mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 22:57:08 +00:00
e0745813f4
resilience of the server. The so-reuseport, harden-below-nxdomain, and minimal-responses options are enabled by default. They used to be disabled by default, waiting to make sure they worked. They are enabled by default now, and can be disabled explicitly by setting them to "no" in the unbound.conf config file. The reuseport and minimal options increases speed of the server, and should be otherwise harmless. The harden-below-nxdomain option works well together with the recently default enabled qname minimisation, this causes more fetches to use information from the cache. git-svn-id: file:///svn/unbound/trunk@4871 be551aaa-1e26-0410-a405-d3ace91eadb9
366 lines
7.2 KiB
Plaintext
366 lines
7.2 KiB
Plaintext
; config options
|
|
server:
|
|
target-fetch-policy: "0 0 0 0 0"
|
|
prefetch: "yes"
|
|
minimal-responses: no
|
|
|
|
stub-zone:
|
|
name: "."
|
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
|
CONFIG_END
|
|
|
|
SCENARIO_BEGIN Test resolver prefetch and a moved domain
|
|
; for bug #425.
|
|
|
|
; K.ROOT-SERVERS.NET.
|
|
RANGE_BEGIN 0 500
|
|
ADDRESS 193.0.14.129
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
. IN NS
|
|
SECTION ANSWER
|
|
. IN NS K.ROOT-SERVERS.NET.
|
|
SECTION ADDITIONAL
|
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
com. IN A
|
|
SECTION AUTHORITY
|
|
com. IN NS a.gtld-servers.net.
|
|
SECTION ADDITIONAL
|
|
a.gtld-servers.net. IN A 192.5.6.30
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; a.gtld-servers.net. (before sale of domain)
|
|
RANGE_BEGIN 0 30
|
|
ADDRESS 192.5.6.30
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
com. IN NS
|
|
SECTION ANSWER
|
|
com. IN NS a.gtld-servers.net.
|
|
SECTION ADDITIONAL
|
|
a.gtld-servers.net. IN A 192.5.6.30
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN A
|
|
SECTION AUTHORITY
|
|
example.com. 86400 IN NS old-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
old-ns.example.com. 86400 IN A 192.168.0.1
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; a.gtld-servers.net. (after sale of domain)
|
|
RANGE_BEGIN 40 500
|
|
ADDRESS 192.5.6.30
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
com. IN NS
|
|
SECTION ANSWER
|
|
com. IN NS a.gtld-servers.net.
|
|
SECTION ADDITIONAL
|
|
a.gtld-servers.net. IN A 192.5.6.30
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN A
|
|
SECTION AUTHORITY
|
|
example.com. 86400 IN NS new-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
new-ns.example.com. 86400 IN A 172.16.0.1
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; ns.example.com. first owner
|
|
RANGE_BEGIN 0 500
|
|
ADDRESS 192.168.0.1
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN NS
|
|
SECTION ANSWER
|
|
example.com. 86400 IN NS old-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
old-ns.example.com. 86400 IN A 192.168.0.1
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 3600 IN A 10.1.1.1
|
|
SECTION AUTHORITY
|
|
example.com. 86400 IN NS old-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
old-ns.example.com. 86400 IN A 192.168.0.1
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; ns.example.com. new owner
|
|
RANGE_BEGIN 0 500
|
|
ADDRESS 172.16.0.1
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN NS
|
|
SECTION ANSWER
|
|
example.com. 86400 IN NS new-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
new-ns.example.com. 86400 IN A 172.16.0.1
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
old-ns.example.com. IN A
|
|
SECTION ANSWER
|
|
old-ns.example.com. 86400 IN A 172.16.0.1
|
|
SECTION AUTHORITY
|
|
example.com. 86400 IN NS new-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
new-ns.example.com. 86400 IN A 172.16.0.1
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 3600 IN A 10.2.2.2
|
|
SECTION AUTHORITY
|
|
example.com. 86400 IN NS new-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
new-ns.example.com. 86400 IN A 172.16.0.1
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
STEP 1 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
; recursion happens here.
|
|
STEP 10 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 3600 IN A 10.1.1.1
|
|
SECTION AUTHORITY
|
|
example.com. 86400 IN NS old-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
old-ns.example.com. 86400 IN A 192.168.0.1
|
|
ENTRY_END
|
|
|
|
; after 1800 secs still the cached answer
|
|
STEP 20 TIME_PASSES ELAPSE 1800
|
|
|
|
STEP 30 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
; recursion happens here.
|
|
STEP 40 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 1800 IN A 10.1.1.1
|
|
SECTION AUTHORITY
|
|
example.com. 84600 IN NS old-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
old-ns.example.com. 84600 IN A 192.168.0.1
|
|
ENTRY_END
|
|
|
|
; after 1440 we are 360 seconds before the expiry
|
|
; but it still contacts the old-ns
|
|
STEP 50 TIME_PASSES ELAPSE 1440
|
|
|
|
STEP 60 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
; recursion happens here.
|
|
STEP 70 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 360 IN A 10.1.1.1
|
|
SECTION AUTHORITY
|
|
example.com. 83160 IN NS old-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
old-ns.example.com. 83160 IN A 192.168.0.1
|
|
ENTRY_END
|
|
|
|
STEP 80 TRAFFIC
|
|
; let traffic flow for prefetch to happen
|
|
|
|
; we updated from the old-ns.
|
|
STEP 90 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
; recursion happens here.
|
|
STEP 100 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 3600 IN A 10.1.1.1
|
|
SECTION AUTHORITY
|
|
example.com. 83160 IN NS old-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
old-ns.example.com. 83160 IN A 192.168.0.1
|
|
ENTRY_END
|
|
|
|
; the NS record is now 10% from expiry (8640 TTL left).
|
|
; and the A record has expired completely, retry.
|
|
STEP 110 TIME_PASSES ELAPSE 74520
|
|
|
|
; the NS record should have timed out.
|
|
; but you see the full TTL here, this is only for *this query*
|
|
; in the cache itself its 8640, not 86400.
|
|
STEP 120 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
; recursion happens here.
|
|
STEP 130 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 3600 IN A 10.1.1.1
|
|
SECTION AUTHORITY
|
|
example.com. 8640 IN NS old-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
old-ns.example.com. 8640 IN A 192.168.0.1
|
|
ENTRY_END
|
|
|
|
; get it from cache
|
|
STEP 140 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
; recursion happens here.
|
|
STEP 150 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 3600 IN A 10.1.1.1
|
|
SECTION AUTHORITY
|
|
example.com. 8640 IN NS old-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
old-ns.example.com. 8640 IN A 192.168.0.1
|
|
ENTRY_END
|
|
|
|
; the NS record times out after 8640 seconds.
|
|
STEP 160 TIME_PASSES ELAPSE 8641
|
|
|
|
; fetch it
|
|
STEP 170 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
; recursion happens here.
|
|
STEP 180 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 3600 IN A 10.2.2.2
|
|
SECTION AUTHORITY
|
|
example.com. 86400 IN NS new-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
new-ns.example.com. 86400 IN A 172.16.0.1
|
|
ENTRY_END
|
|
|
|
; a reply from cache
|
|
STEP 190 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
; recursion happens here.
|
|
STEP 200 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 3600 IN A 10.2.2.2
|
|
SECTION AUTHORITY
|
|
example.com. 86400 IN NS new-ns.example.com.
|
|
SECTION ADDITIONAL
|
|
new-ns.example.com. 86400 IN A 172.16.0.1
|
|
ENTRY_END
|
|
|
|
SCENARIO_END
|