clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Use the origin (DNAME) TTL for syntesized CNAMEs as per RFC 6672.

Browse Source
This commit is contained in:
Yorgos Thessalonikefs 2023-12-06 23:40:01 +01:00
parent 6c76b4e2f8
commit 8517f49745
12 changed files with 72 additions and 728 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
iterator/iter_scrub.c
View File

@ -283,7 +283,8 @@ synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias,
sizeof(uint32_t)+sizeof(uint16_t)+aliaslen);
if(!cn->rr_first->ttl_data)
return NULL;
sldns_write_uint32(cn->rr_first->ttl_data, 0); /* TTL = 0 */
memmove(cn->rr_first->ttl_data, rrset->rr_first->ttl_data,
sizeof(uint32_t)); /* RFC6672: synth CNAME TTL == DNAME TTL */
sldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen);
memmove(cn->rr_first->ttl_data+6, alias, aliaslen);
cn->rr_first->size = sizeof(uint16_t)+aliaslen;

2
services/authzone.c
View File

@ -2702,7 +2702,7 @@ create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region,
if(!d)
return 0; /* out of memory */
(*cname)->entry.data = d;
d->ttl = 0; /* 0 for synthesized CNAME TTL */
d->ttl = dname->data->ttl; /* RFC6672: synth CNAME TTL == DNAME TTL */
d->count = 1;
d->rrsig_count = 0;
d->trust = rrset_trust_ans_noAA;

2
services/cache/dns.c vendored
View File

@ -796,7 +796,7 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region,
if(!newd)
return NULL;
ck->entry.data = newd;
newd->ttl = 0; /* 0 for synthesized CNAME TTL */
newd->ttl = d->ttl; /* RFC6672: synth CNAME TTL == DNAME TTL */
newd->count = 1;
newd->rrsig_count = 0;
newd->trust = rrset_trust_ans_noAA;

6
services/localzone.c
View File

@ -1532,7 +1532,7 @@ local_data_answer(struct local_zone* z, struct module_env* env,
return 0; /* invalid cname */
if(dname_is_wild(ctarget)) {
/* synthesize cname target */
struct packed_rrset_data* d;
struct packed_rrset_data* d, *lr_d;
/* -3 for wildcard label and root label from qname */
size_t newtargetlen = qinfo->qname_len + ctargetlen - 3;
@ -1560,8 +1560,10 @@ local_data_answer(struct local_zone* z, struct module_env* env,
+ newtargetlen);
if(!d)
return 0; /* out of memory */
lr_d = (struct packed_rrset_data*)lr->rrset->entry.data;
qinfo->local_alias->rrset->entry.data = d;
d->ttl = 0; /* 0 for synthesized CNAME TTL */
d->ttl = lr_d->rr_ttl[0]; /* RFC6672-like behavior:
synth CNAME TTL uses original TTL*/
d->count = 1;
d->rrsig_count = 0;
d->trust = rrset_trust_ans_noAA;

16
testcode/unitauth.c
View File

@ -279,14 +279,14 @@ static struct q_ans example_com_queries[] = {
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir.example.com. 3600 IN DNAME redir.example.org.\n"
"abc.redir.example.com. 0 IN CNAME abc.redir.example.org.\n"
"abc.redir.example.com. 3600 IN CNAME abc.redir.example.org.\n"
},
{ "example.com", "foo.abc.redir.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir.example.com. 3600 IN DNAME redir.example.org.\n"
"foo.abc.redir.example.com. 0 IN CNAME foo.abc.redir.example.org.\n"
"foo.abc.redir.example.com. 3600 IN CNAME foo.abc.redir.example.org.\n"
},
{ "example.com", "redir2.example.com. DNAME", "",
@ -299,42 +299,42 @@ static struct q_ans example_com_queries[] = {
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"abc.redir2.example.com. 0 IN CNAME abc.redir2.example.org.\n"
"abc.redir2.example.com. 3600 IN CNAME abc.redir2.example.org.\n"
},
{ "example.com", "obscured.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"obscured.redir2.example.com. 0 IN CNAME obscured.redir2.example.org.\n"
"obscured.redir2.example.com. 3600 IN CNAME obscured.redir2.example.org.\n"
},
{ "example.com", "under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"under2.redir2.example.com. 0 IN CNAME under2.redir2.example.org.\n"
"under2.redir2.example.com. 3600 IN CNAME under2.redir2.example.org.\n"
},
{ "example.com", "doubleobscured.under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"doubleobscured.under2.redir2.example.com. 0 IN CNAME doubleobscured.under2.redir2.example.org.\n"
"doubleobscured.under2.redir2.example.com. 3600 IN CNAME doubleobscured.under2.redir2.example.org.\n"
},
{ "example.com", "foo.doubleobscured.under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"foo.doubleobscured.under2.redir2.example.com. 0 IN CNAME foo.doubleobscured.under2.redir2.example.org.\n"
"foo.doubleobscured.under2.redir2.example.com. 3600 IN CNAME foo.doubleobscured.under2.redir2.example.org.\n"
},
{ "example.com", "foo.under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"foo.under2.redir2.example.com. 0 IN CNAME foo.under2.redir2.example.org.\n"
"foo.under2.redir2.example.com. 3600 IN CNAME foo.under2.redir2.example.org.\n"
},
{ "example.com", "sub.example.com. NS", "",

20
testdata/iter_dname_insec.rpl vendored
View File

@ -397,7 +397,7 @@ ENTRY_END
STEP 220302 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a.example.com. IN A
@ -420,7 +420,7 @@ ENTRY_END
STEP 220402 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a.b.example.com. IN A
@ -523,7 +523,7 @@ ENTRY_END
STEP 220702 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a.x.example.com. IN A
@ -607,7 +607,7 @@ ENTRY_END
STEP 220802 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a2.example.com. IN A
@ -691,14 +691,14 @@ ENTRY_END
; CNAME chains should be followed and CNAME loops signalled as an error
STEP 220902 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
REPLY NOERROR
SECTION QUESTION
cyc.example.com. IN A
SECTION ANSWER
example.com. 0 IN DNAME example.com.
cyc.example.com. 0 IN CNAME cyc.example.com.
example.com. 3600 IN DNAME example.com.
cyc.example.com. 3600 IN CNAME cyc.example.com.
ENTRY_END
; ns1.example.com.
@ -857,7 +857,7 @@ ENTRY_END
STEP 221102 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
shortloop.x.x. IN TXT
@ -885,7 +885,7 @@ ENTRY_END
STEP 221202 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
shortloop.x. IN TXT
@ -999,7 +999,7 @@ ENTRY_END
; query returning maximal permissible length - should work
STEP 229002 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
x.long. IN A

699
testdata/iter_dname_yx.rpl vendored
View File

@ -2,6 +2,8 @@
server:
harden-referral-path: no
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
minimal-responses: no
stub-zone:
name: "."
@ -321,680 +323,6 @@ ENTRY_END
RANGE_END
; end of a.gtld-servers.net.
; RFC 6672 section 2.2. The DNAME Substitution table tests
;# QNAME owner DNAME target result
;-- ---------------- -------------- -------------- -----------------
;1 com. example.com. example.net. <no match>
;2 example.com. example.com. example.net. [0]
;3 a.example.com. example.com. example.net. a.example.net.
;4 a.b.example.com. example.com. example.net. a.b.example.net.
;5 ab.example.com. b.example.com. example.net. <no match>
;6 foo.example.com. example.com. example.net. foo.example.net.
;7 a.x.example.com. x.example.com. example.net. a.example.net.
;8 a.example.com. example.com. y.example.net. a.y.example.net.
;9 cyc.example.com. example.com. example.com. cyc.example.com.
;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com.
;11 shortloop.x.x. x. . shortloop.x.
;12 shortloop.x. x. . shortloop.
;
; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then
; the result is "example.com.", else "<no match>".
;
; Table 1. DNAME Substitution Examples
; ; line no. 1 is mostly for authoritative server
; ; line no. 2 QTYPE != DNAME
; STEP 220201 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; example.com. IN NS
; ENTRY_END
;
; STEP 220202 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode answer
; REPLY QR RD RA DO
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; ENTRY_END
;
; ; line no. 2 QTYPE == DNAME
; STEP 220203 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; example.com. IN DNAME
; ENTRY_END
;
; STEP 220204 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; REPLY QR RD RA DO
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; example.com. IN DNAME example.net.
; ENTRY_END
;
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;3 a.example.com. example.com. example.net. a.example.net.
;
; STEP 220301 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; a.example.com. IN A
; ENTRY_END
;
; STEP 220302 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; a.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME example.net.
; a.example.com. IN CNAME a.example.net.
; a.example.net. IN A 10.0.0.97
; ENTRY_END
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;4 a.b.example.com. example.com. example.net. a.b.example.net.
;
; STEP 220401 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; a.b.example.com. IN A
; ENTRY_END
;
; STEP 220402 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; a.b.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME example.net.
; a.b.example.com. IN CNAME a.b.example.net.
; a.b.example.net. IN A 10.0.97.98
; ENTRY_END
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;5 ab.example.com. b.example.com. example.net. <no match>
; ;6 foo.example.com. example.com. example.net. foo.example.net.
;
; ; line no. 5 is mostly for authoritative server
; ; line no. 6 is basically the same as line no. 3
;
; ; ns1.example.com.
; RANGE_BEGIN 220000 220699
; ADDRESS 168.192.2.2
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN A
; SECTION ANSWER
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 2 DNAME
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; example.com. IN DNAME example.net.
; ENTRY_END
;
; ; line 3
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME example.net.
; a.example.com. IN CNAME a.example.net.
; ENTRY_END
;
; ; line 4
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a.b.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME example.net.
; a.b.example.com. IN CNAME a.b.example.net.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.com.
;
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;7 a.x.example.com. x.example.com. example.net. a.example.net.
;
; STEP 220701 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; a.x.example.com. IN A
; ENTRY_END
;
; STEP 220702 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; a.x.example.com. IN A
; SECTION ANSWER
; x.example.com. IN DNAME example.net.
; a.x.example.com. IN CNAME a.example.net.
; a.example.net. IN A 10.0.0.97
; ENTRY_END
;
; ; ns1.example.com.
; RANGE_BEGIN 220700 220799
; ADDRESS 168.192.2.2
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN A
; SECTION ANSWER
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 7 DNAME
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; x.example.com. IN DNAME example.net.
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a.x.example.com. IN A
; SECTION ANSWER
; x.example.com. IN DNAME example.net.
; a.x.example.com. IN CNAME a.example.net.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.com.
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;8 a.example.com. example.com. y.example.net. a.y.example.net.
; ;
; ; a.example.com. was renamed to a2.example.com. to avoid cache clashes
; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4)
;
; STEP 220801 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; a2.example.com. IN A
; ENTRY_END
;
; STEP 220802 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; a2.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME y.example.net.
; a2.example.com. IN CNAME a2.y.example.net.
; a2.y.example.net. IN A 10.97.50.121
; ENTRY_END
;
; ; ns1.example.com.
; RANGE_BEGIN 220800 220899
; ADDRESS 168.192.2.2
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN A
; SECTION ANSWER
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 8 DNAME
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; example.com. IN DNAME y.example.net.
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a2.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME y.example.net.
; a2.example.com. IN CNAME a2.y.example.net.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.com.
;
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;9 cyc.example.com. example.com. example.com. cyc.example.com.
;
; STEP 220901 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; cyc.example.com. IN A
; ENTRY_END
;
; ; Expected result is defined by RFC 1034 section 3.6.2:
; ; CNAME chains should be followed and CNAME loops signalled as an error
; STEP 220902 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; REPLY SERVFAIL
; SECTION QUESTION
; cyc.example.com. IN A
; ENTRY_END
;
; ; ns1.example.com.
; RANGE_BEGIN 220900 220999
; ADDRESS 168.192.2.2
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN A
; SECTION ANSWER
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 9 DNAME
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; example.com. IN DNAME example.com.
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; cyc.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME example.com.
; cyc.example.com. IN CNAME cyc.example.com.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.com.
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com.
; ;
; ; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes
; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4)
; ;
; ; target c.example.com. was renamed to cyc2.example.net.
; ; to limit number of pre-canned answers required for the test
;
; STEP 221001 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; cyc2.example.com. IN A
; ENTRY_END
;
; ; Expected result is defined by RFC 1034 section 3.6.2:
; ; CNAME chains should be followed and CNAME loops signalled as an error
; STEP 221002 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; REPLY SERVFAIL
; SECTION QUESTION
; cyc2.example.com. IN A
; ENTRY_END
;
; ; ns1.example.com.
; RANGE_BEGIN 221000 221099
; ADDRESS 168.192.2.2
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN A
; SECTION ANSWER
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 10 DNAME
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; example.com. IN DNAME cyc2.example.net.
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; cyc2.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME cyc2.example.net.
; cyc2.example.com. IN CNAME cyc2.cyc2.example.net.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.com.
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;11 shortloop.x.x. x. . shortloop.x.
;
; STEP 221101 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; shortloop.x.x. TXT
; ENTRY_END
;
; STEP 221102 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; shortloop.x.x. IN TXT
; SECTION ANSWER
; x. IN DNAME .
; ; unbound hack
; x. IN DNAME .
; shortloop.x.x. IN CNAME shortloop.x.
; shortloop.x. IN CNAME shortloop.
; shortloop. IN TXT "shortloop end"
; ENTRY_END
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;12 shortloop.x. x. . shortloop.
;
; ; expire potentically cached CNAMEs for shortloop.x. from cache
; STEP 221200 TIME_PASSES ELAPSE 10000
;
; STEP 221201 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; shortloop.x. TXT
; ENTRY_END
;
; STEP 221202 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; shortloop.x. IN TXT
; SECTION ANSWER
; x. IN DNAME .
; shortloop.x. IN CNAME shortloop.
; shortloop. IN TXT "shortloop end"
; ENTRY_END
;
;
; ; ns1.example.net. (data shared by whole 22xxxx range)
; RANGE_BEGIN 220000 229999
; ADDRESS 168.192.3.3
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.net. IN NS
; SECTION ANSWER
; example.net. IN NS ns1.example.net.
; SECTION ADDITIONAL
; example.net. IN A 168.192.3.3
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.net. IN A
; SECTION ANSWER
; ns1.example.net. IN A 168.192.3.3
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.net. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 3
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a.example.net. IN A
; SECTION ANSWER
; a.example.net. IN A 10.0.0.97
; ENTRY_END
;
; ; line 4
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a.b.example.net. IN A
; SECTION ANSWER
; a.b.example.net. IN A 10.0.97.98
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a2.y.example.net. IN A
; SECTION ANSWER
; a2.y.example.net. IN A 10.97.50.121
; ENTRY_END
;
; ; line 10
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; cyc2.example.net. IN DNAME
; SECTION ANSWER
; cyc2.example.net. IN DNAME example.com.
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; cyc2.cyc2.example.net. IN A
; SECTION ANSWER
; cyc2.example.net. IN DNAME example.com.
; cyc2.cyc2.example.com. IN CNAME cyc2.example.com.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.net.
;
;
; ; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution
; ; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long.
; STEP 229001 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; x.long. IN A
; ENTRY_END
;
; ; query returning maximal permissible length - should work
; STEP 229002 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; x.long. IN A
; SECTION ANSWER
; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
; x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
; x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1
; ENTRY_END
; result of substitution has too long name
; YXDOMAIN should be propagated to the client
; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html
@ -1015,27 +343,4 @@ SECTION ANSWER
long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
ENTRY_END
; ; YXDOMAIN should work even if the cache is empty
; STEP 229005 TIME_PASSES ELAPSE 4000
;
; STEP 229006 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; too.long. IN A
; ENTRY_END
;
; STEP 229007 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; REPLY QR YXDOMAIN
; SECTION QUESTION
; x.long. IN A
; SECTION ANSWER
; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
; ENTRY_END
SCENARIO_END

4
testdata/iter_scrub_dname_insec.rpl vendored
View File

@ -166,7 +166,7 @@ ENTRY_END
; answer to first query (simply puts DNAME in cache)
STEP 120 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA
SECTION QUESTION
x.y.example.com. IN A
@ -235,7 +235,7 @@ ENTRY_END
STEP 250 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA
SECTION QUESTION
other.y.example.com. IN A

36
testdata/local_cname.rpl vendored
View File

@ -52,6 +52,10 @@ server:
local-zone: example.net redirect
local-data: "example.net. IN CNAME cname.example.org."
# Test setup for synthesized CNAMEs
local-zone: synth.cname redirect
local-data: "synth.cname. IN CNAME *.from.resolution."
### template zone and tag intended to be used for tests with CNAME and
### other data.
##local-zone: ambiguous.example.com redirect
@ -133,6 +137,18 @@ SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.synth.cname.from.resolution. IN A
SECTION ANSWER
www.synth.cname.from.resolution. IN A 192.0.2.3
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
@ -396,6 +412,26 @@ SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
; Check CNAME synthesis
STEP 201 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.synth.cname. IN A
ENTRY_END
STEP 202 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.synth.cname. IN A
SECTION ANSWER
www.synth.cname. IN CNAME www.synth.cname.from.resolution.
www.synth.cname.from.resolution. IN A 192.0.2.3
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
; Relatively minor cases follow

4
testdata/val_cnametodnametocnametopos.rpl vendored
View File

@ -400,7 +400,7 @@ ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
@ -409,7 +409,7 @@ www.example.com. 3600 IN CNAME www.sub.example.net.
www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFEv1gOb7KEskzkJNtFKKVBxY+Hb2AhUAqKJDIZJvNl+AdzqAt+JgdvnYAF0= ;{id = 2854}
sub.example.net. 3600 IN DNAME sub.example.com.
sub.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. G/UmcL1VmCF2mjB1O9IeNM2DnvayxEy6vOrvA+Ic/Gqcsgnq/f4VTCV9soQQIAWEir2v5Vt8hqPDP8rCRbMnyA== ;{id = 30899}
www.sub.example.net. 0 IN CNAME www.sub.example.com.
www.sub.example.net. 3600 IN CNAME www.sub.example.com.
www.sub.example.com. 3600 IN CNAME www.example.org.
www.sub.example.com. 3600 IN RRSIG CNAME 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. ZE6A4pkyeUpNCscu2oeBv/3JbbirdwUaAMgmQ/ighzacUJCC6Lh8vAL5aYDEyTk7oktb8uS7gmYan171aM9/tg== ;{id = 30899}
www.example.org. 3600 IN A 11.11.11.11

4
testdata/val_dnametopos.rpl vendored
View File

@ -220,14 +220,14 @@ ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
example.com. 3600 IN DNAME example.net.
example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
www.example.com. 0 IN CNAME www.example.net.
www.example.com. 3600 IN CNAME www.example.net.
www.example.net. 3600 IN A 11.12.13.14
www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
SECTION AUTHORITY

4
testdata/val_dnametoposwc.rpl vendored
View File

@ -222,14 +222,14 @@ ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
example.com. 3600 IN DNAME example.net.
example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
www.example.com. 0 IN CNAME www.example.net.
www.example.com. 3600 IN CNAME www.example.net.
www.example.net. 3600 IN A 11.12.13.14
www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
SECTION AUTHORITY