clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Fix and add comments in testdata/val_negcache_ttl.rpl.

Browse Source
This commit is contained in:
Yorgos Thessalonikefs 2024-09-11 12:16:02 +02:00
parent 5767b0933f
commit 6bf2b2ac56
2 changed files with 44 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/Changelog
View File

@ -1,3 +1,6 @@
11 September 2024: Yorgos
- Fix and add comments in testdata/val_negcache_ttl.rpl.
10 September 2024: Wouter 10 September 2024: Wouter
- Fix to limit NSEC and NSEC3 TTL when aggressive nsec is - Fix to limit NSEC and NSEC3 TTL when aggressive nsec is
enabled (RFC9077). enabled (RFC9077).

53
testdata/val_negcache_ttl.rpl vendored
View File

@ -14,6 +14,14 @@ stub-zone:
CONFIG_END CONFIG_END
SCENARIO_BEGIN Test validator with negative cache TTL (aggressive NSEC) SCENARIO_BEGIN Test validator with negative cache TTL (aggressive NSEC)
; Scenario overview:
; - query for antelope.testzone.nlnetlabs.nl. IN TXT (NXDOMAIN)
; - answer from upstream is NXDOMAIN with NSEC records that cover ant.testzone.nlnetlabs.nl
; - the NSEC records should be cached for 900 seconds only (minimum of SOA)
; - check that ant.testzone.nlnetlabs.nl gets the synthesized NXDOMAIN from aggressive-nsec
; - let NSEC records expire
; - query for ant.testzone.nlnetlabs.nl. IN TXT which is now available on the nameserver
; - check that aggressive-nsec cannot synthesize NXDOMAIN (expired NSECs) and the query is resolved
; testzone.nlnetlabs.nl nameserver ; testzone.nlnetlabs.nl nameserver
RANGE_BEGIN 0 100 RANGE_BEGIN 0 100
@ -32,6 +40,7 @@ testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 201802131012
ENTRY_END ENTRY_END
; response for antelope.testzone.nlnetlabs.nl. ; response for antelope.testzone.nlnetlabs.nl.
; NSECs cover ant.testzone.nlnetlabs.nl as non-existent.
ENTRY_BEGIN ENTRY_BEGIN
MATCH opcode qtype qname MATCH opcode qtype qname
ADJUST copy_id ADJUST copy_id
@ -49,7 +58,7 @@ testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 14
SECTION ADDITIONAL SECTION ADDITIONAL
ENTRY_END ENTRY_END
; No answer for ant.testzone.nlnetlabs.nl ; No answer for ant.testzone.nlnetlabs.nl in this range
; response for peanut.testzone.nlnetlabs.nl. AAAA ; response for peanut.testzone.nlnetlabs.nl. AAAA
ENTRY_BEGIN ENTRY_BEGIN
@ -70,6 +79,7 @@ RANGE_END
; testzone.nlnetlabs.nl nameserver ; testzone.nlnetlabs.nl nameserver
RANGE_BEGIN 100 200 RANGE_BEGIN 100 200
ADDRESS 185.49.140.60 ADDRESS 185.49.140.60
; response for ant.testzone.nlnetlabs.nl
ENTRY_BEGIN ENTRY_BEGIN
REPLY QR AA NOERROR REPLY QR AA NOERROR
SECTION QUESTION SECTION QUESTION
@ -87,7 +97,7 @@ SECTION QUESTION
antelope.testzone.nlnetlabs.nl. IN TXT antelope.testzone.nlnetlabs.nl. IN TXT
ENTRY_END ENTRY_END
; recursion happens here. ; recursion happens here. Expect NXDOMAIN.
STEP 10 CHECK_ANSWER STEP 10 CHECK_ANSWER
ENTRY_BEGIN ENTRY_BEGIN
MATCH all ttl MATCH all ttl
@ -105,7 +115,32 @@ testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 14
SECTION ADDITIONAL SECTION ADDITIONAL
ENTRY_END ENTRY_END
; Time passes that should have removed the entry. ; query for ant.testzone.nlnetlabs.nl (non-existent)
STEP 11 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
ant.testzone.nlnetlabs.nl. IN TXT
ENTRY_END
; this is the synthesized NXDOMAIN from aggressive-nsec
STEP 12 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA AD DO NXDOMAIN
SECTION QUESTION
ant.testzone.nlnetlabs.nl. IN TXT
SECTION ANSWER
SECTION AUTHORITY
testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
ENTRY_END
; Time passes and NSECs should be expired.
STEP 20 TIME_PASSES ELAPSE 910 STEP 20 TIME_PASSES ELAPSE 910
; query something that gets the SOA record for the testzone in cache. ; query something that gets the SOA record for the testzone in cache.
@ -129,7 +164,7 @@ testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.
testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0= testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
ENTRY_END ENTRY_END
; query for ant.testzone.nlnetlabs.nl, which isn't on the testzone nameserver ; query for ant.testzone.nlnetlabs.nl. In this range it is on the nameserver.
STEP 110 QUERY STEP 110 QUERY
ENTRY_BEGIN ENTRY_BEGIN
REPLY RD DO REPLY RD DO
@ -137,6 +172,8 @@ SECTION QUESTION
ant.testzone.nlnetlabs.nl. IN TXT ant.testzone.nlnetlabs.nl. IN TXT
ENTRY_END ENTRY_END
; Expect an answer since the 3600 TTL NSECs from STEP 10 should have been
; limited to 900 and be expired by now.
STEP 120 CHECK_ANSWER STEP 120 CHECK_ANSWER
ENTRY_BEGIN ENTRY_BEGIN
MATCH all ttl MATCH all ttl
@ -146,14 +183,6 @@ ant.testzone.nlnetlabs.nl. IN TXT
SECTION ANSWER SECTION ANSWER
ant.testzone.nlnetlabs.nl. TXT "heap" ant.testzone.nlnetlabs.nl. TXT "heap"
ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais= ant.testzone.nlnetlabs.nl. 3600 IN RRSIG TXT 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Sn8dBGMSYGGKs7yGWO0CShxbm3ba5Y6ysHyE/HJyFnS8NmsKIx/KVdFPRQx/Jm7a3hektRXrjxetfhfJm0SzJ2UFeKlkE+VJ/Lj2oAETqN1oqqkNr+RDdbKLMzLApMRgrhStSAO1Yb8/8oUIflyrjNbuDbAHSMbkOE+Z49LIais=
SECTION AUTHORITY
; This response is not returned, with NXDOMAIN
;testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY
;testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. tcW20hZu5Ao+ikM+qjqAlRt3ujNxTKi6kZF3waWJGY7Ldyp9XyWzB1DeoQzaNJ6zflPYFO32RUhj7jWhEIUphG4+lEvm7VGJAdSteUZ2yOppN6eZvOk0Nc0nAGPFGBjLO6ul1Wh1X+jL61q7mWt3nY+IFBZHWmhsi2Qi7vM/W4E=
;alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC
;alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. Zfkp3kmN8heAuIF/apf6RHhZAoGyXnvZLALRYTKIH7E9XC2wtvG9dZla4WLSr3ndA4d0CFgnKOt8mSVSLyNn232D0ahx4DFAnOJitnt9odT2+2sYhJbwCx38tPKhAUWmIn2jGZGMVjbVbEVi7WyQBrJYQqyhE/lADEDSdQZBNyA=
;testzone.nlnetlabs.nl. 900 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600
;testzone.nlnetlabs.nl. 900 IN RRSIG SOA 8 3 900 20180313101254 20180213101254 1444 testzone.nlnetlabs.nl. abG0cByo/q5NaDNMz6FPvNvehHqUDhQRwLdvG72315hMGzCavLRWuAB5gieibMCrICH2WVHVj7fisjSuY0iPwf9xZlCGts3Z+xD9D72VRiTz7QXF+JjRWKl+3Uk6c29+pvIRKXC1Ht0r9uBXGmDTaHdV7cZCveoDwIVSngY+mQ0=
ENTRY_END ENTRY_END
SCENARIO_END SCENARIO_END