mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
e0745813f4
resilience of the server. The so-reuseport, harden-below-nxdomain, and minimal-responses options are enabled by default. They used to be disabled by default, waiting to make sure they worked. They are enabled by default now, and can be disabled explicitly by setting them to "no" in the unbound.conf config file. The reuseport and minimal options increases speed of the server, and should be otherwise harmless. The harden-below-nxdomain option works well together with the recently default enabled qname minimisation, this causes more fetches to use information from the cache. git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
309 lines
5.8 KiB
Plaintext
309 lines
5.8 KiB
Plaintext
; config options
|
|
server:
|
|
target-fetch-policy: "0 0 0 0 0"
|
|
qname-minimisation: "no"
|
|
module-config: "dns64 validator iterator"
|
|
dns64-prefix: 64:ff9b::0/96
|
|
minimal-responses: no
|
|
|
|
stub-zone:
|
|
name: "."
|
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
|
CONFIG_END
|
|
|
|
SCENARIO_BEGIN Test dns64 lookup and synthesis.
|
|
; normal A lookup should still succeed
|
|
; AAAA is synthesized if not present.
|
|
; AAAA if present, is passed through unchanged.
|
|
|
|
; K.ROOT-SERVERS.NET.
|
|
RANGE_BEGIN 0 200
|
|
ADDRESS 193.0.14.129
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
. IN NS
|
|
SECTION ANSWER
|
|
. IN NS K.ROOT-SERVERS.NET.
|
|
SECTION ADDITIONAL
|
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION AUTHORITY
|
|
com. IN NS a.gtld-servers.net.
|
|
SECTION ADDITIONAL
|
|
a.gtld-servers.net. IN A 192.5.6.30
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
7.6.5.in-addr.arpa. IN A
|
|
SECTION AUTHORITY
|
|
7.6.5.in-addr.arpa. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
RANGE_END
|
|
|
|
; a.gtld-servers.net.
|
|
RANGE_BEGIN 0 200
|
|
ADDRESS 192.5.6.30
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
com. IN NS
|
|
SECTION ANSWER
|
|
com. IN NS a.gtld-servers.net.
|
|
SECTION ADDITIONAL
|
|
a.gtld-servers.net. IN A 192.5.6.30
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; ns.example.com.
|
|
RANGE_BEGIN 0 200
|
|
ADDRESS 1.2.3.4
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN NS
|
|
SECTION ANSWER
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. IN A 10.20.30.40
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
ip4.example.com. IN AAAA
|
|
SECTION ANSWER
|
|
; NO AAAA present
|
|
SECTION AUTHORITY
|
|
example.com. IN SOA a. b. 1 2 3 4 5
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
ip4.example.com. IN A
|
|
SECTION ANSWER
|
|
ip4.example.com. IN A 5.6.7.8
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
broken.example.com. IN AAAA
|
|
SECTION ANSWER
|
|
; NO AAAA present
|
|
SECTION AUTHORITY
|
|
example.com. IN SOA a. b. 1 2 3 4 5
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
broken.example.com. IN A
|
|
SECTION ANSWER
|
|
broken.example.com. IN A 5.6.7.8
|
|
broken.example.com. IN A \# 3 030405
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
ip6.example.com. IN AAAA
|
|
SECTION ANSWER
|
|
ip6.example.com. IN AAAA 1:2:3::4
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
8.7.6.5.in-addr.arpa. IN PTR
|
|
SECTION ANSWER
|
|
8.7.6.5.in-addr.arpa. PTR ip4.example.com.
|
|
SECTION AUTHORITY
|
|
7.6.5.in-addr.arpa. IN NS ns.example.com.
|
|
ENTRY_END
|
|
|
|
RANGE_END
|
|
|
|
STEP 1 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; recursion happens here.
|
|
STEP 10 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. IN A 10.20.30.40
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
; synthesize from A record 5.6.7.8
|
|
STEP 20 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
ip4.example.com. IN AAAA
|
|
ENTRY_END
|
|
|
|
; recursion happens here.
|
|
STEP 30 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
ip4.example.com. IN AAAA
|
|
SECTION ANSWER
|
|
ip4.example.com. IN AAAA 64:ff9b::506:708
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
; this node has its own ipv6 address
|
|
STEP 40 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
ip6.example.com. IN AAAA
|
|
ENTRY_END
|
|
|
|
; recursion happens here.
|
|
STEP 50 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
ip6.example.com. IN AAAA
|
|
SECTION ANSWER
|
|
ip6.example.com. IN AAAA 1:2:3::4
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
; test ptr lookup
|
|
STEP 60 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR
|
|
ENTRY_END
|
|
|
|
; recursion happens here.
|
|
STEP 70 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR
|
|
SECTION ANSWER
|
|
8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR ip4.example.com.
|
|
SECTION AUTHORITY
|
|
7.6.5.in-addr.arpa. IN NS ns.example.com.
|
|
ENTRY_END
|
|
|
|
; synthesize from broken, malformed A records
|
|
STEP 80 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
broken.example.com. IN AAAA
|
|
ENTRY_END
|
|
|
|
; recursion happens here.
|
|
STEP 90 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
broken.example.com. IN AAAA
|
|
SECTION ANSWER
|
|
SECTION AUTHORITY
|
|
example.com. IN SOA a. b. 1 2 3 4 5
|
|
SECTION ADDITIONAL
|
|
ENTRY_END
|
|
|
|
SCENARIO_END
|