clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 14:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
features/error-reporting-poc
unbound/testdata/dns_error_reporting.rpl
Yorgos Thessalonikefs e9a4f313c1 Use DNS Error Reporting instead of the eder nickname
2024-07-21 04:49:49 +02:00

177 lines
3.6 KiB
Plaintext
Raw Permalink Blame History

; Test DNS Error Reporting.
server:
module-config: "validator iterator"
trust-anchor-signaling: no
target-fetch-policy: "0 0 0 0 0"
verbosity: 4
qname-minimisation: no
minimal-responses: no
rrset-roundrobin: no
trust-anchor: "a.domain DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1"
ede: no # It is not needed for dns-error-reporting; only for clients to receive EDEs
dns-error-reporting: yes
stub-zone:
name: a.domain
stub-addr: 0.0.0.1
stub-zone:
name: an.agent
stub-addr: 0.0.0.2
CONFIG_END
SCENARIO_BEGIN Test DNS Error Reporting
; a.domain
RANGE_BEGIN 0 9
ADDRESS 0.0.0.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.domain. IN DNSKEY
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.domain. IN A
SECTION ANSWER
a.domain. 5 IN A 0.0.0.0
; No RRSIG to trigger validation error (and EDE)
SECTION ADDITIONAL
; No Report-Channel here
ENTRY_END
RANGE_END
; a.domain
RANGE_BEGIN 10 100
ADDRESS 0.0.0.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.domain. IN DNSKEY
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.domain. IN A
SECTION ANSWER
a.domain. 5 IN A 0.0.0.0
; No RRSIG to trigger validator error and EDE
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 12 ; opt-code (Report-Channel)
00 0A ; opt-len
02 61 6E 05 61 67 65 6E 74 00 ; an.agent.
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
; an.agent
RANGE_BEGIN 10 20
ADDRESS 0.0.0.2
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
_er.1.a.domain.9._er.an.agent. IN TXT
SECTION ANSWER
_er.1.a.domain.9._er.an.agent. IN TXT "OK"
ENTRY_END
RANGE_END
; Query
STEP 0 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.domain. IN A
ENTRY_END
; Check that validation failed (no DNS error reporting at this state)
STEP 1 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
a.domain. IN A
ENTRY_END
; Wait for the a.domain query to expire (TTL 5)
STEP 3 TIME_PASSES ELAPSE 6
; Query again
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.domain. IN A
ENTRY_END
; Check that validation failed
; (a DNS Error Report query should have been generated)
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
a.domain. IN A
ENTRY_END
; Check explicitly that the DNS Error Report query is cached.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
_er.1.a.domain.9._er.an.agent. IN TXT
ENTRY_END
; At this range there are no configured agents to answer this.
; If the DNS Error Report query is not answered from the cache the test will
; fail with pending messages.
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY RD QR RA NOERROR
SECTION QUESTION
_er.1.a.domain.9._er.an.agent. IN TXT
SECTION ANSWER
_er.1.a.domain.9._er.an.agent. IN TXT "OK"
ENTRY_END
; Wait for the a.domain query to expire (5 TTL).
; The DNS Error Report query should still be cached (SOA negative).
STEP 30 TIME_PASSES ELAPSE 6
; Force a DNS Error Report query generation again.
STEP 31 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.domain. IN A
ENTRY_END
; Check that validation failed
STEP 32 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
a.domain. IN A
ENTRY_END
; The same DNS Error Report query will be generated as above.
; No agent is configured at this range to answer the DNS Error Report query.
; If the DNS Error Report query is not used from the cache the test will fail
; with pending messages.
SCENARIO_END
Reference in New Issue View Git Blame Copy Permalink