1; config options 2server: 3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 4 val-override-date: "20070916134226" 5 target-fetch-policy: "0 0 0 0 0" 6 fake-sha1: yes 7 trust-anchor-signaling: no 8 zonemd-permissive-mode: yes 9 10auth-zone: 11 name: "example.com." 12 ## zonefile (or none). 13 ## zonefile: "example.com.zone" 14 ## master by IP address or hostname 15 ## can list multiple masters, each on one line. 16 ## master: 17 ## url for http fetch 18 ## url: 19 ## queries from downstream clients get authoritative answers. 20 ## for-downstream: yes 21 for-downstream: no 22 ## queries are used to fetch authoritative answers from this zone, 23 ## instead of unbound itself sending queries there. 24 ## for-upstream: yes 25 for-upstream: yes 26 ## on failures with for-upstream, fallback to sending queries to 27 ## the authority servers 28 ## fallback-enabled: no 29 30 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n 31 zonefile: 32TEMPFILE_NAME example.com 33 ## this is the inline file /tmp/xxx.example.com 34 ## the tempfiles are deleted when the testrun is over. 35TEMPFILE_CONTENTS example.com 36$ORIGIN example.com. 37example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( 38 1379078166 28800 7200 604800 7200 ) 39 3600 IN NS ns.example.com. 40example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 41example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 42example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 43 44ns.example.com. IN A 1.2.3.4 45ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 46 47www.example.com. IN A 10.20.30.40 48www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 49 50TEMPFILE_END 51 52stub-zone: 53 name: "." 54 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 55CONFIG_END 56 57SCENARIO_BEGIN Test authority zone with zonefile and dnssec 58; the zone file has signatures, used upstream, unbound validates the reply. 59 60; K.ROOT-SERVERS.NET. 61RANGE_BEGIN 0 100 62 ADDRESS 193.0.14.129 63ENTRY_BEGIN 64MATCH opcode qtype qname 65ADJUST copy_id 66REPLY QR NOERROR 67SECTION QUESTION 68. IN NS 69SECTION ANSWER 70. IN NS K.ROOT-SERVERS.NET. 71SECTION ADDITIONAL 72K.ROOT-SERVERS.NET. IN A 193.0.14.129 73ENTRY_END 74 75ENTRY_BEGIN 76MATCH opcode subdomain 77ADJUST copy_id copy_query 78REPLY QR NOERROR 79SECTION QUESTION 80com. IN NS 81SECTION AUTHORITY 82com. IN NS a.gtld-servers.net. 83SECTION ADDITIONAL 84a.gtld-servers.net. IN A 192.5.6.30 85ENTRY_END 86RANGE_END 87 88; a.gtld-servers.net. 89RANGE_BEGIN 0 100 90 ADDRESS 192.5.6.30 91ENTRY_BEGIN 92MATCH opcode qtype qname 93ADJUST copy_id 94REPLY QR NOERROR 95SECTION QUESTION 96com. IN NS 97SECTION ANSWER 98com. IN NS a.gtld-servers.net. 99SECTION ADDITIONAL 100a.gtld-servers.net. IN A 192.5.6.30 101ENTRY_END 102 103ENTRY_BEGIN 104MATCH opcode subdomain 105ADJUST copy_id copy_query 106REPLY QR NOERROR 107SECTION QUESTION 108example.com. IN NS 109SECTION AUTHORITY 110example.com. IN NS ns.example.com. 111SECTION ADDITIONAL 112ns.example.com. IN A 1.2.3.44 113ENTRY_END 114RANGE_END 115 116; ns.example.net. 117RANGE_BEGIN 0 100 118 ADDRESS 1.2.3.44 119ENTRY_BEGIN 120MATCH opcode qtype qname 121ADJUST copy_id 122REPLY QR NOERROR 123SECTION QUESTION 124example.net. IN NS 125SECTION ANSWER 126example.net. IN NS ns.example.net. 127SECTION ADDITIONAL 128ns.example.net. IN A 1.2.3.44 129ENTRY_END 130 131ENTRY_BEGIN 132MATCH opcode qtype qname 133ADJUST copy_id 134REPLY QR NOERROR 135SECTION QUESTION 136ns.example.net. IN A 137SECTION ANSWER 138ns.example.net. IN A 1.2.3.44 139SECTION AUTHORITY 140example.net. IN NS ns.example.net. 141ENTRY_END 142 143ENTRY_BEGIN 144MATCH opcode qtype qname 145ADJUST copy_id 146REPLY QR NOERROR 147SECTION QUESTION 148ns.example.net. IN AAAA 149SECTION AUTHORITY 150example.net. IN NS ns.example.net. 151SECTION ADDITIONAL 152www.example.net. IN A 1.2.3.44 153ENTRY_END 154 155ENTRY_BEGIN 156MATCH opcode qtype qname 157ADJUST copy_id 158REPLY QR NOERROR 159SECTION QUESTION 160example.com. IN NS 161SECTION ANSWER 162example.com. IN NS ns.example.net. 163ENTRY_END 164 165ENTRY_BEGIN 166MATCH opcode qtype qname 167ADJUST copy_id 168REPLY QR NOERROR 169SECTION QUESTION 170www.example.com. IN A 171SECTION ANSWER 172www.example.com. IN A 10.20.30.40 173ENTRY_END 174RANGE_END 175 176STEP 1 QUERY 177ENTRY_BEGIN 178REPLY RD DO 179SECTION QUESTION 180www.example.com. IN A 181ENTRY_END 182 183; recursion happens here. 184STEP 20 CHECK_ANSWER 185ENTRY_BEGIN 186MATCH all 187REPLY QR RD DO RA AD NOERROR 188SECTION QUESTION 189www.example.com. IN A 190SECTION ANSWER 191www.example.com. IN A 10.20.30.40 192www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 193ENTRY_END 194 195SCENARIO_END 196