mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
e0745813f4
resilience of the server. The so-reuseport, harden-below-nxdomain, and minimal-responses options are enabled by default. They used to be disabled by default, waiting to make sure they worked. They are enabled by default now, and can be disabled explicitly by setting them to "no" in the unbound.conf config file. The reuseport and minimal options increases speed of the server, and should be otherwise harmless. The harden-below-nxdomain option works well together with the recently default enabled qname minimisation, this causes more fetches to use information from the cache. git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
204 lines
4.0 KiB
Plaintext
204 lines
4.0 KiB
Plaintext
; config options
|
|
server:
|
|
harden-referral-path: no
|
|
target-fetch-policy: "0 0 0 0 0"
|
|
qname-minimisation: "no"
|
|
minimal-responses: no
|
|
|
|
stub-zone:
|
|
name: "."
|
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
|
CONFIG_END
|
|
|
|
SCENARIO_BEGIN Test lame detection if AA bit is omitted
|
|
; the query is answered with a reply that has
|
|
; no AA bit
|
|
; no SOA record
|
|
; noanswer/noerror
|
|
; NS record in there which is not a down delegation (==).
|
|
; the query is not sent to a forward zone
|
|
|
|
STEP 10 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; root prime is sent
|
|
STEP 20 CHECK_OUT_QUERY
|
|
ENTRY_BEGIN
|
|
MATCH qname qtype opcode
|
|
SECTION QUESTION
|
|
. IN NS
|
|
ENTRY_END
|
|
STEP 30 REPLY
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
. IN NS
|
|
SECTION ANSWER
|
|
. IN NS K.ROOT-SERVERS.NET.
|
|
SECTION ADDITIONAL
|
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
|
ENTRY_END
|
|
|
|
; query sent to root server
|
|
STEP 40 CHECK_OUT_QUERY
|
|
ENTRY_BEGIN
|
|
MATCH qname qtype opcode
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
STEP 50 REPLY
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION AUTHORITY
|
|
com. IN NS a.gtld-servers.net.
|
|
SECTION ADDITIONAL
|
|
a.gtld-servers.net. IN A 192.5.6.30
|
|
ENTRY_END
|
|
|
|
; query sent to .com server
|
|
STEP 60 CHECK_OUT_QUERY
|
|
ENTRY_BEGIN
|
|
MATCH qname qtype opcode
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; answer the NS queries that have been generated
|
|
; STEP 62 CHECK_OUT_QUERY
|
|
; ENTRY_BEGIN
|
|
; MATCH qname qtype opcode
|
|
; SECTION QUESTION
|
|
; com. IN NS
|
|
; ENTRY_END
|
|
;
|
|
; STEP 63 REPLY
|
|
; ; ENTRY_BEGIN
|
|
; MATCH opcode qtype qname
|
|
; ADJUST copy_id
|
|
; REPLY QR AA NOERROR
|
|
; SECTION QUESTION
|
|
; com. IN NS
|
|
; SECTION ANSWER
|
|
; com. IN NS a.gtld-servers.net.
|
|
; SECTION ADDITIONAL
|
|
; a.gtld-servers.net. IN A 192.5.6.30
|
|
; ENTRY_END
|
|
|
|
STEP 70 REPLY
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns1.example.com.
|
|
example.com. IN NS ns2.example.com.
|
|
SECTION ADDITIONAL
|
|
ns1.example.com. IN A 168.192.2.2
|
|
ns2.example.com. IN A 168.192.3.3
|
|
ENTRY_END
|
|
|
|
; no matter which one the iterator tries first, we present it as 'lame'
|
|
; query to ns1.example.com or ns2.example.com.
|
|
STEP 80 CHECK_OUT_QUERY
|
|
ENTRY_BEGIN
|
|
MATCH qname qtype opcode
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; STEP 82 CHECK_OUT_QUERY
|
|
; ENTRY_BEGIN
|
|
; MATCH qname qtype opcode
|
|
; SECTION QUESTION
|
|
; example.com. IN NS
|
|
; ENTRY_END
|
|
;
|
|
; STEP 83 REPLY
|
|
; ENTRY_BEGIN
|
|
; MATCH opcode qtype qname
|
|
; ADJUST copy_id
|
|
; REPLY QR AA NOERROR
|
|
; SECTION QUESTION
|
|
; example.com. IN NS
|
|
; SECTION ANSWER
|
|
; example.com. IN NS ns1.example.com.
|
|
; example.com. IN NS ns2.example.com.
|
|
; SECTION ADDITIONAL
|
|
; ns1.example.com. IN A 168.192.2.2
|
|
; ns2.example.com. IN A 168.192.3.3
|
|
; ENTRY_END
|
|
;
|
|
STEP 90 REPLY
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION AUTHORITY
|
|
; This is the BROKEN ANSWER here.
|
|
; it is lame. A delegation to example.com. itself.
|
|
example.com. IN NS ns1.example.com.
|
|
example.com. IN NS ns2.example.com.
|
|
SECTION ADDITIONAL
|
|
ns1.example.com. IN A 168.192.2.2
|
|
ns2.example.com. IN A 168.192.3.3
|
|
ENTRY_END
|
|
|
|
; iterator should try again and ask the other nameserver.
|
|
STEP 100 CHECK_OUT_QUERY
|
|
ENTRY_BEGIN
|
|
MATCH qname qtype opcode
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
|
|
STEP 110 REPLY
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. IN A 10.20.30.40
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns1.example.com.
|
|
example.com. IN NS ns2.example.com.
|
|
SECTION ADDITIONAL
|
|
ns1.example.com. IN A 168.192.2.2
|
|
ns2.example.com. IN A 168.192.3.3
|
|
ENTRY_END
|
|
|
|
|
|
; is the final answer correct?
|
|
STEP 200 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. IN A 10.20.30.40
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns1.example.com.
|
|
example.com. IN NS ns2.example.com.
|
|
SECTION ADDITIONAL
|
|
ns1.example.com. IN A 168.192.2.2
|
|
ns2.example.com. IN A 168.192.3.3
|
|
ENTRY_END
|
|
|
|
SCENARIO_END
|