unbound/testdata/rrset_untrusted.rpl
Wouter Wijngaards e0745813f4 - Set defaults to yes for a number of options to increase speed and
resilience of the server.  The so-reuseport, harden-below-nxdomain,
  and minimal-responses options are enabled by default.  They used
  to be disabled by default, waiting to make sure they worked.  They
  are enabled by default now, and can be disabled explicitly by
  setting them to "no" in the unbound.conf config file.  The reuseport
  and minimal options increases speed of the server, and should be
  otherwise harmless.  The harden-below-nxdomain option works well
  together with the recently default enabled qname minimisation, this
  causes more fetches to use information from the cache.


git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-08-27 13:18:19 +00:00

122 lines
2.5 KiB
Plaintext

; This is a comment.
; config options go here.
server:
minimal-responses: no
forward-zone: name: "." forward-addr: 216.0.0.1
CONFIG_END
SCENARIO_BEGIN Untrusted rrset not used for update
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; the query is sent to the forwarder - no cache yet.
STEP 2 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 3 REPLY
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
; authoritative answer
REPLY QR AA RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 10.20.30.50
ENTRY_END
STEP 4 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 10.20.30.50
ENTRY_END
; another query passes along
STEP 6 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
bla.example.com. IN A
ENTRY_END
STEP 7 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode
SECTION QUESTION
bla.example.com. IN A
ENTRY_END
STEP 8 REPLY
; This answer has updated information on ns2.example.com.
; But it is nerfed into the additional. Must be ignored per rfc2181.
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
; authoritative answer
REPLY QR AA RD RA NOERROR
SECTION QUESTION
bla.example.com. IN A
SECTION ANSWER
bla.example.com. IN A 10.20.30.140
SECTION AUTHORITY
SECTION ADDITIONAL
example.com. IN NS ns.eeeek.com.
example.com. IN NS ns2.eeeek.com.
ns.eeeek.com. IN A 55.44.33.22
ns2.eeeek.com. IN A 55.44.33.24
ENTRY_END
STEP 9 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA
SECTION QUESTION
bla.example.com. IN A
SECTION ANSWER
bla.example.com. IN A 10.20.30.140
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
; original www.example.com query
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; immediate answer without an OUT_QUERY happening (checked on exit)
; also, the answer does not have AA set
; NS rrset has not been updated from the additional seen before.
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 10.20.30.50
ENTRY_END
SCENARIO_END