 +0,0 @@ -; config options -server: - access-control: 127.0.0.1 allow_snoop - cache-max-ttl: 15 # This will be overriden - cache-max-negative-ttl: 10 - qname-minimisation: "no" - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test TTL max option for messages in the cache - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -a.gtld-servers.net. IN A -SECTION ANSWER -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -K.ROOT-SERVERS.NET. IN A -SECTION ANSWER -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -a.gtld-servers.net. IN AAAA -SECTION AUTHORITY -. 86400 IN SOA . . 20070304 28800 7200 604800 86400 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -K.ROOT-SERVERS.NET. IN AAAA -SECTION AUTHORITY -. 86400 IN SOA . . 20070304 28800 7200 604800 86400 -ENTRY_END - -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.com. IN A -SECTION ANSWER -ns.example.com. IN A 1.2.3.4 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. 3600 IN SOA . . 15 28800 7200 604800 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION AUTHORITY -example.com. 3600 IN SOA . . 15 28800 7200 604800 3600 -ENTRY_END - -RANGE_END - -; start by passing time ; so we are not at 0 -STEP 1 TIME_PASSES ELAPSE 10 - -; query for the record -STEP 8 QUERY -ENTRY_BEGIN -REPLY RD CD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA CD NXDOMAIN -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -SECTION AUTHORITY -example.com. 10 IN SOA . . 15 28800 7200 604800 3600 -ENTRY_END - -; wait -STEP 20 TIME_PASSES ELAPSE 5 - -; do a lookup to check TTLs. -STEP 25 QUERY -ENTRY_BEGIN -REPLY -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 26 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RA NXDOMAIN -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -SECTION AUTHORITY -example.com. 5 IN SOA . . 15 28800 7200 604800 3600 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/ttl_min_negative.rpl b/contrib/unbound/testdata/ttl_min_negative.rpl deleted file mode 100644 index ece3366c54ee..000000000000 --- a/contrib/unbound/testdata/ttl_min_negative.rpl +++ /dev/null @@ -1,204 +0,0 @@ -; config options -server: - access-control: 127.0.0.1 allow_snoop - cache-min-ttl: 5 # This will be overriden - cache-min-negative-ttl: 10 - qname-minimisation: "no" - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test TTL min option for messages in the cache - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -a.gtld-servers.net. IN A -SECTION ANSWER -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -K.ROOT-SERVERS.NET. IN A -SECTION ANSWER -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -a.gtld-servers.net. IN AAAA -SECTION AUTHORITY -. 86400 IN SOA . . 20070304 28800 7200 604800 86400 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -K.ROOT-SERVERS.NET. IN AAAA -SECTION AUTHORITY -. 86400 IN SOA . . 20070304 28800 7200 604800 86400 -ENTRY_END - -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.com. IN A -SECTION ANSWER -ns.example.com. IN A 1.2.3.4 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. 1 IN SOA . . 15 28800 7200 604800 1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION AUTHORITY -example.com. 1 IN SOA . . 15 28800 7200 604800 1 -ENTRY_END - -RANGE_END - -; start by passing time ; so we are not at 0 -STEP 1 TIME_PASSES ELAPSE 10 - -; query for the record -STEP 8 QUERY -ENTRY_BEGIN -REPLY RD CD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA CD NXDOMAIN -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. 10 IN SOA . . 15 28800 7200 604800 1 -ENTRY_END - -; wait for 7 seconds -STEP 20 TIME_PASSES ELAPSE 7 - -; do a lookup to check TTLs. -STEP 25 QUERY -ENTRY_BEGIN -REPLY -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -STEP 26 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RA NXDOMAIN -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. 3 IN SOA . . 15 28800 7200 604800 1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/val_any_negcache.rpl b/contrib/unbound/testdata/val_any_negcache.rpl deleted file mode 100644 index 8800a2140219..000000000000 --- a/contrib/unbound/testdata/val_any_negcache.rpl +++ /dev/null @@ -1,243 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - rrset-roundrobin: no - aggressive-nsec: yes - harden-unknown-additional: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with response to qtype ANY and negative cache. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response with NODATA -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN LOC -SECTION AUTHORITY -example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 -example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} -example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY -example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN ANY -SECTION ANSWER -example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 -example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} -example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. -example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} -example.com. 86400 IN AAAA 2001:7b8:206:1::1 -example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} -example.com. 86400 IN TXT "Stichting NLnet Labs" -example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} -example.com. 86400 IN MX 100 v.net.example. -example.com. 86400 IN MX 50 open.example.com. -example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} -example.com. 86400 IN NS v.net.example. -example.com. 86400 IN NS open.example.com. -example.com. 86400 IN NS ns7.domain-registry.example. -example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} -example.com. 86400 IN A 213.154.224.1 -example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} -example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY -example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} -SECTION AUTHORITY -SECTION ADDITIONAL -ns7.domain-registry.example. 80173 IN A 62.4.86.230 -open.example.com. 600 IN A 213.154.224.1 -open.example.com. 600 IN AAAA 2001:7b8:206:1::53 -open.example.com. 600 IN AAAA 2001:7b8:206:1::1 -v.net.example. 28800 IN A 213.154.224.17 -v.net.example. 28800 IN AAAA 2001:7b8:206:1:200:39ff:fe59:b187 -johnny.example.com. 600 IN A 213.154.224.44 -open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} -open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} -johnny.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854} -_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854} -_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com. -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -MATCH TCP -REPLY RD DO -SECTION QUESTION -example.com. IN LOC -ENTRY_END - -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -example.com. IN LOC -SECTION ANSWER -SECTION AUTHORITY -example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 -example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} -example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY -example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -MATCH TCP -REPLY RD DO -SECTION QUESTION -example.com. IN ANY -ENTRY_END - -; Allow validation resuming for the RRSIGs -STEP 21 TIME_PASSES ELAPSE 0.05 - -; recursion happens here. -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -example.com. IN ANY -SECTION ANSWER -example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 -example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} -example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. -example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} -example.com. 86400 IN AAAA 2001:7b8:206:1::1 -example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} -example.com. 86400 IN TXT "Stichting NLnet Labs" -example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} -example.com. 86400 IN MX 100 v.net.example. -example.com. 86400 IN MX 50 open.example.com. -example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} -example.com. 86400 IN NS v.net.example. -example.com. 86400 IN NS open.example.com. -example.com. 86400 IN NS ns7.domain-registry.example. -example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} -example.com. 86400 IN A 213.154.224.1 -example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} -example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY -example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} -SECTION AUTHORITY -SECTION ADDITIONAL -open.example.com. 600 IN A 213.154.224.1 -open.example.com. 600 IN AAAA 2001:7b8:206:1::53 -open.example.com. 600 IN AAAA 2001:7b8:206:1::1 -open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} -open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/val_cnameqtype_qmin.rpl b/contrib/unbound/testdata/val_cnameqtype_qmin.rpl deleted file mode 100644 index 7943b09488ec..000000000000 --- a/contrib/unbound/testdata/val_cnameqtype_qmin.rpl +++ /dev/null @@ -1,784 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" - trust-anchor: "foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "yes" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with a query for type cname - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 1000 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 1000 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.net. IN NS -SECTION AUTHORITY -foo.net. IN NS ns.example.com. -ENTRY_END - -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN CNAME -SECTION ANSWER -www.example.com. IN CNAME www.example.net. -www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN CNAME www.example.net. -www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 3600 IN CNAME www.example.net. -www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -test-dname.example.com. IN A -SECTION AUTHORITY -test-dname.example.com. IN NSEC ur.example.com. DNAME RRSIG NSEC -test-dname.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AAez/ZKaKWeaFxTR139M1czTPdpAXG7QDAbNLEF3QT0/nBRKGyI3BAM= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.test-dname.example.com. IN CNAME -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo.test-dname.example.com. 3600 IN CNAME foo.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.test-dname.example.com. IN A -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo.test-dname.example.com. 3600 IN CNAME foo.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www3.example.com. IN A -SECTION ANSWER -www3.example.com. 3600 IN CNAME www3.foo.net. -www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www3.foo.net. IN A -SECTION ANSWER -www3.foo.net. IN A 12.13.14.15 -www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www4.example.com. IN CNAME -SECTION ANSWER -www4.example.com. 3600 IN CNAME www4.foo.net. -www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www4.example.com. IN A -SECTION ANSWER -www4.example.com. 3600 IN CNAME www4.foo.net. -www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www4.foo.net. IN CNAME -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www4.foo.net. IN A -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www5.example.com. IN A -SECTION ANSWER -www5.example.com. 3600 IN CNAME www5.foo.net. -www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www5.foo.net. IN A -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -h-dname.example.com. IN A -SECTION AUTHORITY -h-dname.example.com. IN NSEC ip.example.com. DNAME RRSIG NSEC -h-dname.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AFFsp8m0uRY9RaXCtk47kKuQEDj1YsM7izqOz9N+8sMT5wBXhWg3KqI= -example.com. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. ABRSIKVO+4LWyeGBM5lPJlZBJaj6iDihKwPSzYx6fgGbiHdtLkXOMUc= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -cup.h-dname.example.com. IN CNAME -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -cup.h-dname.example.com. IN A -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -tea.foo.net. IN A -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -cup.tea.foo.net. IN CNAME -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -cup.tea.foo.net. IN A -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.net. IN DNSKEY -SECTION ANSWER -foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -foo.net. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 foo.net. FLWrxrEnMpKoUDf+mbHGKSQ9OYloJs1eVbxkQaTSfJSLnLzOS0MLflMfbH1nC+Fk8idN7Aw07P5S9Ez1/fAb4w== -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -foo.example.net. IN A -SECTION ANSWER -foo.example.net. IN A 11.12.13.16 -foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. nDw60j3CmEUuFDXnTTNbdUHKJFTIEGHbSKE096CdgbSK73wV2xfG5YdMPA59cYUG0oODPyAKuhDltzk7LoTaWg== -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -foo.example.net. IN CNAME -SECTION AUTHORITY -foo.example.net. IN NSEC go.example.net. A AAAA RRSIG NSEC -foo.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. JgRBvtJwQqzidljfbnINd283z57/7UFcLGfSLKdgEXky0hf8S54cnFKsruMv8d3OMScmGOMFnYQ1flJxfK0+Zw== -example.net. IN SOA ns.example.net. admin.example.net. 2024030884 3600 3600 604800 3600 -example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ZlStOlahsMp7yzVD2GRAOKXoYlsV372Q2hMpFJYNdhpHcqlqodgVFxA80ftJ66OjeVpb+1DJSIZitSaQrfF8rA== -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. IN A 11.12.13.14 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; Test qtype CNAME, answer from upstream. -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN CNAME -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN CNAME -SECTION ANSWER -www.example.com. IN CNAME www.example.net. -www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -; Test qtype CNAME, answer from cache after A query. -; perform the A query that gets the CNAME in cache. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www2.example.com. IN A -ENTRY_END - -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION ANSWER -www2.example.com. 3600 IN CNAME www.example.net. -www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= -www.example.net. IN A 11.12.13.14 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} -ENTRY_END - -; now query for type CNAME, that is in cache. -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www2.example.com. IN CNAME -ENTRY_END - -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www2.example.com. IN CNAME -SECTION ANSWER -www2.example.com. 3600 IN CNAME www.example.net. -www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= -ENTRY_END - -; Test qtype CNAME, answer DNAME from upstream. -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -foo.test-dname.example.com. IN CNAME -ENTRY_END - -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -foo.test-dname.example.com. IN CNAME -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo.test-dname.example.com. 3600 IN CNAME foo.example.net. -ENTRY_END - -; Test qtype CNAME, answer DNAME from cached DNAME record. -STEP 80 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -foo2.test-dname.example.com. IN CNAME -ENTRY_END - -STEP 90 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -foo2.test-dname.example.com. IN CNAME -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo2.test-dname.example.com. 3600 IN CNAME foo2.example.net. -ENTRY_END - -; Test first a simple A query, that connects example.com to foo.net. -STEP 100 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www3.example.com. IN A -ENTRY_END - -STEP 110 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www3.example.com. IN A -SECTION ANSWER -www3.example.com. 3600 IN CNAME www3.foo.net. -www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= -www3.foo.net. IN A 12.13.14.15 -www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== -ENTRY_END - -; Test qtype CNAME, but the upstream responds that there is NXDOMAIN, -; it can do this because it has the zone loaded at the name after the CNAME, -; in the zone foo.net. and it chases the CNAME. -STEP 120 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www4.example.com. IN CNAME -ENTRY_END - -STEP 130 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -www4.example.com. IN CNAME -SECTION ANSWER -www4.example.com. 3600 IN CNAME www4.foo.net. -www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -; Test, first pull a CNAME to NXDOMAIN in cache with an A query and then use -; it for qtype CNAME. -STEP 140 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www5.example.com. IN A -ENTRY_END - -STEP 150 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -www5.example.com. IN A -SECTION ANSWER -www5.example.com. 3600 IN CNAME www5.foo.net. -www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= -SECTION AUTHORITY -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -ENTRY_END - -STEP 160 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www5.example.com. IN CNAME -ENTRY_END - -STEP 170 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www5.example.com. IN CNAME -SECTION ANSWER -www5.example.com. 3600 IN CNAME www5.foo.net. -www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= -ENTRY_END - -; Test, qtype CNAME, but it is a DNAME and the upstream server can respond -; with NXDOMAIN, it can do this because the foo.net zone is also loaded by -; the server and it looks in the other zone. -STEP 180 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -cup.h-dname.example.com. IN CNAME -ENTRY_END - -STEP 190 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -cup.h-dname.example.com. IN CNAME -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -; Test, first pull a DNAME in cache and then use it for qtype CNAME to an -; NXDOMAIN. -STEP 200 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -cup2.h-dname.example.com. IN CNAME -ENTRY_END - -STEP 210 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -cup2.h-dname.example.com. IN CNAME -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup2.h-dname.example.com. 3600 IN CNAME cup2.tea.foo.net. -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/val_dname_twice.rpl b/contrib/unbound/testdata/val_dname_twice.rpl deleted file mode 100644 index bc84bf91c18d..000000000000 --- a/contrib/unbound/testdata/val_dname_twice.rpl +++ /dev/null @@ -1,226 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with a dname used twice - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -a.a.test-dname-2.example.com. IN A -SECTION ANSWER -test-dname-2.example.com. 3600 IN DNAME test-2.example.com. -test-dname-2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AB9F05uhCzJ0hFbu/033nWLEMDoDrIY1PL69PsD9kMUuyzT4irnUlGY= -; unsigned CNAME -a.a.test-dname-2.example.com. IN CNAME a.a.test-2.example.com. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -a.a.test-2.example.com. IN A -SECTION ANSWER -a.a.test-2.example.com. 3600 IN CNAME a.test-dname-2.example.com. -a.a.test-2.example.com. 3600 IN RRSIG CNAME 3 5 3600 20070926134150 20070829134150 2854 example.com. AECBiHVJ8qaSV3sC7LcOlSF2W4b9JD+g44fQ2EvkKqGJVUJfa6840i8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -a.test-dname-2.example.com. IN A -SECTION ANSWER -test-dname-2.example.com. 3600 IN DNAME test-2.example.com. -test-dname-2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AB9F05uhCzJ0hFbu/033nWLEMDoDrIY1PL69PsD9kMUuyzT4irnUlGY= -; unsigned CNAME -a.test-dname-2.example.com. IN CNAME a.test-2.example.com. -SECTION AUTHORITY -snow.example.com. 3600 IN NSEC a.a.test-2.example.com. A AAAA RRSIG NSEC -snow.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHy/eDMTc5D7Q7Svh/B/r/twvHn8GTzYgSwO1jFasFrb2Gmtk8waXaM= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -a.test-2.example.com. IN A -SECTION ANSWER -SECTION AUTHORITY -example.com. 3600 IN SOA ns.example.com. root.example.com. 1 3600 300 7200 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AEO4JOt/lNSVk3InhQz4MvUXll2vOOuZklfB7HpnW45kvEqHsqfWuNw= -snow.example.com. 3600 IN NSEC a.a.test-2.example.com. A AAAA RRSIG NSEC -snow.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHy/eDMTc5D7Q7Svh/B/r/twvHn8GTzYgSwO1jFasFrb2Gmtk8waXaM= -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -a.a.test-dname-2.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -a.a.test-dname-2.example.com. IN A -SECTION ANSWER -test-dname-2.example.com. 3600 IN DNAME test-2.example.com. -test-dname-2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AB9F05uhCzJ0hFbu/033nWLEMDoDrIY1PL69PsD9kMUuyzT4irnUlGY= ;{id = 2854} -a.a.test-dname-2.example.com. 3600 IN CNAME a.a.test-2.example.com. -a.a.test-2.example.com. 3600 IN CNAME a.test-dname-2.example.com. -a.a.test-2.example.com. 3600 IN RRSIG CNAME 3 5 3600 20070926134150 20070829134150 2854 example.com. AECBiHVJ8qaSV3sC7LcOlSF2W4b9JD+g44fQ2EvkKqGJVUJfa6840i8= ;{id = 2854} -a.test-dname-2.example.com. 3600 IN CNAME a.test-2.example.com. - -SECTION AUTHORITY -example.com. 3600 IN SOA ns.example.com. root.example.com. 1 3600 300 7200 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AEO4JOt/lNSVk3InhQz4MvUXll2vOOuZklfB7HpnW45kvEqHsqfWuNw= ;{id = 2854} -snow.example.com. 3600 IN NSEC a.a.test-2.example.com. A AAAA RRSIG NSEC -snow.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHy/eDMTc5D7Q7Svh/B/r/twvHn8GTzYgSwO1jFasFrb2Gmtk8waXaM= ;{id = 2854} -ENTRY_END - -; Check cache response for DNAME -; so 100+ the authority will not respond any more : must be from cache. -STEP 110 TIME_PASSES ELAPSE 10 - -STEP 120 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -a.a.test-dname-2.example.com. IN A -ENTRY_END - -STEP 130 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -a.a.test-dname-2.example.com. IN A -SECTION ANSWER -test-dname-2.example.com. 3590 IN DNAME test-2.example.com. -test-dname-2.example.com. 3590 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AB9F05uhCzJ0hFbu/033nWLEMDoDrIY1PL69PsD9kMUuyzT4irnUlGY= ;{id = 2854} -a.a.test-dname-2.example.com. 3590 IN CNAME a.a.test-2.example.com. -a.a.test-2.example.com. 3590 IN CNAME a.test-dname-2.example.com. -a.a.test-2.example.com. 3590 IN RRSIG CNAME 3 5 3600 20070926134150 20070829134150 2854 example.com. AECBiHVJ8qaSV3sC7LcOlSF2W4b9JD+g44fQ2EvkKqGJVUJfa6840i8= ;{id = 2854} -a.test-dname-2.example.com. 3590 IN CNAME a.test-2.example.com. - -SECTION AUTHORITY -example.com. 3590 IN SOA ns.example.com. root.example.com. 1 3600 300 7200 3600 -example.com. 3590 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AEO4JOt/lNSVk3InhQz4MvUXll2vOOuZklfB7HpnW45kvEqHsqfWuNw= ;{id = 2854} -snow.example.com. 3590 IN NSEC a.a.test-2.example.com. A AAAA RRSIG NSEC -snow.example.com. 3590 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHy/eDMTc5D7Q7Svh/B/r/twvHn8GTzYgSwO1jFasFrb2Gmtk8waXaM= ;{id = 2854} -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/val_dnameqtype.rpl b/contrib/unbound/testdata/val_dnameqtype.rpl deleted file mode 100644 index 74cc45ec2008..000000000000 --- a/contrib/unbound/testdata/val_dnameqtype.rpl +++ /dev/null @@ -1,689 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" - trust-anchor: "foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with a query for type dname - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 1000 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 1000 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.net. IN NS -SECTION AUTHORITY -foo.net. IN NS ns.example.com. -ENTRY_END - -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN DNAME -SECTION ANSWER -www.example.com. IN DNAME www.example.net. -www.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKXpbBNiurXv6oFOFQJv5rASdxpoWp2WV1j4ZdJAJ1f48cOkBM2oiEE= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www2.example.com. IN DNAME -SECTION ANSWER -www2.example.com. 3600 IN DNAME www.example.net. -www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -fore.www2.example.com. IN A -SECTION ANSWER -www2.example.com. 3600 IN DNAME www.example.net. -www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= -fore.www2.example.com. IN CNAME fore.www.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.test-dname.example.com. IN DNAME -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo.test-dname.example.com. 3600 IN CNAME foo.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www3.example.com. IN A -SECTION ANSWER -www3.example.com. 3600 IN CNAME www3.foo.net. -www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www3.foo.net. IN A -SECTION ANSWER -www3.foo.net. IN A 12.13.14.15 -www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www4.example.com. IN DNAME -SECTION ANSWER -www4.example.com. 3600 IN CNAME www4.foo.net. -www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www4.foo.net. IN DNAME -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www5.example.com. IN A -SECTION ANSWER -www5.example.com. 3600 IN CNAME www5.foo.net. -www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www5.foo.net. IN A -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -cup.h-dname.example.com. IN DNAME -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -cup.tea.foo.net. IN DNAME -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.net. IN DNSKEY -SECTION ANSWER -foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -foo.net. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 foo.net. FLWrxrEnMpKoUDf+mbHGKSQ9OYloJs1eVbxkQaTSfJSLnLzOS0MLflMfbH1nC+Fk8idN7Aw07P5S9Ez1/fAb4w== -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.example.net. IN DNAME -SECTION ANSWER -foo.example.net. IN DNAME lower.example.net. -foo.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. OZLH158CkKbQZOkBCof7oLzy8sbtDI3/BHEOqBeYZzcfHHfHS9L4qJBII5uO+x8yB/DTkFEhdL5WZV2IjRlkNQ== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo2.example.net. IN DNAME -SECTION ANSWER -foo2.example.net. IN DNAME lower.example.net. -foo2.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. xth0C1DoNubf4PpjkS0tgo6O7yzaLPuTKB2yTNFM1iZRm5pd0o3eo/upvfG2SwqfzimgvM1eDyK06QX/R7Enfw== -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. IN A 11.12.13.14 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -fore.www.example.net. IN A -SECTION ANSWER -fore.www.example.net. IN A 11.12.13.15 -fore.www.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 example.net. D1axzzs2olCCMQUQchy4ZRs8oefSdLpiIlhPsF1Y5GTTLHKKs6H14tm3FrRTLUIb2FzZywHX0Hl+pfoB/lG2qQ== -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; Test qtype DNAME, answer from upstream. -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN DNAME -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN DNAME -SECTION ANSWER -www.example.com. IN DNAME www.example.net. -www.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKXpbBNiurXv6oFOFQJv5rASdxpoWp2WV1j4ZdJAJ1f48cOkBM2oiEE= -ENTRY_END - -; Test qtype DNAME, answer from cache after A query. -; perform the A query that gets the DNAME in cache. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -fore.www2.example.com. IN A -ENTRY_END - -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -fore.www2.example.com. IN A -SECTION ANSWER -www2.example.com. 3600 IN DNAME www.example.net. -www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= -fore.www2.example.com. IN CNAME fore.www.example.net. -fore.www.example.net. IN A 11.12.13.15 -fore.www.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 example.net. D1axzzs2olCCMQUQchy4ZRs8oefSdLpiIlhPsF1Y5GTTLHKKs6H14tm3FrRTLUIb2FzZywHX0Hl+pfoB/lG2qQ== -ENTRY_END - -; now query for type DNAME, that is in cache. -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www2.example.com. IN DNAME -ENTRY_END - -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www2.example.com. IN DNAME -SECTION ANSWER -www2.example.com. 3600 IN DNAME www.example.net. -www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= -ENTRY_END - -; Test qtype DNAME, answer DNAME from upstream. -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -foo.test-dname.example.com. IN DNAME -ENTRY_END - -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -foo.test-dname.example.com. IN DNAME -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo.test-dname.example.com. 3600 IN CNAME foo.example.net. -foo.example.net. IN DNAME lower.example.net. -foo.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. OZLH158CkKbQZOkBCof7oLzy8sbtDI3/BHEOqBeYZzcfHHfHS9L4qJBII5uO+x8yB/DTkFEhdL5WZV2IjRlkNQ== -ENTRY_END - -; Test qtype DNAME, answer DNAME from cached DNAME record. -STEP 80 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -foo2.test-dname.example.com. IN DNAME -ENTRY_END - -STEP 90 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -foo2.test-dname.example.com. IN DNAME -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo2.test-dname.example.com. 3600 IN CNAME foo2.example.net. -foo2.example.net. IN DNAME lower.example.net. -foo2.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. xth0C1DoNubf4PpjkS0tgo6O7yzaLPuTKB2yTNFM1iZRm5pd0o3eo/upvfG2SwqfzimgvM1eDyK06QX/R7Enfw== -ENTRY_END - -; Test first a simple A query, that connects example.com to foo.net. -STEP 100 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www3.example.com. IN A -ENTRY_END - -STEP 110 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www3.example.com. IN A -SECTION ANSWER -www3.example.com. 3600 IN CNAME www3.foo.net. -www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= -www3.foo.net. IN A 12.13.14.15 -www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== -ENTRY_END - -; Test qtype DNAME, but the upstream responds that there is NXDOMAIN, -; it can do this because it has the zone loaded at the name after the CNAME, -; in the zone foo.net. and it chases the query there. -STEP 120 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www4.example.com. IN DNAME -ENTRY_END - -STEP 130 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -www4.example.com. IN DNAME -SECTION ANSWER -www4.example.com. 3600 IN CNAME www4.foo.net. -www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -; Test, first pull a CNAME to NXDOMAIN in cache with an A query and then use -; it for qtype DNAME. -STEP 140 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www5.example.com. IN A -ENTRY_END - -STEP 150 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -www5.example.com. IN A -SECTION ANSWER -www5.example.com. 3600 IN CNAME www5.foo.net. -www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= -SECTION AUTHORITY -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -ENTRY_END - -STEP 160 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www5.example.com. IN DNAME -ENTRY_END - -STEP 170 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -www5.example.com. IN DNAME -SECTION ANSWER -www5.example.com. 3600 IN CNAME www5.foo.net. -www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= -SECTION AUTHORITY -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -ENTRY_END - -; Test, qtype DNAME, but it is under a DNAME and the upstream server can -; respond with NXDOMAIN, it can do this because the foo.net zone is also -; loaded by the server and it looks in the other zone. -STEP 180 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -cup.h-dname.example.com. IN DNAME -ENTRY_END - -STEP 190 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -cup.h-dname.example.com. IN DNAME -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -; Test, first pull a DNAME in cache and then use it for qtype DNAME to an -; NXDOMAIN. -STEP 200 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -cup2.h-dname.example.com. IN DNAME -ENTRY_END - -STEP 210 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -cup2.h-dname.example.com. IN DNAME -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup2.h-dname.example.com. 3600 IN CNAME cup2.tea.foo.net. -SECTION AUTHORITY -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/val_dnameqtype_qmin.rpl b/contrib/unbound/testdata/val_dnameqtype_qmin.rpl deleted file mode 100644 index b37157d0ca69..000000000000 --- a/contrib/unbound/testdata/val_dnameqtype_qmin.rpl +++ /dev/null @@ -1,859 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" - trust-anchor: "foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "yes" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with a query for type dname - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 1000 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 1000 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -foo.net. IN NS -SECTION AUTHORITY -foo.net. IN NS ns.example.com. -ENTRY_END - -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN DNAME -SECTION ANSWER -www.example.com. IN DNAME www.example.net. -www.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKXpbBNiurXv6oFOFQJv5rASdxpoWp2WV1j4ZdJAJ1f48cOkBM2oiEE= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -www.example.com. IN NSEC www2.example.com. DNAME RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AFHQydH3FKwEv2XUy5holgQFEPC7dOQMJKamf16zu8ov2L37F9wl7ak= -example.com. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. ABRSIKVO+4LWyeGBM5lPJlZBJaj6iDihKwPSzYx6fgGbiHdtLkXOMUc= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www2.example.com. IN DNAME -SECTION ANSWER -www2.example.com. 3600 IN DNAME www.example.net. -www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www2.example.com. IN A -SECTION AUTHORITY -www2.example.com. IN NSEC www3.example.com. DNAME RRSIG NSEC -www2.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AHXqx82+YKFrEUSAFGEJJ+W27gtNA/1eWniwf9g+ZT4KTsTbqYnkYpk= -example.com. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. ABRSIKVO+4LWyeGBM5lPJlZBJaj6iDihKwPSzYx6fgGbiHdtLkXOMUc= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -fore.www2.example.com. IN A -SECTION ANSWER -www2.example.com. 3600 IN DNAME www.example.net. -www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= -fore.www2.example.com. IN CNAME fore.www.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -test-dname.example.com. IN A -SECTION AUTHORITY -test-dname.example.com. IN NSEC ur.example.com. DNAME RRSIG NSEC -test-dname.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AAez/ZKaKWeaFxTR139M1czTPdpAXG7QDAbNLEF3QT0/nBRKGyI3BAM= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.test-dname.example.com. IN DNAME -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo.test-dname.example.com. 3600 IN CNAME foo.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.test-dname.example.com. IN A -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo.test-dname.example.com. 3600 IN CNAME foo.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www3.example.com. IN A -SECTION ANSWER -www3.example.com. 3600 IN CNAME www3.foo.net. -www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www3.foo.net. IN A -SECTION ANSWER -www3.foo.net. IN A 12.13.14.15 -www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www4.example.com. IN DNAME -SECTION ANSWER -www4.example.com. 3600 IN CNAME www4.foo.net. -www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www4.example.com. IN A -SECTION ANSWER -www4.example.com. 3600 IN CNAME www4.foo.net. -www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www4.foo.net. IN DNAME -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www4.foo.net. IN A -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www5.example.com. IN A -SECTION ANSWER -www5.example.com. 3600 IN CNAME www5.foo.net. -www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -www5.foo.net. IN A -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -h-dname.example.com. IN A -SECTION AUTHORITY -h-dname.example.com. IN NSEC ip.example.com. DNAME RRSIG NSEC -h-dname.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AFFsp8m0uRY9RaXCtk47kKuQEDj1YsM7izqOz9N+8sMT5wBXhWg3KqI= -example.com. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. ABRSIKVO+4LWyeGBM5lPJlZBJaj6iDihKwPSzYx6fgGbiHdtLkXOMUc= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -cup.h-dname.example.com. IN DNAME -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -cup.h-dname.example.com. IN A -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -tea.foo.net. IN A -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -cup.tea.foo.net. IN DNAME -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -cup.tea.foo.net. IN A -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.net. IN DNSKEY -SECTION ANSWER -foo.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -foo.net. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 foo.net. FLWrxrEnMpKoUDf+mbHGKSQ9OYloJs1eVbxkQaTSfJSLnLzOS0MLflMfbH1nC+Fk8idN7Aw07P5S9Ez1/fAb4w== -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 1000 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.example.net. IN A -SECTION AUTHORITY -foo.example.net. IN NSEC foo2.example.net. DNAME RRSIG NSEC -foo.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. dl9WUrcxjV2vi46WBbCqhS2aVODCkZGvd/pbd6wo232P9+RmeEcRYrY05kbvW2A8+uHhY6dh7N7ft6wElG4IZQ== -example.net. IN SOA ns.example.net. admin.example.net. 2024030884 3600 3600 604800 3600 -example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ZlStOlahsMp7yzVD2GRAOKXoYlsV372Q2hMpFJYNdhpHcqlqodgVFxA80ftJ66OjeVpb+1DJSIZitSaQrfF8rA== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo.example.net. IN DNAME -SECTION ANSWER -foo.example.net. IN DNAME lower.example.net. -foo.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. OZLH158CkKbQZOkBCof7oLzy8sbtDI3/BHEOqBeYZzcfHHfHS9L4qJBII5uO+x8yB/DTkFEhdL5WZV2IjRlkNQ== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo2.example.net. IN A -SECTION AUTHORITY -foo2.example.net. IN NSEC foo3.example.net. DNAME RRSIG NSEC -foo2.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. HEYg0iOnIgQEFH+FiMqqnFnXvx5KdIjQG/hwNrUqWZlknqOmnCLVDxSXr+PmSKuICcfStDqCMjnXEKOCr3Malg== -example.net. IN SOA ns.example.net. admin.example.net. 2024030884 3600 3600 604800 3600 -example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ZlStOlahsMp7yzVD2GRAOKXoYlsV372Q2hMpFJYNdhpHcqlqodgVFxA80ftJ66OjeVpb+1DJSIZitSaQrfF8rA== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -foo2.example.net. IN DNAME -SECTION ANSWER -foo2.example.net. IN DNAME lower.example.net. -foo2.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. xth0C1DoNubf4PpjkS0tgo6O7yzaLPuTKB2yTNFM1iZRm5pd0o3eo/upvfG2SwqfzimgvM1eDyK06QX/R7Enfw== -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. IN A 11.12.13.14 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -fore.www.example.net. IN A -SECTION ANSWER -fore.www.example.net. IN A 11.12.13.15 -fore.www.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 example.net. D1axzzs2olCCMQUQchy4ZRs8oefSdLpiIlhPsF1Y5GTTLHKKs6H14tm3FrRTLUIb2FzZywHX0Hl+pfoB/lG2qQ== -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; Test qtype DNAME, answer from upstream. -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN DNAME -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN DNAME -SECTION ANSWER -www.example.com. IN DNAME www.example.net. -www.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKXpbBNiurXv6oFOFQJv5rASdxpoWp2WV1j4ZdJAJ1f48cOkBM2oiEE= -ENTRY_END - -; Test qtype DNAME, answer from cache after A query. -; perform the A query that gets the DNAME in cache. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -fore.www2.example.com. IN A -ENTRY_END - -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -fore.www2.example.com. IN A -SECTION ANSWER -www2.example.com. 3600 IN DNAME www.example.net. -www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= -fore.www2.example.com. IN CNAME fore.www.example.net. -fore.www.example.net. IN A 11.12.13.15 -fore.www.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 example.net. D1axzzs2olCCMQUQchy4ZRs8oefSdLpiIlhPsF1Y5GTTLHKKs6H14tm3FrRTLUIb2FzZywHX0Hl+pfoB/lG2qQ== -ENTRY_END - -; now query for type DNAME, that is in cache. -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www2.example.com. IN DNAME -ENTRY_END - -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www2.example.com. IN DNAME -SECTION ANSWER -www2.example.com. 3600 IN DNAME www.example.net. -www2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ABu2/f8Ec9BfUkWVid/ufoIjTuS1iZ/zQ5qeF5GiKxPDu//bP2eTgmI= -ENTRY_END - -; Test qtype DNAME, answer DNAME from upstream. -STEP 60 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -foo.test-dname.example.com. IN DNAME -ENTRY_END - -STEP 70 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -foo.test-dname.example.com. IN DNAME -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo.test-dname.example.com. 3600 IN CNAME foo.example.net. -foo.example.net. IN DNAME lower.example.net. -foo.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. OZLH158CkKbQZOkBCof7oLzy8sbtDI3/BHEOqBeYZzcfHHfHS9L4qJBII5uO+x8yB/DTkFEhdL5WZV2IjRlkNQ== -ENTRY_END - -; Test qtype DNAME, answer DNAME from cached DNAME record. -STEP 80 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -foo2.test-dname.example.com. IN DNAME -ENTRY_END - -STEP 90 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -foo2.test-dname.example.com. IN DNAME -SECTION ANSWER -test-dname.example.com. 3600 IN DNAME example.net. -test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= -foo2.test-dname.example.com. 3600 IN CNAME foo2.example.net. -foo2.example.net. IN DNAME lower.example.net. -foo2.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. xth0C1DoNubf4PpjkS0tgo6O7yzaLPuTKB2yTNFM1iZRm5pd0o3eo/upvfG2SwqfzimgvM1eDyK06QX/R7Enfw== -ENTRY_END - -; Test first a simple A query, that connects example.com to foo.net. -STEP 100 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www3.example.com. IN A -ENTRY_END - -STEP 110 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www3.example.com. IN A -SECTION ANSWER -www3.example.com. 3600 IN CNAME www3.foo.net. -www3.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AFCgCmBh9ZhKJj6AqJAaai8Xwrp9nVYP/yyg4RglHEHb7LlIKED93Ic= -www3.foo.net. IN A 12.13.14.15 -www3.foo.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 foo.net. y50vzw6pCWNmM4y1LNbc37htWGvjxKzdV/JS5ONdFWUQelbDx5YrD91m9U88ItIpwQiGKJWQBwNgHzVKW7iF2A== -ENTRY_END - -; Test qtype DNAME, but the upstream responds that there is NXDOMAIN, -; it can do this because it has the zone loaded at the name after the CNAME, -; in the zone foo.net. and it chases the query there. -STEP 120 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www4.example.com. IN DNAME -ENTRY_END - -STEP 130 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -www4.example.com. IN DNAME -SECTION ANSWER -www4.example.com. 3600 IN CNAME www4.foo.net. -www4.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AA/PJO3mDuDAGQHZ2nb52q3SG0vTp0RcshM09InjZlGTIwHPIYcuizw= -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -; Test, first pull a CNAME to NXDOMAIN in cache with an A query and then use -; it for qtype DNAME. -STEP 140 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www5.example.com. IN A -ENTRY_END - -STEP 150 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -www5.example.com. IN A -SECTION ANSWER -www5.example.com. 3600 IN CNAME www5.foo.net. -www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= -SECTION AUTHORITY -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -ENTRY_END - -STEP 160 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www5.example.com. IN DNAME -ENTRY_END - -STEP 170 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -www5.example.com. IN DNAME -SECTION ANSWER -www5.example.com. 3600 IN CNAME www5.foo.net. -www5.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AIXA8v0JC14UIQtthXS0Kv66rE0jqPKHgq3CPdc6PDi+tLqGjFrXIdI= -SECTION AUTHORITY -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -van.foo.net. 3600 IN NSEC xix.foo.net. A AAAA RRSIG NSEC -van.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. awGqM+lA86rKWm8Rh1RvBYC9fJdAM2YBSqVE4VvWfhsUVN+JCspNtU3yg+R3/njfXox6cDTCfqqPDXB7KSPXaw== -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -ENTRY_END - -; Test, qtype DNAME, but it is under a DNAME and the upstream server can -; respond with NXDOMAIN, it can do this because the foo.net zone is also -; loaded by the server and it looks in the other zone. -STEP 180 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -cup.h-dname.example.com. IN DNAME -ENTRY_END - -STEP 190 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -cup.h-dname.example.com. IN DNAME -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup.h-dname.example.com. 3600 IN CNAME cup.tea.foo.net. -SECTION AUTHORITY -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -ENTRY_END - -; Test, first pull a DNAME in cache and then use it for qtype DNAME to an -; NXDOMAIN. -STEP 200 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -cup2.h-dname.example.com. IN DNAME -ENTRY_END - -STEP 210 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -cup2.h-dname.example.com. IN DNAME -SECTION ANSWER -h-dname.example.com. 3600 IN DNAME tea.foo.net. -h-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AKXt5koLeZD2ibFrmZyE3ZOQCWHIA/UtrlCgFLalfaTm91NVlki5aV0= -cup2.h-dname.example.com. 3600 IN CNAME cup2.tea.foo.net. -SECTION AUTHORITY -foo.net. 3600 IN NSEC bank.foo.net. NS SOA RRSIG NSEC DNSKEY -foo.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 foo.net. w0nZn1gL11mBfDBWrnU5Z7ZDBQNpytyok7TL0K/adxUV5crNxmnX0IZjsMPcM6KG995DtLIqG7w2Ux82ltgllg== -sea.foo.net. 3600 IN NSEC ur.foo.net. A AAAA RRSIG NSEC -sea.foo.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 foo.net. SOz+kQrhbR7M4oid0L9HfHK3re9L5T+6x1m+DFyV0ogqGcsAfAmyvAPJUQyclENMWWqyJMgSfrqzpqEdM5HRWQ== -foo.net. IN SOA ns.example.com. admin.foo.net. 2024030800 3600 3600 604800 3600 -foo.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 foo.net. pDamdEYFVw2l2tBl2ZMYKHXRWWbBpIsi12AGpCv9fOBzvefsFZrFb79amLKOvfknmMUix5NnXeoc6zzQSkXeZQ== -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/val_failure_dnskey.rpl b/contrib/unbound/testdata/val_failure_dnskey.rpl deleted file mode 100644 index 3f25f15b2062..000000000000 --- a/contrib/unbound/testdata/val_failure_dnskey.rpl +++ /dev/null @@ -1,348 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DS 1444 8 2 69887be92d4848c0bc10acc95682a01e7e3b57ab0750a2ee6f72cac7191a64f1" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - log-servfail: yes - val-log-level: 2 - ede: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with failure for chaing of trust lookup. -; The error message that is created, also for EDE is more extensive. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.com. IN A -SECTION ANSWER -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -;ENTRY_BEGIN -;MATCH opcode qtype qname -;ADJUST copy_id -;REPLY QR NOERROR -;SECTION QUESTION -;example.com. IN DNSKEY -;SECTION ANSWER -;example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -;example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -;SECTION AUTHORITY -;example.com. IN NS ns.example.com. -;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -;SECTION ADDITIONAL -;ns.example.com. IN A 1.2.3.4 -;ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -;ENTRY_END -; servfail for DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA SERVFAIL -SECTION QUESTION -example.com. IN DNSKEY -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. 3600 IN NS ns.example.net. -example.net. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 1444 example.net. nHpOqZb00nIGytQ1YmVoXEHURL/75dWhlKSEtRTorjVdPGPZNN7ziCWJW303v7u07TkZ+i6oFVEWG/SDR4ejn5o31UKJy1373PEH/cvPf9/44jw9gAFaHF1eO6ZQGaRQaeEpU06+xUcnc2QXFt6rNu60EsTvMRDN83bD+r7FA7Y= -SECTION ADDITIONAL -ns.example.net. 3600 IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1444 example.net. TgQ4nfGtLHuZXlC4JJlVQ6mejf1WJbstTxsh/kgMAc2tryOxF/gvGBHaMtz6oceFZrIgk6g3RYI1Gk5gjSFNADh+EIwI422M8XPAAxRLfFahiO4lr1aCo4c94TYeZNpnDKy81rINTz2hQE1pGWr8Z03ySABqSBnTE1FQt4N/JCo= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. 3600 IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1444 example.net. TgQ4nfGtLHuZXlC4JJlVQ6mejf1WJbstTxsh/kgMAc2tryOxF/gvGBHaMtz6oceFZrIgk6g3RYI1Gk5gjSFNADh+EIwI422M8XPAAxRLfFahiO4lr1aCo4c94TYeZNpnDKy81rINTz2hQE1pGWr8Z03ySABqSBnTE1FQt4N/JCo= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. 3600 IN SOA ns.example.net. host.example.net. 1 3600 300 7200 3600 -example.net. 3600 IN RRSIG SOA 8 2 3600 20070926134150 20070829134150 1444 example.net. P5FRQ4A/0n5owaBhZqlYBFD2PNAWJc5oxiDwvwh0hdjxETx8ta3EAvDKtNj5XZ5EKDAhP/tivd+Bq50I0xfRBmrouxgxjgnV3ye8zU+M1fXbuKpsWme9R3S4cs9WYfggTn7X00Af8m0tE62SLH/ZtOOQi2CvOPu7PXtHYT6KW4Q= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -example.net. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 1444 example.net. hAAlJt/YwAgWBzseK0N42+ysSMaWgntcuftF8a43chLh+fbe3vPWrgwqr/Cic52tu4ZqMox592tqWDxAG7F1eDGfO0SfzS2C9Tc/Wnz5nFjFh75G4Mtt8DTv5vTyGUVX5zAFzV8SNijVC0o1F7MHaVPt3rFtjjg2zW/UOz2m9+U= -ENTRY_END - -; For sub1.example.net. zone; it is co-hosted with example.net, so that -; there can be failures for the DS lookup. But the data lookup succeeds. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.sub1.example.net. IN A -SECTION ANSWER -www.sub1.example.net. IN A 10.20.30.41 -www.sub1.example.net. 3600 IN RRSIG A 8 4 3600 20070926134150 20070829134150 29332 sub1.example.net. NcFP77Hixawt8hb+STIbbeqdF9tWTuHsbGEB4agKXlwHqS0BnyA+It6+UdE57IF0Kbnc7gSuaslX9At8ctd4HuC/9F/osbo96o23JEfnXPky/r5SsLaeN5KmUmUVjG9oxyAEc6PVlaaQ5a/RhaxmDRaDiku2gB7KjdjPxwxe+Rc54GV2eM3GtcfT+oDakLdSSACqeVjUFIOtYMpG8jAHrBe4uSnjKI7O0fWDFN5OES6sN9iUS9/ceorIoF/gSIqM7xWEuPLxE2c5TtYJyPtMCeGJ9wBP4wrTXfJ58+Lg5SFKgEuKTvAqEv9KEwg/kJb1GQ+ho5XKFO6EII2iyeUK/w== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR SERVFAIL -SECTION QUESTION -sub1.example.net. IN DS -SECTION ANSWER -; no DS for sub1.example.net id=29332 algo=8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.sub2.example.net. IN A -SECTION ANSWER -www.sub2.example.net. IN A 10.20.30.42 -www.sub2.example.net. 3600 IN RRSIG A 8 4 3600 20070926134150 20070829134150 29332 sub2.example.net. FOY6YxNoFyrSkBtWV7HcECmORTMedRWHdGk7Rm04icT8Bw0dWfzVaIpAkBY6FXx8UvqN7McN4IJI5dAVXptfekO+Yvy2PwkjehRUXvQK64XH5UM5pVbX5g8E4pnOrLa/jzPB7srzMpyWVCpt81lPoFpdfXUMm7434ifkTYhpAll7y5NAocFiT3F+XGe06qMIr51WxoFfegIGohMFhkTDUdLWrdV10128W+NzPdwoYtiigtCObKxTtyj3gK+mxqXvX4X4F2YIGQ+mx62ovdUilnLYZm/WC/ZQkdxeOZjeCTxvSpGGG+wtu1QufgIJ+BpAZAOxREOYZkhR29AG0np4EA== -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR SERVFAIL -SECTION QUESTION -sub2.example.net. IN DNSKEY -SECTION ANSWER -; sub2.example.net. IN DNSKEY 257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -sub2.example.net. IN DS -SECTION ANSWER -sub2.example.net. 3600 IN DS 29332 8 2 d53e615d9d736b0f2a0097f1d5fa51c84320610f94ecbd7197e7de5f44f02d72 -sub2.example.net. 3600 IN RRSIG DS 8 3 3600 20070926134150 20070829134150 1444 example.net. dYLYs1uMxJm5+MB6L1+uStE5S1YtyYR0JF+1pPoTptc/H1hYqMxK7pVQPtIGvq8j8wNyC7jOzALfEXgwRKiSdR1l1GQ5HIxWkhUmkpLcecwJOjemee4nXaifOFa5bdbdYpuDwTiIzx+PvanlaVjEPy0i1IukanDi6jojfyWcgLA= -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; The DNSKEY lookup for the key prime is a failure. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=9 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.sub1.example.net. IN A -ENTRY_END - -; The DS lookup is a failure. -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=23 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.sub1.example.net. IN A -SECTION ANSWER -ENTRY_END - -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.sub2.example.net. IN A -ENTRY_END - -; The DNSKEY lookup is a failure. -STEP 50 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=9 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.sub2.example.net. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/val_negcache_ttl.rpl b/contrib/unbound/testdata/val_negcache_ttl.rpl deleted file mode 100644 index 328b9b6ecba8..000000000000 --- a/contrib/unbound/testdata/val_negcache_ttl.rpl +++ /dev/null @@ -1,188 +0,0 @@ -; config options -; The island of trust is at testzone.nlnetlabs.nl -server: - trust-anchor: "testzone.nlnetlabs.nl. 3600 IN DS 1444 8 2 07633464c1c7b93abd6fc24c73f904a40f0f304b279a80667d7e33908eed43be" - val-override-date: "20180213111425" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - trust-anchor-signaling: no - aggressive-nsec: yes - -stub-zone: - name: "testzone.nlnetlabs.nl" - stub-addr: 185.49.140.60 -CONFIG_END - -SCENARIO_BEGIN Test validator with negative cache TTL (aggressive NSEC) -; Scenario overview: -; - query for antelope.testzone.nlnetlabs.nl. IN TXT (NXDOMAIN) -; - answer from upstream is NXDOMAIN with NSEC records that cover ant.testzone.nlnetlabs.nl -; - the NSEC records should be cached for 900 seconds only (minimum of SOA) -; - check that ant.testzone.nlnetlabs.nl gets the synthesized NXDOMAIN from aggressive-nsec -; - let NSEC records expire -; - query for ant.testzone.nlnetlabs.nl. IN TXT which is now available on the nameserver -; - check that aggressive-nsec cannot synthesize NXDOMAIN (expired NSECs) and the query is resolved - -; testzone.nlnetlabs.nl nameserver -RANGE_BEGIN 0 100 - ADDRESS 185.49.140.60 - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -testzone.nlnetlabs.nl. IN DNSKEY -SECTION ANSWER -testzone.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. kQ2sc41aQeMxQ7KInz2HrHi4nQcUGdv1olro0GmVYgPvIJh7SqBKW3yZWYeQrbWWwdc3klBERBbBI8gnkNYbl5kX3BBa5su8w71mpTQPRGtMxDTB17daxc0SxpPUxM35CpWU9QlBuDXcu+VNyVUuLvZGGLznlqr6ku888U2Rz+c= -ENTRY_END - -; response for antelope.testzone.nlnetlabs.nl. -; NSECs cover ant.testzone.nlnetlabs.nl as non-existent. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -antelope.testzone.nlnetlabs.nl. IN TXT -SECTION ANSWER -SECTION AUTHORITY -testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY -testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E= -alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC -alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -SECTION ADDITIONAL -ENTRY_END - -; No answer for ant.testzone.nlnetlabs.nl in this range - -; response for peanut.testzone.nlnetlabs.nl. AAAA -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -SECTION AUTHORITY -peanut.testzone.nlnetlabs.nl. IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC -peanut.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; testzone.nlnetlabs.nl nameserver -RANGE_BEGIN 100 200 - ADDRESS 185.49.140.60 -; response for ant.testzone.nlnetlabs.nl -ENTRY_BEGIN -REPLY QR AA NOERROR -SECTION QUESTION -ant.testzone.nlnetlabs.nl. IN TXT -SECTION ANSWER -ant.testzone.nlnetlabs.nl. TXT "heap" -ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais= -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -antelope.testzone.nlnetlabs.nl. IN TXT -ENTRY_END - -; recursion happens here. Expect NXDOMAIN. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA DO AD NXDOMAIN -SECTION QUESTION -antelope.testzone.nlnetlabs.nl. IN TXT -SECTION ANSWER -SECTION AUTHORITY -testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY -testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E= -alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC -alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -SECTION ADDITIONAL -ENTRY_END - -; query for ant.testzone.nlnetlabs.nl (non-existent) -STEP 11 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -ant.testzone.nlnetlabs.nl. IN TXT -ENTRY_END - -; this is the synthesized NXDOMAIN from aggressive-nsec -STEP 12 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -ant.testzone.nlnetlabs.nl. IN TXT -SECTION ANSWER -SECTION AUTHORITY -testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY -testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E= -alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC -alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -ENTRY_END - -; Time passes and NSECs should be expired. -STEP 20 TIME_PASSES ELAPSE 910 - -; query something that gets the SOA record for the testzone in cache. -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -ENTRY_END - -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -SECTION AUTHORITY -peanut.testzone.nlnetlabs.nl. IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC -peanut.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -ENTRY_END - -; query for ant.testzone.nlnetlabs.nl. In this range it is on the nameserver. -STEP 110 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -ant.testzone.nlnetlabs.nl. IN TXT -ENTRY_END - -; Expect an answer since the 3600 TTL NSECs from STEP 10 should have been -; limited to 900 and be expired by now. -STEP 120 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -ant.testzone.nlnetlabs.nl. IN TXT -SECTION ANSWER -ant.testzone.nlnetlabs.nl. TXT "heap" -ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais= -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/val_negcache_ttl_prefetch.rpl b/contrib/unbound/testdata/val_negcache_ttl_prefetch.rpl deleted file mode 100644 index 103c81fbaba4..000000000000 --- a/contrib/unbound/testdata/val_negcache_ttl_prefetch.rpl +++ /dev/null @@ -1,316 +0,0 @@ -; config options -; The island of trust is at testzone.nlnetlabs.nl -server: - trust-anchor: "testzone.nlnetlabs.nl. 3600 IN DS 1444 8 2 07633464c1c7b93abd6fc24c73f904a40f0f304b279a80667d7e33908eed43be" - val-override-date: "20180213111425" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - trust-anchor-signaling: no - aggressive-nsec: yes - prefetch: yes - -stub-zone: - name: "testzone.nlnetlabs.nl" - stub-addr: 185.49.140.60 -stub-zone: - name: "zone2.nlnetlabs.nl" - stub-addr: 185.49.140.61 -CONFIG_END - -SCENARIO_BEGIN Test validator with negative cache TTL (aggressive NSEC) and some prefetch. -; The NSEC records are restricted by the TTL of 900 of the SOA record. -; There are prefetch actions, both with and without a CNAME preceding. - -; testzone.nlnetlabs.nl nameserver -RANGE_BEGIN 0 100 - ADDRESS 185.49.140.60 - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -testzone.nlnetlabs.nl. IN DNSKEY -SECTION ANSWER -testzone.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. kQ2sc41aQeMxQ7KInz2HrHi4nQcUGdv1olro0GmVYgPvIJh7SqBKW3yZWYeQrbWWwdc3klBERBbBI8gnkNYbl5kX3BBa5su8w71mpTQPRGtMxDTB17daxc0SxpPUxM35CpWU9QlBuDXcu+VNyVUuLvZGGLznlqr6ku888U2Rz+c= -ENTRY_END - -; response for antelope.testzone.nlnetlabs.nl. -; NSECs cover ant.testzone.nlnetlabs.nl as non-existent. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -antelope.testzone.nlnetlabs.nl. IN TXT -SECTION ANSWER -SECTION AUTHORITY -testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY -testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E= -alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC -alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -SECTION ADDITIONAL -ENTRY_END - -; No answer for ant.testzone.nlnetlabs.nl in this range - -; response for peanut.testzone.nlnetlabs.nl. AAAA -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -SECTION AUTHORITY -peanut.testzone.nlnetlabs.nl. IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC -peanut.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; testzone.nlnetlabs.nl nameserver -RANGE_BEGIN 100 200 - ADDRESS 185.49.140.60 -; response for ant.testzone.nlnetlabs.nl -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -SECTION QUESTION -ant.testzone.nlnetlabs.nl. IN TXT -SECTION ANSWER -ant.testzone.nlnetlabs.nl. TXT "heap" -ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais= -ENTRY_END -RANGE_END - -; zone2.nlnetlabs.nl nameserver -RANGE_BEGIN 0 100 - ADDRESS 185.49.140.61 -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -SECTION QUESTION -redir.zone2.nlnetlabs.nl. IN TXT -SECTION ANSWER -redir.zone2.nlnetlabs.nl. 15 IN CNAME antelope.testzone.nlnetlabs.nl. -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -antelope.testzone.nlnetlabs.nl. IN TXT -ENTRY_END - -; recursion happens here. Expect NXDOMAIN. -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA DO AD NXDOMAIN -SECTION QUESTION -antelope.testzone.nlnetlabs.nl. IN TXT -SECTION ANSWER -SECTION AUTHORITY -testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY -testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E= -alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC -alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -SECTION ADDITIONAL -ENTRY_END - -STEP 4 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -ENTRY_END - -STEP 5 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -SECTION AUTHORITY -peanut.testzone.nlnetlabs.nl. IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC -peanut.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -ENTRY_END - -; query for ant.testzone.nlnetlabs.nl (non-existent) -STEP 11 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -ant.testzone.nlnetlabs.nl. IN TXT -ENTRY_END - -; this is the synthesized NXDOMAIN from aggressive-nsec -STEP 12 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -ant.testzone.nlnetlabs.nl. IN TXT -SECTION ANSWER -SECTION AUTHORITY -testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY -testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E= -alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC -alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -ENTRY_END - -STEP 13 TIME_PASSES ELAPSE 860 -STEP 14 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -redir.zone2.nlnetlabs.nl. IN TXT -ENTRY_END - -STEP 15 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA DO NXDOMAIN -SECTION QUESTION -redir.zone2.nlnetlabs.nl. IN TXT -SECTION ANSWER -redir.zone2.nlnetlabs.nl. 15 IN CNAME antelope.testzone.nlnetlabs.nl. -SECTION AUTHORITY -testzone.nlnetlabs.nl. 2740 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY -testzone.nlnetlabs.nl. 2740 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E= -alligator.testzone.nlnetlabs.nl. 2740 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC -alligator.testzone.nlnetlabs.nl. 2740 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA= -testzone.nlnetlabs.nl. 40 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 40 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -ENTRY_END - -STEP 16 TIME_PASSES ELAPSE 14 -STEP 17 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -redir.zone2.nlnetlabs.nl. IN TXT -ENTRY_END - -STEP 18 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA DO NXDOMAIN -SECTION QUESTION -redir.zone2.nlnetlabs.nl. IN TXT -SECTION ANSWER -redir.zone2.nlnetlabs.nl. 1 IN CNAME antelope.testzone.nlnetlabs.nl. -SECTION AUTHORITY -testzone.nlnetlabs.nl. 2726 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY -testzone.nlnetlabs.nl. 2726 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E= -alligator.testzone.nlnetlabs.nl. 2726 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC -alligator.testzone.nlnetlabs.nl. 2726 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA= -testzone.nlnetlabs.nl. 26 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 26 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -ENTRY_END - -STEP 19 TRAFFIC - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -SECTION AUTHORITY -peanut.testzone.nlnetlabs.nl. 2726 IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC -peanut.testzone.nlnetlabs.nl. 2726 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -ENTRY_END - -STEP 22 TRAFFIC -STEP 23 TIME_PASSES ELAPSE 901 - -STEP 24 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -ENTRY_END - -STEP 25 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -SECTION AUTHORITY -peanut.testzone.nlnetlabs.nl. IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC -peanut.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg= -testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -ENTRY_END -STEP 26 TRAFFIC - -; Time passes and NSECs should be expired. -STEP 60 TIME_PASSES ELAPSE 60 - -; query something that gets the SOA record for the testzone in cache. -STEP 70 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -ENTRY_END - -STEP 80 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -peanut.testzone.nlnetlabs.nl. IN AAAA -SECTION AUTHORITY -peanut.testzone.nlnetlabs.nl. 3540 IN NSEC rust.testzone.nlnetlabs.nl. A RRSIG NSEC -peanut.testzone.nlnetlabs.nl. 3540 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. GhUUt3n1oVZCbU5l7XhbtE1kAhFXBRvQRvp/s3INitoHm1D54VERXWR33g+aQMcLAyCOe2TmpJMH1zDSbccf0zabvwEzqDzPmgcPt0KjXUdrN84/2XN+C4U84golbUui61lhhU+6bL8rylPuv3XtqQ4ppXy8sSe+gfsskauhMpg= -testzone.nlnetlabs.nl. 840 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 -testzone.nlnetlabs.nl. 840 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= -ENTRY_END - -; query for ant.testzone.nlnetlabs.nl. In this range it is on the nameserver. -STEP 110 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -ant.testzone.nlnetlabs.nl. IN TXT -ENTRY_END - -; Expect an answer since the 3600 TTL NSECs from STEP 10 should have been -; limited to 900 and be expired by now. -STEP 120 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -ant.testzone.nlnetlabs.nl. IN TXT -SECTION ANSWER -ant.testzone.nlnetlabs.nl. TXT "heap" -ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais= -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/val_scrub_rr_length.rpl b/contrib/unbound/testdata/val_scrub_rr_length.rpl deleted file mode 100644 index 0219b918e421..000000000000 --- a/contrib/unbound/testdata/val_scrub_rr_length.rpl +++ /dev/null @@ -1,164 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - trust-anchor-signaling: no - minimal-responses: no - rrset-roundrobin: no - ede: yes - log-servfail: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with scrub of RR for inappropriate length - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 55566 example.com. Ni7Q17l2dzKcAnHdU3Mycpdwo0I6qgGxRvBhBNI43xIUFHJpgKpbeMFxKvVTkbwHyMPMIuHmOaC82IBhOpGD10SExVh4erQhWS3Hvl+m4Cwl3WI9N+AW6CTB9yj+d4xzX3bHjjBt6MSk4bU8ABR7qIoAjgjY7zdtUDWQlaM+d18= -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -www.example.com. IN A \# 5 0102030405 -; RRSIG includes the malformed record. -www.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. W4WFu9B81uRvp3Dj8uLIscypznKWuLuKrZqVg1on5/45/3/xyjHvj3TjTL3gruWFXPiQpldvOstXLZ5eN3OpqILdkVey0eqVATujpHwIruY6GWztVx5WptmFfK6E6zzshZ3RmAARqq/czQ+IZli2A9xixdY2H0o1dSU6gohEjjE= -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=0 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END