1; config options 2server: 3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 4 val-override-date: "20070916134226" 5 target-fetch-policy: "0 0 0 0 0" 6 fake-sha1: yes 7 trust-anchor-signaling: no 8 9auth-zone: 10 name: "example.com." 11 ## zonefile (or none). 12 ## zonefile: "example.com.zone" 13 ## master by IP address or hostname 14 ## can list multiple masters, each on one line. 15 ## master: 16 ## url for http fetch 17 ## url: 18 ## queries from downstream clients get authoritative answers. 19 ## for-downstream: yes 20 for-downstream: no 21 ## queries are used to fetch authoritative answers from this zone, 22 ## instead of unbound itself sending queries there. 23 ## for-upstream: yes 24 for-upstream: yes 25 ## on failures with for-upstream, fallback to sending queries to 26 ## the authority servers 27 ## fallback-enabled: no 28 29 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n 30 zonefile: 31TEMPFILE_NAME example.com 32 ## this is the inline file /tmp/xxx.example.com 33 ## the tempfiles are deleted when the testrun is over. 34TEMPFILE_CONTENTS example.com 35$ORIGIN example.com. 36example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( 37 1379078166 28800 7200 604800 7200 ) 38 3600 IN NS ns.example.com. 39example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 40example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 41example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 42 43ns.example.com. IN A 1.2.3.4 44ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 45 46www.example.com. IN A 10.20.30.40 47www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 48 49TEMPFILE_END 50 51stub-zone: 52 name: "." 53 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 54CONFIG_END 55 56SCENARIO_BEGIN Test authority zone with zonefile and dnssec 57; the zone file has signatures, used upstream, unbound validates the reply. 58 59; K.ROOT-SERVERS.NET. 60RANGE_BEGIN 0 100 61 ADDRESS 193.0.14.129 62ENTRY_BEGIN 63MATCH opcode qtype qname 64ADJUST copy_id 65REPLY QR NOERROR 66SECTION QUESTION 67. IN NS 68SECTION ANSWER 69. IN NS K.ROOT-SERVERS.NET. 70SECTION ADDITIONAL 71K.ROOT-SERVERS.NET. IN A 193.0.14.129 72ENTRY_END 73 74ENTRY_BEGIN 75MATCH opcode subdomain 76ADJUST copy_id copy_query 77REPLY QR NOERROR 78SECTION QUESTION 79com. IN NS 80SECTION AUTHORITY 81com. IN NS a.gtld-servers.net. 82SECTION ADDITIONAL 83a.gtld-servers.net. IN A 192.5.6.30 84ENTRY_END 85RANGE_END 86 87; a.gtld-servers.net. 88RANGE_BEGIN 0 100 89 ADDRESS 192.5.6.30 90ENTRY_BEGIN 91MATCH opcode qtype qname 92ADJUST copy_id 93REPLY QR NOERROR 94SECTION QUESTION 95com. IN NS 96SECTION ANSWER 97com. IN NS a.gtld-servers.net. 98SECTION ADDITIONAL 99a.gtld-servers.net. IN A 192.5.6.30 100ENTRY_END 101 102ENTRY_BEGIN 103MATCH opcode subdomain 104ADJUST copy_id copy_query 105REPLY QR NOERROR 106SECTION QUESTION 107example.com. IN NS 108SECTION AUTHORITY 109example.com. IN NS ns.example.com. 110SECTION ADDITIONAL 111ns.example.com. IN A 1.2.3.44 112ENTRY_END 113RANGE_END 114 115; ns.example.net. 116RANGE_BEGIN 0 100 117 ADDRESS 1.2.3.44 118ENTRY_BEGIN 119MATCH opcode qtype qname 120ADJUST copy_id 121REPLY QR NOERROR 122SECTION QUESTION 123example.net. IN NS 124SECTION ANSWER 125example.net. IN NS ns.example.net. 126SECTION ADDITIONAL 127ns.example.net. IN A 1.2.3.44 128ENTRY_END 129 130ENTRY_BEGIN 131MATCH opcode qtype qname 132ADJUST copy_id 133REPLY QR NOERROR 134SECTION QUESTION 135ns.example.net. IN A 136SECTION ANSWER 137ns.example.net. IN A 1.2.3.44 138SECTION AUTHORITY 139example.net. IN NS ns.example.net. 140ENTRY_END 141 142ENTRY_BEGIN 143MATCH opcode qtype qname 144ADJUST copy_id 145REPLY QR NOERROR 146SECTION QUESTION 147ns.example.net. IN AAAA 148SECTION AUTHORITY 149example.net. IN NS ns.example.net. 150SECTION ADDITIONAL 151www.example.net. IN A 1.2.3.44 152ENTRY_END 153 154ENTRY_BEGIN 155MATCH opcode qtype qname 156ADJUST copy_id 157REPLY QR NOERROR 158SECTION QUESTION 159example.com. IN NS 160SECTION ANSWER 161example.com. IN NS ns.example.net. 162ENTRY_END 163 164ENTRY_BEGIN 165MATCH opcode qtype qname 166ADJUST copy_id 167REPLY QR NOERROR 168SECTION QUESTION 169www.example.com. IN A 170SECTION ANSWER 171www.example.com. IN A 10.20.30.40 172ENTRY_END 173RANGE_END 174 175STEP 1 QUERY 176ENTRY_BEGIN 177REPLY RD DO 178SECTION QUESTION 179www.example.com. IN A 180ENTRY_END 181 182; recursion happens here. 183STEP 20 CHECK_ANSWER 184ENTRY_BEGIN 185MATCH all 186REPLY QR RD DO RA AD NOERROR 187SECTION QUESTION 188www.example.com. IN A 189SECTION ANSWER 190www.example.com. IN A 10.20.30.40 191www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 192ENTRY_END 193 194SCENARIO_END 195