1; config options 2server: 3 target-fetch-policy: "0 0 0 0 0" 4 ; Options for signed zone. The zone is partially copied from val_negcache_nxdomain.rpl 5 trust-anchor: "testzone.nlnetlabs.nl. IN DS 2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b" 6 val-override-date: "20180213111425" 7 qname-minimisation: "no" 8 trust-anchor-signaling: no 9 aggressive-nsec: yes 10 zonemd-permissive-mode: yes 11 12auth-zone: 13 name: "example.com." 14 ## zonefile (or none). 15 ## zonefile: "example.com.zone" 16 ## master by IP address or hostname 17 ## can list multiple masters, each on one line. 18 ## master: 19 ## url for http fetch 20 ## url: 21 ## queries from downstream clients get authoritative answers. 22 ## for-downstream: yes 23 for-downstream: yes 24 ## queries are used to fetch authoritative answers from this zone, 25 ## instead of unbound itself sending queries there. 26 ## for-upstream: yes 27 for-upstream: no 28 ## on failures with for-upstream, fallback to sending queries to 29 ## the authority servers 30 ## fallback-enabled: no 31 32 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n 33 zonefile: 34TEMPFILE_NAME example.com 35 ## this is the inline file /tmp/xxx.example.com 36 ## the tempfiles are deleted when the testrun is over. 37TEMPFILE_CONTENTS example.com 38$ORIGIN com. 39example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( 40 1379078166 28800 7200 604800 7200 ) 41 3600 IN NS ns1.example.com. 42 3600 IN NS ns2.example.com. 43$ORIGIN example.com. 44www 3600 IN A 1.2.3.4 45mail 3600 IN A 1.2.3.5 46 3600 IN AAAA ::5 47ns1 3600 IN A 1.2.3.4 48ns2 3600 IN AAAA ::2 49TEMPFILE_END 50 51auth-zone: 52 name: "soa.high.com." 53 for-downstream: yes 54 for-upstream: no 55 zonefile: 56TEMPFILE_NAME soa.high.com 57TEMPFILE_CONTENTS soa.high.com 58$ORIGIN high.com. 59soa 500 IN SOA dns.example.de. hostmaster.dns.example.de. ( 60 1379078166 28800 7200 604800 200 ) 61 3600 IN NS ns1.example.com. 62 3600 IN NS ns2.example.com. 63TEMPFILE_END 64 65auth-zone: 66 name: "soa.low.com." 67 for-downstream: yes 68 for-upstream: no 69 zonefile: 70TEMPFILE_NAME soa.low.com 71TEMPFILE_CONTENTS soa.low.com 72$ORIGIN low.com. 73soa 200 IN SOA dns.example.de. hostmaster.dns.example.de. ( 74 1379078166 28800 7200 604800 500 ) 75 3600 IN NS ns1.example.com. 76 3600 IN NS ns2.example.com. 77TEMPFILE_END 78 79auth-zone: 80 name: "testzone.nlnetlabs.nl." 81 for-downstream: yes 82 for-upstream: no 83 zonefile: 84TEMPFILE_NAME testzone.nlnetlabs.nl 85TEMPFILE_CONTENTS testzone.nlnetlabs.nl 86$ORIGIN testzone.nlnetlabs.nl. 87testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 88testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= 89alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 90alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= 91testzone.nlnetlabs.nl. 4600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 92testzone.nlnetlabs.nl. 4600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= 93TEMPFILE_END 94 95stub-zone: 96 name: "." 97 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 98CONFIG_END 99 100SCENARIO_BEGIN Test authority zone with zonefile for downstream responses 101 102; K.ROOT-SERVERS.NET. 103RANGE_BEGIN 0 100 104 ADDRESS 193.0.14.129 105ENTRY_BEGIN 106MATCH opcode qtype qname 107ADJUST copy_id 108REPLY QR NOERROR 109SECTION QUESTION 110. IN NS 111SECTION ANSWER 112. IN NS K.ROOT-SERVERS.NET. 113SECTION ADDITIONAL 114K.ROOT-SERVERS.NET. IN A 193.0.14.129 115ENTRY_END 116 117ENTRY_BEGIN 118MATCH opcode subdomain 119ADJUST copy_id copy_query 120REPLY QR NOERROR 121SECTION QUESTION 122com. IN NS 123SECTION AUTHORITY 124com. IN NS a.gtld-servers.net. 125SECTION ADDITIONAL 126a.gtld-servers.net. IN A 192.5.6.30 127ENTRY_END 128RANGE_END 129 130; a.gtld-servers.net. 131RANGE_BEGIN 0 100 132 ADDRESS 192.5.6.30 133ENTRY_BEGIN 134MATCH opcode qtype qname 135ADJUST copy_id 136REPLY QR NOERROR 137SECTION QUESTION 138com. IN NS 139SECTION ANSWER 140com. IN NS a.gtld-servers.net. 141SECTION ADDITIONAL 142a.gtld-servers.net. IN A 192.5.6.30 143ENTRY_END 144 145ENTRY_BEGIN 146MATCH opcode subdomain 147ADJUST copy_id copy_query 148REPLY QR NOERROR 149SECTION QUESTION 150example.com. IN NS 151SECTION AUTHORITY 152example.com. IN NS ns.example.com. 153SECTION ADDITIONAL 154ns.example.com. IN A 1.2.3.44 155ENTRY_END 156RANGE_END 157 158; ns.example.net. 159RANGE_BEGIN 0 100 160 ADDRESS 1.2.3.44 161ENTRY_BEGIN 162MATCH opcode qtype qname 163ADJUST copy_id 164REPLY QR NOERROR 165SECTION QUESTION 166example.net. IN NS 167SECTION ANSWER 168example.net. IN NS ns.example.net. 169SECTION ADDITIONAL 170ns.example.net. IN A 1.2.3.44 171ENTRY_END 172 173ENTRY_BEGIN 174MATCH opcode qtype qname 175ADJUST copy_id 176REPLY QR NOERROR 177SECTION QUESTION 178ns.example.net. IN A 179SECTION ANSWER 180ns.example.net. IN A 1.2.3.44 181SECTION AUTHORITY 182example.net. IN NS ns.example.net. 183ENTRY_END 184 185ENTRY_BEGIN 186MATCH opcode qtype qname 187ADJUST copy_id 188REPLY QR NOERROR 189SECTION QUESTION 190ns.example.net. IN AAAA 191SECTION AUTHORITY 192example.net. IN NS ns.example.net. 193SECTION ADDITIONAL 194www.example.net. IN A 1.2.3.44 195ENTRY_END 196 197ENTRY_BEGIN 198MATCH opcode qtype qname 199ADJUST copy_id 200REPLY QR NOERROR 201SECTION QUESTION 202example.com. IN NS 203SECTION ANSWER 204example.com. IN NS ns.example.net. 205ENTRY_END 206 207ENTRY_BEGIN 208MATCH opcode qtype qname 209ADJUST copy_id 210REPLY QR NOERROR 211SECTION QUESTION 212www.example.com. IN A 213SECTION ANSWER 214www.example.com. IN A 10.20.30.40 215ENTRY_END 216RANGE_END 217 218STEP 1 QUERY 219ENTRY_BEGIN 220REPLY RD 221SECTION QUESTION 222www.example.com. IN A 223ENTRY_END 224 225; recursion happens here. 226STEP 20 CHECK_ANSWER 227ENTRY_BEGIN 228MATCH all 229REPLY QR RD RA AA NOERROR 230SECTION QUESTION 231www.example.com. IN A 232SECTION ANSWER 233www.example.com. IN A 1.2.3.4 234ENTRY_END 235 236; check SOA TTL to be the minimum of the SOA.minimum and the SOA TTL 237STEP 30 QUERY 238ENTRY_BEGIN 239REPLY RD 240SECTION QUESTION 241nonexistent.soa.high.com. IN A 242ENTRY_END 243STEP 31 CHECK_ANSWER 244ENTRY_BEGIN 245MATCH all ttl 246REPLY QR RD RA AA NXDOMAIN 247SECTION QUESTION 248nonexistent.soa.high.com IN A 249SECTION AUTHORITY 250soa.high.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 200 251ENTRY_END 252; check that the original SOA is also returned 253STEP 32 QUERY 254ENTRY_BEGIN 255REPLY RD 256SECTION QUESTION 257soa.high.com. IN SOA 258ENTRY_END 259STEP 33 CHECK_ANSWER 260ENTRY_BEGIN 261MATCH all ttl 262REPLY QR RD RA AA NOERROR 263SECTION QUESTION 264soa.high.com. IN SOA 265SECTION ANSWER 266soa.high.com. 500 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 200 267ENTRY_END 268 269; check SOA TTL to be the minimum of the SOA.minimum and the SOA TTL 270STEP 40 QUERY 271ENTRY_BEGIN 272REPLY RD 273SECTION QUESTION 274nonexistent.soa.low.com. IN A 275ENTRY_END 276STEP 41 CHECK_ANSWER 277ENTRY_BEGIN 278MATCH all ttl 279REPLY QR RD RA AA NXDOMAIN 280SECTION QUESTION 281nonexistent.soa.low.com. IN A 282SECTION AUTHORITY 283soa.low.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 500 284ENTRY_END 285; check that the original SOA is also returned 286STEP 42 QUERY 287ENTRY_BEGIN 288REPLY RD 289SECTION QUESTION 290soa.low.com. IN SOA 291ENTRY_END 292STEP 43 CHECK_ANSWER 293ENTRY_BEGIN 294MATCH all ttl 295REPLY QR RD RA AA NOERROR 296SECTION QUESTION 297soa.low.com. IN SOA 298SECTION ANSWER 299soa.low.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 500 300ENTRY_END 301 302; check SOA TTL to be minimum of the SOA.minimum and the SOA TTL for DNSSEC 303STEP 50 QUERY 304ENTRY_BEGIN 305REPLY RD DO 306SECTION QUESTION 307ant.testzone.nlnetlabs.nl. IN A 308ENTRY_END 309STEP 51 CHECK_ANSWER 310ENTRY_BEGIN 311MATCH all ttl 312REPLY QR RD DO RA AA NXDOMAIN 313SECTION QUESTION 314ant.testzone.nlnetlabs.nl. IN A 315SECTION AUTHORITY 316testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 317testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= 318alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 319alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= 320testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 321testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= 322ENTRY_END 323; check that the original SOA is also returned 324STEP 52 QUERY 325ENTRY_BEGIN 326REPLY RD DO 327SECTION QUESTION 328testzone.nlnetlabs.nl. IN SOA 329ENTRY_END 330STEP 53 CHECK_ANSWER 331ENTRY_BEGIN 332MATCH all ttl 333REPLY QR RD DO RA AA NOERROR 334SECTION QUESTION 335testzone.nlnetlabs.nl. IN SOA 336SECTION ANSWER 337testzone.nlnetlabs.nl. 4600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 338testzone.nlnetlabs.nl. 4600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= 339ENTRY_END 340 341SCENARIO_END 342