unbound: Vendor import 1.24.1

Release notes at
	https://nlnetlabs.nl/news/2025/Oct/22/unbound-1.24.1-released/

Security:	CVE-2025-11411
MFC after:	3 days

Merge commit '73dd92916f532cb3fe353220103babe576d30a15'
This commit is contained in:
Cy Schubert
2025-10-23 11:56:54 -07:00
142 changed files with 8317 additions and 25092 deletions
+509 -348
View File
File diff suppressed because it is too large Load Diff
+2951 -2948
View File
File diff suppressed because it is too large Load Diff
+3 -2
View File
@@ -12,14 +12,14 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[24])
m4_define([VERSION_MICRO],[0])
m4_define([VERSION_MICRO],[1])
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=33
LIBUNBOUND_REVISION=34
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -120,6 +120,7 @@ LIBUNBOUND_AGE=1
# 1.23.0 had 9:31:1
# 1.23.1 had 9:32:1
# 1.24.0 had 9:33:1
# 1.24.1 had 9:34:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
+1
View File
@@ -6176,6 +6176,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
COPY_VAR_ptr(ipset_name_v6);
#endif
COPY_VAR_int(ede);
COPY_VAR_int(iter_scrub_promiscuous);
}
#endif /* ATOMIC_POINTER_LOCK_FREE && HAVE_LINK_ATOMIC_STORE */
+1 -1
View File
@@ -1,4 +1,4 @@
README for Unbound 1.24.0
README for Unbound 1.24.1
Copyright 2007 NLnet Labs
http://unbound.net
+5 -1
View File
@@ -1,7 +1,7 @@
#
# Example configuration file.
#
# See unbound.conf(5) man page, version 1.24.0.
# See unbound.conf(5) man page, version 1.24.1.
#
# this is a comment.
@@ -196,6 +196,10 @@ server:
# Limit on upstream queries for an incoming query and its recursion.
# max-global-quota: 200
# Should the scrubber remove promiscuous NS from positive answers,
# protects against poison attempts.
# iter-scrub-promiscuous: yes
# msec for waiting for an unknown server to reply. Increase if you
# are behind a slow satellite link, to eg. 1128.
# unknown-server-time-limit: 376
+2 -2
View File
@@ -27,9 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "LIBUNBOUND" "3" "Sep 18, 2025" "1.24.0" "Unbound"
.TH "LIBUNBOUND" "3" "Oct 22, 2025" "1.24.1" "Unbound"
.SH NAME
libunbound \- Unbound DNS validating resolver 1.24.0 functions.
libunbound \- Unbound DNS validating resolver 1.24.1 functions.
.SH SYNOPSIS
.sp
\fB#include <unbound.h>\fP
+2 -2
View File
@@ -27,9 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "UNBOUND-ANCHOR" "8" "Sep 18, 2025" "1.24.0" "Unbound"
.TH "UNBOUND-ANCHOR" "8" "Oct 22, 2025" "1.24.1" "Unbound"
.SH NAME
unbound-anchor \- Unbound 1.24.0 anchor utility.
unbound-anchor \- Unbound 1.24.1 anchor utility.
.SH SYNOPSIS
.sp
\fBunbound\-anchor\fP [\fBopts\fP]
+2 -2
View File
@@ -27,9 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "UNBOUND-CHECKCONF" "8" "Sep 18, 2025" "1.24.0" "Unbound"
.TH "UNBOUND-CHECKCONF" "8" "Oct 22, 2025" "1.24.1" "Unbound"
.SH NAME
unbound-checkconf \- Check Unbound 1.24.0 configuration file for errors.
unbound-checkconf \- Check Unbound 1.24.1 configuration file for errors.
.SH SYNOPSIS
.sp
\fBunbound\-checkconf\fP [\fB\-hf\fP] [\fB\-o option\fP] [cfgfile]
+3 -2
View File
@@ -27,9 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "UNBOUND-CONTROL" "8" "Sep 18, 2025" "1.24.0" "Unbound"
.TH "UNBOUND-CONTROL" "8" "Oct 22, 2025" "1.24.1" "Unbound"
.SH NAME
unbound-control \- Unbound 1.24.0 remote server control utility.
unbound-control \- Unbound 1.24.1 remote server control utility.
.SH SYNOPSIS
.sp
\fBunbound\-control\fP [\fB\-hq\fP] [\fB\-c cfgfile\fP] [\fB\-s server\fP] command
@@ -167,6 +167,7 @@ ipset,
\fI\%tcp\-reuse\-timeout\fP,
\fI\%tcp\-auth\-query\-timeout\fP,
\fI\%delay\-close\fP\&.
\fI\%iter\-scrub\-promiscuous\fP\&.
.sp
It does not work with
\fI\%interface\fP and
+1
View File
@@ -169,6 +169,7 @@ There are several commands that the server understands.
:ref:`tcp-reuse-timeout<unbound.conf.tcp-reuse-timeout>`,
:ref:`tcp-auth-query-timeout<unbound.conf.tcp-auth-query-timeout>`,
:ref:`delay-close<unbound.conf.delay-close>`.
:ref:`iter-scrub-promiscuous<unbound.conf.iter-scrub-promiscuous>`.
It does not work with
:ref:`interface<unbound.conf.interface>` and
+2 -2
View File
@@ -27,9 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "UNBOUND-HOST" "1" "Sep 18, 2025" "1.24.0" "Unbound"
.TH "UNBOUND-HOST" "1" "Oct 22, 2025" "1.24.1" "Unbound"
.SH NAME
unbound-host \- Unbound 1.24.0 DNS lookup utility.
unbound-host \- Unbound 1.24.1 DNS lookup utility.
.SH SYNOPSIS
.sp
\fBunbound\-host\fP [\fB\-C configfile\fP] [\fB\-vdhr46D\fP] [\fB\-c class\fP]
+2 -2
View File
@@ -27,9 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "UNBOUND" "8" "Sep 18, 2025" "1.24.0" "Unbound"
.TH "UNBOUND" "8" "Oct 22, 2025" "1.24.1" "Unbound"
.SH NAME
unbound \- Unbound DNS validating resolver 1.24.0.
unbound \- Unbound DNS validating resolver 1.24.1.
.SH SYNOPSIS
.sp
\fBunbound\fP [\fB\-hdpv\fP] [\fB\-c <cfgfile>\fP]
+11 -2
View File
@@ -27,9 +27,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "UNBOUND.CONF" "5" "Sep 18, 2025" "1.24.0" "Unbound"
.TH "UNBOUND.CONF" "5" "Oct 22, 2025" "1.24.1" "Unbound"
.SH NAME
unbound.conf \- Unbound 1.24.0 configuration file.
unbound.conf \- Unbound 1.24.1 configuration file.
.SH SYNOPSIS
.sp
\fBunbound.conf\fP
@@ -3656,6 +3656,15 @@ Default: 200
.UNINDENT
.INDENT 0.0
.TP
.B iter\-scrub\-promiscuous: \fI<yes or no>\fP
Should the iterator scrubber remove promiscuous NS from positive answers.
This protects against poisonous contents, that could affect names in the
same zone as a spoofed packet.
.sp
Default: yes
.UNINDENT
.INDENT 0.0
.TP
.B fast\-server\-permil: \fI<number>\fP
Specify how many times out of 1000 to pick from the set of fastest servers.
0 turns the feature off.
+8
View File
@@ -3156,6 +3156,14 @@ These options are part of the **server:** clause.
Default: 200
@@UAHL@unbound.conf@iter-scrub-promiscuous@@: *<yes or no>*
Should the iterator scrubber remove promiscuous NS from positive answers.
This protects against poisonous contents, that could affect names in the
same zone as a spoofed packet.
Default: yes
@@UAHL@unbound.conf@fast-server-permil@@: *<number>*
Specify how many times out of 1000 to pick from the set of fastest servers.
0 turns the feature off.
+108 -68
View File
@@ -1,7 +1,7 @@
#!/usr/bin/sh
# install - install a program, script, or datafile
scriptversion=2013-12-25.23; # UTC
scriptversion=2024-06-19.01; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@@ -69,6 +69,11 @@ posix_mkdir=
# Desired mode of installed file.
mode=0755
# Create dirs (including intermediate dirs) using mode 755.
# This is like GNU 'install' as of coreutils 8.32 (2020).
mkdir_umask=22
backupsuffix=
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
@@ -99,19 +104,29 @@ Options:
--version display version info and exit.
-c (ignored)
-C install only if different (preserve the last data modification time)
-C install only if different (preserve data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-p pass -p to $cpprog.
-s $stripprog installed files.
-S SUFFIX attempt to back up existing files, with suffix SUFFIX.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
"
By default, rm is invoked with -f; when overridden with RMPROG,
it's up to you to specify -f if you want it.
If -S is not specified, no backups are attempted.
Report bugs to <bug-automake@gnu.org>.
GNU Automake home page: <https://www.gnu.org/software/automake/>.
General help using GNU software: <https://www.gnu.org/gethelp/>."
while test $# -ne 0; do
case $1 in
@@ -137,8 +152,13 @@ while test $# -ne 0; do
-o) chowncmd="$chownprog $2"
shift;;
-p) cpprog="$cpprog -p";;
-s) stripcmd=$stripprog;;
-S) backupsuffix="$2"
shift;;
-t)
is_target_a_directory=always
dst_arg=$2
@@ -150,7 +170,7 @@ while test $# -ne 0; do
-T) is_target_a_directory=never;;
--version) echo "$0 $scriptversion"; exit $?;;
--version) echo "$0 (GNU Automake) $scriptversion"; exit $?;;
--) shift
break;;
@@ -255,6 +275,10 @@ do
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
# Don't chown directories that already exist.
if test $dstdir_status = 0; then
chowncmd=""
fi
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
@@ -271,15 +295,18 @@ do
fi
dst=$dst_arg
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
# If destination is a directory, append the input filename.
if test -d "$dst"; then
if test "$is_target_a_directory" = never; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstbase=`basename "$src"`
case $dst in
*/) dst=$dst$dstbase;;
*) dst=$dst/$dstbase;;
esac
dstdir_status=0
else
dstdir=`dirname "$dst"`
@@ -288,27 +315,16 @@ do
fi
fi
case $dstdir in
*/) dstdirslash=$dstdir;;
*) dstdirslash=$dstdir/;;
esac
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
@@ -318,43 +334,49 @@ do
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
# The $RANDOM variable is not portable (e.g., dash). Use it
# here however when possible just to lower collision chance.
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
trap '
ret=$?
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
exit $ret
' 0
# Because "mkdir -p" follows existing symlinks and we likely work
# directly in world-writable /tmp, make sure that the '$tmpdir'
# directory is successfully created first before we actually test
# 'mkdir -p'.
if (umask $mkdir_umask &&
$mkdirprog $mkdir_mode "$tmpdir" &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibility with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
test_tmpdir="$tmpdir/a"
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
fi
trap '' 0;;
esac
if
@@ -365,7 +387,7 @@ do
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
@@ -394,7 +416,7 @@ do
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
(umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
@@ -427,14 +449,25 @@ do
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
dsttmp=${dstdirslash}_inst.$$_
rmtmp=${dstdirslash}_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
(umask $cp_umask &&
{ test -z "$stripcmd" || {
# Create $dsttmp read-write so that cp doesn't create it read-only,
# which would cause strip to fail.
if test -z "$doit"; then
: >"$dsttmp" # No need to fork-exec 'touch'.
else
$doit touch "$dsttmp"
fi
}
} &&
$doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
@@ -460,6 +493,13 @@ do
then
rm -f "$dsttmp"
else
# If $backupsuffix is set, and the file being installed
# already exists, attempt a backup. Don't worry if it fails,
# e.g., if mv doesn't support -f.
if test -n "$backupsuffix" && test -f "$dst"; then
$doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
fi
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
@@ -474,9 +514,9 @@ do
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
$doit $rmcmd "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
{ $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
@@ -493,9 +533,9 @@ do
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
+16
View File
@@ -634,6 +634,22 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
"RRset:", pkt, msg, prev, &rrset);
continue;
}
/* If the NS set is a promiscuous NS set, scrub that
* to remove potential for poisonous contents that
* affects other names in the same zone. Remove
* promiscuous NS sets in positive answers, that
* thus have records in the answer section. Nodata
* and nxdomain promiscuous NS sets have been removed
* already. Since the NS rrset is scrubbed, its
* address records are also not marked to be allowed
* and are removed later. */
if(FLAGS_GET_RCODE(msg->flags) == LDNS_RCODE_NOERROR &&
msg->an_rrsets != 0 &&
env->cfg->iter_scrub_promiscuous) {
remove_rrset("normalize: removing promiscuous "
"RRset:", pkt, msg, prev, &rrset);
continue;
}
if(nsset == NULL) {
nsset = rrset;
} else {
+4 -11
View File
@@ -2720,17 +2720,10 @@ libtool_validate_options ()
# preserve --debug
test : = "$debug_cmd" || func_append preserve_args " --debug"
case $host_os in
# Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
# see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
cygwin* | mingw* | windows* | pw32* | cegcc* | solaris2* | os2*)
# don't eliminate duplications in $postdeps and $predeps
opt_duplicate_compiler_generated_deps=:
;;
*)
opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps
;;
esac
# Keeping compiler generated duplicates in $postdeps and $predeps is not
# harmful, and is necessary in a majority of systems that use it to satisfy
# symbol dependencies.
opt_duplicate_compiler_generated_deps=:
$opt_help || {
# Sanity checks first:
@@ -1,31 +0,0 @@
server:
verbosity: 5
num-threads: 1 # This is dynamically handled by the test when needed
interface: 127.0.0.1@@PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
access-control: 127.0.0.1 allow_snoop
access-control-view: 127.0.0.1 testview
msg-cache-size: 4m
rrset-cache-size: 4m
minimal-responses: yes
trust-anchor: "always.empty. 3600 IN DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29 B22446B1" # This is nonsense, just to kick the validator
view:
name: testview
view-first: yes # Allow falling back to global local data
remote-control:
control-enable: yes
control-interface: 127.0.0.1
# control-interface: ::1
control-port: @CONTROL_PORT@
server-key-file: "unbound_server.key"
server-cert-file: "unbound_server.pem"
control-key-file: "unbound_control.key"
control-cert-file: "unbound_control.pem"
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@"
@@ -1,493 +0,0 @@
# #-- 09-unbound-control.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# End the test
# $1: exit value
end () {
echo "> cat logfiles"
cat fwd.log
cat unbound.log
exit $1
}
# Expect a given exit value of the previous command
# $1: the expected exit value
# $2: optional text to print when failing
expect_exit_value () {
if test $? -ne $1; then
if test -z "$2"; then
if test $1 -eq 1; then
msg="on error"
else
msg="after success"
fi
else
msg="$2"
fi
echo "wrong exit value $msg"
end 1
fi
}
# Helper function for quering
# $@: at least the domain name to query and optional dig arguments
query () {
echo "> dig $@"
dig @127.0.0.1 -p $UNBOUND_PORT $@ | tee outfile
}
# Expect something in the answer
# $1: expected regular expression
expect_answer () {
echo "> check answer for \"$1\""
if grep "$1" outfile; then
echo "OK"
else
echo "Not OK"
end 1
fi
}
# Fail the test for unexpected answers
# $1: unexpected regular expression
fail_answer () {
echo "> \"$1\" should not be in answer"
if grep "$1" outfile; then
echo "Not OK"
end 1
else
echo "OK"
fi
}
# Issue an unbound-control command
# $@: command arguments
control_command() {
echo "$PRE/unbound-control $@"
$PRE/unbound-control $@ > outfile
exitstatus=$?
cat outfile
return $exitstatus
}
# Reload the server and check the reload has finished processing
# when a lot of debug is enabled, a lot of log needs to be printed.
control_reload () {
prelines=`wc -l unbound.log | awk '{print $1;}'`
cmd="$1"
if test -z "$cmd"; then cmd="reload"; fi
control_command -c ub.conf $cmd
expect_exit_value 0
# see if the reload has completed.
lines1=`wc -l unbound.log | awk '{print $1;}'`
count=0
lines2=`wc -l unbound.log | awk '{print $1;}'`
# See if the log finishes up without sleeping too long.
while test "$lines1" -ne "$lines2"; do
lines1=`wc -l unbound.log | awk '{print $1;}'`
# There is no sleep here. The add and compare are a
# brief wait.
count=`expr "$count" + 1`
if test "$count" -gt 30; then
break;
fi
lines2=`wc -l unbound.log | awk '{print $1;}'`
done
if test "$lines1" -ne "$lines2"; then
count=0
while test "$lines1" -ne "$lines2"; do
tail -1 unbound.log
lines1=`wc -l unbound.log | awk '{print $1;}'`
sleep 1
count=`expr "$count" + 1`
if test "$count" -gt 30; then
echo "reload is taking too long"
exit 1
fi
lines2=`wc -l unbound.log | awk '{print $1;}'`
done
if test "$count" -ne "0"; then
echo "reload done with $count sec"
fi
fi
}
# Reload the server for a clean state
clean_reload () {
echo "> Reloading the server for a clean state"
cp main.conf ub.conf
control_reload
}
# Reload the server for a clean state and populate the cache
clean_reload_and_fill_cache () {
clean_reload
echo "> Populating the cache"
query www.example.com
expect_answer "10.20.30.40"
if test "$have_threads" = "no"; then
# Try to get the answer in all processes' cache.
for (( try=0 ; try < num_threads * 2 * 2 ; try++ )) ; do
query www.example.com
expect_answer "10.20.30.40"
done
fi
}
# Dump the cache contents
# $@: optional options to unbound-control
cache_dump () {
echo "$PRE/unbound-control $@ dump_cache > cache.dump"
$PRE/unbound-control $@ dump_cache > cache.dump
}
# Load cache contents
# $@: optional options to unbound-control
cache_load () {
echo "$PRE/unbound-control $@ load_cache < cache.dump"
$PRE/unbound-control $@ load_cache < cache.dump
}
# Expect an entry in the cache dump
# $1: expected regular expression
expect_in_cache_dump () {
echo "> check cache dump for \"$1\""
if grep "$1" cache.dump; then
echo "OK cache dump"
else
echo "Not OK cache dump"
end 1
fi
}
# Fail the test for unexpected entry in the cache dump
# $1: unexpected regular expression
fail_in_cache_dump () {
echo "> \"$1\" should not be in cache dump"
if grep "$1" cache.dump; then
echo "Not OK cache dump"
end 1
else
echo "OK cache dump"
fi
}
# Check if multi-threading or multi-process environment
have_threads="no"
if grep "define HAVE_PTHREAD 1" $PRE/config.h; then have_threads="yes"; fi
if grep "define HAVE_SOLARIS_THREADS 1" $PRE/config.h; then have_threads="yes"; fi
if grep "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then have_threads="yes"; fi
# start the test; keep the original conf file around
cp ub.conf orig.conf
# START - thread configuration
# Do both single thread/process and multi thread/process runs.
# The number of threads can only go up from the initial configuration between
# reloads so starting with 1.
for num_threads in 1 4; do
cp orig.conf ub.conf
echo "> setting num-threads: $num_threads"
echo "server: num-threads: $num_threads" >> ub.conf
cp ub.conf main.conf
clean_reload
teststep "exit value is 1 on usage"
control_command -h
expect_exit_value 1 "for usage"
# use lock-verify if possible
teststep "test if the server is up"
query www.example.com.
expect_answer "10.20.30.40"
teststep "exit value is 1 when a bad command is given"
control_command -c ub.conf blablargh
expect_exit_value 1
# reload the server. test if the server came up by putting a new
# local-data element in the server.
teststep "reload the server"
echo "server: local-data: 'afterreload. IN A 5.6.7.8'" >> ub.conf
control_reload
query afterreload.
expect_answer "5.6.7.8"
teststep "must have had at least 1 query since reload"
control_command -c ub.conf stats
expect_exit_value 0
expect_answer "^total.num.queries=[1-9][0-9]*$"
teststep "check verbosity"
control_command -c ub.conf verbosity 2
expect_exit_value 0
teststep "check syntax error in parse"
control_command -c ub.conf verbosity jkdf
expect_exit_value 1
teststep "check bad credentials"
cp ub.conf bad.conf
cat conf.bad_credentials >> bad.conf
control_command -c bad.conf verbosity 2
expect_exit_value 1
teststep "check spoofed client credentials"
rm -f bad.conf
cp ub.conf bad.conf
cat conf.spoofed_credentials >> bad.conf
control_command -c bad.conf verbosity 2
expect_exit_value 1
teststep "clean reload"
clean_reload
# The flush negative only works if the server is either on 1 thread,
# or there is threading enabled. Multiple processes does not work for the
# test, since the printout does not have the stats of a global cache.
if test $num_threads -le 1 -o "$have_threads" = "yes"; then
teststep "Check negative flushing"
query always.empty.
expect_answer "SERVFAIL"
query always.empty. DNSKEY
expect_answer "SERVFAIL"
control_command -c ub.conf flush_negative
expect_exit_value 0
expect_answer "^ok removed .*, 3 messages and 1 key entries"
control_command -c ub.conf flush_negative
expect_exit_value 0
expect_answer "^ok removed .*, 0 messages and 0 key entries"
else
echo "> skip Check negative flushing, because no threads"
fi
teststep "create a new local zone"
control_command -c ub.conf local_zone example.net static
expect_exit_value 0
control_command -c ub.conf local_data www.example.net A 192.0.2.1
expect_exit_value 0
teststep "check that www.example.net exists"
query www.example.net.
expect_answer "192.0.2.1"
teststep "check that mail.example.net has nxdomain"
query mail.example.net.
expect_answer "NXDOMAIN"
teststep "remove www.example.net - check it gets nxdomain"
control_command -c ub.conf local_data_remove www.example.net
expect_exit_value 0
query www.example.net.
expect_answer "NXDOMAIN"
teststep "remove nonexistent name - check bug#287(segfault) does not happen"
control_command -c ub.conf local_data_remove test.example.net
# if crash then then we get: error: could not SSL_read from unbound-control
expect_exit_value 0
teststep "remove example.net - check its gone"
control_command -c ub.conf local_zone_remove example.net
expect_exit_value 0
query www.example.net.
expect_answer "SERVFAIL"
teststep "load local-zones from file"
control_command -c ub.conf local_zones < local_zones
expect_exit_value 0
query localzonefromfile
expect_answer "REFUSED"
if test "$have_threads" = "no"; then
# Try to see if a process other than the first one
# has updated data from stdin.
for (( try=0 ; try < num_threads * 2 ; try++ )) ; do
query localzonefromfile
expect_answer "REFUSED"
done
fi
teststep "load local-data from file"
control_command -c ub.conf local_datas < local_data
expect_exit_value 0
query -t txt localdatafromfile
expect_answer "local data from file OK"
if test "$have_threads" = "no"; then
# Try to see if a process other than the first one
# has updated data from stdin.
for (( try=0 ; try < num_threads * 2 ; try++ )) ; do
query -t txt localdatafromfile
expect_answer "local data from file OK"
done
fi
teststep "load view-local-data from file"
control_command -c ub.conf view_local_datas testview < view_local_data
expect_exit_value 0
control_command -c ub.conf view_list_local_zones testview
query -t txt viewlocaldatafromfile
expect_answer "view local data from file OK"
if test "$have_threads" = "no"; then
# Try to see if a process other than the first one
# has updated data from stdin.
for (( try=0 ; try < num_threads * 2 ; try++ )) ; do
query -t txt viewlocaldatafromfile
expect_answer "view local data from file OK"
done
fi
teststep "remove local-zone, local-data and view-local-data from file"
control_command -c ub.conf local_zones_remove < local_zones_remove
expect_exit_value 0
control_command -c ub.conf local_datas_remove < local_data_remove
expect_exit_value 0
control_command -c ub.conf view_local_datas_remove testview < view_local_data_remove
expect_exit_value 0
control_command -c ub.conf list_local_zones
fail_answer "localzonefromfile"
fail_answer "local data from file OK"
expect_answer "otherlocalzone"
control_command -c ub.conf view_list_local_data testview
fail_answer "viewlocaldatafromfile"
teststep "flushing"
control_command -c ub.conf flush www.example.net
expect_exit_value 0
control_command -c ub.conf flush_type www.example.net TXT
expect_exit_value 0
control_command -c ub.conf flush_zone example.net
expect_exit_value 0
# START - single thread/process tests only
if test $num_threads -le 1; then
clean_reload_and_fill_cache
teststep "dump the cache"
query www.example.com.
cache_dump -c ub.conf
expect_exit_value 0
cat cache.dump
expect_in_cache_dump "10.20.30.40"
control_command -c ub.conf lookup www.example.com
expect_exit_value 0
# answer to lookup is meaningless because of use a forwarder, oh well.
teststep "load the cache dump"
cache_load -c ub.conf
expect_exit_value 0
query www.example.com. +nordflag
expect_answer "10.20.30.40"
else
echo ""
echo "> skip test parts that need single thread/process"
fi
# END - single thread/process tests only
clean_reload_and_fill_cache
teststep "reload and check cache - should be empty"
control_reload
query www.example.com +nordflag
fail_answer "10.20.30.40"
clean_reload_and_fill_cache
teststep "reload_keep_cache and check cache - should not be empty"
control_reload reload_keep_cache
query www.example.com +nordflag
expect_answer "10.20.30.40"
clean_reload_and_fill_cache
teststep "change msg-cache-size and reload_keep_cache - should be empty"
echo "server: msg-cache-size: 2m" >> ub.conf
control_reload reload_keep_cache
query www.example.com +nordflag
fail_answer "10.20.30.40"
clean_reload_and_fill_cache
teststep "change rrset-cache-size and reload_keep_cache - should be empty"
echo "server: rrset-cache-size: 2m" >> ub.conf
control_reload reload_keep_cache
query www.example.com +nordflag
fail_answer "10.20.30.40"
# START - have_threads tests
# This part of the test needs threads for combined output.
if test "$have_threads" = "yes"; then
clean_reload_and_fill_cache
teststep "change num-threads and reload_keep_cache - should be empty"
echo "server: num-threads: 2" >> ub.conf
control_reload reload_keep_cache
query www.example.com +nordflag
fail_answer "10.20.30.40"
clean_reload_and_fill_cache
teststep "change minimal-responses and reload_keep_cache - should not be empty"
echo "server: minimal-responses: no" >> ub.conf
control_reload reload_keep_cache
query www.example.com +nordflag
expect_answer "10.20.30.40"
else
echo ""
echo "> skip test parts that need threads, have_threads=no"
fi
# END - have_threads tests
done
# END - thread configuration
teststep "now stop the server"
control_command -c ub.conf stop
expect_exit_value 0
teststep "see if the server has really exited"
TRY_MAX=20
for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do
if kill -0 $UNBOUND_PID 2>&1 | tee tmp.$$; then
echo "not stopped yet, waiting"
sleep 1
else
echo "stopped OK; break"
break;
fi
if grep "No such process" tmp.$$; then
echo "stopped OK; break"
break;
fi
done
if kill -0 $UNBOUND_PID; then
echo "still up!"
echo "not stopped, failure"
end 1
else
echo "stopped OK"
if test -f ublocktrace.0; then
if $PRE/lock-verify ublocktrace.*; then
echo "lock-verify test worked."
else
echo "lock-verify test failed."
end 1
fi
fi
fi
end 0
@@ -1,44 +0,0 @@
; nameserver test file
$TTL 3600
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA SERVFAIL
ADJUST copy_id
SECTION QUESTION
www.example.net. IN A
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
always.empty. IN A
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
always.empty. IN DNSKEY
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
_ta-c5aa.always.empty. IN NULL
ENTRY_END
@@ -1,198 +0,0 @@
server:
verbosity: 7
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
module-config: "respip validator iterator" # respip for the RPZ part
do-not-query-localhost: no
use-caps-for-id: no
define-tag: "one two refuse rpz-one rpz-two rpz-nx"
# Interface configuration for IPv4
interface: @IPV4_ADDR@@@PORT_ALLOW@
interface: @IPV4_ADDR@@@PORT_DENY@
interface: @IPV4_ADDR@@@PORT_REFUSE@
interface: @IPV4_ADDR@@@PORT_TAG_1@
interface: @IPV4_ADDR@@@PORT_TAG_2@
interface: @IPV4_ADDR@@@PORT_TAG_3@
interface: @IPV4_ADDR@@@PORT_RPZ_1@
interface: @IPV4_ADDR@@@PORT_RPZ_2@
interface: @IPV4_ADDR@@@PORT_RPZ_NX@
interface: @IPV4_ADDR@@@PORT_VIEW_INT@
interface: @IPV4_ADDR@@@PORT_VIEW_EXT@
interface: @IPV4_ADDR@@@PORT_VIEW_INTEXT@
interface-action: @IPV4_ADDR@@@PORT_ALLOW@ allow
interface-action: @IPV4_ADDR@@@PORT_DENY@ deny
# interface-action: @IPV4_ADDR@@@PORT_REFUSE@ refuse # This is the default action
interface-action: @IPV4_ADDR@@@PORT_TAG_1@ allow
interface-action: @IPV4_ADDR@@@PORT_TAG_2@ allow
interface-action: @IPV4_ADDR@@@PORT_TAG_3@ allow
interface-action: @IPV4_ADDR@@@PORT_RPZ_1@ allow
interface-action: @IPV4_ADDR@@@PORT_RPZ_2@ allow
interface-action: @IPV4_ADDR@@@PORT_RPZ_NX@ allow
interface-action: @IPV4_ADDR@@@PORT_VIEW_INT@ allow
interface-action: @IPV4_ADDR@@@PORT_VIEW_EXT@ allow
interface-action: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ allow
interface-tag: @IPV4_ADDR@@@PORT_TAG_1@ "one"
interface-tag: @IPV4_ADDR@@@PORT_TAG_2@ "two"
interface-tag: @IPV4_ADDR@@@PORT_TAG_3@ "refuse"
interface-tag: @IPV4_ADDR@@@PORT_RPZ_1@ "rpz-one"
interface-tag: @IPV4_ADDR@@@PORT_RPZ_2@ "rpz-two"
interface-tag: @IPV4_ADDR@@@PORT_RPZ_NX@ "rpz-nx"
interface-tag-action: @IPV4_ADDR@@@PORT_TAG_1@ one redirect
interface-tag-data: @IPV4_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1"
interface-tag-action: @IPV4_ADDR@@@PORT_TAG_2@ two redirect
interface-tag-data: @IPV4_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2"
interface-tag-action: @IPV4_ADDR@@@PORT_TAG_3@ refuse always_refuse
interface-view: @IPV4_ADDR@@@PORT_VIEW_INT@ "int"
interface-view: @IPV4_ADDR@@@PORT_VIEW_EXT@ "ext"
interface-view: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ "intext"
# Mirrored interface configuration for IPv6
interface: @IPV6_ADDR@@@PORT_ALLOW@
interface: @IPV6_ADDR@@@PORT_DENY@
interface: @IPV6_ADDR@@@PORT_REFUSE@
interface: @IPV6_ADDR@@@PORT_TAG_1@
interface: @IPV6_ADDR@@@PORT_TAG_2@
interface: @IPV6_ADDR@@@PORT_TAG_3@
interface: @IPV6_ADDR@@@PORT_RPZ_1@
interface: @IPV6_ADDR@@@PORT_RPZ_2@
interface: @IPV6_ADDR@@@PORT_RPZ_NX@
interface: @IPV6_ADDR@@@PORT_VIEW_INT@
interface: @IPV6_ADDR@@@PORT_VIEW_EXT@
interface: @IPV6_ADDR@@@PORT_VIEW_INTEXT@
interface-action: @IPV6_ADDR@@@PORT_ALLOW@ allow
interface-action: @IPV6_ADDR@@@PORT_DENY@ deny
# interface-action: @IPV6_ADDR@@@PORT_REFUSE@ refuse # This is the default action
interface-action: @IPV6_ADDR@@@PORT_TAG_1@ allow
interface-action: @IPV6_ADDR@@@PORT_TAG_2@ allow
interface-action: @IPV6_ADDR@@@PORT_TAG_3@ allow
interface-action: @IPV6_ADDR@@@PORT_RPZ_1@ allow
interface-action: @IPV6_ADDR@@@PORT_RPZ_2@ allow
interface-action: @IPV6_ADDR@@@PORT_RPZ_NX@ allow
interface-action: @IPV6_ADDR@@@PORT_VIEW_INT@ allow
interface-action: @IPV6_ADDR@@@PORT_VIEW_EXT@ allow
interface-action: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ allow
interface-tag: @IPV6_ADDR@@@PORT_TAG_1@ "one"
interface-tag: @IPV6_ADDR@@@PORT_TAG_2@ "two"
interface-tag: @IPV6_ADDR@@@PORT_TAG_3@ "refuse"
interface-tag: @IPV6_ADDR@@@PORT_RPZ_1@ "rpz-one"
interface-tag: @IPV6_ADDR@@@PORT_RPZ_2@ "rpz-two"
interface-tag: @IPV6_ADDR@@@PORT_RPZ_NX@ "rpz-nx"
interface-tag-action: @IPV6_ADDR@@@PORT_TAG_1@ one redirect
interface-tag-data: @IPV6_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1"
interface-tag-action: @IPV6_ADDR@@@PORT_TAG_2@ two redirect
interface-tag-data: @IPV6_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2"
interface-tag-action: @IPV6_ADDR@@@PORT_TAG_3@ refuse always_refuse
interface-view: @IPV6_ADDR@@@PORT_VIEW_INT@ "int"
interface-view: @IPV6_ADDR@@@PORT_VIEW_EXT@ "ext"
interface-view: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ "intext"
# Mirrored interface configuration for interface name
interface: @INTERFACE@@@PORT_ALLOW@
interface: @INTERFACE@@@PORT_DENY@
interface: @INTERFACE@@@PORT_REFUSE@
interface: @INTERFACE@@@PORT_TAG_1@
interface: @INTERFACE@@@PORT_TAG_2@
interface: @INTERFACE@@@PORT_TAG_3@
interface: @INTERFACE@@@PORT_RPZ_1@
interface: @INTERFACE@@@PORT_RPZ_2@
interface: @INTERFACE@@@PORT_RPZ_NX@
interface: @INTERFACE@@@PORT_VIEW_INT@
interface: @INTERFACE@@@PORT_VIEW_EXT@
interface: @INTERFACE@@@PORT_VIEW_INTEXT@
interface-action: @INTERFACE@@@PORT_ALLOW@ allow
interface-action: @INTERFACE@@@PORT_DENY@ deny
# interface-action: @INTERFACE@@@PORT_REFUSE@ refuse # This is the default action
interface-action: @INTERFACE@@@PORT_TAG_1@ allow
interface-action: @INTERFACE@@@PORT_TAG_2@ allow
interface-action: @INTERFACE@@@PORT_TAG_3@ allow
interface-action: @INTERFACE@@@PORT_RPZ_1@ allow
interface-action: @INTERFACE@@@PORT_RPZ_2@ allow
interface-action: @INTERFACE@@@PORT_RPZ_NX@ allow
interface-action: @INTERFACE@@@PORT_VIEW_INT@ allow
interface-action: @INTERFACE@@@PORT_VIEW_EXT@ allow
interface-action: @INTERFACE@@@PORT_VIEW_INTEXT@ allow
interface-tag: @INTERFACE@@@PORT_TAG_1@ "one"
interface-tag: @INTERFACE@@@PORT_TAG_2@ "two"
interface-tag: @INTERFACE@@@PORT_TAG_3@ "refuse"
interface-tag: @INTERFACE@@@PORT_RPZ_1@ "rpz-one"
interface-tag: @INTERFACE@@@PORT_RPZ_2@ "rpz-two"
interface-tag: @INTERFACE@@@PORT_RPZ_NX@ "rpz-nx"
interface-tag-action: @INTERFACE@@@PORT_TAG_1@ one redirect
interface-tag-data: @INTERFACE@@@PORT_TAG_1@ one "A 1.1.1.1"
interface-tag-action: @INTERFACE@@@PORT_TAG_2@ two redirect
interface-tag-data: @INTERFACE@@@PORT_TAG_2@ two "A 2.2.2.2"
interface-tag-action: @INTERFACE@@@PORT_TAG_3@ refuse always_refuse
interface-view: @INTERFACE@@@PORT_VIEW_INT@ "int"
interface-view: @INTERFACE@@@PORT_VIEW_EXT@ "ext"
interface-view: @INTERFACE@@@PORT_VIEW_INTEXT@ "intext"
# Interface with scope_id
interface: @INTERFACE@vlan50@@PORT_ALLOW@
interface: @INTERFACE@vlan51@@PORT_ALLOW@
interface-tag: @INTERFACE@vlan50@@PORT_ALLOW@ "one"
interface-tag: @INTERFACE@vlan51@@PORT_ALLOW@ "two"
interface-action: @INTERFACE@vlan50@@PORT_ALLOW@ allow
interface-action: @INTERFACE@vlan51@@PORT_ALLOW@ allow
local-zone: one.vtest. static
local-data: "one.vtest. A 1.1.1.1"
local-zone-tag: one.vtest. "one"
local-zone: two.vtest. static
local-data: "two.vtest. A 2.2.2.2"
local-zone-tag: two.vtest. "two"
# Local zones configuration
local-zone: local. transparent
local-data: "local. A 0.0.0.0"
local-zone-tag: local. "one two refuse"
# Views configuration
view:
name: "int"
view-first: yes
local-zone: "." refuse
local-zone: "internal" transparent
view:
name: "ext"
view-first: yes
local-zone: "internal" refuse
view:
name: "intext"
view-first: yes
# RPZ configuration
rpz:
name: "rpz-one"
zonefile: "rpz-one.zone"
tags: "rpz-one"
rpz:
name: "rpz-two"
zonefile: "rpz-two.zone"
tags: "rpz-two"
rpz:
name: "rpz-nx"
zonefile: "rpz-nx.zone"
tags: "rpz-nx"
# Stubs configuration
forward-zone:
name: "."
forward-addr: @IPV4_ADDR@@@FORWARD_PORT@
stub-zone:
name: "internal"
stub-addr: @IPV4_ADDR@@@STUB_PORT@
@@ -1,268 +0,0 @@
# #-- acl_interface.test.scenario --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
ip addr add $IPV4_ADDR dev lo
ip addr add $IPV6_ADDR dev lo
ip link set lo up
ip link add $INTERFACE type dummy
ip addr add $INTERFACE_ADDR_1 dev $INTERFACE
ip addr add $INTERFACE_ADDR_2 dev $INTERFACE
ip addr add $INTERFACE_ADDR_3 dev $INTERFACE
ip addr add $INTERFACE_ADDR_4 dev $INTERFACE
ip link set $INTERFACE up
ip link add ${INTERFACE}vlan50 type dummy
ip addr add fe80::2/64 dev ${INTERFACE}vlan50
ip link add ${INTERFACE}vlan51 type dummy
ip addr add fe80::2/64 dev ${INTERFACE}vlan51
ip link set ${INTERFACE}vlan50 up
ip link set ${INTERFACE}vlan51 up
ip addr show
# start the forwarder in the background
get_ldns_testns
$LDNS_TESTNS -p $FORWARD_PORT acl_interface.testns >fwd.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
# start the stub in the background
$LDNS_TESTNS -p $STUB_PORT acl_interface.testns2 >fwd2.log 2>&1 &
STUB_PID=$!
echo "STUB_PID=$STUB_PID" >> .tpkg.var.test
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_ldns_testns_up fwd.log
wait_ldns_testns_up fwd2.log
wait_unbound_up unbound.log
end () {
echo "> cat logfiles"
cat fwd.log
cat fwd2.log
cat unbound.log
exit $1
}
# Query for the given domain to the given port
# $1: address family [4, 6]
# $2: port
# $3: dname
query () {
addr=$IPV4_ADDR
if test "$1" -eq 6; then
addr=$IPV6_ADDR
fi
echo "> dig -p $2 $3"
dig @"$addr" -p $2 $3 | tee outfile
}
# Query for the given domain to the given port
# $1: address
# $2: port
# $3: dname
query_addr () {
echo "> dig @$1 -p $2 $3"
dig @"$1" -p $2 $3 | tee outfile
}
expect_refused () {
echo "> check answer for REFUSED"
if grep "REFUSED" outfile; then
echo "OK"
else
echo "Not OK"
end 1
fi
}
expect_nx_answer () {
echo "> check answer for NXDOMAIN"
if grep "NXDOMAIN" outfile; then
echo "OK"
else
echo "Not OK"
end 1
fi
}
expect_external_answer () {
echo "> check external answer"
if grep "1.2.3.4" outfile; then
echo "OK"
else
echo "Not OK"
end 1
fi
}
expect_internal_answer () {
echo "> check internal answer"
if grep "10.20.30.40" outfile; then
echo "OK"
else
echo "Not OK"
end 1
fi
}
expect_tag_one_answer () {
echo "> check tag 'one' answer"
if grep "1.1.1.1" outfile; then
echo "OK"
else
echo "Not OK"
end 1
fi
}
expect_tag_two_answer () {
echo "> check tag 'two' answer"
if grep "2.2.2.2" outfile; then
echo "OK"
else
echo "Not OK"
end 1
fi
}
expect_rpz_one_answer () {
echo "> check tag 'one' answer"
if grep "11.11.11.11" outfile; then
echo "OK"
else
echo "Not OK"
end 1
fi
}
expect_rpz_two_answer () {
echo "> check tag 'two' answer"
if grep "22.22.22.22" outfile; then
echo "OK"
else
echo "Not OK"
end 1
fi
}
# do the test
for i in 4 6; do
query $i $PORT_REFUSE "www.external"
expect_refused
query $i $PORT_REFUSE "www.internal"
expect_refused
query $i $PORT_ALLOW "www.external"
expect_external_answer
query $i $PORT_ALLOW "www.internal"
expect_internal_answer
query $i $PORT_TAG_1 "local"
expect_tag_one_answer
query $i $PORT_TAG_2 "local"
expect_tag_two_answer
query $i $PORT_TAG_3 "local"
expect_refused
query $i $PORT_RPZ_1 "local"
expect_rpz_one_answer
query $i $PORT_RPZ_2 "local"
expect_rpz_two_answer
query $i $PORT_RPZ_NX "local"
expect_nx_answer
query $i $PORT_VIEW_INT "www.internal"
expect_internal_answer
query $i $PORT_VIEW_INT "www.external"
expect_refused
query $i $PORT_VIEW_EXT "www.internal"
expect_refused
query $i $PORT_VIEW_EXT "www.external"
expect_external_answer
query $i $PORT_VIEW_INTEXT "www.internal"
expect_internal_answer
query $i $PORT_VIEW_INTEXT "www.external"
expect_external_answer
done
for addr in $INTERFACE_ADDR_1 $INTERFACE_ADDR_2 $INTERFACE_ADDR_3 $INTERFACE_ADDR_4; do
query_addr $addr $PORT_REFUSE "www.external"
expect_refused
query_addr $addr $PORT_REFUSE "www.internal"
expect_refused
query_addr $addr $PORT_ALLOW "www.external"
expect_external_answer
query_addr $addr $PORT_ALLOW "www.internal"
expect_internal_answer
query_addr $addr $PORT_TAG_1 "local"
expect_tag_one_answer
query_addr $addr $PORT_TAG_2 "local"
expect_tag_two_answer
query_addr $addr $PORT_TAG_3 "local"
expect_refused
query_addr $addr $PORT_RPZ_1 "local"
expect_rpz_one_answer
query_addr $addr $PORT_RPZ_2 "local"
expect_rpz_two_answer
query_addr $addr $PORT_RPZ_NX "local"
expect_nx_answer
query_addr $addr $PORT_VIEW_INT "www.internal"
expect_internal_answer
query_addr $addr $PORT_VIEW_INT "www.external"
expect_refused
query_addr $addr $PORT_VIEW_EXT "www.internal"
expect_refused
query_addr $addr $PORT_VIEW_EXT "www.external"
expect_external_answer
query_addr $addr $PORT_VIEW_INTEXT "www.internal"
expect_internal_answer
query_addr $addr $PORT_VIEW_INTEXT "www.external"
expect_external_answer
done
query_addr fe80::2%${INTERFACE}vlan50 $PORT_ALLOW "one.vtest."
expect_tag_one_answer
query_addr fe80::2%${INTERFACE}vlan51 $PORT_ALLOW "two.vtest."
expect_tag_two_answer
end 0
@@ -1,228 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
auth-zone:
name: "unbound-auth-test.nlnetlabs.nl."
## zonefile (or none).
## zonefile: "example.com.zone"
## master by IP address or hostname
## can list multiple masters, each on one line.
## master:
## url for http fetch
## url:
## queries from downstream clients get authoritative answers.
## for-downstream: yes
for-downstream: yes
## queries are used to fetch authoritative answers from this zone,
## instead of unbound itself sending queries there.
## for-upstream: yes
for-upstream: yes
## on failures with for-upstream, fallback to sending queries to
## the authority servers
## fallback-enabled: no
## this line generates zonefile: \n"/tmp/xxx.example.com"\n
zonefile:
TEMPFILE_NAME unbound-auth-test.nlnetlabs.nl
## this is the inline file /tmp/xxx.unbound-auth-test.nlnetlabs.nl
## the tempfiles are deleted when the testrun is over.
TEMPFILE_CONTENTS unbound-auth-test.nlnetlabs.nl
;; Zone: unbound-auth-test.nlnetlabs.nl.
;
unbound-auth-test.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1554201247 14400 3600 604800 3600
unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG SOA 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. NLFcC2oet+HC+1dhT4D/2JJFIcMiRtTM81KwvT7u8ybF3iDE4bnyrILvQk8DsizpYKwk+D3J3tMC3TV5+//qFw==
;; Out of zone record that shouldn't break NSEC3 proofs.
;; There was a bug that would keep removing labels and use this out of zone
;; record.
nlnetlabs.nl. 3600 IN NS ns.nlnetlabs.nl.
;
unbound-auth-test.nlnetlabs.nl. 3600 IN NS ns.nlnetlabs.nl.
unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NS 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. Gm0UF77ljiInG4/HZ6Tkzx7z9N45WwwmbBt9KxeN3z1BkdBLiy10Du71ZBFLP71b+USs1rv5SJQ0hteZFbl8sg==
unbound-auth-test.nlnetlabs.nl. 3600 IN DNSKEY 256 3 13 S3Da9HqpFj0pEbI8WXOdkvN3vgZ6qxNSz4XyKkmWWAG28kq5T+/lWp36DUDvnMI9wJNuixzUHtgZ6oZoAaVrPg== ;{id = 15486 (zsk), size = 256b}
unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. 1cLFaDb6kP8KnRJujW1ieHUdS5Tgdv59TCZ+FloCRJMJBwQAow6UKAIY7HHlTb8IHTajyUrjlxX/dN8S/5VwuA==
unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3PARAM 1 0 1 -
unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3PARAM 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. GWgtJArNpfJ4ifoinUBUVRTlkk0CMemdozhMKY13dk3EQMP0jb4g49PcTAgEP2dBUs9efttQVQQpmFPyTGfN1w==
tvdhfml24jp7cott1qijj9812qu9ibh3.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - 41pcah2j3fr8k99gj5pveh4igrjfc871 NS SOA RRSIG DNSKEY NSEC3PARAM ;{ flags: -, from: unbound-auth-test.nlnetlabs.nl. to: b.b.unbound-auth-test.nlnetlabs.nl.}
tvdhfml24jp7cott1qijj9812qu9ibh3.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. DzwQTaZj4j29eHXEKllIFcq4yNWA7VMqkh8+gCrBO+GEek9+hGxL6ANsU0Hv6glyBmPDeYUZcy4xy0EEj1R4hQ==
;
;; Empty nonterminal: b.unbound-auth-test.nlnetlabs.nl.
apejmh1fqds9gir0nnsf4d5gtno10tg1.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - dbs0aj50410urbvt3ghfr644n7h06gs5 ;{ flags: -, from: b.unbound-auth-test.nlnetlabs.nl. to: c.b.unbound-auth-test.nlnetlabs.nl.}
apejmh1fqds9gir0nnsf4d5gtno10tg1.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. m9B0W8xDZF6ml/m8OujrZZBiF1O0wAeKciK/5FMT/hCjHR0hMrbXBPg/ZntpVJD/Pko2HcBvWKu87U721yTHyQ==
;
;; Empty nonterminal: a.b.unbound-auth-test.nlnetlabs.nl.
toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - tvdhfml24jp7cott1qijj9812qu9ibh3 ;{ flags: -, from: a.b.unbound-auth-test.nlnetlabs.nl. to: unbound-auth-test.nlnetlabs.nl.}
toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. Jr1oPPs+DGBVV13n4gG4AGVFsleItluLbtCIyQDcYZEA+e5JMkrLzfW3rXqXaUSUauR4iEu5FmTfs4GTsumdUw==
;
*.a.b.unbound-auth-test.nlnetlabs.nl. 3600 IN TXT "*.a.b"
*.a.b.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG TXT 13 5 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. NrMUaNzZp88lXit/HLL/iDBHspDSfoM//K+/0VwUYRZjmVJQQHCHtHBGgR4NgrLi3ffvCAWq2LNGxDm+YMSl3g==
jrtu61ssgd18lfjglqrbbs5b2vmbh6cl.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - k8r2bchsbehs5dbu5d6ivjfnmjb3jc8s TXT RRSIG ;{ flags: -, from: *.a.b.unbound-auth-test.nlnetlabs.nl. to: *.c.b.unbound-auth-test.nlnetlabs.nl.}
jrtu61ssgd18lfjglqrbbs5b2vmbh6cl.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. kLIhE9+iz1OybJwXbtRJZst+Mk5u4OAtpZGWSwJUfqD6dXAk+h6msKAR18jpPeL7cCjXjIAKIv3x4oYRkl+uKw==
;
;; Empty nonterminal: b.b.unbound-auth-test.nlnetlabs.nl.
41pcah2j3fr8k99gj5pveh4igrjfc871.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - apejmh1fqds9gir0nnsf4d5gtno10tg1 ;{ flags: -, from: b.b.unbound-auth-test.nlnetlabs.nl. to: b.unbound-auth-test.nlnetlabs.nl.}
41pcah2j3fr8k99gj5pveh4igrjfc871.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. XlIjnuF313w0GXn6vymrAcsyuxZSaN6IShFjxQ5T2HUFePHBNvtRkL+TtMQZNlR8nTR3+MWcON0cOZIGjVCCjg==
;
*.b.b.unbound-auth-test.nlnetlabs.nl. 3600 IN TXT "*.b.b"
*.b.b.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG TXT 13 5 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. FkS3ceWpoHyOKaa8OtywIl148Bwo0vkzBd263vqYe0puhuRa6IvNEk5ERdwfWt9eNEq+6IlizPT/dYxA2fXYXA==
ft7dasbom0copm9e2ak9k151dj08kjfs.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - jrtu61ssgd18lfjglqrbbs5b2vmbh6cl TXT RRSIG ;{ flags: -, from: *.b.b.unbound-auth-test.nlnetlabs.nl. to: *.a.b.unbound-auth-test.nlnetlabs.nl.}
ft7dasbom0copm9e2ak9k151dj08kjfs.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. 5QhLGohTRLQSGC8vstzDjqcwfrbOnLUG2OelSjvsZFy1smsWUxJBCQXQdx1+JX7xamZHlZESQtS+cELuZUqpvA==
;
;; Empty nonterminal: c.b.unbound-auth-test.nlnetlabs.nl.
dbs0aj50410urbvt3ghfr644n7h06gs5.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - ft7dasbom0copm9e2ak9k151dj08kjfs ;{ flags: -, from: c.b.unbound-auth-test.nlnetlabs.nl. to: *.b.b.unbound-auth-test.nlnetlabs.nl.}
dbs0aj50410urbvt3ghfr644n7h06gs5.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. hjk1foJWW68JK3O1Ktf0ZogoXVrMDw3mHVBBYTrpaBKX1gWR5icmJiOCYZWYx3z88PUnGkfH+kx4oDUjioqN+Q==
;
*.c.b.unbound-auth-test.nlnetlabs.nl. 3600 IN TXT "*.c.b"
*.c.b.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG TXT 13 5 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. b7rFR5tlx5Y5SQqNdYBtfD6DrkNx9h79GCmnZfWrUzRz+A256k2v08IPRJDK+WxEHuYHjfNnVWxjRr9M1OW2Iw==
k8r2bchsbehs5dbu5d6ivjfnmjb3jc8s.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - toqivctpt4pdcp5g19neqt19fvtgbgeu TXT RRSIG ;{ flags: -, from: *.c.b.unbound-auth-test.nlnetlabs.nl. to: a.b.unbound-auth-test.nlnetlabs.nl.}
k8r2bchsbehs5dbu5d6ivjfnmjb3jc8s.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. 34BS1ajedCNdfXgUfxTyiAK1ichfFLshhJ3TnfplrUps0UsZaQLEG+EIlP4wTBtro2c6V8YCSmOuxuce4gYoDw==
;
TEMPFILE_END
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test authority zone with NSEC3 empty nonterminal
; with exact match NSEC3 in existence (eg. not a CE-proof)
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.44
ENTRY_END
RANGE_END
; ns.example.net.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.44
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN A
SECTION ANSWER
ns.example.net. IN A 1.2.3.44
SECTION AUTHORITY
example.net. IN NS ns.example.net.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN AAAA
SECTION AUTHORITY
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
www.example.net. IN A 1.2.3.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.net.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
a.b.unbound-auth-test.nlnetlabs.nl. IN TXT
ENTRY_END
; recursion happens here.
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR AA RD RA DO NOERROR
SECTION QUESTION
a.b.unbound-auth-test.nlnetlabs.nl. IN TXT
SECTION ANSWER
SECTION AUTHORITY
unbound-auth-test.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1554201247 14400 3600 604800 3600
unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG SOA 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. NLFcC2oet+HC+1dhT4D/2JJFIcMiRtTM81KwvT7u8ybF3iDE4bnyrILv Qk8DsizpYKwk+D3J3tMC3TV5+//qFw==
toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - TVDHFML24JP7COTT1QIJJ9812QU9IBH3
toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. Jr1oPPs+DGBVV13n4gG4AGVFsleItluLbtCIyQDcYZEA+e5JMkrLzfW3 rXqXaUSUauR4iEu5FmTfs4GTsumdUw==
ENTRY_END
SCENARIO_END
@@ -1,234 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
auth-zone:
name: "test-ns-signed.dev.internet.nl."
## zonefile (or none).
## zonefile: "example.com.zone"
## master by IP address or hostname
## can list multiple masters, each on one line.
## master:
## url for http fetch
## url:
## queries from downstream clients get authoritative answers.
## for-downstream: yes
for-downstream: yes
## queries are used to fetch authoritative answers from this zone,
## instead of unbound itself sending queries there.
## for-upstream: yes
for-upstream: yes
## on failures with for-upstream, fallback to sending queries to
## the authority servers
## fallback-enabled: no
## this line generates zonefile: \n"/tmp/xxx.example.com"\n
zonefile:
TEMPFILE_NAME test-ns-signed.dev.internet.nl
## this is the inline file /tmp/xxx.test-ns-signed.dev.internet.nl
## the tempfiles are deleted when the testrun is over.
TEMPFILE_CONTENTS test-ns-signed.dev.internet.nl
test-ns-signed.dev.internet.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 4 14400 3600 604800 3600
test-ns-signed.dev.internet.nl. 3600 IN RRSIG SOA 8 4 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. ybb0Hc7NC+QOFEEv4cX2+Umlk+miiOAHmeP2Uwvg6lqfxkk+3g7yWBEKMinXjLKz0odWZ6fki6M/3yBPQX8SV0OCRY5gYvAHAjbxAIHozIM+5iwOkRQhNF1DRgQ3BLjL93f6T5e5Z4y1812iOpu4GYswXW/UTOZACXz2UiaCPAg=
;; Out of zone record that shouldn't break NSEC3 proofs.
;; There was a bug that would keep removing labels and use this out of zone
;; record.
dev.internet.nl. 3600 IN NS ns.test-ns-signed.dev.internet.nl.
test-ns-signed.dev.internet.nl. 3600 IN NS ns.test-ns-signed.dev.internet.nl.
test-ns-signed.dev.internet.nl. 3600 IN RRSIG NS 8 4 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. KqiwTF3hKm1ZHGbgx6MVzZYHlS1p7+Xrikx4izMHFbWiD6ki6lrJBJsnH9j/hH1cwHxjXslOeJh0hdBdbn8la0meZPsebOyUbEjoLPzRLzKNLDBuA4BUJnRGQJy21CX7XooXAMAmR8YFipO8CojI9EogU2m2o9YkfbpacFWQoTk=
test-ns-signed.dev.internet.nl. 3600 IN DNSKEY 256 3 8 AwEAAc6c8tpMXBSOFLu/9n4aUUDK43wN4B7A2UDqZi0IOkyptxWCFghleyZeeN5uq6p9MoUt8lS73mFmIYC0ux5zBO3uVaJQ9u+00qRAEVg/RgBwa58y2f/zNtFV/f7mBSPcPTiEjUh0bwHSiTvUn/8JkrvjyAcbQMO0YOsRof5q6tzl ;{id = 32784 (zsk), size = 1024b}
test-ns-signed.dev.internet.nl. 3600 IN DNSKEY 257 3 8 AwEAAdC0hBJP1U8lbZ6JFXn0ouK6VipiraN7I8oog62SuEd/fqAupys7A/Ih6WK/UoJorjlnccEL8euNMaS4kNogvoBrFx8ciIWKcbot5mtwc4WDr3cnR+HIZNCUFVkIxsMqE7HCD0yn0zhkB60shED+ZHs8zpyU+cjnsOSizxOnIY+F ;{id = 54502 (ksk), size = 1024b}
test-ns-signed.dev.internet.nl. 3600 IN RRSIG DNSKEY 8 4 3600 20190205132351 20190108132351 54502 test-ns-signed.dev.internet.nl. X3qN+plfjf45FA4pr/tcUqUCR9ajDqwtNe4TS19WOJogVL/Gf/N5/ToOCrs3s+a7VrJl58WvSJquDM8xAS8f4oJggKgHFhopce8tMTGRxkRvJo4y+tt3vCveh/zjHLAnbOaBGA4CJ/IPhRqzHzcX/SjSv0EACWd6XpQIWogRv6c=
test-ns-signed.dev.internet.nl. 3600 IN NSEC3PARAM 1 0 1 -
test-ns-signed.dev.internet.nl. 3600 IN RRSIG NSEC3PARAM 8 4 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. A/1xUGO46uIz+9vjPGfWVD99akwU9bd/UlnVG9LPfoTzG7TMWSoZ4ksg8k8ub8K1TrkDmQokNHSW0Gt6qwoRh17c+p1h/SFlDVL83wgTc4NqG43OQjgGU9RV035XU+VESlO3lavifhlu8rHWBJTlhiXcMGq6H+zvoz4sx9p5GNM=
93stp7o7i5n9gb83uu7vv6h8qltk14ig.test-ns-signed.dev.internet.nl. 3600 IN NSEC3 1 0 1 - fee0c2kfhi6bnljce6vehaenqq3pbupu NS SOA RRSIG DNSKEY NSEC3PARAM
93stp7o7i5n9gb83uu7vv6h8qltk14ig.test-ns-signed.dev.internet.nl. 3600 IN RRSIG NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. YoTRDQ7sSvERcY1WwAH4oRRR7DmaAwA8/H70jdMeSU4wsnM/VM03kDcc2sgq5edmHiZoTWnq7nEb/1Y7Ro0YrqTUQdYFZvXi6UjZQrKI9nqAGnhdXZWlZJHmYpn2+2Emd+bYHkwvKaPnfnnKjUoGVBH8Hly0HBYKPUF1/viquB0=
kl94uofq16t2vlq0bmampf6e4o9k5hbi.test-ns-signed.dev.internet.nl. 3600 IN NSEC3 1 0 1 - 7ag3p2pfrvq09dpn63cvga8ub1rnrrg1
kl94uofq16t2vlq0bmampf6e4o9k5hbi.test-ns-signed.dev.internet.nl. 3600 IN RRSIG NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. NI5zJ/k1kPVZ1abms5OoME/wazb77Ltduyk6ZevAnt4tKydZYwSsjEd0Ixknw9xnakCABn5rAYEXctARN0KCwCkNHR7TYlTAJT14hlDYjbad2u2HT9L1kzAnfj3BeLZl/LRADeMbTtzrkTSF3Dnezurb94fMnUnKt2hPfQfj560=
fee0c2kfhi6bnljce6vehaenqq3pbupu.test-ns-signed.dev.internet.nl. 3600 IN NSEC3 1 0 1 - i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv
fee0c2kfhi6bnljce6vehaenqq3pbupu.test-ns-signed.dev.internet.nl. 3600 IN RRSIG NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. WIb3ISP1nlafbyWoWa4z7sG5IS+V86PyvEMHdD/64hgsFkrCu483XK7VNnBz28SL/631JXA1R19O+UxeWhTUyctp8QSt6cEZcMPY8b7yG97rNFNvhSw75rSXXt+JwgIYHPHQV5oqPtVmEpQM5SfJd+hs+Nn1bJcWB3UaESNNAMQ=
*.a.b.test-ns-signed.dev.internet.nl. 3600 IN TXT "a"
*.a.b.test-ns-signed.dev.internet.nl. 3600 IN RRSIG TXT 8 6 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. eNcJkQXdTO1z21od0sXbgqtABhhr/9tNC/Zx8zYbhXkfj7rufN71yk9xqgu6TG0MeJV26ISrqIGRVFJFmTRvO1LLxoKkEPhqe+08nqRztxXZajCV+dDeFoGIDcXJg6tAxB+MJznkKDtZPpIWvyt1WwdYfcMrGtE9AmR3K1/P/xE=
7ag3p2pfrvq09dpn63cvga8ub1rnrrg1.test-ns-signed.dev.internet.nl. 3600 IN NSEC3 1 0 1 - 93stp7o7i5n9gb83uu7vv6h8qltk14ig TXT RRSIG
7ag3p2pfrvq09dpn63cvga8ub1rnrrg1.test-ns-signed.dev.internet.nl. 3600 IN RRSIG NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. gtxoiTa3FRUqoRLvkWSxmWQ+DfijVd26gpKH3+GmGIcNB/sr/Cf8kERRwVVHvgzYIcvdJcys5b2LUXnZJwcdAlx7efZPWgNZzWxJrw6ES25LCWJOrp31isWn9FlAZGIbnpyEXxD2apBSmtyPnKbTgU6lHHS9jrsYHu4G8Zouv3k=
ns.test-ns-signed.dev.internet.nl. 3600 IN A 185.49.141.11
ns.test-ns-signed.dev.internet.nl. 3600 IN RRSIG A 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. F9sXEVAmlRn+/84WbuvegiCwstNxMDMQLl0Obv2CTPpee4U6psbmXrlzczjjjkE6aLjsIHYdcXCzEWTrmukT+V9jzaGPRJvxNvC0ASWyzggAoh0Z++Hl4cVa9587o6I9ODayehFI9Pgdem+RVdb4zlWuzi9FmKXgeTlgWN54tPg=
ns.test-ns-signed.dev.internet.nl. 3600 IN AAAA 2a04:b900:0:100::11
ns.test-ns-signed.dev.internet.nl. 3600 IN RRSIG AAAA 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. F1XRrx/QgfzJ1RS7d0m23QoIPx1G8WL1SrlTOm7pk5vWTL07w7HEw2TETblkjnitJGKfN9ebsIum/cDPUZc3UqLkguP2UCWpePnlllTJuwmG0Z+wyINIR4xF4PQlqttvzThBkD2JKWb/o0W8dQyXTj+jJ1vCZ0NjjA2N4+iJIQE=
i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl. 3600 IN NSEC3 1 0 1 - kl94uofq16t2vlq0bmampf6e4o9k5hbi A AAAA RRSIG
i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl. 3600 IN RRSIG NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. xLysIqn3r3rdHE3GvwVjZwUyuFClhkhgrQdwyc66RuHKE3MfSuhVr9cHTCJzhipF5TwQTbUpLOr74r99bzdiIY8Xkgjy2M0nc76v1ObSGJdPPjGTevbhDOnavUURwOR/q0NqqO2iPrgFjOVMZ+8uwRJtCty2iAVZfVG+qDzs8hU=
TEMPFILE_END
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test authority zone with NSEC3 wildcard
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.44
ENTRY_END
RANGE_END
; ns.example.net.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.44
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN A
SECTION ANSWER
ns.example.net. IN A 1.2.3.44
SECTION AUTHORITY
example.net. IN NS ns.example.net.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN AAAA
SECTION AUTHORITY
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
www.example.net. IN A 1.2.3.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.net.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
something.a.b.test-ns-signed.dev.internet.nl. IN TXT
ENTRY_END
; recursion happens here.
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR AA RD RA DO NOERROR
SECTION QUESTION
something.a.b.test-ns-signed.dev.internet.nl. IN TXT
SECTION ANSWER
something.a.b.test-ns-signed.dev.internet.nl. IN TXT "a"
something.a.b.test-ns-signed.dev.internet.nl. 3600 IN RRSIG TXT 8 6 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. eNcJkQXdTO1z21od0sXbgqtABhhr/9tNC/Zx8zYbhXkfj7rufN71yk9xqgu6TG0MeJV26ISrqIGRVFJFmTRvO1LLxoKkEPhqe+08nqRztxXZajCV+dDeFoGIDcXJg6tAxB+MJznkKDtZPpIWvyt1WwdYfcMrGtE9AmR3K1/P/xE=
SECTION AUTHORITY
i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl. 3600 IN NSEC3 1 0 1 - KL94UOFQ16T2VLQ0BMAMPF6E4O9K5HBI A AAAA RRSIG
i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl. 3600 IN RRSIG NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. xLysIqn3r3rdHE3GvwVjZwUyuFClhkhgrQdwyc66RuHKE3MfSuhVr9cHTCJzhipF5TwQTbUpLOr74r99bzdiIY8Xkgjy2M0nc76v1ObSGJdPPjGTevbhDOnavUURwOR/q0NqqO2iPrgFjOVMZ+8uwRJtCty2iAVZfVG+qDzs8hU=
ENTRY_END
; Check that the reply for a wildcard nodata answer contains the NSEC3s.
; qname denial NSEC3, closest encloser NSEC3, and type bitmap NSEC3.
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
something.a.b.test-ns-signed.dev.internet.nl. IN AAAA
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR AA RD RA DO NOERROR
SECTION QUESTION
something.a.b.test-ns-signed.dev.internet.nl. IN AAAA
SECTION ANSWER
SECTION AUTHORITY
test-ns-signed.dev.internet.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 4 14400 3600 604800 3600
test-ns-signed.dev.internet.nl. 3600 IN RRSIG SOA 8 4 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. ybb0Hc7NC+QOFEEv4cX2+Umlk+miiOAHmeP2Uwvg6lqfxkk+3g7yWBEKMinXjLKz0odWZ6fki6M/3yBPQX8SV0OCRY5gYvAHAjbxAIHozIM+5iwOkRQhNF1DRgQ3BLjL93f6T5e5Z4y1812iOpu4GYswXW/UTOZACXz2UiaCPAg= ;{id = 32784}
7ag3p2pfrvq09dpn63cvga8ub1rnrrg1.test-ns-signed.dev.internet.nl. 3600 IN NSEC3 1 0 1 - 93stp7o7i5n9gb83uu7vv6h8qltk14ig TXT RRSIG
7ag3p2pfrvq09dpn63cvga8ub1rnrrg1.test-ns-signed.dev.internet.nl. 3600 IN RRSIG NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. gtxoiTa3FRUqoRLvkWSxmWQ+DfijVd26gpKH3+GmGIcNB/sr/Cf8kERRwVVHvgzYIcvdJcys5b2LUXnZJwcdAlx7efZPWgNZzWxJrw6ES25LCWJOrp31isWn9FlAZGIbnpyEXxD2apBSmtyPnKbTgU6lHHS9jrsYHu4G8Zouv3k= ;{id = 32784}
fee0c2kfhi6bnljce6vehaenqq3pbupu.test-ns-signed.dev.internet.nl. 3600 IN NSEC3 1 0 1 - i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv
fee0c2kfhi6bnljce6vehaenqq3pbupu.test-ns-signed.dev.internet.nl. 3600 IN RRSIG NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. WIb3ISP1nlafbyWoWa4z7sG5IS+V86PyvEMHdD/64hgsFkrCu483XK7VNnBz28SL/631JXA1R19O+UxeWhTUyctp8QSt6cEZcMPY8b7yG97rNFNvhSw75rSXXt+JwgIYHPHQV5oqPtVmEpQM5SfJd+hs+Nn1bJcWB3UaESNNAMQ= ;{id = 32784}
i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl. 3600 IN NSEC3 1 0 1 - kl94uofq16t2vlq0bmampf6e4o9k5hbi A AAAA RRSIG
i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl. 3600 IN RRSIG NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. xLysIqn3r3rdHE3GvwVjZwUyuFClhkhgrQdwyc66RuHKE3MfSuhVr9cHTCJzhipF5TwQTbUpLOr74r99bzdiIY8Xkgjy2M0nc76v1ObSGJdPPjGTevbhDOnavUURwOR/q0NqqO2iPrgFjOVMZ+8uwRJtCty2iAVZfVG+qDzs8hU= ;{id = 32784}
ENTRY_END
SCENARIO_END
-48
View File
@@ -1,48 +0,0 @@
# #-- auth_tls.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
. ../common.sh
#skip_test "Skip test due to no UDP service for SOA query"
PRE="../.."
if test -n "$NSD"; then
:
else
if `which nsd >/dev/null 2>&1`; then
# need nsd >= 4.2.0
NSD="nsd"
else
if test -f $PRE/../nsd/nsd; then
NSD="$PRE/../nsd/nsd"
else
skip_test "need nsd"
fi
fi
fi
echo "NSD=$NSD"
get_random_port 2
UNBOUND_PORT=$RND_PORT
NSD_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test
# make config file
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls.ub.conf > ub.conf
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls.nsd.conf > nsd.conf
# start nsd
$NSD -d -c nsd.conf >nsd.log 2>&1 &
NSD_PID=$!
echo "NSD_PID=$NSD_PID" >> .tpkg.var.test
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_nsd_up nsd.log
wait_unbound_up unbound.log
@@ -1,48 +0,0 @@
# #-- auth_tls_failcert.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
. ../common.sh
#skip_test "Skip test due to no UDP service for SOA query"
PRE="../.."
if test -n "$NSD"; then
:
else
if `which nsd >/dev/null 2>&1`; then
# need nsd >= 4.2.0
NSD="nsd"
else
if test -f $PRE/../nsd/nsd; then
NSD="$PRE/../nsd/nsd"
else
skip_test "need nsd"
fi
fi
fi
echo "NSD=$NSD"
get_random_port 2
UNBOUND_PORT=$RND_PORT
NSD_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test
# make config file
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls_failcert.ub.conf > ub.conf
sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls_failcert.nsd.conf > nsd.conf
# start nsd
$NSD -d -c nsd.conf >nsd.log 2>&1 &
NSD_PID=$!
echo "NSD_PID=$NSD_PID" >> .tpkg.var.test
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_nsd_up nsd.log
wait_unbound_up unbound.log
-325
View File
@@ -1,325 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
serve-expired: yes
serve-expired-client-timeout: 0
module-config: "cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
cachedb-check-when-serve-expired: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb and serve expired.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 400
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 400
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.example.com.
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 400
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
RANGE_END
; Get an entry in cache, to make it expired.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; Get another query in cache to make it expired.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
; get the answer for it
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
; it is now expired
STEP 40 TIME_PASSES ELAPSE 20
; cache is expired, and cachedb is expired.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 30 IN A 1.2.3.5
ENTRY_END
; cache is expired, cachedb has no answer
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 90 TRAFFIC
; the entry should be refreshed in cache now.
; cache is valid and cachedb is valid.
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; flush the entry from cache
STEP 120 FLUSH_MESSAGE www.example.com. IN A
; cache has no answer, cachedb valid
STEP 130 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 140 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 150 TIME_PASSES ELAPSE 20
; flush the entry from cache
STEP 160 FLUSH_MESSAGE www.example.com. IN A
; cache has no answer, cachedb is expired
STEP 170 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 180 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 190 TRAFFIC
; the expired message is updated.
; cache is valid, cachedb is valid
STEP 200 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 210 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; expire the entry in cache
STEP 220 EXPIRE_MESSAGE www.example.com. IN A
; cache is expired, cachedb valid
STEP 230 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 240 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 250 TIME_PASSES ELAPSE 20
; expire the entry in cache
STEP 260 EXPIRE_MESSAGE www.example.com. IN A
; cache is expired, cachedb is expired
STEP 270 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 280 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 290 TRAFFIC
; the expired message is updated.
; cache is valid, cachedb is valid
STEP 300 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 310 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END
-260
View File
@@ -1,260 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
serve-expired: yes
serve-expired-client-timeout: 0
serve-expired-reply-ttl: 30
module-config: "cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
cachedb-check-when-serve-expired: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb and serve-expired-reply-ttl.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 400
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 400
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.example.com.
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 400
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
RANGE_END
; make time not 0
STEP 2 TIME_PASSES ELAPSE 212
; Get an entry in cache, to make it expired.
STEP 4 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; Get another query in cache to make it expired.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
; get the answer for it
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
; it is now expired
STEP 40 TIME_PASSES ELAPSE 20
; cache is expired, and cachedb is expired.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 30 IN A 1.2.3.5
ENTRY_END
; got an answer from upstream
STEP 61 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 62 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
; cache is expired, cachedb has no answer
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 90 TRAFFIC
; the entry should be refreshed in cache now.
; cache is valid and cachedb is valid.
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; make both cache and cachedb expired.
STEP 120 TIME_PASSES ELAPSE 20
STEP 130 FLUSH_MESSAGE www.example.com. IN A
; cache has no entry and cachedb is expired.
STEP 140 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 150 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
; the name is resolved
STEP 160 TRAFFIC
; the resolve name has been updated.
STEP 170 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 180 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END
-181
View File
@@ -1,181 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
serve-expired: no
module-config: "cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb store and servfail reply from cname.
; the servfail reply should not overwrite the cache contents.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.example.com.
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 20
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns2.example.com., now failing
RANGE_BEGIN 20 100
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME foo.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA SERVFAIL
SECTION QUESTION
foo.example.com. IN A
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA SERVFAIL
SECTION QUESTION
ns2.example.com. IN A
SECTION ANSWER
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA SERVFAIL
SECTION QUESTION
ns2.example.com. IN AAAA
SECTION ANSWER
ENTRY_END
RANGE_END
; get and entry in cache, to make it expired.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 20 TIME_PASSES ELAPSE 20
; get a servfail in cache for the destination
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
foo.example.com. IN A
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
foo.example.com. IN A
ENTRY_END
; the query is now a CNAME to servfail.
; there is a valid, but expired, entry in cache.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME foo.example.com.
ENTRY_END
SCENARIO_END
-328
View File
@@ -1,328 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: yes
serve-expired: yes
serve-expired-client-timeout: 0
;module-config: "subnetcache validator cachedb iterator"
module-config: "validator cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
cachedb-check-when-serve-expired: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb, validator and serve expired.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 400
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 400
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.example.com.
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 400
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
RANGE_END
; Get an entry in cache, to make it expired.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; Get another query in cache to make it expired.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
; get the answer for it
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 10 IN A 1.2.3.5
ENTRY_END
; it is now expired
STEP 40 TIME_PASSES ELAPSE 20
; cache is expired, and cachedb is expired.
; The expired reply, from cachedb, needs a validation status,
; because the validator module set that validation is needed.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 30 IN A 1.2.3.5
ENTRY_END
; cache is expired, cachedb has no answer
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 90 TRAFFIC
; the entry should be refreshed in cache now.
; cache is valid and cachedb is valid.
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; flush the entry from cache
STEP 120 FLUSH_MESSAGE www.example.com. IN A
; cache has no answer, cachedb valid
STEP 130 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 140 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 150 TIME_PASSES ELAPSE 20
; flush the entry from cache
STEP 160 FLUSH_MESSAGE www.example.com. IN A
; cache has no answer, cachedb is expired
STEP 170 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 180 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 190 TRAFFIC
; the expired message is updated.
; cache is valid, cachedb is valid
STEP 200 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 210 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; expire the entry in cache
STEP 220 EXPIRE_MESSAGE www.example.com. IN A
; cache is expired, cachedb valid
STEP 230 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 240 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 250 TIME_PASSES ELAPSE 20
; expire the entry in cache
STEP 260 EXPIRE_MESSAGE www.example.com. IN A
; cache is expired, cachedb is expired
STEP 270 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 280 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 30 IN A 1.2.3.4
ENTRY_END
STEP 290 TRAFFIC
; the expired message is updated.
; cache is valid, cachedb is valid
STEP 300 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 310 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END
-394
View File
@@ -1,394 +0,0 @@
# common.sh - an include file for commonly used functions for test code.
# BSD licensed (see LICENSE file).
#
# Version 7
# 2025-04-04: speed up kill_pid.
# 2023-12-06: list wait_for_soa_serial in overview
# 2023-12-06: get_ldns_notify, skip_test and teststep, and previous changes
# also included are wait_logfile, cpu_count, process_cpu_list, and
# kill_from_pidfile, and use HOME variable for HOME/bin.
# 2011-04-06: tpk wait_logfile to wait (with timeout) for a logfile line to appear
# 2011-02-23: get_pcat for PCAT, PCAT_DIFF and PCAT_PRINT defines.
# 2011-02-18: ports check on BSD,Solaris. wait_nsd_up.
# 2011-02-11: first version.
#
# include this file from a tdir script with
# . ../common.sh
#
# overview of functions available:
# error x : print error and exit
# info x : print info
# test_tool_avail x : see if program in path and complain, exit if not.
# get_ldns_testns : set LDNS_TESTNS to executable ldns-testns
# get_ldns_notify : set LDNS_NOTIFY to executable ldns-notify
# get_make : set MAKE to gmake or make tool.
# get_gcc : set cc or gcc in CC
# get_pcat : set PCAT, PCAT_DIFF and PCAT_PRINT executables.
# set_doxygen_path : set doxygen path
# skip_if_in_list : set SKIP=1 if name in list and tool not available.
# get_random_port x : get RND_PORT a sequence of free random port numbers.
# wait_logfile : wait on logfile to see entry.
# wait_server_up : wait on logfile to see when server comes up.
# wait_ldns_testns_up : wait for ldns-testns to come up.
# wait_unbound_up : wait for unbound to come up.
# wait_petal_up : wait for petal to come up.
# wait_nsd_up : wait for nsd to come up.
# wait_server_up_or_fail: wait for server to come up or print a failure string
# wait_for_soa_serial : wait and dig at server for serial.
# skip_test x : print message and skip test (must be called in .pre)
# kill_pid : kill a server, make sure and wait for it to go down.
# cpu_count : get number of cpus in system
# process_cpu_list : get cpu affinity list for process
# kill_from_pidfile : kill the pid in the given pid file
# teststep : print the current test step in the output
# print error and exit
# $0: name of program
# $1: error to printout.
error () {
echo "$0: error: $1" >&2
exit 1
}
# print info
# $0: name of program
# $1: to printout.
info () {
echo "$0: info: $1"
}
# test if 'tool' is available in path and complain otherwise.
# $1: tool
test_tool_avail () {
if test ! -x "`which $1 2>&1`"; then
echo No "$1" in path
exit 1
fi
}
# get ldns-testns tool in LDNS_TESTNS variable.
get_ldns_testns () {
if test -x "`which ldns-testns 2>&1`"; then
LDNS_TESTNS=ldns-testns
else
LDNS_TESTNS=$HOME/bin/ldns-testns
fi
}
# get ldns-notify tool in LDNS_NOTIFY variable.
get_ldns_notify () {
if test -x "`which ldns-notify 2>&1`"; then
LDNS_NOTIFY=ldns-notify
else
LDNS_NOTIFY=$HOME/bin/ldns-notify
fi
}
# get make tool in MAKE variable, gmake is used if present.
get_make () {
if test -x "`which gmake 2>&1`"; then
MAKE=gmake
else
MAKE=make
fi
}
# get cc tool in CC variable, gcc is used if present.
get_gcc () {
if test -x "`which gcc 2>&1`"; then
CC=gcc
else
CC=cc
fi
}
# get pcat, pcat-print and pcat-diff
get_pcat () {
PCAT=`which pcat`
PCAT_PRINT=`which pcat-print`
PCAT_DIFF=`which pcat-diff`
}
# set SKIP=1 if the name is in list and tool is not available.
# $1: name of package to check.
# $2: list of packages that need the tool.
# #3: name of the tool required.
skip_if_in_list () {
if echo $2 | grep $1 >/dev/null; then
if test ! -x "`which $3 2>&1`"; then
SKIP=1;
fi
fi
}
# Print a message and skip the test. Must be called in the .pre file.
# $1: message to print.
skip_test () {
echo "$1"
exit 3
}
# function to get a number of random port numbers.
# $1: number of random ports.
# RND_PORT is returned as the starting port number
get_random_port () {
local plist
local cont
local collisions
local i
local MAXCOLLISION=1000
cont=1
collisions=0
while test "$cont" = 1; do
#netstat -n -A ip -A ip6 -a | sed -e "s/^.*:\([0-9]*\) .*$/\1/"
RND_PORT=$(( $RANDOM + 5354 ))
# depending on uname try to check for collisions in port numbers
case "`uname`" in
linux|Linux)
plist=`netstat -n -A ip -A ip6 -a 2>/dev/null | sed -e 's/^.*:\([0-9]*\) .*$/\1/'`
;;
FreeBSD|freebsd|NetBSD|netbsd|OpenBSD|openbsd)
plist=`netstat -n -a | grep "^[ut][dc]p[46] " | sed -e 's/^.*\.\([0-9]*\) .*$/\1/'`
;;
Solaris|SunOS)
plist=`netstat -n -a | sed -e 's/^.*\.\([0-9]*\) .*$/\1/' | grep '^[0-9]*$'`
;;
*)
plist=""
;;
esac
cont=0
for (( i=0 ; i < $1 ; i++ )); do
if echo "$plist" | grep '^'`expr $i + $RND_PORT`'$' >/dev/null 2>&1; then
cont=1;
collisions=`expr $collisions + 1`
fi
done
if test $collisions = $MAXCOLLISION; then
error "too many collisions getting random port number"
fi
done
}
# wait for a logfile line to appear, with a timeout.
# pass <logfilename> <string to watch> <timeout>
# $1 : logfilename
# $2 : string to watch for.
# $3 : timeout in seconds.
# exits with failure if it times out
wait_logfile () {
local WAIT_THRES=30
local MAX_UP_TRY=`expr $3 + $WAIT_THRES`
local try
for (( try=0 ; try <= $MAX_UP_TRY ; try++ )) ; do
if test -f $1 && grep -F "$2" $1 >/dev/null; then
#echo "done on try $try"
break;
fi
if test $try -eq $MAX_UP_TRY; then
echo "Logfile in $1 did not get $2!"
cat $1
exit 1;
fi
if test $try -ge $WAIT_THRES; then
sleep 1
fi
done
}
# wait for server to go up, pass <logfilename> <string to watch>
# $1 : logfilename
# $2 : string to watch for.
# exits with failure if it does not come up
wait_server_up () {
local WAIT_THRES=30
local MAX_UP_TRY=120
local try
for (( try=0 ; try <= $MAX_UP_TRY ; try++ )) ; do
if test -f $1 && grep -F "$2" $1 >/dev/null; then
#echo "done on try $try"
break;
fi
if test $try -eq $MAX_UP_TRY; then
echo "Server in $1 did not go up!"
cat $1
exit 1;
fi
if test $try -ge $WAIT_THRES; then
sleep 1
fi
done
}
# wait for ldns-testns to come up
# $1 : logfilename that is watched.
wait_ldns_testns_up () {
wait_server_up "$1" "Listening on port"
}
# wait for unbound to come up
# string 'Start of service' in log.
# $1 : logfilename that is watched.
wait_unbound_up () {
wait_server_up "$1" "start of service"
}
# wait for petal to come up
# string 'petal start' in log.
# $1 : logfilename that is watched.
wait_petal_up () {
wait_server_up "$1" "petal start"
}
# wait for nsd to come up
# string nsd start in log.
# $1 : logfilename that is watched.
wait_nsd_up () {
wait_server_up "$1" " started (NSD "
}
# wait for server to go up, pass <logfilename> <string to watch> <badstr>
# $1 : logfile
# $2 : success string
# $3 : failure string
wait_server_up_or_fail () {
local MAX_UP_TRY=120
local WAIT_THRES=30
local try
for (( try=0 ; try <= $MAX_UP_TRY ; try++ )) ; do
if test -f $1 && grep -F "$2" $1 >/dev/null; then
echo "done on try $try"
break;
fi
if test -f $1 && grep -F "$3" $1 >/dev/null; then
echo "failed on try $try"
break;
fi
if test $try -eq $MAX_UP_TRY; then
echo "Server in $1 did not go up!"
cat $1
exit 1;
fi
if test $try -ge $WAIT_THRES; then
sleep 1
fi
done
}
# $1: zone
# $2: serial to be expected
# $3: server to query
# $4: port
# $5: # times to try (# seconds dig is ran)
wait_for_soa_serial () {
TS_START=`date +%s`
for i in `seq 1 $5`
do
SERIAL=`dig -p $4 @$3 $1 SOA +short | awk '{ print $3 }'`
if test "$?" != "0"
then
echo "** \"dig -p $4 @$3 $1 SOA +short\" failed!"
return 1
fi
if test "$SERIAL" = "$2"
then
TS_END=`date +%s`
echo "*** Serial $2 was seen in $i tries (`expr $TS_END - $TS_START`) seconds"
return 0
fi
sleep 1
done
echo "** Serial $2 was not seen in $5 tries (did see: $SERIAL)"
return 1
}
# kill a pid, make sure and wait for it to go down.
# $1 : pid to kill
kill_pid () {
local MAX_DOWN_TRY=120
local WAIT_THRES=30
local try
kill $1
sleep .001
for (( try=0 ; try <= $MAX_DOWN_TRY ; try++ )) ; do
if kill -0 $1 >/dev/null 2>&1; then
:
else
#echo "done on try $try"
break;
fi
if test $try -eq $MAX_DOWN_TRY; then
echo "Server in $1 did not go down! Send SIGKILL"
kill -9 $1 >/dev/null 2>&1
fi
if test $try -ge $WAIT_THRES; then
sleep 1
else
sleep .01
fi
# re-send the signal
kill $1 >/dev/null 2>&1
done
return 0
}
# set doxygen path, so that make doc can find doxygen
set_doxygen_path () {
if test -x '$HOME/bin/doxygen'; then
export PATH="$HOME/bin:$PATH"
fi
}
# get number of cpus in system
cpu_count()
{
local sys=$(uname -s)
if [ "${sys}" = "Linux" ]; then
nproc
elif [ "${sys}" = "FreeBSD" ]; then
sysctl -n hw.ncpu
fi
}
# get cpu affinity list for process
# $1 : pid
process_cpu_list() {
local pid=${1}
local sys=$(uname -s)
if [ "${sys}" = "Linux" ]; then
local defl=$(taskset -pc ${pid} | sed -n -e 's/^.*: //p' | head -n 1)
elif [ "${sys}" = "FreeBSD" ]; then
local defl=$(cpuset -g -p ${pid} | sed -n -e 's/^.*: //p' | head -n 1)
fi
if [ -n "${defl}" ]; then
local infl
defl=$(echo "${defl}" | sed -e 's/,/ /g')
for i in ${defl}; do
rng=$(echo "${i}-${i}" | sed -e 's/^\([0-9]*\)-\([0-9]*\).*$/\1 \2/')
infl="${infl} $(seq -s ' ' ${rng})"
done
infl=$(echo ${infl} | sed -e 's/ */ /' -e 's/^ *//')
echo "${infl}"
fi
}
#
#
kill_from_pidfile() {
local pidfile="$1"
if test -f "$pidfile"; then
local pid=`head -n 1 "$pidfile"`
if test ! -z "$pid"; then
kill_pid "$pid"
fi
fi
}
# Print the current test step in the output
teststep () {
echo
echo "STEP [ $1 ]"
}
-200
View File
@@ -1,200 +0,0 @@
; Test DNS Error Reporting.
server:
module-config: "validator iterator"
trust-anchor-signaling: no
target-fetch-policy: "0 0 0 0 0"
verbosity: 4
qname-minimisation: no
minimal-responses: no
rrset-roundrobin: no
trust-anchor: "a.domain DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1"
ede: no # It is not needed for dns-error-reporting; only for clients to receive EDEs
dns-error-reporting: yes
do-ip6: no
stub-zone:
name: domain
stub-addr: 0.0.0.0
stub-zone:
name: an.agent
stub-addr: 0.0.0.2
CONFIG_END
SCENARIO_BEGIN Test DNS Error Reporting
; domain
RANGE_BEGIN 0 100
ADDRESS 0.0.0.0
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.domain. IN A
SECTION AUTHORITY
a.domain. IN NS ns.a.domain.
SECTION ADDITIONAL
ns.a.domain. IN A 0.0.0.1
HEX_EDNSDATA_BEGIN
00 12 ; opt-code (Report-Channel)
00 0A ; opt-len
02 61 6E 05 61 67 65 6E 74 00 ; an.agent.
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
; a.domain
RANGE_BEGIN 0 9
ADDRESS 0.0.0.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.domain. IN DNSKEY
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.domain. IN A
SECTION ANSWER
a.domain. 5 IN A 0.0.0.0
; No RRSIG to trigger validation error (and EDE)
SECTION ADDITIONAL
; No Report-Channel here
ENTRY_END
RANGE_END
; a.domain
RANGE_BEGIN 10 100
ADDRESS 0.0.0.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.domain. IN DNSKEY
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.domain. IN A
SECTION ANSWER
a.domain. 5 IN A 0.0.0.0
; No RRSIG to trigger validator error and EDE
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 12 ; opt-code (Report-Channel)
00 0A ; opt-len
02 61 6E 05 61 67 65 6E 74 00 ; an.agent.
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
; an.agent
RANGE_BEGIN 10 20
ADDRESS 0.0.0.2
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
_er.1.a.domain.9._er.an.agent. IN TXT
SECTION ANSWER
_er.1.a.domain.9._er.an.agent. IN TXT "OK"
ENTRY_END
RANGE_END
; Query
STEP 0 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.domain. IN A
ENTRY_END
; Check that validation failed (no DNS error reporting at this state;
; 'domain' did give an error reporting agent, but the latest upstream
; 'a.domain' did not)
STEP 1 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
a.domain. IN A
ENTRY_END
; Wait for the a.domain query to expire (TTL 5)
STEP 3 TIME_PASSES ELAPSE 6
; Query again
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.domain. IN A
ENTRY_END
; Check that validation failed
; (a DNS Error Report query should have been generated)
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
a.domain. IN A
ENTRY_END
; Check explicitly that the DNS Error Report query is cached.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
_er.1.a.domain.9._er.an.agent. IN TXT
ENTRY_END
; At this range there are no configured agents to answer this.
; If the DNS Error Report query is not answered from the cache the test will
; fail with pending messages.
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY RD QR RA NOERROR
SECTION QUESTION
_er.1.a.domain.9._er.an.agent. IN TXT
SECTION ANSWER
_er.1.a.domain.9._er.an.agent. IN TXT "OK"
ENTRY_END
; Wait for the a.domain query to expire (5 TTL).
; The DNS Error Report query should still be cached (SOA negative).
STEP 30 TIME_PASSES ELAPSE 6
; Force a DNS Error Report query generation again.
STEP 31 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.domain. IN A
ENTRY_END
; Check that validation failed
STEP 32 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
a.domain. IN A
ENTRY_END
; The same DNS Error Report query will be generated as above.
; No agent is configured at this range to answer the DNS Error Report query.
; If the DNS Error Report query is not used from the cache the test will fail
; with pending messages.
SCENARIO_END
-43
View File
@@ -1,43 +0,0 @@
server:
verbosity: 2
num-threads: 3
outgoing-range: 16
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
local-zone: "example.net." redirect
local-data: "example.net. IN A 10.20.30.41"
serve-expired: yes
serve-expired-client-timeout: 0
serve-expired-reply-ttl: 30
remote-control:
control-enable: yes
control-interface: 127.0.0.1
# control-interface: ::1
control-port: @CONTROL_PORT@
server-key-file: "unbound_server.key"
server-cert-file: "unbound_server.pem"
control-key-file: "unbound_control.key"
control-cert-file: "unbound_control.pem"
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@"
dnstap:
dnstap-enable: yes
dnstap-socket-path: "dnstap.socket"
dnstap-send-identity: yes
dnstap-send-version: yes
#dnstap-identity
#dnstap-version
dnstap-log-resolver-query-messages: yes
dnstap-log-resolver-response-messages: yes
dnstap-log-client-query-messages: yes
dnstap-log-client-response-messages: yes
dnstap-log-forwarder-query-messages: yes
dnstap-log-forwarder-response-messages: yes
@@ -1,2 +0,0 @@
@ SOA ns root 1 3600 300 7200 3600
www A 1.2.3.4
@@ -1,2 +0,0 @@
@ SOA ns root 1 3600 300 7200 3600
www A 1.2.3.5
@@ -1,107 +0,0 @@
server:
verbosity: 4
num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
trust-anchor: "ta1.example.com DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
trust-anchor: "ta2.example.com DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
trust-anchor: "ta3.example.com DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
domain-insecure: "insec1.ta1.example.com"
domain-insecure: "insec2.ta1.example.com"
domain-insecure: "insec3.ta1.example.com"
forward-zone:
name: "."
forward-addr: "127.0.0.1@12345"
remote-control:
control-enable: yes
control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
control-use-cert: no
forward-zone:
name: "example1.org"
forward-addr: "127.0.0.1@@NS1_PORT@"
forward-zone:
name: "example2.org"
forward-addr: "127.0.0.1@@NS1_PORT@"
forward-zone:
name: "example3.org"
forward-addr: "127.0.0.1@@NS1_PORT@"
forward-zone:
name: "example4.org"
forward-addr: "127.0.0.1@@NS2_PORT@"
forward-zone:
name: "example5.org"
forward-addr: "127.0.0.1@@NS2_PORT@"
forward-zone:
name: "example6.org"
forward-addr: "127.0.0.1@@NS2_PORT@"
stub-zone:
name: "stub1.org"
stub-addr: "127.0.0.1@@NS1_PORT@"
stub-prime: no
stub-zone:
name: "stub2.org"
stub-addr: "127.0.0.1@@NS1_PORT@"
stub-prime: no
stub-zone:
name: "stub3.org"
stub-addr: "127.0.0.1@@NS1_PORT@"
stub-prime: no
stub-zone:
name: "stub4.org"
stub-addr: "127.0.0.1@@NS2_PORT@"
stub-prime: no
stub-zone:
name: "stub5.org"
stub-addr: "127.0.0.1@@NS2_PORT@"
stub-prime: no
stub-zone:
name: "stub6.org"
stub-addr: "127.0.0.1@@NS2_PORT@"
stub-prime: no
auth-zone:
name: "auth1.org"
zonefile: "auth1.zone"
auth-zone:
name: "auth2.org"
zonefile: "auth1.zone"
auth-zone:
name: "auth3.org"
zonefile: "auth1.zone"
auth-zone:
name: "auth5.org"
zonefile: "auth5.zone"
primary: 127.0.0.1@@NS1_PORT@
auth-zone:
name: "auth6.org"
zonefile: "auth6.zone"
primary: 127.0.0.1@@NS1_PORT@
auth-zone:
name: "auth7.org"
zonefile: "auth7.zone"
primary: 127.0.0.1@@NS1_PORT@
@@ -1,108 +0,0 @@
server:
verbosity: 4
num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
trust-anchor: "ta1.example.com DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
trust-anchor: "ta3.example.com DS 55567 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
trust-anchor: "ta4.example.com DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
domain-insecure: "insec1.ta1.example.com"
domain-insecure: "insec3.ta1.example.com"
domain-insecure: "insec4.ta1.example.com"
forward-zone:
name: "."
# No addresses makes the server return SERVFAIL for deleted zones.
#forward-addr: "127.0.0.1@12345"
remote-control:
control-enable: yes
control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
control-use-cert: no
forward-zone:
name: "example1.org"
forward-addr: "127.0.0.1@@NS2_PORT@"
forward-zone:
name: "example2.org"
forward-addr: "127.0.0.1@@NS1_PORT@"
forward-zone:
name: "example3.org"
forward-addr: "127.0.0.1@@NS2_PORT@"
forward-zone:
name: "example4.org"
forward-addr: "127.0.0.1@@NS1_PORT@"
forward-zone:
name: "example5.org"
forward-addr: "127.0.0.1@@NS2_PORT@"
forward-zone:
name: "example6.org"
forward-addr: "127.0.0.1@@NS1_PORT@"
stub-zone:
name: "stub1.org"
stub-addr: "127.0.0.1@@NS2_PORT@"
stub-prime: no
stub-zone:
name: "stub2.org"
stub-addr: "127.0.0.1@@NS1_PORT@"
stub-prime: no
stub-zone:
name: "stub3.org"
stub-addr: "127.0.0.1@@NS2_PORT@"
stub-prime: no
stub-zone:
name: "stub4.org"
stub-addr: "127.0.0.1@@NS1_PORT@"
stub-prime: no
stub-zone:
name: "stub5.org"
stub-addr: "127.0.0.1@@NS2_PORT@"
stub-prime: no
stub-zone:
name: "stub6.org"
stub-addr: "127.0.0.1@@NS1_PORT@"
stub-prime: no
auth-zone:
name: "auth1.org"
zonefile: "auth1.zone"
auth-zone:
name: "auth3.org"
zonefile: "auth2.zone"
auth-zone:
name: "auth4.org"
zonefile: "auth2.zone"
auth-zone:
name: "auth5.org"
zonefile: "auth5.zone"
primary: 127.0.0.1@@NS1_PORT@
auth-zone:
name: "auth7.org"
zonefile: "auth7.zone"
primary: 127.0.0.1@@NS2_PORT@
auth-zone:
name: "auth8.org"
zonefile: "auth8.zone"
primary: 127.0.0.1@@NS1_PORT@
@@ -1,16 +0,0 @@
BaseName: fast_reload_fwd
Version: 1.0
Description: Test fast reload change of forwards and stubs.
CreationDate: Thu Jan 22 11:55:55 CET 2024
Maintainer: dr. W.C.A. Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: fast_reload_fwd.pre
Post: fast_reload_fwd.post
Test: fast_reload_fwd.test
AuxFiles:
Passed:
Failure:
@@ -1,339 +0,0 @@
; match A records and return a reply indicating it is this server.
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example1.org. IN A
SECTION ANSWER
www.example1.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example2.org. IN A
SECTION ANSWER
www.example2.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example3.org. IN A
SECTION ANSWER
www.example3.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example4.org. IN A
SECTION ANSWER
www.example4.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example5.org. IN A
SECTION ANSWER
www.example5.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example6.org. IN A
SECTION ANSWER
www.example6.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example1.org. IN A
SECTION ANSWER
www2.example1.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example2.org. IN A
SECTION ANSWER
www2.example2.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example3.org. IN A
SECTION ANSWER
www2.example3.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example4.org. IN A
SECTION ANSWER
www2.example4.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example5.org. IN A
SECTION ANSWER
www2.example5.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example6.org. IN A
SECTION ANSWER
www2.example6.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub1.org. IN A
SECTION ANSWER
www.stub1.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub2.org. IN A
SECTION ANSWER
www.stub2.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub3.org. IN A
SECTION ANSWER
www.stub3.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub4.org. IN A
SECTION ANSWER
www.stub4.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub5.org. IN A
SECTION ANSWER
www.stub5.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub6.org. IN A
SECTION ANSWER
www.stub6.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub1.org. IN A
SECTION ANSWER
www2.stub1.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub2.org. IN A
SECTION ANSWER
www2.stub2.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub3.org. IN A
SECTION ANSWER
www2.stub3.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub4.org. IN A
SECTION ANSWER
www2.stub4.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub5.org. IN A
SECTION ANSWER
www2.stub5.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub6.org. IN A
SECTION ANSWER
www2.stub6.org. IN A 1.2.3.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth5.org. IN SOA
SECTION ANSWER
auth5.org. SOA ns root 1 3600 300 7200 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth5.org. IN AXFR
SECTION ANSWER
auth5.org. SOA ns root 1 3600 300 7200 3600
www.auth5.org. A 1.2.3.4
auth5.org. SOA ns root 1 3600 300 7200 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth6.org. IN SOA
SECTION ANSWER
auth6.org. SOA ns root 1 3600 300 7200 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth6.org. IN AXFR
SECTION ANSWER
auth6.org. SOA ns root 1 3600 300 7200 3600
www.auth6.org. A 1.2.3.4
auth6.org. SOA ns root 1 3600 300 7200 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth7.org. IN SOA
SECTION ANSWER
auth7.org. SOA ns root 1 3600 300 7200 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth7.org. IN AXFR
SECTION ANSWER
auth7.org. SOA ns root 1 3600 300 7200 3600
www.auth7.org. A 1.2.3.4
auth7.org. SOA ns root 1 3600 300 7200 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth8.org. IN SOA
SECTION ANSWER
auth8.org. SOA ns root 1 3600 300 7200 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth8.org. IN AXFR
SECTION ANSWER
auth8.org. SOA ns root 1 3600 300 7200 3600
www.auth8.org. A 1.2.3.4
auth8.org. SOA ns root 1 3600 300 7200 3600
ENTRY_END
; match anything and return a reply
ENTRY_BEGIN
MATCH opcode
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
example.org. IN SOA
SECTION AUTHORITY
example.org. IN SOA ns1.example.org. hostmaster.example.org. 1 3600 900 86400 3600
ENTRY_END
@@ -1,285 +0,0 @@
; match A records and return a reply indicating it is this server.
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example1.org. IN A
SECTION ANSWER
www.example1.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example2.org. IN A
SECTION ANSWER
www.example2.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example3.org. IN A
SECTION ANSWER
www.example3.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example4.org. IN A
SECTION ANSWER
www.example4.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example5.org. IN A
SECTION ANSWER
www.example5.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example6.org. IN A
SECTION ANSWER
www.example6.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example1.org. IN A
SECTION ANSWER
www2.example1.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example2.org. IN A
SECTION ANSWER
www2.example2.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example3.org. IN A
SECTION ANSWER
www2.example3.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example4.org. IN A
SECTION ANSWER
www2.example4.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example5.org. IN A
SECTION ANSWER
www2.example5.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.example6.org. IN A
SECTION ANSWER
www2.example6.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub1.org. IN A
SECTION ANSWER
www.stub1.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub2.org. IN A
SECTION ANSWER
www.stub2.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub3.org. IN A
SECTION ANSWER
www.stub3.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub4.org. IN A
SECTION ANSWER
www.stub4.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub5.org. IN A
SECTION ANSWER
www.stub5.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.stub6.org. IN A
SECTION ANSWER
www.stub6.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub1.org. IN A
SECTION ANSWER
www2.stub1.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub2.org. IN A
SECTION ANSWER
www2.stub2.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub3.org. IN A
SECTION ANSWER
www2.stub3.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub4.org. IN A
SECTION ANSWER
www2.stub4.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub5.org. IN A
SECTION ANSWER
www2.stub5.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.stub6.org. IN A
SECTION ANSWER
www2.stub6.org. IN A 1.2.3.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth7.org. IN SOA
SECTION ANSWER
auth7.org. SOA ns root 2 3600 300 7200 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth7.org. IN AXFR
SECTION ANSWER
auth7.org. SOA ns root 2 3600 300 7200 3600
www.auth7.org. A 1.2.3.5
auth7.org. SOA ns root 2 3600 300 7200 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
auth7.org. IN IXFR
SECTION ANSWER
auth7.org. SOA ns root 2 3600 300 7200 3600
www.auth7.org. A 1.2.3.5
auth7.org. SOA ns root 2 3600 300 7200 3600
ENTRY_END
; match anything and return a reply
ENTRY_BEGIN
MATCH opcode
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
example.org. IN SOA
SECTION AUTHORITY
example.org. IN SOA ns1.example.org. hostmaster.example.org. 1 3600 900 86400 3600
ENTRY_END
@@ -1,27 +0,0 @@
# #-- fast_reload_fwd.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
PRE="../.."
. ../common.sh
kill_pid $NS1_PID
kill_pid $NS2_PID
if test -f unbound.pid; then
if kill -0 $UNBOUND_PID >/dev/null 2>&1; then
kill_pid $UNBOUND_PID
fi
fi
rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID
echo
echo "> ns1.log"
cat ns1.log
echo
echo "> ns2.log"
cat ns2.log
echo
echo "> unbound.log"
cat unbound.log
exit 0
@@ -1,56 +0,0 @@
# #-- fast_reload_fwd.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# if no threads; exit
if grep -e "define HAVE_PTHREAD 1" -e "define HAVE_SOLARIS_THREADS 1" -e "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then
echo "have threads"
else
skip_test "no threads"
fi
if grep -e "define ENABLE_LOCK_CHECKS 1" $PRE/config.h; then
get_make
echo "> (cd $PRE ; $MAKE lock-verify)"
(cd $PRE ; $MAKE lock-verify)
fi
get_random_port 3
UNBOUND_PORT=$RND_PORT
NS1_PORT=$(($RND_PORT + 1))
NS2_PORT=$(($RND_PORT + 2))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "NS1_PORT=$NS1_PORT" >> .tpkg.var.test
echo "NS2_PORT=$NS2_PORT" >> .tpkg.var.test
# make config files
CONTROL_PATH=/tmp
CONTROL_PID=$$
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@NS1_PORT\@/'$NS1_PORT'/' -e 's/@NS2_PORT\@/'$NS2_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < fast_reload_fwd.conf > ub.conf
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@NS1_PORT\@/'$NS1_PORT'/' -e 's/@NS2_PORT\@/'$NS2_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < fast_reload_fwd.conf2 > ub.conf2
# start forwarders
get_ldns_testns
$LDNS_TESTNS -p $NS1_PORT fast_reload_fwd.ns1 >ns1.log 2>&1 &
NS1_PID=$!
echo "NS1_PID=$NS1_PID" >> .tpkg.var.test
$LDNS_TESTNS -p $NS2_PORT fast_reload_fwd.ns2 >ns2.log 2>&1 &
NS2_PID=$!
echo "NS2_PID=$NS2_PID" >> .tpkg.var.test
# start unbound in the background
PRE="../.."
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_ldns_testns_up ns1.log
wait_ldns_testns_up ns2.log
wait_unbound_up unbound.log
@@ -1,320 +0,0 @@
# #-- fast_reload_fwd.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
echo "> unbound-control status"
$PRE/unbound-control -c ub.conf status
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
# test that the forwards and stubs point to the right upstream.
for x in example1.org example2.org example3.org stub1.org stub2.org stub3.org; do
echo ""
echo "dig www.$x [upstream is NS1]"
dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
if grep "1.2.3.1" outfile; then
echo "response OK"
else
echo "www.$x got the wrong answer"
exit 1
fi
done
for x in example4.org example5.org example6.org stub4.org stub5.org stub6.org; do
echo ""
echo "dig www.$x [upstream is NS2]"
dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
if grep "1.2.3.2" outfile; then
echo "response OK"
else
echo "www.$x got the wrong answer"
exit 1
fi
done
for x in auth1.org auth2.org auth3.org auth5.org auth6.org auth7.org; do
echo ""
echo "dig www.$x [auth is 1.2.3.4]"
dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
if grep "1.2.3.4" outfile; then
echo "response OK"
else
echo "www.$x got the wrong answer"
exit 1
fi
done
echo ""
echo "> list_insecure"
$PRE/unbound-control -c ub.conf list_insecure 2>&1 | tee output
if test $? -ne 0; then
echo "wrong exit value."
exit 1
fi
if grep "insec1.ta1.example.com" output >/dev/null; then :; else
echo "wrong output"
exit 1
fi
if grep "insec2.ta1.example.com" output >/dev/null; then :; else
echo "wrong output"
exit 1
fi
if grep "insec3.ta1.example.com" output >/dev/null; then :; else
echo "wrong output"
exit 1
fi
echo ""
echo "> trustanchor.unbound"
dig @127.0.0.1 -p $UNBOUND_PORT trustanchor.unbound CH TXT 2>&1 | tee outfile
if grep "ta1.example.com. 55566" outfile >/dev/null; then :; else
echo "wrong output ta1"
exit 1
fi
if grep "ta2.example.com. 55566" outfile >/dev/null; then :; else
echo "wrong output"
exit 1
fi
if grep "ta3.example.com. 55566" outfile >/dev/null; then :; else
echo "wrong output"
exit 1
fi
echo ""
echo "> replace config file ub.conf"
mv ub.conf ub.conf.orig
mv ub.conf2 ub.conf
echo ""
echo "> unbound-control fast_reload"
$PRE/unbound-control -c ub.conf fast_reload +vv 2>&1 | tee output
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
# for the previous digs to www.x the cached value should remain the same
# but for new lookups, to www2.x the new upstream should be used.
for x in example1.org example2.org example3.org stub1.org stub2.org stub3.org; do
echo ""
echo "dig www.$x [upstream is NS1]"
dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
if grep "1.2.3.1" outfile; then
echo "response OK"
else
echo "www.$x got the wrong answer"
exit 1
fi
done
for x in example4.org example5.org example6.org stub4.org stub5.org stub6.org; do
echo ""
echo "dig www.$x [upstream is NS2]"
dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
if grep "1.2.3.2" outfile; then
echo "response OK"
else
echo "www.$x got the wrong answer"
exit 1
fi
done
# new lookups for www2 go to the upstream.
for x in example2.org example4.org example6.org stub2.org stub4.org stub6.org; do
echo ""
echo "dig www2.$x [upstream is NS1]"
dig @127.0.0.1 -p $UNBOUND_PORT www2.$x A 2>&1 | tee outfile
if grep "1.2.3.1" outfile; then
echo "response OK"
else
echo "www2.$x got the wrong answer"
exit 1
fi
done
for x in example1.org example3.org example5.org stub1.org stub3.org stub5.org; do
echo ""
echo "dig www2.$x [upstream is NS2]"
dig @127.0.0.1 -p $UNBOUND_PORT www2.$x A 2>&1 | tee outfile
if grep "1.2.3.2" outfile; then
echo "response OK"
else
echo "www2.$x got the wrong answer"
exit 1
fi
done
# auth is unchanged, or at ns1.
for x in auth1.org auth5.org auth8.org; do
echo ""
echo "dig www.$x [auth is 1.2.3.4]"
dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
if grep "1.2.3.4" outfile; then
echo "response OK"
else
echo "www.$x got the wrong answer"
exit 1
fi
done
# deleted auth
for x in auth2.org auth6.org; do
echo ""
echo "dig www.$x [auth is deleted]"
dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
if grep "SERVFAIL" outfile; then
echo "response OK"
else
echo "www.$x got the wrong answer"
exit 1
fi
done
# changed and added auth
for x in auth3.org auth4.org auth7.org; do
echo ""
echo "dig www.$x [auth is 1.2.3.5]"
dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
if grep "1.2.3.5" outfile; then
echo "response OK"
else
echo "www.$x got the wrong answer"
exit 1
fi
done
echo ""
echo "> list_insecure"
$PRE/unbound-control -c ub.conf list_insecure 2>&1 | tee output
if test $? -ne 0; then
echo "wrong exit value."
exit 1
fi
if grep "insec1.ta1.example.com" output >/dev/null; then :; else
echo "wrong output"
exit 1
fi
if grep "insec2.ta1.example.com" output >/dev/null; then
echo "wrong output"
exit 1
fi
if grep "insec3.ta1.example.com" output >/dev/null; then :; else
echo "wrong output"
exit 1
fi
if grep "insec4.ta1.example.com" output >/dev/null; then :; else
echo "wrong output"
exit 1
fi
echo ""
echo "> trustanchor.unbound"
dig @127.0.0.1 -p $UNBOUND_PORT trustanchor.unbound CH TXT 2>&1 | tee outfile
if grep "ta1.example.com. 55566" outfile >/dev/null; then :; else
echo "wrong output"
exit 1
fi
if grep "ta2.example.com. 55566" outfile >/dev/null; then
echo "wrong output"
exit 1
fi
if grep "ta3.example.com. 55566" outfile >/dev/null; then
echo "wrong output"
exit 1
fi
if grep "ta3.example.com. 55567" outfile >/dev/null; then :; else
echo "wrong output"
exit 1
fi
if grep "ta4.example.com. 55566" outfile >/dev/null; then :; else
echo "wrong output"
exit 1
fi
echo ""
echo "> test change: add tag1 tag2"
cp ub.conf ub.conf.orig2
echo "server:" >> ub.conf
echo ' define-tag: "tag1 tag2"' >> ub.conf
echo "> unbound-control fast_reload"
$PRE/unbound-control -c ub.conf fast_reload +vv 2>&1 | tee output
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
echo ""
echo "> test change: change to tag2 tag3"
cp ub.conf.orig2 ub.conf
echo "server:" >> ub.conf
echo ' define-tag: "tag2 tag3"' >> ub.conf
echo "> unbound-control fast_reload"
$PRE/unbound-control -c ub.conf fast_reload +vv 2>&1 | tee output
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
if grep "tags have changed" output; then
echo "output OK"
else
echo "wrong output"
exit 1
fi
echo ""
echo "> test change: change cache size"
cp ub.conf.orig2 ub.conf
echo "server:" >> ub.conf
echo " msg-cache-size: 10m" >> ub.conf
echo " rrset-cache-size: 5m" >> ub.conf
echo "> unbound-control fast_reload"
$PRE/unbound-control -c ub.conf fast_reload +vv 2>&1 | tee output
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
echo ""
echo "> test change: change nothing, +p too"
$PRE/unbound-control -c ub.conf fast_reload +vv +p 2>&1 | tee output
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
echo ""
echo "> stop unbound"
kill_pid $UNBOUND_PID
if test -f unbound.pid; then sleep 1; fi
if test -f unbound.pid; then sleep 1; fi
if test -f unbound.pid; then sleep 1; fi
if test -f unbound.pid; then echo "unbound.pid still there"; fi
# check the locks.
function locktest() {
if test -x $PRE/lock-verify -a -f ublocktrace.0; then
$PRE/lock-verify ublocktrace.*
if test $? -ne 0; then
echo "lock-verify error"
exit 1
fi
fi
}
locktest
exit 0
@@ -1,3 +0,0 @@
$ORIGIN auth.nlnetlabs.nl.
$TTL 60
@ IN SOA a b 1 2 3 4 5
@@ -1,143 +0,0 @@
# Try to define values for options that don't have "default" options that would
# trigger fast-reload functionality.
server:
verbosity: 4
num-threads: 4
interface: 127.0.0.1
interface: lo
port: @PORT@
interface-action: lo allow
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
module-config: "respip validator iterator"
outgoing-interface: 127.0.0.1
outgoing-port-avoid: "3200-3208"
define-tag: "tag1 tag2 tag3"
do-nat64: yes
nat64-prefix: 64:ff9b::0/96
dns64-prefix: 64:ff9b::0/96
dns64-ignore-aaaa: "ignore-aaaa.nlnetlabs.nl"
edns-tcp-keepalive: yes
response-ip: 192.0.2.0 always_refuse
access-control: 127.0.0.0/8 allow
access-control: ::1 allow
access-control-tag: 192.0.2.0/24 "tag2 tag3"
interface-tag: lo "tag2 tag3"
access-control-tag-action: 192.0.2.0/24 tag3 always_refuse
interface-tag-action: lo tag3 always_refuse
access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1"
interface-tag-data: lo tag2 "A 127.0.0.1"
access-control-view: 192.0.2.0/24 viewname
interface-view: lo viewname
nsid: "ascii_something"
http-user-agent: "httpuseragent"
caps-exempt: "nlnetlabs.nl"
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10
private-address: ::ffff:0:0/96
private-domain: "nlnetlabs.nl"
unwanted-reply-threshold: 10000000
do-not-query-address: 1.1.1.1
do-not-query-address: 8.8.8.8
do-not-query-address: 9.9.9.9
do-not-query-localhost: no
trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A"
domain-insecure: "nlnetlabs.nl"
serve-expired: yes
serve-expired-client-timeout: 1800
val-log-level: 2
local-zone: refuse.nlnetlabs.nl. refuse
local-zone: override.nlnetlabs.nl. deny
local-zone: tag.nlnetlabs.nl. transparent
local-data: "data.nlnetlabs.nl. TXT localdata"
local-data-ptr: "192.0.2.3 reverse.nlnetlabs.nl."
local-zone-tag: "tag.nlnetlabs.nl" "tag2 tag3"
local-zone-override: "override.nlnetlabs.nl" 192.0.2.0/24 refuse
ratelimit: 100
ratelimit-below-domain: ratelimit.nlnetlabs.nl 1000
ip-ratelimit: 100
tcp-connection-limit: 192.0.2.0/24 12
answer-cookie: yes
cookie-secret: "000102030405060708090a0b0c0d0e0f"
ede: yes
ede-serve-expired: yes
remote-control:
control-enable: yes
control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
control-use-cert: no
stub-zone:
name: "stub.nlnetlabs.nl"
stub-addr: 192.0.2.68
stub-prime: no
stub-first: no
stub-tcp-upstream: no
stub-tls-upstream: no
stub-no-cache: no
forward-zone:
name: "forward.nlnetlabs.nl"
forward-addr: 192.0.2.68
forward-first: no
forward-tcp-upstream: no
forward-tls-upstream: no
forward-no-cache: no
auth-zone:
name: "auth.nlnetlabs.nl"
for-downstream: yes
for-upstream: yes
zonemd-check: no
zonemd-reject-absence: no
zonefile: "auth.nlnetlabs.nl.zone"
view:
name: "viewname"
local-zone: "view.nlnetlabs.nl" redirect
local-data: "view.nlnetlabs.nl A 192.0.2.3"
local-data-ptr: "192.0.2.3 view.nlnetlabs.nl"
view-first: no
rpz:
name: "rpz.nlnetlabs.nl"
zonefile: "rpz.nlnetlabs.nl.zone"
rpz-action-override: cname
rpz-cname-override: www.example.org
rpz-log: yes
rpz-log-name: "example policy"
rpz-signal-nxdomain-ra: no
for-downstream: no
tags: "tag3"
@@ -1,16 +0,0 @@
BaseName: fast_reload_most_options
Version: 1.0
Description: Test fast reload on high verbosity with most options.
CreationDate: Fri 28 Feb 2025 15:55:15 CET
Maintainer: Yorgos Thessalonikefs
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: fast_reload_most_options.pre
Post: fast_reload_most_options.post
Test: fast_reload_most_options.test
AuxFiles:
Passed:
Failure:
@@ -1,11 +0,0 @@
# #-- fast_reload_most_options.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_pid $UNBOUND_PID
rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID
cat unbound.log
@@ -1,33 +0,0 @@
# #-- fast_reload_most_options.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# if no threads; exit
if grep -e "define HAVE_PTHREAD 1" -e "define HAVE_SOLARIS_THREADS 1" -e "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then
echo "have threads"
else
skip_test "no threads"
fi
get_random_port 1
UNBOUND_PORT=$RND_PORT
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
# make config file
CONTROL_PATH=/tmp
CONTROL_PID=$$
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < fast_reload_most_options.conf > ub.conf
# start unbound in the background
PRE="../.."
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_unbound_up unbound.log
@@ -1,42 +0,0 @@
# #-- fast_reload_most_options.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
echo "> unbound-control status"
$PRE/unbound-control -c ub.conf status
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
for i in {1..10}
do
echo "> unbound-control fast_reload +vvdp ($i)"
$PRE/unbound-control -c ub.conf fast_reload +vvdp 2>&1 | tee output
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
wait_logfile unbound.log "start fast reload thread" 60
wait_logfile unbound.log "stop fast reload thread" 60
wait_logfile unbound.log "joined with fastreload thread" 60
if grep "ok" output; then
echo "OK"
else
echo "output not correct"
exit 1
fi
done
exit 0
@@ -1,5 +0,0 @@
$ORIGIN rpz.nlnetlabs.nl.
$TTL 60
@ IN SOA a b 1 2 3 4 5
nxdomain.nlnetlabs.nl IN CNAME .
rpzdata.nlnetlabs.nl IN A 0.0.0.0
@@ -1,20 +0,0 @@
server:
verbosity: 4
num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: "127.0.0.1@12345"
remote-control:
control-enable: yes
control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
control-use-cert: no
@@ -1,16 +0,0 @@
BaseName: fast_reload_thread
Version: 1.0
Description: Test fast reload thread output.
CreationDate: Thu Jan 4 09:25:55 CET 2024
Maintainer: dr. W.C.A. Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: fast_reload_thread.pre
Post: fast_reload_thread.post
Test: fast_reload_thread.test
AuxFiles:
Passed:
Failure:
@@ -1,11 +0,0 @@
# #-- fast_reload_thread.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_pid $UNBOUND_PID
rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID
cat unbound.log
@@ -1,34 +0,0 @@
# #-- fast_reload_thread.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# if no threads; exit
if grep -e "define HAVE_PTHREAD 1" -e "define HAVE_SOLARIS_THREADS 1" -e "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then
echo "have threads"
else
skip_test "no threads"
fi
get_random_port 1
UNBOUND_PORT=$RND_PORT
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
# make config file
CONTROL_PATH=/tmp
CONTROL_PID=$$
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < fast_reload_thread.conf > ub.conf
# start unbound in the background
PRE="../.."
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_unbound_up unbound.log
@@ -1,38 +0,0 @@
# #-- fast_reload_thread.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
echo "> unbound-control status"
$PRE/unbound-control -c ub.conf status
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
echo "> unbound-control fast_reload"
$PRE/unbound-control -c ub.conf fast_reload 2>&1 | tee output
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
wait_logfile unbound.log "start fast reload thread" 60
wait_logfile unbound.log "stop fast reload thread" 60
wait_logfile unbound.log "joined with fastreload thread" 60
if grep "ok" output; then
echo "OK"
else
echo "output not correct"
exit 1
fi
exit 0
-87
View File
@@ -1,87 +0,0 @@
; This is a comment.
; config options go here.
server:
serve-expired: yes
serve-expired-client-timeout: 0
prefetch: yes
forward-zone: name: "." forward-addr: 216.0.0.1
CONFIG_END
SCENARIO_BEGIN Zero ttl answer needs to override servfail in cache.
RANGE_BEGIN 0 100
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
ENTRY_END
RANGE_END
RANGE_BEGIN 200 300
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 0 IN A 10.20.30.40
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
ENTRY_END
; enough to pass by the TTL of the servfail answer in cache
STEP 50 TIME_PASSES ELAPSE 5
; this query triggers a prefetch
STEP 210 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 220 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
ENTRY_END
; this query gets the 0ttl answer
STEP 230 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 240 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 0 IN A 10.20.30.40
ENTRY_END
SCENARIO_END
-131
View File
@@ -1,131 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
minimal-responses: no
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test iterator fail_reply report
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. IN NS ns2.example.net.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. IN AAAA ::1
ns2.example.net. IN AAAA ::1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns2.example.net. IN A
SECTION ANSWER
ns2.example.net. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns2.example.net. IN AAAA
SECTION ANSWER
ns2.example.net. IN AAAA ::1
ENTRY_END
RANGE_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR SERVFAIL
SECTION QUESTION
www.example.com. IN A
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR SERVFAIL
SECTION QUESTION
ns.example.com. IN A
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR SERVFAIL
SECTION QUESTION
ns.example.com. IN AAAA
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 20 CHECK_OUT_QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 21 TIMEOUT
STEP 22 TIMEOUT
STEP 23 TIMEOUT
STEP 24 TIMEOUT
STEP 25 TIMEOUT
STEP 31 TIMEOUT
STEP 32 TIMEOUT
STEP 33 TIMEOUT
STEP 34 TIMEOUT
; recursion happens here.
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
ENTRY_END
SCENARIO_END
-163
View File
@@ -1,163 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
minimal-responses: no
tcp-upstream: no
#tls-upstream:no # same case but not testable in rpl.
# Builtin hints work similar to this explicit '.' stub-zone.
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
forward-zone:
name: "."
forward-addr: 1.2.3.6 # failing resolver
forward-first: yes
forward-tcp-upstream: yes
#forward-tls-upstream:yes # same case but not testable in rpl.
CONFIG_END
SCENARIO_BEGIN Test forward-first directive in forward zone configured with explicit tcp upstream next to an equal stub name.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH UDP opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH UDP opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH UDP opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH UDP opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH UDP opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH UDP opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; local resolver (that fails a lot)
RANGE_BEGIN 0 100
ADDRESS 1.2.3.6
ENTRY_BEGIN
MATCH TCP opcode qtype qname
ADJUST copy_id
REPLY QR RA SERVFAIL
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
;example.com. IN NS ns.example.com.
SECTION ADDITIONAL
;ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH TCP opcode qtype qname
ADJUST copy_id
REPLY QR RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
;www.example.com. IN A 10.20.30.50
SECTION AUTHORITY
;example.com. IN NS ns.example.com.
SECTION ADDITIONAL
;ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
SCENARIO_END
-155
View File
@@ -1,155 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
auth-zone:
name: "example.tld."
for-upstream: yes
for-downstream: no
fallback-enabled: no
## this line generates zonefile: "/tmp/xxx.example.tld"
zonefile:
TEMPFILE_NAME example.tld
## this is the inline file /tmp/xxx.example.tld
## the tempfiles are deleted when the testrun is over.
TEMPFILE_CONTENTS example.tld
$ORIGIN tld.
example 3600 IN SOA a b 1 2 3 4 5
3600 IN NS ns.example.tld.
$ORIGIN example.tld.
ns 3600 IN A 1.2.3.4
www 3600 IN A 3.3.3.3
more 3600 IN NS ns.more.tld.
TEMPFILE_END
forward-zone:
name: "."
forward-addr: 9.9.9.9
stub-zone:
name: "tld"
stub-addr: 2.3.4.5
stub-zone:
name: "more.example.tld"
stub-addr: 2.3.4.7
CONFIG_END
SCENARIO_BEGIN Test iterator's ability to route the request to the correct, configured delegation point
; Preference should be auth-zone > stub-zone > forward-zone
; But configuration-wise, since everything is an entry on the forwards tree
; (or a hole in the case of stub/auth), forwards cannot be replaced by
; stubs/auth.
; Also stub/auth zones end the part of the tree that gets forwarded, e.g.,
; delegations from an auth/stub cannot be caught by a higher forwarder, it will
; be recursively resolved instead.
; '.' forwarder
RANGE_BEGIN 0 100
ADDRESS 9.9.9.9
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.deleg.tld. IN A
SECTION ANSWER
www.deleg.tld. IN A 3.3.3.3
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.more.example.tld. IN A
SECTION ANSWER
www.more.example.tld. IN A 3.3.3.3
ENTRY_END
RANGE_END
; 'tld.' stub server
RANGE_BEGIN 0 100
ADDRESS 2.3.4.5
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.tld. IN A
SECTION ANSWER
www.tld. IN A 3.3.3.3
ENTRY_END
RANGE_END
; 'more.example.tld.' stub server
RANGE_BEGIN 0 100
ADDRESS 2.3.4.7
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.more.example.tld. IN A
SECTION ANSWER
www.more.example.tld. IN A 3.3.3.3
ENTRY_END
RANGE_END
; query www.tld ...
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.tld. IN A
ENTRY_END
; ... answer should come from 'tld.' stub zone
STEP 2 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.tld. IN A
SECTION ANSWER
www.tld. IN A 3.3.3.3
ENTRY_END
; query www.example.tld ...
STEP 3 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.tld. IN A
ENTRY_END
; ... answer should come from 'example.tld.' auth zone
STEP 4 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.tld. IN A
SECTION ANSWER
www.example.tld. IN A 3.3.3.3
ENTRY_END
; query www.more.example.tld ...
STEP 5 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.more.example.tld. IN A
ENTRY_END
; ... answer should come from 'more.example.tld.' stub zone
STEP 6 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.more.example.tld. IN A
SECTION ANSWER
www.more.example.tld. IN A 3.3.3.3
ENTRY_END
SCENARIO_END
-623
View File
@@ -1,623 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: yes
max-query-restarts: 11
max-global-quota: 120
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test qname minimisation and long cname chain.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 1000
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 1000
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 1000
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain1.example.com. IN CNAME
SECTION ANSWER
chain1.example.com. IN CNAME chain2.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain2.example.com. IN CNAME
SECTION ANSWER
chain2.example.com. IN CNAME chain3.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain3.example.com. IN CNAME
SECTION ANSWER
chain3.example.com. IN CNAME chain4.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain4.example.com. IN CNAME
SECTION ANSWER
chain4.example.com. IN CNAME chain5.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain5.example.com. IN CNAME
SECTION ANSWER
chain5.example.com. IN CNAME chain6.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain6.example.com. IN CNAME
SECTION ANSWER
chain6.example.com. IN CNAME chain7.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain7.example.com. IN CNAME
SECTION ANSWER
chain7.example.com. IN CNAME chain8.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain8.example.com. IN CNAME
SECTION ANSWER
chain8.example.com. IN CNAME chain9.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain9.example.com. IN CNAME
SECTION ANSWER
chain9.example.com. IN CNAME chain10.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain10.example.com. IN CNAME
SECTION ANSWER
chain10.example.com. IN CNAME chain11.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain11.example.com. IN CNAME
SECTION ANSWER
chain11.example.com. IN CNAME chain12.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain12.example.com. IN CNAME
SECTION ANSWER
chain12.example.com. IN CNAME chain13.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain13.example.com. IN CNAME
SECTION ANSWER
chain13.example.com. IN CNAME chain14.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain14.example.com. IN CNAME
SECTION ANSWER
chain14.example.com. IN CNAME chain15.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain15.example.com. IN CNAME
SECTION ANSWER
chain15.example.com. IN CNAME chain16.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain16.example.com. IN CNAME
SECTION ANSWER
chain16.example.com. IN CNAME chain17.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain17.example.com. IN CNAME
SECTION ANSWER
chain17.example.com. IN CNAME chain18.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain18.example.com. IN CNAME
SECTION ANSWER
chain18.example.com. IN CNAME chain19.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain19.example.com. IN CNAME
SECTION ANSWER
chain19.example.com. IN CNAME chain20.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain20.example.com. IN CNAME
SECTION ANSWER
chain20.example.com. IN CNAME chain21.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain21.example.com. IN CNAME
SECTION ANSWER
chain21.example.com. IN CNAME chain22.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain22.example.com. IN CNAME
SECTION ANSWER
chain22.example.com. IN CNAME chain23.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain23.example.com. IN CNAME
SECTION ANSWER
chain23.example.com. IN CNAME chain24.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain24.example.com. IN CNAME
SECTION ANSWER
chain24.example.com. IN CNAME chain25.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain25.example.com. IN CNAME
SECTION ANSWER
chain25.example.com. IN CNAME chain26.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain26.example.com. IN CNAME
SECTION ANSWER
chain26.example.com. IN CNAME chain27.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain27.example.com. IN CNAME
SECTION ANSWER
chain27.example.com. IN CNAME chain28.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain28.example.com. IN CNAME
SECTION ANSWER
chain28.example.com. IN CNAME chain29.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain29.example.com. IN CNAME
SECTION ANSWER
chain29.example.com. IN CNAME chain30.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain30.example.com. IN CNAME
SECTION ANSWER
chain30.example.com. IN CNAME chain31.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain31.example.com. IN CNAME
SECTION ANSWER
chain31.example.com. IN CNAME chain32.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain32.example.com. IN CNAME
SECTION ANSWER
chain32.example.com. IN CNAME chain33.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain33.example.com. IN CNAME
SECTION ANSWER
chain33.example.com. IN CNAME chain34.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain34.example.com. IN CNAME
SECTION ANSWER
chain34.example.com. IN CNAME chain35.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain35.example.com. IN CNAME
SECTION ANSWER
chain35.example.com. IN CNAME chain36.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain36.example.com. IN CNAME
SECTION ANSWER
chain36.example.com. IN CNAME chain37.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain37.example.com. IN CNAME
SECTION ANSWER
chain37.example.com. IN CNAME chain38.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain38.example.com. IN CNAME
SECTION ANSWER
chain38.example.com. IN CNAME chain39.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain39.example.com. IN CNAME
SECTION ANSWER
chain39.example.com. IN CNAME chain40.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
chain40.example.com. IN CNAME
SECTION ANSWER
chain40.example.com. IN CNAME chain41.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
sub1.chain1.example.com. IN A
SECTION ANSWER
sub1.chain1.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
sub1.chain1.example.com. IN ANY
SECTION ANSWER
sub1.chain1.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
sub2.chain2.example.com. IN A
SECTION ANSWER
sub2.chain2.example.com. IN CNAME sub2-2.chain2.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
sub2-2.chain2.example.com. IN A
SECTION ANSWER
sub2-2.chain2.example.com. IN CNAME sub2-3.chain2.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
sub2-3.chain1.example.com. IN ANY
SECTION ANSWER
sub2-3.chain1.example.com. IN A 1.2.3.6
ENTRY_END
RANGE_END
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
chain1.example.com. IN A
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
chain1.example.com. IN A
SECTION ANSWER
ENTRY_END
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
chain13.example.com. IN ANY
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
chain13.example.com. IN ANY
SECTION ANSWER
chain13.example.com. IN CNAME chain14.example.com.
ENTRY_END
STEP 49 TIME_PASSES ELAPSE 7200 ; expire the previous records.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
chain1.example.com. IN ANY
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
chain1.example.com. IN ANY
SECTION ANSWER
chain1.example.com. IN CNAME chain2.example.com.
ENTRY_END
STEP 69 TIME_PASSES ELAPSE 7200 ; expire the previous records.
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
sub1.chain1.example.com. IN ANY
ENTRY_END
STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
sub1.chain1.example.com. IN ANY
SECTION ANSWER
sub1.chain1.example.com. IN A 1.2.3.5
ENTRY_END
STEP 90 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
sub2.chain2.example.com. IN ANY
ENTRY_END
STEP 100 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
sub2.chain2.example.com. IN ANY
SECTION ANSWER
sub2.chain2.example.com. IN CNAME sub2-2.chain2.example.com.
ENTRY_END
SCENARIO_END
-297
View File
@@ -1,297 +0,0 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
minimal-responses: no
rrset-roundrobin: no
ede: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test scrub of RRs of inappropriate length
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 200
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 200
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 200
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
www.example.com. IN A \# 3 030405
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN AAAA
SECTION ANSWER
www.example.com. IN AAAA 2001:db8::1234
www.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
broken1.example.com. IN A
SECTION ANSWER
broken1.example.com. IN A \# 3 030405
broken1.example.com. IN A \# 3 030406
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
broken1.example.com. IN AAAA
SECTION ANSWER
broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F
broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E30
broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E31
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
broken2.example.com. IN A
SECTION ANSWER
broken2.example.com. IN A 1.2.3.4
broken2.example.com. IN A \# 3 030405
broken2.example.com. IN A 1.2.3.5
broken2.example.com. IN A \# 3 030406
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A \# 3 030407
ns.example.com. IN A 1.2.3.6
ns.example.com. IN A \# 3 030408
ns.example.com. IN A \# 3 030409
ns.example.com. IN A 1.2.3.7
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN AAAA
ENTRY_END
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN AAAA
SECTION ANSWER
www.example.com. IN AAAA 2001:db8::1234
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
broken1.example.com. IN A
ENTRY_END
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
broken1.example.com. IN A
SECTION ANSWER
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
broken1.example.com. IN AAAA
ENTRY_END
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
broken1.example.com. IN AAAA
SECTION ANSWER
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
STEP 80 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
broken2.example.com. IN A
ENTRY_END
STEP 90 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
broken2.example.com. IN A
SECTION ANSWER
broken2.example.com. IN A 1.2.3.4
broken2.example.com. IN A 1.2.3.5
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.6
ns.example.com. IN A 1.2.3.7
ENTRY_END
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD CD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ede=0
REPLY QR RD CD RA DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.6
ns.example.com. IN A 1.2.3.7
ENTRY_END
SCENARIO_END
@@ -1,27 +0,0 @@
server:
verbosity: 0
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
use-caps-for-id: no
port: @SERVER_PORT@
interface: 127.0.0.1
outbound-msg-retry: 0
log-servfail: yes
forward-zone:
name: "a.servfail"
forward-addr: 127.0.0.1@@SERVER_PORT@
forward-zone:
name: "b.servfail"
forward-addr: 127.0.0.1@@SERVER_PORT@
remote-control:
control-enable: yes
control-port: @CONTROL_PORT@
control-use-cert: no
@@ -1,16 +0,0 @@
BaseName: log_servfail
Version: 1.0
Description: Check the log_servfail option
CreationDate: Fri 29 Nov 11:00:00 CEST 2024
Maintainer:
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: log_servfail.pre
Post: log_servfail.post
Test: log_servfail.test
AuxFiles:
Passed:
Failure:
@@ -1,10 +0,0 @@
# #-- log_servfail.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_from_pidfile "unbound.pid"
cat unbound.log
@@ -1,21 +0,0 @@
# #-- log_servfail.pre--#
PRE="../.."
. ../common.sh
get_random_port 2
SERVER_PORT=$RND_PORT
CONTROL_PORT=$(($RND_PORT + 1))
echo "SERVER_PORT=$SERVER_PORT" >> .tpkg.var.test
echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
# make config file
sed \
-e 's/@SERVER_PORT\@/'$SERVER_PORT'/' \
-e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' \
< log_servfail.conf > ub.conf
# start unbound in the background
$PRE/unbound -d -c ub.conf > unbound.log 2>&1 &
cat .tpkg.var.test
wait_unbound_up unbound.log
@@ -1,47 +0,0 @@
# #-- log_servfail.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
outfile=dig.out
teststep "Check if log-servfail logs to output for iterator error"
dig a.servfail @127.0.0.1 -p $SERVER_PORT > $outfile
if ! grep "SERVFAIL" $outfile
then
cat $outfile
echo "Did not get a SERVFAIL response"
exit 1
fi
if ! grep "SERVFAIL <a\.servfail\. " unbound.log
then
echo "No log-servfail in output"
exit 1
fi
teststep "Enable serve expired"
$PRE/unbound-control -c ub.conf set_option serve-expired: yes
if test $? -ne 0
then
echo "unbound-control command exited with non-zero error code"
exit 1
fi
teststep "Check if log-servfail logs to output for iterator error (with serve-expired)"
dig b.servfail @127.0.0.1 -p $SERVER_PORT > $outfile
if ! grep "SERVFAIL" $outfile
then
cat $outfile
echo "Did not get a SERVFAIL response"
exit 1
fi
if ! grep "SERVFAIL <b\.servfail\. " unbound.log
then
echo "No log-servfail in output"
exit 1
fi
exit 0
@@ -1,2 +0,0 @@
redis.com. IN SOA server. ma.il 1 2 3 4 5
redis.com. IN A 2.2.2.2
@@ -1,2 +0,0 @@
redis.com. IN SOA server. ma.il 1 2 3 4 5
redis.com. IN A 1.1.1.1
@@ -1,583 +0,0 @@
###
### Settings for this test ###################################################
###
# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 0
# Unix socket.
#
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
unixsocket @SOCKET@
# unixsocketperm 700
# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
# When Redis is supervised by upstart or systemd, this parameter has no impact.
daemonize no
# Specify the server verbosity level.
# This can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
# nothing (nothing is logged)
loglevel notice
# Specify the log file name. Also the empty string can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile @LOGFILE@
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
syslog-enabled no
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT <dbid> where
# dbid is a number between 0 and 'databases'-1
databases 2
# Snapshotting can be completely disabled with a single empty string argument
# as in following example:
#
save ""
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir .
###
### Rest of the default Redis settings #######################################
###
bind 127.0.0.1 -::1
# When protected mode is on and the default user has no password, the server
# only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address
# (::1) or Unix domain sockets.
protected-mode yes
# TCP listen() backlog.
#
# In high requests-per-second environments you need a high backlog in order
# to avoid slow clients connection issues. Note that the Linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
tcp-backlog 511
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
# TCP keepalive.
# A reasonable value for this option is 300 seconds, which is the new
# Redis default starting with Redis 3.2.1.
tcp-keepalive 300
# By default Redis shows an ASCII art logo only when started to log to the
# standard output and if the standard output is a TTY and syslog logging is
# disabled. Basically this means that normally a logo is displayed only in
# interactive sessions.
#
# However it is possible to force the pre-4.0 behavior and always show a
# ASCII art logo in startup logs by setting the following option to yes.
always-show-logo no
# By default, Redis modifies the process title (as seen in 'top' and 'ps') to
# provide some runtime information. It is possible to disable this and leave
# the process name as executed by setting the following to no.
set-proc-title yes
# When changing the process title, Redis uses the following template to construct
# the modified title.
#
# Template variables are specified in curly brackets. The following variables are
# supported:
#
# {title} Name of process as executed if parent, or type of child process.
# {listen-addr} Bind address or '*' followed by TCP or TLS port listening on, or
# Unix socket if only that's available.
# {server-mode} Special mode, i.e. "[sentinel]" or "[cluster]".
# {port} TCP port listening on, or 0.
# {tls-port} TLS port listening on, or 0.
# {unixsocket} Unix domain socket listening on, or "".
# {config-file} Name of configuration file used.
#
proc-title-template "{title} {listen-addr} {server-mode}"
# Set the local environment which is used for string comparison operations, and
# also affect the performance of Lua scripts. Empty String indicates the locale
# is derived from the environment variables.
#locale-collate ""
# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
# This will make the user aware (in a hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# disaster will happen.
#
# If the background saving process will start working again Redis will
# automatically allow writes again.
#
# However if you have setup your proper monitoring of the Redis server
# and persistence, you may want to disable this feature so that Redis will
# continue to work as usual even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error yes
# Compress string objects using LZF when dump .rdb databases?
# By default compression is enabled as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes
# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
# for maximum performances.
#
# RDB files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum yes
# The filename where to dump the DB
dbfilename redis.rdb
# Remove RDB files used by replication in instances without persistence
# enabled. By default this option is disabled, however there are environments
# where for regulations or other security concerns, RDB files persisted on
# disk by masters in order to feed replicas, or stored on disk by replicas
# in order to load them for the initial synchronization, should be deleted
# ASAP. Note that this option ONLY WORKS in instances that have both AOF
# and RDB persistence disabled, otherwise is completely ignored.
#
# An alternative (and sometimes better) way to obtain the same effect is
# to use diskless replication on both master and replicas instances. However
# in the case of replicas, diskless is not always an option.
rdb-del-sync-files no
# When a replica loses its connection with the master, or when the replication
# is still in progress, the replica can act in two different ways:
#
# 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will
# still reply to client requests, possibly with out of date data, or the
# data set may just be empty if this is the first synchronization.
#
# 2) If replica-serve-stale-data is set to 'no' the replica will reply with error
# "MASTERDOWN Link with MASTER is down and replica-serve-stale-data is set to 'no'"
# to all data access commands, excluding commands such as:
# INFO, REPLICAOF, AUTH, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
# UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST,
# HOST and LATENCY.
#
replica-serve-stale-data yes
# You can configure a replica instance to accept writes or not. Writing against
# a replica instance may be useful to store some ephemeral data (because data
# written on a replica will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# Since Redis 2.6 by default replicas are read-only.
#
# Note: read only replicas are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
# Still a read only replica exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
# security of read only replicas using 'rename-command' to shadow all the
# administrative / dangerous commands.
replica-read-only yes
# Replication SYNC strategy: disk or socket.
#
# New replicas and reconnecting replicas that are not able to continue the
# replication process just receiving differences, need to do what is called a
# "full synchronization". An RDB file is transmitted from the master to the
# replicas.
#
# The transmission can happen in two different ways:
#
# 1) Disk-backed: The Redis master creates a new process that writes the RDB
# file on disk. Later the file is transferred by the parent
# process to the replicas incrementally.
# 2) Diskless: The Redis master creates a new process that directly writes the
# RDB file to replica sockets, without touching the disk at all.
#
# With disk-backed replication, while the RDB file is generated, more replicas
# can be queued and served with the RDB file as soon as the current child
# producing the RDB file finishes its work. With diskless replication instead
# once the transfer starts, new replicas arriving will be queued and a new
# transfer will start when the current one terminates.
#
# When diskless replication is used, the master waits a configurable amount of
# time (in seconds) before starting the transfer in the hope that multiple
# replicas will arrive and the transfer can be parallelized.
#
# With slow disks and fast (large bandwidth) networks, diskless replication
# works better.
repl-diskless-sync yes
# When diskless replication is enabled, it is possible to configure the delay
# the server waits in order to spawn the child that transfers the RDB via socket
# to the replicas.
#
# This is important since once the transfer starts, it is not possible to serve
# new replicas arriving, that will be queued for the next RDB transfer, so the
# server waits a delay in order to let more replicas arrive.
#
# The delay is specified in seconds, and by default is 5 seconds. To disable
# it entirely just set it to 0 seconds and the transfer will start ASAP.
repl-diskless-sync-delay 5
# When diskless replication is enabled with a delay, it is possible to let
# the replication start before the maximum delay is reached if the maximum
# number of replicas expected have connected. Default of 0 means that the
# maximum is not defined and Redis will wait the full delay.
#repl-diskless-sync-max-replicas 0
# -----------------------------------------------------------------------------
# WARNING: Since in this setup the replica does not immediately store an RDB on
# disk, it may cause data loss during failovers. RDB diskless load + Redis
# modules not handling I/O reads may cause Redis to abort in case of I/O errors
# during the initial synchronization stage with the master.
# -----------------------------------------------------------------------------
#
# Replica can load the RDB it reads from the replication link directly from the
# socket, or store the RDB to a file and read that file after it was completely
# received from the master.
#
# In many cases the disk is slower than the network, and storing and loading
# the RDB file may increase replication time (and even increase the master's
# Copy on Write memory and replica buffers).
# However, when parsing the RDB file directly from the socket, in order to avoid
# data loss it's only safe to flush the current dataset when the new dataset is
# fully loaded in memory, resulting in higher memory usage.
# For this reason we have the following options:
#
# "disabled" - Don't use diskless load (store the rdb file to the disk first)
# "swapdb" - Keep current db contents in RAM while parsing the data directly
# from the socket. Replicas in this mode can keep serving current
# dataset while replication is in progress, except for cases where
# they can't recognize master as having a data set from same
# replication history.
# Note that this requires sufficient memory, if you don't have it,
# you risk an OOM kill.
# "on-empty-db" - Use diskless load only when current dataset is empty. This is
# safer and avoid having old and new dataset loaded side by side
# during replication.
repl-diskless-load disabled
# Master send PINGs to its replicas in a predefined interval. It's possible to
# change this interval with the repl_ping_replica_period option. The default
# value is 10 seconds.
#
# repl-ping-replica-period 10
# The following option sets the replication timeout for:
#
# 1) Bulk transfer I/O during SYNC, from the point of view of replica.
# 2) Master timeout from the point of view of replicas (data, pings).
# 3) Replica timeout from the point of view of masters (REPLCONF ACK pings).
#
# It is important to make sure that this value is greater than the value
# specified for repl-ping-replica-period otherwise a timeout will be detected
# every time there is low traffic between the master and the replica. The default
# value is 60 seconds.
#
# repl-timeout 60
# Disable TCP_NODELAY on the replica socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
# less bandwidth to send data to replicas. But this can add a delay for
# the data to appear on the replica side, up to 40 milliseconds with
# Linux kernels using a default configuration.
#
# If you select "no" the delay for data to appear on the replica side will
# be reduced but more bandwidth will be used for replication.
#
# By default we optimize for low latency, but in very high traffic conditions
# or when the master and replicas are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no
# The replica priority is an integer number published by Redis in the INFO
# output. It is used by Redis Sentinel in order to select a replica to promote
# into a master if the master is no longer working correctly.
#
# A replica with a low priority number is considered better for promotion, so
# for instance if there are three replicas with priority 10, 100, 25 Sentinel
# will pick the one with priority 10, that is the lowest.
#
# However a special priority of 0 marks the replica as not able to perform the
# role of master, so a replica with priority of 0 will never be selected by
# Redis Sentinel for promotion.
#
# By default the priority is 100.
replica-priority 100
# ACL LOG
#
# The ACL Log tracks failed commands and authentication events associated
# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked
# by ACLs. The ACL Log is stored in memory. You can reclaim memory with
# ACL LOG RESET. Define the maximum entry length of the ACL Log below.
acllog-max-len 128
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
# It is also possible, for the case when to replace the user code DEL calls
# with UNLINK calls is not easy, to modify the default behavior of the DEL
# command to act exactly like UNLINK, using the following configuration
# directive:
lazyfree-lazy-user-del no
# FLUSHDB, FLUSHALL, SCRIPT FLUSH and FUNCTION FLUSH support both asynchronous and synchronous
# deletion, which can be controlled by passing the [SYNC|ASYNC] flags into the
# commands. When neither flag is passed, this directive will be used to determine
# if the data should be deleted asynchronously.
lazyfree-lazy-user-flush no
# On Linux, it is possible to hint the kernel OOM killer on what processes
# should be killed first when out of memory.
#
# Enabling this feature makes Redis actively control the oom_score_adj value
# for all its processes, depending on their role. The default scores will
# attempt to have background child processes killed before all others, and
# replicas killed before masters.
#
# Redis supports these options:
#
# no: Don't make changes to oom-score-adj (default).
# yes: Alias to "relative" see below.
# absolute: Values in oom-score-adj-values are written as is to the kernel.
# relative: Values are used relative to the initial value of oom_score_adj when
# the server starts and are then clamped to a range of -1000 to 1000.
# Because typically the initial value is 0, they will often match the
# absolute values.
oom-score-adj no
# When oom-score-adj is used, this directive controls the specific values used
# for master, replica and background child processes. Values range -2000 to
# 2000 (higher means more likely to be killed).
#
# Unprivileged processes (not root, and without CAP_SYS_RESOURCE capabilities)
# can freely increase their value, but not decrease it below its initial
# settings. This means that setting oom-score-adj to "relative" and setting the
# oom-score-adj-values to positive values will always succeed.
oom-score-adj-values 0 200 800
# Usually the kernel Transparent Huge Pages control is set to "madvise" or
# or "never" by default (/sys/kernel/mm/transparent_hugepage/enabled), in which
# case this config has no effect. On systems in which it is set to "always",
# redis will attempt to disable it specifically for the redis process in order
# to avoid latency problems specifically with fork(2) and CoW.
# If for some reason you prefer to keep it enabled, you can set this config to
# "no" and the kernel global to "always".
disable-thp yes
# By default Redis asynchronously dumps the dataset on disk. This mode is
# good enough in many applications, but an issue with the Redis process or
# a power outage may result into a few minutes of writes lost (depending on
# the configured save points).
#
# The Append Only File is an alternative persistence mode that provides
# much better durability. For instance using the default data fsync policy
# (see later in the config file) Redis can lose just one second of writes in a
# dramatic event like a server power outage, or a single write if something
# wrong with the Redis process itself happens, but the operating system is
# still running correctly.
#
# AOF and RDB persistence can be enabled at the same time without problems.
# If the AOF is enabled on startup Redis will load the AOF, that is the file
# with the better durability guarantees.
#
# Please check https://redis.io/topics/persistence for more information.
appendonly no
# The following time is expressed in microseconds, so 1000000 is equivalent
# to one second. Note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than 10000
# There is no limit to this length. Just be aware that it will consume memory.
# You can reclaim memory used by the slow log with SLOWLOG RESET.
slowlog-max-len 128
# By default latency monitoring is disabled since it is mostly not needed
# if you don't have latency issues, and collecting data has a performance
# impact, that while very small, can be measured under big load. Latency
# monitoring can easily be enabled at runtime using the command
# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
latency-monitor-threshold 0
# By default all notifications are disabled because most users don't need
# this feature and the feature has some overhead. Note that if you don't
# specify at least one of K or E, no events will be delivered.
notify-keyspace-events ""
# Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. These thresholds can be configured using the following directives.
#hash-max-listpack-entries 512
#hash-max-listpack-value 64
# Lists are also encoded in a special way to save a lot of space.
# The number of entries allowed per internal list node can be specified
# as a fixed maximum size or a maximum number of elements.
# For a fixed maximum size, use -5 through -1, meaning:
# -5: max size: 64 Kb <-- not recommended for normal workloads
# -4: max size: 32 Kb <-- not recommended
# -3: max size: 16 Kb <-- probably not recommended
# -2: max size: 8 Kb <-- good
# -1: max size: 4 Kb <-- good
# Positive numbers mean store up to _exactly_ that number of elements
# per list node.
# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
# but if your use case is unique, adjust the settings as necessary.
#list-max-listpack-size -2
# Lists may also be compressed.
# Compress depth is the number of quicklist ziplist nodes from *each* side of
# the list to *exclude* from compression. The head and tail of the list
# are always uncompressed for fast push/pop operations. Settings are:
# 0: disable all list compression
# 1: depth 1 means "don't start compressing until after 1 node into the list,
# going from either the head or tail"
# So: [head]->node->node->...->node->[tail]
# [head], [tail] will always be uncompressed; inner nodes will compress.
# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
# 2 here means: don't compress head or head->next or tail->prev or tail,
# but compress all nodes between them.
# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
# etc.
list-compress-depth 0
# Sets have a special encoding when a set is composed
# of just strings that happen to be integers in radix 10 in the range
# of 64 bit signed integers.
# The following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries 512
# Sets containing non-integer values are also encoded using a memory efficient
# data structure when they have a small number of entries, and the biggest entry
# does not exceed a given threshold. These thresholds can be configured using
# the following directives.
#set-max-listpack-entries 128
#set-max-listpack-value 64
# Similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. This encoding is only used when the length and
# elements of a sorted set are below the following limits:
#zset-max-listpack-entries 128
#zset-max-listpack-value 64
# HyperLogLog sparse representation bytes limit. The limit includes the
# 16 bytes header. When a HyperLogLog using the sparse representation crosses
# this limit, it is converted into the dense representation.
#
# A value greater than 16000 is totally useless, since at that point the
# dense representation is more memory efficient.
#
# The suggested value is ~ 3000 in order to have the benefits of
# the space efficient encoding without slowing down too much PFADD,
# which is O(N) with the sparse encoding. The value can be raised to
# ~ 10000 when CPU is not a concern, but space is, and the data set is
# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
hll-sparse-max-bytes 3000
# Streams macro node max size / items. The stream data structure is a radix
# tree of big nodes that encode multiple items inside. Using this configuration
# it is possible to configure how big a single node can be in bytes, and the
# maximum number of items it may contain before switching to a new node when
# appending new stream entries. If any of the following settings are set to
# zero, the limit is ignored, so for instance it is possible to set just a
# max entries limit by setting max-bytes to 0 and max-entries to the desired
# value.
stream-node-max-bytes 4096
stream-node-max-entries 100
# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redis hash table (the one mapping top-level
# keys to values). The hash table implementation Redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into a hash table
# that is rehashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# The default is to use this millisecond 10 times every second in order to
# actively rehash the main dictionaries, freeing memory when possible.
#
# If unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that Redis can reply from time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing yes
# The client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a Pub/Sub client can't consume messages as fast as the
# publisher can produce them).
#
# Both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# Redis calls an internal function to perform many background tasks, like
# closing connections of clients in timeout, purging expired keys that are
# never requested, and so forth.
#
# Not all tasks are performed with the same frequency, but Redis checks for
# tasks to perform according to the specified "hz" value.
#
# By default "hz" is set to 10. Raising the value will use more CPU when
# Redis is idle, but at the same time will make Redis more responsive when
# there are many keys expiring at the same time, and timeouts may be
# handled with more precision.
#
# The range is between 1 and 500, however a value over 100 is usually not
# a good idea. Most users should use the default of 10 and raise this up to
# 100 only in environments where very low latency is required.
hz 10
# When dynamic HZ is enabled, the actual configured HZ will be used
# as a baseline, but multiples of the configured HZ value will be actually
# used as needed once more clients are connected. In this way an idle
# instance will use very little CPU time while a busy instance will be
# more responsive.
dynamic-hz yes
# When a child rewrites the AOF file, if the following option is enabled
# the file will be fsync-ed every 4 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes
# When redis saves RDB file, if the following option is enabled
# the file will be fsync-ed every 4 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
rdb-save-incremental-fsync yes
# Jemalloc background thread for purging will be enabled by default
jemalloc-bg-thread yes
@@ -1,33 +0,0 @@
server:
verbosity: 7
num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
module-config: "cachedb iterator"
root-key-sentinel: no
trust-anchor-signaling: no
log-time-ascii: yes
log-time-iso: yes
cachedb:
backend: redis
redis-server-path: @REDIS_SOCKET@
redis-replica-server-path: @REDIS_REPLICA_SOCKET@
auth-zone:
name: "redis.com"
for-upstream: yes
for-downstream: no
zonefile: "redis.zone"
remote-control:
control-enable: yes
control-interface: 127.0.0.1
# control-interface: ::1
control-port: @CONTROL_PORT@
server-key-file: "unbound_server.key"
server-cert-file: "unbound_server.pem"
control-key-file: "unbound_control.key"
control-cert-file: "unbound_control.pem"
@@ -1,16 +0,0 @@
BaseName: redis_reconnect_interval
Version: 1.0
Description: Test redis reconnect interval
CreationDate: Thu 24 July 09:29:09 CEST 2025
Maintainer: Wouter Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: redis_reconnect_interval.pre
Post: redis_reconnect_interval.post
Test: redis_reconnect_interval.test
AuxFiles:
Passed:
Failure:
@@ -1,18 +0,0 @@
# #-- redis_reconnect_interval.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_pid $REDIS_PID
kill_pid $REDIS_REPLICA_PID
kill_pid $UNBOUND_PID
echo "> cat logfiles"
echo "redis server.log"
cat server.log
echo "redis replica.log"
cat replica.log
echo "unbound.log"
cat unbound.log
@@ -1,46 +0,0 @@
# #-- redis_reconnect_interval.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
if grep "define USE_REDIS 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi
get_random_port 2
UNBOUND_PORT=$RND_PORT
CONTROL_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
REDIS_SOCKET=server.sock
REDIS_REPLICA_SOCKET=replica.sock
echo "REDIS_SOCKET=$REDIS_SOCKET" >> .tpkg.var.test
echo "REDIS_REPLICA_SOCKET=$REDIS_REPLICA_SOCKET" >> .tpkg.var.test
# start redis
sed -e 's/@SOCKET\@/'$REDIS_SOCKET'/' -e 's/@LOGFILE\@/server.log/' < redis.conf > server.conf
redis-server server.conf &
REDIS_PID=$!
echo "REDIS_PID=$REDIS_PID" >> .tpkg.var.test
# start redis replica
sed -e 's/@SOCKET\@/'$REDIS_REPLICA_SOCKET'/' -e 's/@LOGFILE\@/replica.log/' < redis.conf > replica.conf
redis-server replica.conf &
REDIS_REPLICA_PID=$!
echo "REDIS_REPLICA_PID=$REDIS_REPLICA_PID" >> .tpkg.var.test
# Copy initial zonefile
cp before.zone redis.zone
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@REDIS_SOCKET\@/'$REDIS_SOCKET'/' -e 's/@REDIS_REPLICA_SOCKET\@/'$REDIS_REPLICA_SOCKET'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < redis_reconnect_interval.conf > ub.conf
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_unbound_up unbound.log
@@ -1,121 +0,0 @@
# #-- redis_reconnect_interval.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# do the test
# Check number of keys in the db
# $1: socket to connect to
# $2: expected number of keys
redis_cli_check_keys () {
echo "> redis-cli connecting to $1 to check number of keys; expecting $2"
keys=$(redis-cli --no-raw -s $1 keys "*" | grep -vF empty | wc -l)
if test $keys -ne $2
then
echo "Expected $2 keys, got $keys"
exit 1
fi
echo "OK"
}
# Query and check the expected result
# $1: query
# $2: expected answer
expect_answer () {
echo "> dig @127.0.0.1 -p $UNBOUND_PORT $1"
dig @127.0.0.1 -p $UNBOUND_PORT $1 > tmp.answer
if ! grep -F $2 tmp.answer
then
echo "Expected $2 in the answer, got:"
cat tmp.answer
exit 1
fi
echo "OK"
}
# Start test
# check Redis server has no keys
redis_cli_check_keys $REDIS_SOCKET 0
# check Redis replica server has no keys
redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
# query and check answer
expect_answer redis.com 1.1.1.1
# check Redis server has 1 key
redis_cli_check_keys $REDIS_SOCKET 1
# check Redis replica server has no keys
redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
# change auth zone and reload
cp after.zone redis.zone
echo "$PRE/unbound-control -c ub.conf reload"
$PRE/unbound-control -c ub.conf reload
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
# query and check answer
# we are writing to server but reading from replica; which is not actually
# replicating so the new answer will come through while overwriting the record
# in the server.
expect_answer redis.com 2.2.2.2
# check Redis server has 1 key
redis_cli_check_keys $REDIS_SOCKET 1
# check Redis replica server has no keys
redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
echo "> OK"
# take down the redis server and observe reconnect attempts.
# first the replica that it tries to read from.
kill_pid $REDIS_REPLICA_PID
$PRE/unbound-control -c ub.conf reload
expect_answer redis.com 2.2.2.2
# some more queries to exceed the limit on reconnects.
expect_answer d1.redis.com NXDOMAIN
expect_answer d2.redis.com NXDOMAIN
expect_answer d3.redis.com NXDOMAIN
expect_answer d4.redis.com NXDOMAIN
expect_answer d5.redis.com NXDOMAIN
# it has entered the wait period
sleep 2
expect_answer d6.redis.com NXDOMAIN
kill_pid $REDIS_PID
$PRE/unbound-control -c ub.conf reload
expect_answer redis.com 2.2.2.2
expect_answer d1.redis.com NXDOMAIN
expect_answer d2.redis.com NXDOMAIN
expect_answer d3.redis.com NXDOMAIN
expect_answer d4.redis.com NXDOMAIN
expect_answer d5.redis.com NXDOMAIN
# it has entered the wait period
sleep 2
expect_answer d6.redis.com NXDOMAIN
# bring up the redis server again.
redis-server server.conf &
REDIS_PID=$!
echo "REDIS_PID=$REDIS_PID" >> .tpkg.var.test
redis-server replica.conf &
REDIS_REPLICA_PID=$!
echo "REDIS_REPLICA_PID=$REDIS_REPLICA_PID" >> .tpkg.var.test
expect_answer d7.redis.com NXDOMAIN
expect_answer d8.redis.com NXDOMAIN
sleep 2
expect_answer d9.redis.com NXDOMAIN
expect_answer d10.redis.com NXDOMAIN
exit 0
@@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
-----END RSA PRIVATE KEY-----
@@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
-----END CERTIFICATE-----
@@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----
@@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----
@@ -1,2 +0,0 @@
redis.com. IN SOA server. ma.il 1 2 3 4 5
redis.com. IN A 2.2.2.2
@@ -1,2 +0,0 @@
redis.com. IN SOA server. ma.il 1 2 3 4 5
redis.com. IN A 1.1.1.1
-583
View File
@@ -1,583 +0,0 @@
###
### Settings for this test ###################################################
###
# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 0
# Unix socket.
#
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
unixsocket @SOCKET@
# unixsocketperm 700
# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
# When Redis is supervised by upstart or systemd, this parameter has no impact.
daemonize no
# Specify the server verbosity level.
# This can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
# nothing (nothing is logged)
loglevel notice
# Specify the log file name. Also the empty string can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile @LOGFILE@
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
syslog-enabled no
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT <dbid> where
# dbid is a number between 0 and 'databases'-1
databases 2
# Snapshotting can be completely disabled with a single empty string argument
# as in following example:
#
save ""
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir .
###
### Rest of the default Redis settings #######################################
###
bind 127.0.0.1 -::1
# When protected mode is on and the default user has no password, the server
# only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address
# (::1) or Unix domain sockets.
protected-mode yes
# TCP listen() backlog.
#
# In high requests-per-second environments you need a high backlog in order
# to avoid slow clients connection issues. Note that the Linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
tcp-backlog 511
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
# TCP keepalive.
# A reasonable value for this option is 300 seconds, which is the new
# Redis default starting with Redis 3.2.1.
tcp-keepalive 300
# By default Redis shows an ASCII art logo only when started to log to the
# standard output and if the standard output is a TTY and syslog logging is
# disabled. Basically this means that normally a logo is displayed only in
# interactive sessions.
#
# However it is possible to force the pre-4.0 behavior and always show a
# ASCII art logo in startup logs by setting the following option to yes.
always-show-logo no
# By default, Redis modifies the process title (as seen in 'top' and 'ps') to
# provide some runtime information. It is possible to disable this and leave
# the process name as executed by setting the following to no.
set-proc-title yes
# When changing the process title, Redis uses the following template to construct
# the modified title.
#
# Template variables are specified in curly brackets. The following variables are
# supported:
#
# {title} Name of process as executed if parent, or type of child process.
# {listen-addr} Bind address or '*' followed by TCP or TLS port listening on, or
# Unix socket if only that's available.
# {server-mode} Special mode, i.e. "[sentinel]" or "[cluster]".
# {port} TCP port listening on, or 0.
# {tls-port} TLS port listening on, or 0.
# {unixsocket} Unix domain socket listening on, or "".
# {config-file} Name of configuration file used.
#
proc-title-template "{title} {listen-addr} {server-mode}"
# Set the local environment which is used for string comparison operations, and
# also affect the performance of Lua scripts. Empty String indicates the locale
# is derived from the environment variables.
#locale-collate ""
# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
# This will make the user aware (in a hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# disaster will happen.
#
# If the background saving process will start working again Redis will
# automatically allow writes again.
#
# However if you have setup your proper monitoring of the Redis server
# and persistence, you may want to disable this feature so that Redis will
# continue to work as usual even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error yes
# Compress string objects using LZF when dump .rdb databases?
# By default compression is enabled as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes
# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
# for maximum performances.
#
# RDB files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum yes
# The filename where to dump the DB
dbfilename redis.rdb
# Remove RDB files used by replication in instances without persistence
# enabled. By default this option is disabled, however there are environments
# where for regulations or other security concerns, RDB files persisted on
# disk by masters in order to feed replicas, or stored on disk by replicas
# in order to load them for the initial synchronization, should be deleted
# ASAP. Note that this option ONLY WORKS in instances that have both AOF
# and RDB persistence disabled, otherwise is completely ignored.
#
# An alternative (and sometimes better) way to obtain the same effect is
# to use diskless replication on both master and replicas instances. However
# in the case of replicas, diskless is not always an option.
rdb-del-sync-files no
# When a replica loses its connection with the master, or when the replication
# is still in progress, the replica can act in two different ways:
#
# 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will
# still reply to client requests, possibly with out of date data, or the
# data set may just be empty if this is the first synchronization.
#
# 2) If replica-serve-stale-data is set to 'no' the replica will reply with error
# "MASTERDOWN Link with MASTER is down and replica-serve-stale-data is set to 'no'"
# to all data access commands, excluding commands such as:
# INFO, REPLICAOF, AUTH, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
# UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST,
# HOST and LATENCY.
#
replica-serve-stale-data yes
# You can configure a replica instance to accept writes or not. Writing against
# a replica instance may be useful to store some ephemeral data (because data
# written on a replica will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# Since Redis 2.6 by default replicas are read-only.
#
# Note: read only replicas are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
# Still a read only replica exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
# security of read only replicas using 'rename-command' to shadow all the
# administrative / dangerous commands.
replica-read-only yes
# Replication SYNC strategy: disk or socket.
#
# New replicas and reconnecting replicas that are not able to continue the
# replication process just receiving differences, need to do what is called a
# "full synchronization". An RDB file is transmitted from the master to the
# replicas.
#
# The transmission can happen in two different ways:
#
# 1) Disk-backed: The Redis master creates a new process that writes the RDB
# file on disk. Later the file is transferred by the parent
# process to the replicas incrementally.
# 2) Diskless: The Redis master creates a new process that directly writes the
# RDB file to replica sockets, without touching the disk at all.
#
# With disk-backed replication, while the RDB file is generated, more replicas
# can be queued and served with the RDB file as soon as the current child
# producing the RDB file finishes its work. With diskless replication instead
# once the transfer starts, new replicas arriving will be queued and a new
# transfer will start when the current one terminates.
#
# When diskless replication is used, the master waits a configurable amount of
# time (in seconds) before starting the transfer in the hope that multiple
# replicas will arrive and the transfer can be parallelized.
#
# With slow disks and fast (large bandwidth) networks, diskless replication
# works better.
repl-diskless-sync yes
# When diskless replication is enabled, it is possible to configure the delay
# the server waits in order to spawn the child that transfers the RDB via socket
# to the replicas.
#
# This is important since once the transfer starts, it is not possible to serve
# new replicas arriving, that will be queued for the next RDB transfer, so the
# server waits a delay in order to let more replicas arrive.
#
# The delay is specified in seconds, and by default is 5 seconds. To disable
# it entirely just set it to 0 seconds and the transfer will start ASAP.
repl-diskless-sync-delay 5
# When diskless replication is enabled with a delay, it is possible to let
# the replication start before the maximum delay is reached if the maximum
# number of replicas expected have connected. Default of 0 means that the
# maximum is not defined and Redis will wait the full delay.
#repl-diskless-sync-max-replicas 0
# -----------------------------------------------------------------------------
# WARNING: Since in this setup the replica does not immediately store an RDB on
# disk, it may cause data loss during failovers. RDB diskless load + Redis
# modules not handling I/O reads may cause Redis to abort in case of I/O errors
# during the initial synchronization stage with the master.
# -----------------------------------------------------------------------------
#
# Replica can load the RDB it reads from the replication link directly from the
# socket, or store the RDB to a file and read that file after it was completely
# received from the master.
#
# In many cases the disk is slower than the network, and storing and loading
# the RDB file may increase replication time (and even increase the master's
# Copy on Write memory and replica buffers).
# However, when parsing the RDB file directly from the socket, in order to avoid
# data loss it's only safe to flush the current dataset when the new dataset is
# fully loaded in memory, resulting in higher memory usage.
# For this reason we have the following options:
#
# "disabled" - Don't use diskless load (store the rdb file to the disk first)
# "swapdb" - Keep current db contents in RAM while parsing the data directly
# from the socket. Replicas in this mode can keep serving current
# dataset while replication is in progress, except for cases where
# they can't recognize master as having a data set from same
# replication history.
# Note that this requires sufficient memory, if you don't have it,
# you risk an OOM kill.
# "on-empty-db" - Use diskless load only when current dataset is empty. This is
# safer and avoid having old and new dataset loaded side by side
# during replication.
repl-diskless-load disabled
# Master send PINGs to its replicas in a predefined interval. It's possible to
# change this interval with the repl_ping_replica_period option. The default
# value is 10 seconds.
#
# repl-ping-replica-period 10
# The following option sets the replication timeout for:
#
# 1) Bulk transfer I/O during SYNC, from the point of view of replica.
# 2) Master timeout from the point of view of replicas (data, pings).
# 3) Replica timeout from the point of view of masters (REPLCONF ACK pings).
#
# It is important to make sure that this value is greater than the value
# specified for repl-ping-replica-period otherwise a timeout will be detected
# every time there is low traffic between the master and the replica. The default
# value is 60 seconds.
#
# repl-timeout 60
# Disable TCP_NODELAY on the replica socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
# less bandwidth to send data to replicas. But this can add a delay for
# the data to appear on the replica side, up to 40 milliseconds with
# Linux kernels using a default configuration.
#
# If you select "no" the delay for data to appear on the replica side will
# be reduced but more bandwidth will be used for replication.
#
# By default we optimize for low latency, but in very high traffic conditions
# or when the master and replicas are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no
# The replica priority is an integer number published by Redis in the INFO
# output. It is used by Redis Sentinel in order to select a replica to promote
# into a master if the master is no longer working correctly.
#
# A replica with a low priority number is considered better for promotion, so
# for instance if there are three replicas with priority 10, 100, 25 Sentinel
# will pick the one with priority 10, that is the lowest.
#
# However a special priority of 0 marks the replica as not able to perform the
# role of master, so a replica with priority of 0 will never be selected by
# Redis Sentinel for promotion.
#
# By default the priority is 100.
replica-priority 100
# ACL LOG
#
# The ACL Log tracks failed commands and authentication events associated
# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked
# by ACLs. The ACL Log is stored in memory. You can reclaim memory with
# ACL LOG RESET. Define the maximum entry length of the ACL Log below.
acllog-max-len 128
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
# It is also possible, for the case when to replace the user code DEL calls
# with UNLINK calls is not easy, to modify the default behavior of the DEL
# command to act exactly like UNLINK, using the following configuration
# directive:
lazyfree-lazy-user-del no
# FLUSHDB, FLUSHALL, SCRIPT FLUSH and FUNCTION FLUSH support both asynchronous and synchronous
# deletion, which can be controlled by passing the [SYNC|ASYNC] flags into the
# commands. When neither flag is passed, this directive will be used to determine
# if the data should be deleted asynchronously.
lazyfree-lazy-user-flush no
# On Linux, it is possible to hint the kernel OOM killer on what processes
# should be killed first when out of memory.
#
# Enabling this feature makes Redis actively control the oom_score_adj value
# for all its processes, depending on their role. The default scores will
# attempt to have background child processes killed before all others, and
# replicas killed before masters.
#
# Redis supports these options:
#
# no: Don't make changes to oom-score-adj (default).
# yes: Alias to "relative" see below.
# absolute: Values in oom-score-adj-values are written as is to the kernel.
# relative: Values are used relative to the initial value of oom_score_adj when
# the server starts and are then clamped to a range of -1000 to 1000.
# Because typically the initial value is 0, they will often match the
# absolute values.
oom-score-adj no
# When oom-score-adj is used, this directive controls the specific values used
# for master, replica and background child processes. Values range -2000 to
# 2000 (higher means more likely to be killed).
#
# Unprivileged processes (not root, and without CAP_SYS_RESOURCE capabilities)
# can freely increase their value, but not decrease it below its initial
# settings. This means that setting oom-score-adj to "relative" and setting the
# oom-score-adj-values to positive values will always succeed.
oom-score-adj-values 0 200 800
# Usually the kernel Transparent Huge Pages control is set to "madvise" or
# or "never" by default (/sys/kernel/mm/transparent_hugepage/enabled), in which
# case this config has no effect. On systems in which it is set to "always",
# redis will attempt to disable it specifically for the redis process in order
# to avoid latency problems specifically with fork(2) and CoW.
# If for some reason you prefer to keep it enabled, you can set this config to
# "no" and the kernel global to "always".
disable-thp yes
# By default Redis asynchronously dumps the dataset on disk. This mode is
# good enough in many applications, but an issue with the Redis process or
# a power outage may result into a few minutes of writes lost (depending on
# the configured save points).
#
# The Append Only File is an alternative persistence mode that provides
# much better durability. For instance using the default data fsync policy
# (see later in the config file) Redis can lose just one second of writes in a
# dramatic event like a server power outage, or a single write if something
# wrong with the Redis process itself happens, but the operating system is
# still running correctly.
#
# AOF and RDB persistence can be enabled at the same time without problems.
# If the AOF is enabled on startup Redis will load the AOF, that is the file
# with the better durability guarantees.
#
# Please check https://redis.io/topics/persistence for more information.
appendonly no
# The following time is expressed in microseconds, so 1000000 is equivalent
# to one second. Note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than 10000
# There is no limit to this length. Just be aware that it will consume memory.
# You can reclaim memory used by the slow log with SLOWLOG RESET.
slowlog-max-len 128
# By default latency monitoring is disabled since it is mostly not needed
# if you don't have latency issues, and collecting data has a performance
# impact, that while very small, can be measured under big load. Latency
# monitoring can easily be enabled at runtime using the command
# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
latency-monitor-threshold 0
# By default all notifications are disabled because most users don't need
# this feature and the feature has some overhead. Note that if you don't
# specify at least one of K or E, no events will be delivered.
notify-keyspace-events ""
# Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. These thresholds can be configured using the following directives.
#hash-max-listpack-entries 512
#hash-max-listpack-value 64
# Lists are also encoded in a special way to save a lot of space.
# The number of entries allowed per internal list node can be specified
# as a fixed maximum size or a maximum number of elements.
# For a fixed maximum size, use -5 through -1, meaning:
# -5: max size: 64 Kb <-- not recommended for normal workloads
# -4: max size: 32 Kb <-- not recommended
# -3: max size: 16 Kb <-- probably not recommended
# -2: max size: 8 Kb <-- good
# -1: max size: 4 Kb <-- good
# Positive numbers mean store up to _exactly_ that number of elements
# per list node.
# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
# but if your use case is unique, adjust the settings as necessary.
#list-max-listpack-size -2
# Lists may also be compressed.
# Compress depth is the number of quicklist ziplist nodes from *each* side of
# the list to *exclude* from compression. The head and tail of the list
# are always uncompressed for fast push/pop operations. Settings are:
# 0: disable all list compression
# 1: depth 1 means "don't start compressing until after 1 node into the list,
# going from either the head or tail"
# So: [head]->node->node->...->node->[tail]
# [head], [tail] will always be uncompressed; inner nodes will compress.
# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
# 2 here means: don't compress head or head->next or tail->prev or tail,
# but compress all nodes between them.
# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
# etc.
list-compress-depth 0
# Sets have a special encoding when a set is composed
# of just strings that happen to be integers in radix 10 in the range
# of 64 bit signed integers.
# The following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries 512
# Sets containing non-integer values are also encoded using a memory efficient
# data structure when they have a small number of entries, and the biggest entry
# does not exceed a given threshold. These thresholds can be configured using
# the following directives.
#set-max-listpack-entries 128
#set-max-listpack-value 64
# Similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. This encoding is only used when the length and
# elements of a sorted set are below the following limits:
#zset-max-listpack-entries 128
#zset-max-listpack-value 64
# HyperLogLog sparse representation bytes limit. The limit includes the
# 16 bytes header. When a HyperLogLog using the sparse representation crosses
# this limit, it is converted into the dense representation.
#
# A value greater than 16000 is totally useless, since at that point the
# dense representation is more memory efficient.
#
# The suggested value is ~ 3000 in order to have the benefits of
# the space efficient encoding without slowing down too much PFADD,
# which is O(N) with the sparse encoding. The value can be raised to
# ~ 10000 when CPU is not a concern, but space is, and the data set is
# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
hll-sparse-max-bytes 3000
# Streams macro node max size / items. The stream data structure is a radix
# tree of big nodes that encode multiple items inside. Using this configuration
# it is possible to configure how big a single node can be in bytes, and the
# maximum number of items it may contain before switching to a new node when
# appending new stream entries. If any of the following settings are set to
# zero, the limit is ignored, so for instance it is possible to set just a
# max entries limit by setting max-bytes to 0 and max-entries to the desired
# value.
stream-node-max-bytes 4096
stream-node-max-entries 100
# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redis hash table (the one mapping top-level
# keys to values). The hash table implementation Redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into a hash table
# that is rehashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# The default is to use this millisecond 10 times every second in order to
# actively rehash the main dictionaries, freeing memory when possible.
#
# If unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that Redis can reply from time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing yes
# The client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a Pub/Sub client can't consume messages as fast as the
# publisher can produce them).
#
# Both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# Redis calls an internal function to perform many background tasks, like
# closing connections of clients in timeout, purging expired keys that are
# never requested, and so forth.
#
# Not all tasks are performed with the same frequency, but Redis checks for
# tasks to perform according to the specified "hz" value.
#
# By default "hz" is set to 10. Raising the value will use more CPU when
# Redis is idle, but at the same time will make Redis more responsive when
# there are many keys expiring at the same time, and timeouts may be
# handled with more precision.
#
# The range is between 1 and 500, however a value over 100 is usually not
# a good idea. Most users should use the default of 10 and raise this up to
# 100 only in environments where very low latency is required.
hz 10
# When dynamic HZ is enabled, the actual configured HZ will be used
# as a baseline, but multiples of the configured HZ value will be actually
# used as needed once more clients are connected. In this way an idle
# instance will use very little CPU time while a busy instance will be
# more responsive.
dynamic-hz yes
# When a child rewrites the AOF file, if the following option is enabled
# the file will be fsync-ed every 4 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes
# When redis saves RDB file, if the following option is enabled
# the file will be fsync-ed every 4 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
rdb-save-incremental-fsync yes
# Jemalloc background thread for purging will be enabled by default
jemalloc-bg-thread yes
@@ -1,31 +0,0 @@
server:
verbosity: 7
num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
module-config: "cachedb iterator"
root-key-sentinel: no
trust-anchor-signaling: no
cachedb:
backend: redis
redis-server-path: @REDIS_SOCKET@
redis-replica-server-path: @REDIS_REPLICA_SOCKET@
auth-zone:
name: "redis.com"
for-upstream: yes
for-downstream: no
zonefile: "redis.zone"
remote-control:
control-enable: yes
control-interface: 127.0.0.1
# control-interface: ::1
control-port: @CONTROL_PORT@
server-key-file: "unbound_server.key"
server-cert-file: "unbound_server.pem"
control-key-file: "unbound_control.key"
control-cert-file: "unbound_control.pem"
@@ -1,16 +0,0 @@
BaseName: redis_replica
Version: 1.0
Description: Test redis replica operation
CreationDate: Fri 01 Mar 15:29:09 CET 2024
Maintainer: Yorgos Thessalonikefs
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: redis_replica.pre
Post: redis_replica.post
Test: redis_replica.test
AuxFiles:
Passed:
Failure:
@@ -1,18 +0,0 @@
# #-- redis_replica.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_pid $REDIS_PID
kill_pid $REDIS_REPLICA_PID
kill_pid $UNBOUND_PID
echo "> cat logfiles"
echo "redis server.log"
cat server.log
echo "redis replica.log"
cat replica.log
echo "unbound.log"
cat unbound.log
@@ -1,46 +0,0 @@
# #-- redis_replica.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
if grep "define USE_REDIS 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi
get_random_port 2
UNBOUND_PORT=$RND_PORT
CONTROL_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
REDIS_SOCKET=server.sock
REDIS_REPLICA_SOCKET=replica.sock
echo "REDIS_SOCKET=$REDIS_SOCKET" >> .tpkg.var.test
echo "REDIS_REPLICA_SOCKET=$REDIS_REPLICA_SOCKET" >> .tpkg.var.test
# start redis
sed -e 's/@SOCKET\@/'$REDIS_SOCKET'/' -e 's/@LOGFILE\@/server.log/' < redis.conf > server.conf
redis-server server.conf &
REDIS_PID=$!
echo "REDIS_PID=$REDIS_PID" >> .tpkg.var.test
# start redis replica
sed -e 's/@SOCKET\@/'$REDIS_REPLICA_SOCKET'/' -e 's/@LOGFILE\@/replica.log/' < redis.conf > replica.conf
redis-server replica.conf &
REDIS_REPLICA_PID=$!
echo "REDIS_REPLICA_PID=$REDIS_REPLICA_PID" >> .tpkg.var.test
# Copy initial zonefile
cp before.zone redis.zone
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@REDIS_SOCKET\@/'$REDIS_SOCKET'/' -e 's/@REDIS_REPLICA_SOCKET\@/'$REDIS_REPLICA_SOCKET'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < redis_replica.conf > ub.conf
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_unbound_up unbound.log
@@ -1,78 +0,0 @@
# #-- redis_replica.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
# do the test
# Check number of keys in the db
# $1: socket to connect to
# $2: expected number of keys
redis_cli_check_keys () {
echo "> redis-cli connecting to $1 to check number of keys; expecting $2"
keys=$(redis-cli --no-raw -s $1 keys "*" | grep -vF empty | wc -l)
if test $keys -ne $2
then
echo "Expected $2 keys, got $keys"
exit 1
fi
echo "OK"
}
# Query and check the expected result
# $1: query
# $2: expected answer
expect_answer () {
echo "> dig @127.0.0.1 -p $UNBOUND_PORT $1"
dig @127.0.0.1 -p $UNBOUND_PORT $1 > tmp.answer
if ! grep -F $2 tmp.answer
then
echo "Expected $2 in the answer, got:"
cat tmp.answer
exit 1
fi
echo "OK"
}
# Start test
# check Redis server has no keys
redis_cli_check_keys $REDIS_SOCKET 0
# check Redis replica server has no keys
redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
# query and check answer
expect_answer redis.com 1.1.1.1
# check Redis server has 1 key
redis_cli_check_keys $REDIS_SOCKET 1
# check Redis replica server has no keys
redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
# change auth zone and reload
cp after.zone redis.zone
echo "$PRE/unbound-control -c ub.conf reload"
$PRE/unbound-control -c ub.conf reload
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
# query and check answer
# we are writing to server but reading from replica; which is not actually
# replicating so the new answer will come through while overwriting the record
# in the server.
expect_answer redis.com 2.2.2.2
# check Redis server has 1 key
redis_cli_check_keys $REDIS_SOCKET 1
# check Redis replica server has no keys
redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
echo "> OK"
exit 0
@@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
-----END RSA PRIVATE KEY-----
@@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
-----END CERTIFICATE-----
@@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----
@@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----
-190
View File
@@ -1,190 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
*.gotham5.a CNAME static.gotham6.a.
*.gotham7.a.rpz-nsdname CNAME static.gotham8.a.
TEMPFILE_END
stub-zone:
name: "a."
stub-addr: 10.20.30.40
CONFIG_END
SCENARIO_BEGIN Test RPZ with CNAME with a wildcarded qname trigger after it.
; a.
RANGE_BEGIN 0 100
ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.a. IN NS
SECTION AUTHORITY
gotham.a. NS ns1.gotham.a.
SECTION ADDITIONAL
ns1.gotham.a. A 10.20.30.41
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham2.a. IN NS
SECTION AUTHORITY
gotham2.a. NS ns1.gotham2.a.
SECTION ADDITIONAL
ns1.gotham2.a. A 10.20.30.42
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham6.a. IN NS
SECTION AUTHORITY
gotham6.a. NS ns1.gotham6.a.
SECTION ADDITIONAL
ns1.gotham6.a. A 10.20.30.46
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham7.a. IN NS
SECTION AUTHORITY
gotham7.a. NS ns1.gotham7.a.
SECTION ADDITIONAL
ns1.gotham7.a. A 10.20.30.47
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham8.a. IN NS
SECTION AUTHORITY
gotham8.a. NS ns1.gotham8.a.
SECTION ADDITIONAL
ns1.gotham8.a. A 10.20.30.48
ENTRY_END
RANGE_END
; gotham.a.
RANGE_BEGIN 0 100
ADDRESS 10.20.30.41
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham.a. IN A
SECTION ANSWER
www.gotham.a. CNAME host.gotham5.a.
ENTRY_END
RANGE_END
; gotham2.a.
RANGE_BEGIN 0 100
ADDRESS 10.20.30.42
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION ANSWER
www.gotham2.a. CNAME host.gotham7.a.
ENTRY_END
RANGE_END
; gotham6.a.
RANGE_BEGIN 0 100
ADDRESS 10.20.30.46
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
static.gotham6.a. IN A
SECTION ANSWER
static.gotham6.a. A 1.2.3.4
ENTRY_END
RANGE_END
; gotham8.a.
RANGE_BEGIN 0 100
ADDRESS 10.20.30.48
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
static.gotham8.a. IN A
SECTION ANSWER
static.gotham8.a. A 1.2.3.5
ENTRY_END
RANGE_END
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham.a. IN A
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham.a. IN A
SECTION ANSWER
www.gotham.a. CNAME host.gotham5.a.
host.gotham5.a CNAME static.gotham6.a.
static.gotham6.a. A 1.2.3.4
ENTRY_END
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham2.a. IN A
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION ANSWER
www.gotham2.a. CNAME host.gotham7.a.
host.gotham7.a CNAME static.gotham8.a.
static.gotham8.a. A 1.2.3.5
ENTRY_END
SCENARIO_END
-471
View File
@@ -1,471 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
ns1.gotham.aa.rpz-nsdname CNAME .
ns1.gotham.bb.rpz-nsdname CNAME *.
ns1.gotham.cc.rpz-nsdname CNAME rpz-drop.
ns1.gotham.com.rpz-nsdname CNAME rpz-passthru.
ns1.gotham.dd.rpz-nsdname CNAME rpz-tcp-only.
ns1.gotham.ff.rpz-nsdname A 127.0.0.1
ns1.gotham.ff.rpz-nsdname TXT "42"
TEMPFILE_END
stub-zone:
name: "."
stub-addr: 1.1.1.1
CONFIG_END
SCENARIO_BEGIN Test RPZ nsdname triggers
; . --------------------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 1.1.1.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS ns.root.
SECTION ADDITIONAL
ns.root IN A 1.1.1.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN A
SECTION AUTHORITY
com. IN NS ns1.com.
SECTION ADDITIONAL
ns1.com. IN A 8.8.8.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
aa. IN A
SECTION AUTHORITY
aa. IN NS ns1.aa.
SECTION ADDITIONAL
ns1.aa. IN A 8.8.0.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
bb. IN A
SECTION AUTHORITY
bb. IN NS ns1.bb.
SECTION ADDITIONAL
ns1.bb. IN A 8.8.1.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
cc. IN A
SECTION AUTHORITY
cc. IN NS ns1.cc.
SECTION ADDITIONAL
ns1.cc. IN A 8.8.2.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
dd. IN A
SECTION AUTHORITY
dd. IN NS ns1.dd.
SECTION ADDITIONAL
ns1.dd. IN A 8.8.3.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
ee. IN A
SECTION AUTHORITY
ee. IN NS ns1.ee.
SECTION ADDITIONAL
ns1.ee. IN A 8.8.5.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
ff. IN A
SECTION AUTHORITY
ff. IN NS ns1.ff.
SECTION ADDITIONAL
ns1.ff. IN A 8.8.6.8
ENTRY_END
RANGE_END
; com. -----------------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 8.8.8.8
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS ns1.com.
SECTION ADDITIONAL
ns1.com. IN A 8.8.8.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.com. IN A
SECTION AUTHORITY
gotham.com. IN NS ns1.gotham.com.
SECTION ADDITIONAL
ns1.gotham.com. IN A 192.0.6.1
ENTRY_END
RANGE_END
; aa. ------------------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 8.8.0.8
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
aa. IN NS
SECTION ANSWER
aa. IN NS ns1.aa.
SECTION ADDITIONAL
ns1.aa. IN A 8.8.0.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.aa. IN A
SECTION AUTHORITY
gotham.aa. IN NS ns1.gotham.aa.
SECTION ADDITIONAL
ns1.gotham.aa. IN A 192.0.0.1
ENTRY_END
RANGE_END
; bb. ------------------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 8.8.1.8
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
bb. IN NS
SECTION ANSWER
bb. IN NS ns1.bb.
SECTION ADDITIONAL
ns1.bb. IN A 8.8.1.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.bb. IN A
SECTION AUTHORITY
gotham.bb. IN NS ns1.gotham.bb.
SECTION ADDITIONAL
ns1.gotham.bb. IN A 192.0.1.1
ENTRY_END
RANGE_END
; dd. ------------------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 8.8.3.8
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
dd. IN NS
SECTION ANSWER
dd. IN NS ns1.dd.
SECTION ADDITIONAL
ns1.dd. IN A 8.8.3.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.dd. IN A
SECTION AUTHORITY
gotham.dd. IN NS ns1.gotham.dd.
SECTION ADDITIONAL
ns1.gotham.dd. IN A 192.0.3.1
ENTRY_END
RANGE_END
; ff. ------------------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 8.8.6.8
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ff. IN NS
SECTION ANSWER
ff. IN NS ns1.ff.
SECTION ADDITIONAL
ns1.ff. IN A 8.8.6.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.ff. IN A
SECTION AUTHORITY
gotham.ff. IN NS ns1.gotham.ff.
SECTION ADDITIONAL
ns1.gotham.ff. IN A 192.0.5.1
ENTRY_END
RANGE_END
; ns1.gotham.com. ------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 192.0.6.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
gotham.com. IN A
SECTION ANSWER
gotham.com. IN A 192.0.6.2
ENTRY_END
RANGE_END
; ns1.gotham.aa. -------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 192.0.0.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
gotham.aa. IN A
SECTION ANSWER
gotham.aa. IN A 192.0.0.2
ENTRY_END
RANGE_END
; ns1.gotham.bb. -------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 192.0.1.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
gotham.bb. IN A
SECTION ANSWER
gotham.bb. IN A 192.0.1.2
ENTRY_END
RANGE_END
; ns1.gotham.dd. -------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 192.0.3.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
gotham.dd. IN A
SECTION ANSWER
gotham.dd. IN A 192.0.3.2
ENTRY_END
RANGE_END
; ns1.gotham.ff. -------------------------------------------------------------
RANGE_BEGIN 0 100
ADDRESS 192.0.5.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
gotham.ff. IN A
SECTION ANSWER
gotham.ff. IN A 192.0.5.2
ENTRY_END
RANGE_END
; ----------------------------------------------------------------------------
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
gotham.com. IN A
ENTRY_END
STEP 2 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
gotham.com. IN A
SECTION ANSWER
gotham.com. IN A 192.0.6.2
ENTRY_END
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
gotham.aa. IN A
ENTRY_END
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR AA RD RA NXDOMAIN
SECTION QUESTION
gotham.aa. IN A
SECTION ANSWER
ENTRY_END
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
gotham.bb. IN A
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
gotham.bb. IN A
SECTION ANSWER
ENTRY_END
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
gotham.ff. IN A
ENTRY_END
STEP 31 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
gotham.ff. IN A
SECTION ANSWER
gotham.ff. IN A 127.0.0.1
ENTRY_END
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
gotham.dd. IN A
ENTRY_END
; should come back truncated because TCP is required.
STEP 41 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA TC NOERROR
SECTION QUESTION
gotham.dd. IN A
SECTION ANSWER
ENTRY_END
STEP 42 QUERY
ENTRY_BEGIN
MATCH TCP
REPLY RD
SECTION QUESTION
gotham.dd. IN A
ENTRY_END
STEP 43 CHECK_ANSWER
ENTRY_BEGIN
MATCH all TCP
REPLY QR RD RA NOERROR
SECTION QUESTION
gotham.dd. IN A
SECTION ANSWER
gotham.dd. IN A 192.0.3.2
ENTRY_END
SCENARIO_END
-642
View File
@@ -1,642 +0,0 @@
; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
trust-anchor: "org. DS 1444 8 2 5224fb17d630a2e3efdc863a05a4032c5db415b5de3f32472ee9abed42e10146"
val-override-date: "20070916134226"
trust-anchor-signaling: no
val-log-level: 2
ede: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
foo.org CNAME .
foo2.org CNAME .
foo3.org CNAME .
bok.foo4.org A 4.0.5.5
www.foo5.org CNAME alt.foo5.org.
TEMPFILE_END
CONFIG_END
SCENARIO_BEGIN Test RPZ with validator handles blocked zone.
; The DNSKEY and DS lookups are stopped.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 1000
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
org. IN NS
SECTION AUTHORITY
org. IN NS ns1.servers.org.
SECTION ADDITIONAL
ns1.servers.org. IN A 1.2.3.51
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS ns1.servers.com.
SECTION ADDITIONAL
ns1.servers.com. IN A 1.2.3.52
ENTRY_END
RANGE_END
; ns1.servers.org for .org
RANGE_BEGIN 0 1000
ADDRESS 1.2.3.51
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
org. IN NS
SECTION ANSWER
org. 3600 IN NS ns1.servers.org.
org. 3600 IN RRSIG NS 8 1 3600 20070926134150 20070829134150 1444 org. arkVLr3b2Ip4bkWpjPTywYWzoVqay11KLB+ZygfoIWtq7mKW20SjRGI+AzIviHHWPv8iibzA8nwcTehuSmqIuRTmZXYj58hpi/AxrqqzJNiwE60swi1dKn3ti0SZKZaLMRnxrrAv7yu3PR6zGt7CD7gJgxfMfQMc6QryQJQbiyM=
SECTION ADDITIONAL
ns1.servers.org. 3600 IN A 1.2.3.51
ns1.servers.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1444 org. k+9JSbFm5GWSzEbVckC9bVXvzQYwbLvMbHMYmL5tIjt8RMhVhbkyqu+XER5m8xUFL0nrUqJ8ad6SKI9X/8FYGk1iSegpAjIh4bHGzea7vvM7CWw0HfTmmwDhS569IvUfxHyjH4TjSVlM1x9o/d8NGSLAa7h34b0s+NXLEEjNNbI=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
org. IN DNSKEY
SECTION ANSWER
org. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
org. 3600 IN RRSIG DNSKEY 8 1 3600 20070926134150 20070829134150 1444 org. pJVKrXD3veTg0qOB2PSQAWdeTEyFFzSbMHJ2F9J9WyxVuMMIDj119aJrkHtkXTmLT7wdOd9RZxDfG0A1H30lQeQdvaJoymaVUgWLXfiwIAYg+4Uk7vZrP7UzHJO2BgDnGdf42h2vgBoboyP9szNMHTGGQdpUk7VkhtE6djonzwg=
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.org. IN NS
SECTION AUTHORITY
foo.org. 3600 IN DS 29332 8 2 d38b124648bd7e32033a7fe9fd94ceab56e971ea9e61b3365566ccc028c15c98
foo.org. 3600 IN RRSIG DS 8 2 3600 20070926134150 20070829134150 1444 org. BE2cR03ecUYk/nRsJNMcNfsOWnSoOfkwx4zmF9eEqwoRn/i5QzsrRBEUdorfBsFjpdKqB2R6jSu53CTQAGv392w8AE0cRANPBxcDUiWaRyFZ7CaqspKorPijOJCKEtgztEfFgC9YXab3xvRkJVUZzZRJ4nCrpmNIGzvmf7LlCTg=
foo.org. IN NS ns.foo.org.
SECTION ADDITIONAL
ns.foo.org. IN A 1.2.3.53
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo2.org. IN NS
SECTION AUTHORITY
foo2.org. 3600 IN NSEC foo3.org. NS RRSIG NSEC
foo2.org. 3600 IN RRSIG NSEC 8 2 3600 20070926134150 20070829134150 1444 org. RfkRfmLeyLYtdDKrLBaXTk/KXTkUn9/4dMZtm3Kl5k5oa9/LkbPmnPb0z+zZ/3aBBKZu0QIevS7w++fdYWfIQiK+DIgG9hhp+lNxakLKp4M5SiWuh+zlTjwbRzlf4abWe/c/FR4bjesgObUdLnaIoM4h3aQUS1KsjyGFmLOCUGM=
foo2.org. IN NS ns.foo2.org.
SECTION ADDITIONAL
ns.foo2.org. IN A 1.2.3.54
ENTRY_END
; for this entry the org zone is suddenly resigned with NSEC3.
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo3.org. IN NS
SECTION AUTHORITY
; org. NSEC3PARAM 1 0 0 -
; org. -> mvnq25j8mo8ge527pikocn5rl72s2o0s.
; foo3.org. -> n3dm0vverfek5tl6klsp0k0gduj0gk92.
mvnq25j8mo8ge527pikocn5rl72s2o0s.org. IN NSEC3 1 0 0 - mvnq25j8mo8ge527pikocn5rl72s2o0t NS SOA RRSIG DNSKEY
mvnq25j8mo8ge527pikocn5rl72s2o0s.org. 3600 IN RRSIG NSEC3 8 2 3600 20070926134150 20070829134150 1444 org. MBmDCmjCeXShkwoDI/I04KK7w33FkNs7vci+SKoR5uWS24E3yt2AVgfkwFkKh42+MgqZnBUJEdRPOfATc80XDwxDhdymB3Ff4W1KAVFpJAkU42ii3bdiyYr+YPWVWdCYG2EfSpLcJiD6E21mW2DNRR7Lj9/W89WmndeUEgpjALA=
n3dm0vverfek5tl6klsp0k0gduj0gk91.org. IN NSEC3 1 0 0 - n3dm0vverfek5tl6klsp0k0gduj0gk93 NS DS RRSIG
n3dm0vverfek5tl6klsp0k0gduj0gk91.org. 3600 IN RRSIG NSEC3 8 2 3600 20070926134150 20070829134150 1444 org. H5aeeVc6k8fTSwUYDA9BW4ScHazb2b3NfvdQwRbKYj97tlJnJa+cojgOnyvP3qW9YoqO0aRT8rzUjFPJajOIRoS/6XVWCZ3ymDNQIi8oW6vT8qQYA2ldmoWDvFK9fHSgiwqJzQiKXtNGdqTfj2HEyVKVbFTv/Cgxh5jLcB6r9jM=
foo3.org. IN NS ns.foo3.org.
SECTION ADDITIONAL
ns.foo3.org. IN A 1.2.3.55
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo4.org. IN NS
SECTION AUTHORITY
foo4.org. 3600 IN DS 55567 8 2 db658962fbd0a03e81f1a68c33bb53eef3bc30e980040cb476fb191b24dfdd5a
foo4.org. 3600 IN RRSIG DS 8 2 3600 20070926134150 20070829134150 1444 org. kO2d+9du+9y0HcAUq056qnqBoXLwT+/EN82lEocJjCE7lx9qxv4YpwfNd1Sr3J9lwvZbfEm5uRPmSwtrythlI4+qmlsEWE90mfUntH+JqlXj7t2E514AZ/SZPSUd6h6AKPlB/DIhHuI/fAEKB+S263NnvVMccaHh8ScJMsY9nGI=
foo4.org. IN NS ns.foo4.org.
SECTION ADDITIONAL
ns.foo4.org. IN A 1.2.3.56
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo5.org. IN NS
SECTION AUTHORITY
foo5.org. 3600 IN DS 55567 8 2 4046e908302813cad9b4448cd4c243be118b7c18f8414b820bce0a1eab6f6889
foo5.org. 3600 IN RRSIG DS 8 2 3600 20070926134150 20070829134150 1444 org. e0+FRSrwoSeQxd35dcvsEFGQIO9nz+H6p52LAwPDUTOSwFcbR+q+x4OKX+eG8dbFXK7MGztdGdpPji95HzlezXRTt/66sXqYeDM61NezxVM6N/OjPIOL3VTGeyG4nvDj4ycvBbgjJqdhmev6aWYmTQwFa0+6Nxrlsldrl5/chW4=
foo5.org. IN NS ns.foo5.org.
SECTION ADDITIONAL
ns.foo5.org. IN A 1.2.3.57
ENTRY_END
RANGE_END
; ns1.servers.com for .com
RANGE_BEGIN 0 1000
ADDRESS 1.2.3.52
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS ns1.servers.com.
SECTION ADDITIONAL
ns1.servers.com. IN A 1.2.3.52
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo.com. IN TXT
SECTION ANSWER
foo.com. IN CNAME www.foo.org.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo2.com. IN TXT
SECTION ANSWER
foo2.com. IN CNAME www.foo2.org.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo4.com. IN A
SECTION ANSWER
foo4.com. IN CNAME www.foo4.org.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo5.com. IN A
SECTION ANSWER
foo5.com. IN CNAME www.foo5.org.
ENTRY_END
RANGE_END
; ns.foo.org for foo.org
RANGE_BEGIN 0 1000
ADDRESS 1.2.3.53
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo.org. IN NS
SECTION ANSWER
foo.org. 3600 IN NS ns.foo.org.
foo.org. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 29332 foo.org. WfSshqIf/LdScUjw5uyB10t3yoF36aOc+lkhTQsAiR7gat14Un+F1s8bQiG3gU8mnMirsu7M1aMBeQlbJncFhLu4av6ZkkI5L/qvojBAL0AF7Rj0gUWKbMc2NsAeAKY8ySzDXqF7ol9YEskHWW35aL+r5DB91u4joZVsANSqeAfLWAhm47hDGlWgzQ1us72dWOPxPqNBG0sx48xaFxiZJjowXVs/zbRQ1TyIFPeKztayc6HL2gaOPPUoOuHp/AEecySqjamXI28mqBBs8MGJoArFaJ05wIuWEdOzsfc+BcYnmuCaTVgEHUvZMbNvi2CYCY4l0jcl1UD7i4FzPhC4jQ==
SECTION ADDITIONAL
ns.foo.org. 3600 IN A 1.2.3.53
ns.foo.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 29332 foo.org. pScBuh9fyXazJLV4yPGQsDKAnNgAGe5G5712sQ46V9CA4Rv+STTI9p6JDyqu1EWVJupLwbL7dqqypSwcSy8CpCO1nH/n/yBnT/9txduEpzvr4OtVJnRZS1LMMlpb4NrT+QPpzxXZH5Zlc+Axevbxj7FVeFIAUq9Fh2+yO6lYXffIy9BW85VOZa1S08/O/2ZyZwPh6pdxB7HRGe/KuD86TMjfjVsveYL4w7UFC+wk1XGQA+zuXOIm+9MQC+UzM/cVR38nW/7Oj1hY2iAgvevFrT75tesf+H927uaHaPrWqSVJLPRIfm4O5wT5K1bgvfYDSlpU/YLf7vaCtJ+kKSOpJw==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo.org. IN DNSKEY
SECTION ANSWER
foo.org. 3600 IN DNSKEY 257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b}
foo.org. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 29332 foo.org. qlZQpZG+prXK6vsd+zObdHj8DbPBCpjB16B7UgTwsgmVxGRX9nSBnkqUqcIrnszJMHvEwu7VPWjegPX3E8LESgz2Slepa5T8hWmcoega2vWakIzIRNtDxH9PXDy804Dmduk/fxBzMlbbFLfsSrG5+cK5PhingjjxNbEuG3V124xTjFUGHKu4NM6kMfPcHOwjTTQLt6azJ10i6CeyaUXCSYz5xGE7Z4PSLYAstlLsM64EtLTGQHAZIEr2Dq6C23u23sRrj/0qcMFo0Nv8E3rjnkfJIo+RYuqqAznFsLMqfveX42ElWBl5YVLQHSo+kFbXcvgX7gzL8X9u4Z6MJ9zUkw==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo.org. IN TXT
SECTION ANSWER
foo.org. 3600 IN TXT "a.b.c."
foo.org. 3600 IN RRSIG TXT 8 2 3600 20070926134150 20070829134150 29332 foo.org. UW/T+M0crcfzQ6PVM/0o1ZtXF2o26VTm/V/9/+F873aQnDwfRLH+tzYSC+yfWZ/0niuif6fv9FYWisE8CyAIIMZ8mrxM7M4JgEZ0/vFOC2sN0qnmqSoZoZaeOEjJIAS6F2om+L6AAFtAH2Khbm0wkHc0jBWj3vK8HoXO38iLe1pPnuBK6BhE2+tyDIcUCoABFrycT0E5NBKFERQL+CzYMEzMUS/joSeWloFw1AB1X9Z94ezgmD+g2MnbW78DR6TRZXGD4DWXuxYNswRnfp4VENSOsSbhX9ixtuxwGn1fhiZeTxN84zE/ERiLK59Yo1bQ3TFjOY0cCvj+c2NulTAr9w==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.foo.org. IN TXT
SECTION ANSWER
www.foo.org. 3600 IN TXT "a.b.d."
www.foo.org. 3600 IN RRSIG TXT 8 3 3600 20070926134150 20070829134150 29332 foo.org. EjFHdpJdlFFLDWabiMsMzUPE1+brzq/0ecRG39bpPuU/6MW4HCQs4rlLlZNmmJP/vj+kLTGfguSrKyLQt8n9Tf1fKbvD6NUOIOwiVUOE4kb54JghbiBhWeCnRLmUQwi7DKy0UEw8niX3SY6WwJxO/e7+leQJY7Gpg3S00vKskTAjnKeDYiHcrO69Dpyc0l/qtR1Bb98xcs4vMsh6//BBklSlPTMKBcu2uK6sK7G2ZR1lOtShoginq5UHa+EZWR6Pxn8pLkfQGOXTjGq5WaTeEdcinBlvXYBGhAPKWXHwcEtEjClkWi1ZXOnSgwHu9dRxgSk/jcfSmjBFzw2bycq2Lg==
ENTRY_END
RANGE_END
; ns.foo2.org for foo2.org
RANGE_BEGIN 0 1000
ADDRESS 1.2.3.54
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo2.org. IN NS
SECTION ANSWER
foo2.org. IN NS ns.foo2.org.
SECTION ADDITIONAL
ns.foo2.org. IN A 1.2.3.54
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.foo2.org. IN TXT
SECTION ANSWER
www.foo2.org. IN TXT "a.b.e."
ENTRY_END
RANGE_END
; ns.foo3.org for foo3.org
RANGE_BEGIN 0 1000
ADDRESS 1.2.3.55
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo3.org. IN NS
SECTION ANSWER
foo3.org. IN NS ns.foo3.org.
SECTION ADDITIONAL
ns.foo3.org. IN A 1.2.3.55
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.foo3.org. IN A
SECTION ANSWER
ns.foo3.org. IN A 1.2.3.55
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.foo3.org. IN AAAA
SECTION AUTHORITY
foo3.org. IN SOA ns.foo3.org. host.foo3.org. 2007090422 3600 300 604800 3600
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.foo3.org. IN TXT
SECTION ANSWER
www.foo3.org. IN TXT "a.b.f."
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www2.foo3.org. IN TXT
SECTION ANSWER
www2.foo3.org. IN TXT "a.b.g."
ENTRY_END
RANGE_END
; ns.foo4.org for foo4.org
RANGE_BEGIN 0 1000
ADDRESS 1.2.3.56
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo4.org. IN NS
SECTION ANSWER
foo4.org. 3600 IN NS ns.foo4.org.
foo4.org. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55567 foo4.org. FXwXqJ8EW2XZDzHiMSiqiUpkk6tHGsJdlH1pfuOO6yPsmAmg6sSnyE9UsIDeW1bGwanYxbZGiD4YR9ED/NzdlMUrCI0fs4c0fa0yJjcF5WY0yZCL9OZbyn/dPIcqZ3D6UWjVVMW6EhZSPqzuz5gWYEiXkBDEc1s2BEjIYSwZo4g=
SECTION ADDITIONAL
ns.foo4.org. 3600 IN A 1.2.3.56
ns.foo4.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo4.org. MgKROh4mE6pUyp0ik2CHTZuf7n9M4WaDvTLdI9qb+AvvpJJiwA1+7/v004A3PADvohsUytQttldYKwK6J9+c8R48lpieT+e/WzeyoCM1ieFhbP73By32Bl/akH+8cOUxfqqLD8Y+1z/oKV55LyqKP0H0DCb6vfYtSxWAYQym9PQ=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo4.org. IN DNSKEY
SECTION ANSWER
foo4.org. IN DNSKEY 257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b}
foo4.org. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 55567 foo4.org. Hy1tP0xBPp23e+w2YJ49e09e8AB9hLDP3ksWI/8ujNFK51Kuwo8HBx4R6zbcuOELlqWxr6IQU2w6AwB6UqClS88mc2sIgeEbw7Nm+nCDWPSPklPP4qa9pdXFh2M4txF4NxymrgRABjTTJiXK4oeWtFBNKkUu0hf6RGb9OJmdzF0=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.foo4.org. IN A
SECTION ANSWER
www.foo4.org. 3600 IN CNAME bok.foo4.org.
www.foo4.org. 3600 IN RRSIG CNAME 8 3 3600 20070926134150 20070829134150 55567 foo4.org. ZRY/v7TPmkuKVNB739kTMiqPh84jtDO01hx2EtuPI2YwG4EnhWFV0fuz86FDMPKUD17MXRHKsi0+RUopqGUEbuZ7G9MzUFtuuTnVD8f9lNJVp2AfE2RAr1le8zZpdSvlmB1Y07HsrFPxxZAPYdBC2IY3VcpI0xaT1nHGsSpcoXc=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
bok.foo4.org. IN A
SECTION ANSWER
bok.foo4.org. 3600 IN A 1.2.3.4
bok.foo4.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo4.org. xDPRNYlwWTxfQaX6kKHbYeKC/ro/U1TAQzEexUoQb/GDpx1zB1oqvYBuauivIjHyKwjrGg7f9WHyyzMxSby0G62hJLPoMJMLscLce17mwkWcG2AuojBiDwLBr5QXvJXhvT21LpOFt8xplLZuzNRyw4EsUau0ecd2nQ/5vtIz5aU=
ENTRY_END
RANGE_END
; ns.foo5.org for foo5.org
RANGE_BEGIN 0 1000
ADDRESS 1.2.3.57
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo5.org. IN NS
SECTION ANSWER
foo5.org. 3600 IN NS ns.foo5.org.
foo5.org. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55567 foo5.org. Zv/zSvsLucTxX2LL+i4IZfFw/D/5HvzNKmRcohBjmP2W+F53KddGJpRHb2FPqcBzKhvjL/Awf0x1mhHUUBCSQcHA3FZQ9q2kfXK4pzg4XbI03U/hsY5b/1M8SC/DfGE+4jN59QadXZ6N4ouV4Ka9sqRfqXiQFED1Rz9WuMyHfXY=
SECTION ADDITIONAL
ns.foo5.org. 3600 IN A 1.2.3.57
ns.foo5.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. TcHl2qjwwcfoM1kJ+rwje/VRmPJT62RvJvjHwri5NqJopKp9tcaKz1dYByTlhbGbB0tGihWPa271ja3s31dHuOlZsuWd8hdMr7Hq/COpyn7iVOoeU8bLRtkvReLyiD3Ju9IMmzLMyWCGNNzpuZrEBfbBwTC4ali5iL4OgPjMdhc=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
foo5.org. IN DNSKEY
SECTION ANSWER
foo5.org. IN DNSKEY 257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b}
foo5.org. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 55567 foo5.org. wq5nET6vQal5aXvNr6lhUI5VzGJNM52k9RVdNsntiN25GehtBKF/+O2OhrD4YoLCIkMM4dzSSlO/nbbtx/8V8Y5LlA5Kxx3DU+QWpn4iwJg01VwXhJaw8KqK20bUS+PbkG+ZwAqVD1veAdtKR7lfYI35XZojZQ1ReSMWb/vLv4s=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
www.foo5.org. IN A
SECTION ANSWER
www.foo5.org. 3600 IN CNAME bok.foo5.org.
www.foo5.org. 3600 IN RRSIG CNAME 8 3 3600 20070926134150 20070829134150 55567 foo5.org. L/KOVafKFY401Y2k3J+QjkX0XcBTsMperFyhKfTmyQYY3lI5shvdJT0UGu6ogZ9cCWM+tLNyVr804+dfK6QL/wdYOx9hkK/fiePUhAU6lzepJBdg7wotw560Eu6J7UhhtopHKrWa5ElQFG1UFR/qjcx/m4Ms6BgCWh8yWy20N1E=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
alt.foo5.org. IN A
SECTION ANSWER
alt.foo5.org. 3600 IN A 4.0.5.6
alt.foo5.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. vG+qffAmazC38iBE2QsZq5kFxNW5Mo+65epMjAA/06syLzjOKkfh8dbe++jQqvwqCqrIBb56miVFDCW1VEYOdh8vReptt9KtbQjXXMfRF39V3ccvbhEfP1xMG8Z8B7tkIBtLvfCNrsfYaccvYgq+gkPeeL1JEiK3ntOukJUbapM=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
bok.foo5.org. IN A
SECTION ANSWER
bok.foo5.org. 3600 IN A 1.2.3.4
bok.foo5.org. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. rlBgWgq0R4yT+bK0CyuZfFJ36dCsZnpvc9/7tShcMAzDPDu4+hgbXuyMWcsnsZjX3ZfR0a4wRwOwH86ZNLLxdkXNO1/bSDq+IsLyXesoVBDmcNvtdq5PgupCNW5I/cBP4tK0DCytXDLRFtU7LOxdgPps4dFANhHU6Q6LboqW4t8=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
alt.foo5.org. IN DS
SECTION ANSWER
SECTION AUTHORITY
foo5.org. 3600 IN SOA ns.foo5.org. host.foo5.org. 2007090422 3600 300 604800 3600
foo5.org. 3600 IN RRSIG SOA 8 2 3600 20070926134150 20070829134150 55567 foo5.org. cHo00Jg0OI9sRaQV9t6WMybhkRwG6UFx6gEq87HOeOm2gPSbXFjIImyH6l1u8MPdXj8kYcGsUotWUEPuBTfA88bGb/lKfbu4aMD9GaqjB9oZF1iOCf7IdkXqHg/0iZNHOXbUNyNlCJgjkrVdZysJ1D1tAx7qmJgmzsJHerDuQzA=
alt.foo5.org. 3600 IN NSEC alt2.foo5.org. A RRSIG NSEC
alt.foo5.org. 3600 IN RRSIG NSEC 8 3 3600 20070926134150 20070829134150 55567 foo5.org. fgOxxCj+ZnRWyfVFlNCS/9UDg4n8+JaSmMjQzsqUoXk5Db9fMzOd3ScYqVxweXC/ER6Ly+XHz9RFVsAOA4I67eWGL6YJ5sA/MUJd3tB4Dk3xp0ycHH0ARvys9YedG9PLUvBY9B5qT/nhrw2N9yRtkq04z6DhjLh3uC0UJKsSiVc=
ENTRY_END
RANGE_END
; Test query
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
foo.org. IN TXT
ENTRY_END
; It is blocked
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
foo.org. IN TXT
SECTION ANSWER
ENTRY_END
; The foo2.org domain has no DS with NSEC. The queries for foo2.org DS and
; DNSKEY are blocked.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.foo2.org. IN TXT
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.foo2.org. IN TXT
SECTION ANSWER
www.foo2.org. IN TXT "a.b.e."
ENTRY_END
; The foo3.org domain has no DS with NSEC3. The queries for foo3.org DS and
; DNSKEY are blocked. Because it is nsec3, there is no negative cache entry,
; and a type DS query is made, that is then blocked.
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.foo3.org. IN TXT
ENTRY_END
STEP 31 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.foo3.org. IN TXT
SECTION ANSWER
www.foo3.org. IN TXT "a.b.f."
ENTRY_END
; This query would use a validation failure for foo3.org from the key cache,
; if it previously failed.
STEP 32 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.foo3.org. IN TXT
ENTRY_END
STEP 33 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www2.foo3.org. IN TXT
SECTION ANSWER
www2.foo3.org. IN TXT "a.b.g."
ENTRY_END
; This query has a CNAME to www.foo.org. It is signed, but foo.org is blocked,
; for DS and DNSKEY queries. There is a DS, but the DNSKEY query is blocked.
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
foo.com. IN TXT
ENTRY_END
STEP 41 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
foo.com. IN TXT
SECTION ANSWER
foo.com. IN CNAME www.foo.org.
www.foo.org. 3600 IN TXT "a.b.d."
ENTRY_END
; The foo4.com query has a CNAME to a validly signed domain www.foo4.org,
; that has a cname to bok.foo4.org. The bok.foo4.org name is RPZ filtered,
; with a new A record in the response, that is not signed, from RPZ.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
foo4.com. IN A
ENTRY_END
STEP 51 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
foo4.com. IN A
SECTION ANSWER
foo4.com. IN CNAME www.foo4.org.
www.foo4.org. IN CNAME bok.foo4.org.
bok.foo4.org IN A 4.0.5.5
ENTRY_END
; The foo5.com query has a CNAME to a signed domain www.foo5.org,
; the www.foo5.org is filtered by RPZ with a different CNAME to another,
; DNSSEC signed A record, alt.foo5.org, instead of bok.foo5.org.
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
foo5.com. IN A
ENTRY_END
STEP 61 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
foo5.com. IN A
SECTION ANSWER
foo5.com. IN CNAME www.foo5.org.
www.foo5.org. IN CNAME alt.foo5.org.
alt.foo5.org IN A 4.0.5.6
ENTRY_END
SCENARIO_END
-126
View File
@@ -1,126 +0,0 @@
; config options
server:
module-config: "validator iterator"
qname-minimisation: "no"
minimal-responses: no
serve-expired: yes
serve-expired-client-timeout: 0
access-control: 127.0.0.1/32 allow_snoop
ede: yes
ede-serve-expired: yes
stub-zone:
name: "example.com"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test serve-expired
; Scenario overview:
; - query for example.com. IN A
; - check that we get an answer for example.com. IN A with the correct TTL
; - query again (without the RD bit) right after the TTL expired
; - check that we get the expired cached answer (this should trigger prefetching)
; - query with RD bit and check that the cached record was updated
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 10 IN A 5.6.7.8
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; Query with RD flag
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we got the correct answer (should be cached)
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 10 IN A 5.6.7.8
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
; Wait for the TTL to expire
STEP 11 TIME_PASSES ELAPSE 3601
; Query again without RD bit
STEP 30 QUERY
ENTRY_BEGIN
REPLY DO
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we got a stale answer
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl ede=3
REPLY QR RA DO NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 30 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 30 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 30 IN A 1.2.3.4
ENTRY_END
; Query with RD bit (the record should have been prefetched)
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 10 IN A 5.6.7.8
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
SCENARIO_END
-154
View File
@@ -1,154 +0,0 @@
; config options
server:
module-config: "validator iterator"
qname-minimisation: "no"
minimal-responses: no
serve-expired: yes
serve-expired-client-timeout: 0
ede: yes
ede-serve-expired: yes
stub-zone:
name: "example.com"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL
; Scenario overview:
; - query for 0ttl.example.com. IN A
; - answer from upstream is NODATA; will be cached for the SOA negative TTL.
; - check that the client gets the NODATA; also cached
; - query again right after the TTL expired
; - this time the server answers with a 0 TTL RRset
; - check that we get the correct answer
; ns.example.com.
RANGE_BEGIN 0 20
ADDRESS 1.2.3.4
; response to A query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
0ttl.example.com. IN A
SECTION AUTHORITY
example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 30 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
0ttl.example.com. IN A
SECTION ANSWER
0ttl.example.com. 0 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; Query with RD flag
STEP 0 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we get the NODATA (will be cached)
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
0ttl.example.com. IN A
SECTION AUTHORITY
example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
ENTRY_END
; Query again
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we get the cached NODATA
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
0ttl.example.com. IN A
SECTION AUTHORITY
example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
ENTRY_END
; Wait for the NXDOMAIN to expire
STEP 31 TIME_PASSES ELAPSE 32
; Query again
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we get the cached NODATA
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
0ttl.example.com. IN A
SECTION AUTHORITY
example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
ENTRY_END
; Query again
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we got the correct answer
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
0ttl.example.com. IN A
SECTION ANSWER
0ttl.example.com. 0 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END
-154
View File
@@ -1,154 +0,0 @@
; config options
server:
module-config: "validator iterator"
qname-minimisation: "no"
minimal-responses: no
serve-expired: yes
serve-expired-client-timeout: 0
ede: yes
ede-serve-expired: yes
stub-zone:
name: "example.com"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL
; Scenario overview:
; - query for 0ttl.example.com. IN A
; - answer from upstream is NXDOMAIN; will be cached for the SOA negative TTL.
; - check that the client gets the NXDOMAIN; also cached
; - query again right after the TTL expired
; - this time the server answers with a 0 TTL RRset
; - check that we get the correct answer
; ns.example.com.
RANGE_BEGIN 0 20
ADDRESS 1.2.3.4
; response to A query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NXDOMAIN
SECTION QUESTION
0ttl.example.com. IN A
SECTION AUTHORITY
example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 30 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
0ttl.example.com. IN A
SECTION ANSWER
0ttl.example.com. 0 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; Query with RD flag
STEP 0 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we get the SERVFAIL (will be cached)
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NXDOMAIN
SECTION QUESTION
0ttl.example.com. IN A
SECTION AUTHORITY
example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
ENTRY_END
; Query again
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we get the cached NXDOMAIN
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NXDOMAIN
SECTION QUESTION
0ttl.example.com. IN A
SECTION AUTHORITY
example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
ENTRY_END
; Wait for the NXDOMAIN to expire
STEP 31 TIME_PASSES ELAPSE 32
; Query again
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we get the cached NXDOMAIN
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NXDOMAIN
SECTION QUESTION
0ttl.example.com. IN A
SECTION AUTHORITY
example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
ENTRY_END
; Query again
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we got the correct answer
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
0ttl.example.com. IN A
SECTION ANSWER
0ttl.example.com. 0 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END
-129
View File
@@ -1,129 +0,0 @@
; config options
server:
module-config: "validator iterator"
qname-minimisation: "no"
minimal-responses: no
serve-expired: yes
serve-expired-client-timeout: 0
ede: yes
ede-serve-expired: yes
stub-zone:
name: "example.com"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test serve-expired with SERVFAIL followed by 0 TTL
; Scenario overview:
; - query for 0ttl.example.com. IN A
; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
; - check that the client gets the SERVFAIL; also cached
; - query again right after the TTL expired
; - this time the server answers with a 0 TTL RRset
; - check that we get the correct answer
; ns.example.com.
RANGE_BEGIN 0 20
ADDRESS 1.2.3.4
; response to A query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA SERVFAIL
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 30 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
0ttl.example.com. IN A
SECTION ANSWER
0ttl.example.com. 0 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; Query with RD flag
STEP 0 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we get the SERVFAIL (will be cached)
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Query again
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we get the cached SERVFAIL
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Wait for the SERVFAIL to expire
STEP 31 TIME_PASSES ELAPSE 32
; Query again
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
0ttl.example.com. IN A
ENTRY_END
; Check that we got the correct answer
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
0ttl.example.com. IN A
SECTION ANSWER
0ttl.example.com. 0 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END
@@ -1,130 +0,0 @@
; config options
server:
module-config: "validator iterator"
qname-minimisation: "no"
minimal-responses: no
serve-expired: yes
serve-expired-client-timeout: 0
serve-expired-reply-ttl: 123
ede: yes
ede-serve-expired: yes
stub-zone:
name: "example.com"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply
; Scenario overview:
; - query for example.com. IN A
; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
; - check that the client gets the SERVFAIL; also cached
; - query again right after the TTL expired
; - cached SERVFAIL should be ignored and upstream queried
; - check that we get the correct answer
; ns.example.com.
RANGE_BEGIN 0 20
ADDRESS 1.2.3.4
; response to A query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 40 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 10 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; Query with RD flag
STEP 0 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we get the SERVFAIL (will be cached)
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
; Query again
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we get the cached SERVFAIL
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
; Wait for the SERVFAIL to expire
STEP 31 TIME_PASSES ELAPSE 6
; Query again
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we got the correct answer
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 10 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END
@@ -1,145 +0,0 @@
; config options
server:
module-config: "validator iterator"
qname-minimisation: "no"
minimal-responses: no
serve-expired: yes
serve-expired-client-timeout: 0
serve-expired-reply-ttl: 123
ede: yes
ede-serve-expired: yes
stub-zone:
name: "example.com"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test serve-expired without client-timeout and a SERVFAIL upstream reply
; Scenario overview:
; - query for example.com. IN A
; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
; - check that the client gets the SERVFAIL; also cached
; - query again right after the TTL expired
; - cached SERVFAIL should be ignored and upstream queried
; - answer from upstream is still SERVFAIL; the cached error response will be
; refreshed for another NORR_TTL(5)
; - check that the client gets the SERVFAIL
; - query again; the upstream now has the answer available
; - check that we get the refreshed cached response instead
; ns.example.com.
RANGE_BEGIN 0 50
ADDRESS 1.2.3.4
; response to A query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 60 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 10 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; Query with RD flag
STEP 0 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we get the SERVFAIL (will be cached)
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
; Query again
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we get the cached SERVFAIL
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
; Wait for the SERVFAIL to expire
STEP 31 TIME_PASSES ELAPSE 6
; Query again
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we get the SERVFAIL (will be refreshed)
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
; Query again, upstream has the real answer available
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we get the refreshed cached SERVFAIL
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
SCENARIO_END

Some files were not shown because too many files have changed in this diff Show More