mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- Fix and add comments in testdata/val_negcache_ttl.rpl.
This commit is contained in:
parent
5767b0933f
commit
6bf2b2ac56
@ -1,3 +1,6 @@
|
|||||||
|
11 September 2024: Yorgos
|
||||||
|
- Fix and add comments in testdata/val_negcache_ttl.rpl.
|
||||||
|
|
||||||
10 September 2024: Wouter
|
10 September 2024: Wouter
|
||||||
- Fix to limit NSEC and NSEC3 TTL when aggressive nsec is
|
- Fix to limit NSEC and NSEC3 TTL when aggressive nsec is
|
||||||
enabled (RFC9077).
|
enabled (RFC9077).
|
||||||
|
53
testdata/val_negcache_ttl.rpl
vendored
53
testdata/val_negcache_ttl.rpl
vendored
@ -14,6 +14,14 @@ stub-zone:
|
|||||||
CONFIG_END
|
CONFIG_END
|
||||||
|
|
||||||
SCENARIO_BEGIN Test validator with negative cache TTL (aggressive NSEC)
|
SCENARIO_BEGIN Test validator with negative cache TTL (aggressive NSEC)
|
||||||
|
; Scenario overview:
|
||||||
|
; - query for antelope.testzone.nlnetlabs.nl. IN TXT (NXDOMAIN)
|
||||||
|
; - answer from upstream is NXDOMAIN with NSEC records that cover ant.testzone.nlnetlabs.nl
|
||||||
|
; - the NSEC records should be cached for 900 seconds only (minimum of SOA)
|
||||||
|
; - check that ant.testzone.nlnetlabs.nl gets the synthesized NXDOMAIN from aggressive-nsec
|
||||||
|
; - let NSEC records expire
|
||||||
|
; - query for ant.testzone.nlnetlabs.nl. IN TXT which is now available on the nameserver
|
||||||
|
; - check that aggressive-nsec cannot synthesize NXDOMAIN (expired NSECs) and the query is resolved
|
||||||
|
|
||||||
; testzone.nlnetlabs.nl nameserver
|
; testzone.nlnetlabs.nl nameserver
|
||||||
RANGE_BEGIN 0 100
|
RANGE_BEGIN 0 100
|
||||||
@ -32,6 +40,7 @@ testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 201802131012
|
|||||||
ENTRY_END
|
ENTRY_END
|
||||||
|
|
||||||
; response for antelope.testzone.nlnetlabs.nl.
|
; response for antelope.testzone.nlnetlabs.nl.
|
||||||
|
; NSECs cover ant.testzone.nlnetlabs.nl as non-existent.
|
||||||
ENTRY_BEGIN
|
ENTRY_BEGIN
|
||||||
MATCH opcode qtype qname
|
MATCH opcode qtype qname
|
||||||
ADJUST copy_id
|
ADJUST copy_id
|
||||||
@ -49,7 +58,7 @@ testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 14
|
|||||||
SECTION ADDITIONAL
|
SECTION ADDITIONAL
|
||||||
ENTRY_END
|
ENTRY_END
|
||||||
|
|
||||||
; No answer for ant.testzone.nlnetlabs.nl
|
; No answer for ant.testzone.nlnetlabs.nl in this range
|
||||||
|
|
||||||
; response for peanut.testzone.nlnetlabs.nl. AAAA
|
; response for peanut.testzone.nlnetlabs.nl. AAAA
|
||||||
ENTRY_BEGIN
|
ENTRY_BEGIN
|
||||||
@ -70,6 +79,7 @@ RANGE_END
|
|||||||
; testzone.nlnetlabs.nl nameserver
|
; testzone.nlnetlabs.nl nameserver
|
||||||
RANGE_BEGIN 100 200
|
RANGE_BEGIN 100 200
|
||||||
ADDRESS 185.49.140.60
|
ADDRESS 185.49.140.60
|
||||||
|
; response for ant.testzone.nlnetlabs.nl
|
||||||
ENTRY_BEGIN
|
ENTRY_BEGIN
|
||||||
REPLY QR AA NOERROR
|
REPLY QR AA NOERROR
|
||||||
SECTION QUESTION
|
SECTION QUESTION
|
||||||
@ -87,7 +97,7 @@ SECTION QUESTION
|
|||||||
antelope.testzone.nlnetlabs.nl. IN TXT
|
antelope.testzone.nlnetlabs.nl. IN TXT
|
||||||
ENTRY_END
|
ENTRY_END
|
||||||
|
|
||||||
; recursion happens here.
|
; recursion happens here. Expect NXDOMAIN.
|
||||||
STEP 10 CHECK_ANSWER
|
STEP 10 CHECK_ANSWER
|
||||||
ENTRY_BEGIN
|
ENTRY_BEGIN
|
||||||
MATCH all ttl
|
MATCH all ttl
|
||||||
@ -105,7 +115,32 @@ testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 14
|
|||||||
SECTION ADDITIONAL
|
SECTION ADDITIONAL
|
||||||
ENTRY_END
|
ENTRY_END
|
||||||
|
|
||||||
; Time passes that should have removed the entry.
|
; query for ant.testzone.nlnetlabs.nl (non-existent)
|
||||||
|
STEP 11 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD DO
|
||||||
|
SECTION QUESTION
|
||||||
|
ant.testzone.nlnetlabs.nl. IN TXT
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; this is the synthesized NXDOMAIN from aggressive-nsec
|
||||||
|
STEP 12 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RD RA AD DO NXDOMAIN
|
||||||
|
SECTION QUESTION
|
||||||
|
ant.testzone.nlnetlabs.nl. IN TXT
|
||||||
|
SECTION ANSWER
|
||||||
|
SECTION AUTHORITY
|
||||||
|
testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
|
||||||
|
testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
|
||||||
|
alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
|
||||||
|
alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
|
||||||
|
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
||||||
|
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Time passes and NSECs should be expired.
|
||||||
STEP 20 TIME_PASSES ELAPSE 910
|
STEP 20 TIME_PASSES ELAPSE 910
|
||||||
|
|
||||||
; query something that gets the SOA record for the testzone in cache.
|
; query something that gets the SOA record for the testzone in cache.
|
||||||
@ -129,7 +164,7 @@ testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.
|
|||||||
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
||||||
ENTRY_END
|
ENTRY_END
|
||||||
|
|
||||||
; query for ant.testzone.nlnetlabs.nl, which isn't on the testzone nameserver
|
; query for ant.testzone.nlnetlabs.nl. In this range it is on the nameserver.
|
||||||
STEP 110 QUERY
|
STEP 110 QUERY
|
||||||
ENTRY_BEGIN
|
ENTRY_BEGIN
|
||||||
REPLY RD DO
|
REPLY RD DO
|
||||||
@ -137,6 +172,8 @@ SECTION QUESTION
|
|||||||
ant.testzone.nlnetlabs.nl. IN TXT
|
ant.testzone.nlnetlabs.nl. IN TXT
|
||||||
ENTRY_END
|
ENTRY_END
|
||||||
|
|
||||||
|
; Expect an answer since the 3600 TTL NSECs from STEP 10 should have been
|
||||||
|
; limited to 900 and be expired by now.
|
||||||
STEP 120 CHECK_ANSWER
|
STEP 120 CHECK_ANSWER
|
||||||
ENTRY_BEGIN
|
ENTRY_BEGIN
|
||||||
MATCH all ttl
|
MATCH all ttl
|
||||||
@ -146,14 +183,6 @@ ant.testzone.nlnetlabs.nl. IN TXT
|
|||||||
SECTION ANSWER
|
SECTION ANSWER
|
||||||
ant.testzone.nlnetlabs.nl. TXT "heap"
|
ant.testzone.nlnetlabs.nl. TXT "heap"
|
||||||
ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais=
|
ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais=
|
||||||
SECTION AUTHORITY
|
|
||||||
; This response is not returned, with NXDOMAIN
|
|
||||||
;testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
|
|
||||||
;testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
|
|
||||||
;alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
|
|
||||||
;alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
|
|
||||||
;testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
|
|
||||||
;testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
|
|
||||||
ENTRY_END
|
ENTRY_END
|
||||||
|
|
||||||
SCENARIO_END
|
SCENARIO_END
|
||||||
|
Loading…
Reference in New Issue
Block a user