mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
168 lines
3.5 KiB
Plaintext
168 lines
3.5 KiB
Plaintext
|
; Check if an expired SERVFAIL answer stored in the global cache does not block
|
||
|
; ECS queries to reach the ECS cache.
|
||
|
|
||
|
server:
|
||
|
trust-anchor-signaling: no
|
||
|
target-fetch-policy: "0 0 0 0 0"
|
||
|
send-client-subnet: 1.2.3.4
|
||
|
max-client-subnet-ipv4: 21
|
||
|
module-config: "subnetcache iterator"
|
||
|
verbosity: 3
|
||
|
access-control: 127.0.0.1 allow_snoop
|
||
|
qname-minimisation: no
|
||
|
minimal-responses: no
|
||
|
serve-expired: yes
|
||
|
prefetch: yes
|
||
|
|
||
|
stub-zone:
|
||
|
name: "example.com."
|
||
|
stub-addr: 1.2.3.4
|
||
|
CONFIG_END
|
||
|
|
||
|
SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache
|
||
|
|
||
|
; ns.example.com.
|
||
|
RANGE_BEGIN 0 10
|
||
|
ADDRESS 1.2.3.4
|
||
|
ENTRY_BEGIN
|
||
|
MATCH opcode qtype qname
|
||
|
ADJUST copy_id
|
||
|
REPLY QR NOERROR
|
||
|
SECTION QUESTION
|
||
|
example.com. IN NS
|
||
|
SECTION ANSWER
|
||
|
example.com. IN NS ns.example.com.
|
||
|
SECTION ADDITIONAL
|
||
|
ns.example.com. IN A 1.2.3.4
|
||
|
ENTRY_END
|
||
|
|
||
|
; response to query of interest
|
||
|
ENTRY_BEGIN
|
||
|
MATCH opcode qtype qname
|
||
|
ADJUST copy_id
|
||
|
REPLY QR SERVFAIL
|
||
|
SECTION QUESTION
|
||
|
www.example.com. IN A
|
||
|
ENTRY_END
|
||
|
RANGE_END
|
||
|
|
||
|
; ns.example.com.
|
||
|
RANGE_BEGIN 11 100
|
||
|
ADDRESS 1.2.3.4
|
||
|
ENTRY_BEGIN
|
||
|
MATCH opcode qtype qname
|
||
|
ADJUST copy_id
|
||
|
REPLY QR NOERROR
|
||
|
SECTION QUESTION
|
||
|
example.com. IN NS
|
||
|
SECTION ANSWER
|
||
|
example.com. IN NS ns.example.com.
|
||
|
SECTION ADDITIONAL
|
||
|
ns.example.com. IN A 1.2.3.4
|
||
|
ENTRY_END
|
||
|
|
||
|
; response to query of interest
|
||
|
ENTRY_BEGIN
|
||
|
MATCH opcode qtype qname ednsdata
|
||
|
ADJUST copy_id copy_ednsdata_assume_clientsubnet
|
||
|
REPLY QR NOERROR
|
||
|
SECTION QUESTION
|
||
|
www.example.com. IN A
|
||
|
SECTION ANSWER
|
||
|
www.example.com. 10 IN A 10.20.30.40
|
||
|
SECTION AUTHORITY
|
||
|
example.com. IN NS ns.example.com.
|
||
|
SECTION ADDITIONAL
|
||
|
HEX_EDNSDATA_BEGIN
|
||
|
; client is 127.0.0.1
|
||
|
00 08 ; OPC
|
||
|
00 05 ; option length
|
||
|
00 01 ; Family
|
||
|
08 00 ; source mask, scopemask
|
||
|
7f ; address
|
||
|
HEX_EDNSDATA_END
|
||
|
ns.example.com. IN A 1.2.3.4
|
||
|
ENTRY_END
|
||
|
RANGE_END
|
||
|
|
||
|
STEP 1 QUERY
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD
|
||
|
SECTION QUESTION
|
||
|
www.example.com. IN A
|
||
|
ENTRY_END
|
||
|
|
||
|
; This answer should be in the global cache
|
||
|
STEP 2 CHECK_ANSWER
|
||
|
ENTRY_BEGIN
|
||
|
MATCH all
|
||
|
REPLY QR RD RA SERVFAIL
|
||
|
SECTION QUESTION
|
||
|
www.example.com. IN A
|
||
|
ENTRY_END
|
||
|
|
||
|
; Bring the cached SERVFAIL to prefetch time
|
||
|
STEP 10 TIME_PASSES ELAPSE 5
|
||
|
|
||
|
STEP 11 QUERY
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD DO
|
||
|
SECTION QUESTION
|
||
|
www.example.com. IN A
|
||
|
SECTION ADDITIONAL
|
||
|
HEX_EDNSDATA_BEGIN
|
||
|
00 08 00 05 ; OPC, optlen
|
||
|
00 01 08 00 ; ip4, source 8, scope 0
|
||
|
7f ; 127.0.0.0/8
|
||
|
HEX_EDNSDATA_END
|
||
|
ENTRY_END
|
||
|
|
||
|
; This answer was cached but a prefetch was triggerred
|
||
|
STEP 12 CHECK_ANSWER
|
||
|
ENTRY_BEGIN
|
||
|
MATCH opcode qtype qname
|
||
|
REPLY QR RD RA SERVFAIL
|
||
|
SECTION QUESTION
|
||
|
www.example.com. IN A
|
||
|
ENTRY_END
|
||
|
|
||
|
; Wait for the SERVFAIL to expire
|
||
|
STEP 13 TIME_PASSES ELAPSE 2
|
||
|
|
||
|
; Query again to verify that the record was prefetched and stored in the ECS
|
||
|
; cache (because the server replied with ECS this time)
|
||
|
STEP 14 QUERY
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD DO
|
||
|
SECTION QUESTION
|
||
|
www.example.com. IN A
|
||
|
SECTION ADDITIONAL
|
||
|
HEX_EDNSDATA_BEGIN
|
||
|
00 08 00 05 ; OPC, optlen
|
||
|
00 01 08 00 ; ip4, source 8, scope 0
|
||
|
7f ; 127.0.0.0/8
|
||
|
HEX_EDNSDATA_END
|
||
|
ENTRY_END
|
||
|
|
||
|
; This record came from the ECS cache
|
||
|
STEP 15 CHECK_ANSWER
|
||
|
ENTRY_BEGIN
|
||
|
MATCH all ttl
|
||
|
REPLY QR RD RA DO NOERROR
|
||
|
SECTION QUESTION
|
||
|
www.example.com. IN A
|
||
|
SECTION ANSWER
|
||
|
www.example.com. 8 IN A 10.20.30.40
|
||
|
SECTION AUTHORITY
|
||
|
example.com. 3598 IN NS ns.example.com.
|
||
|
SECTION ADDITIONAL
|
||
|
HEX_EDNSDATA_BEGIN
|
||
|
00 08 00 05 ; OPC, optlen
|
||
|
00 01 08 08 ; ip4, source 8, scope 0
|
||
|
7f ; 127.0.0.0/8
|
||
|
HEX_EDNSDATA_END
|
||
|
ns.example.com. 3598 IN A 1.2.3.4
|
||
|
ENTRY_END
|
||
|
|
||
|
SCENARIO_END
|