1; config options 2server: 3 target-fetch-policy: "0 0 0 0 0" 4 ; Options for signed zone. The zone is partially copied from val_negcache_nxdomain.rpl 5 trust-anchor: "testzone.nlnetlabs.nl. IN DS 2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b" 6 val-override-date: "20180213111425" 7 qname-minimisation: "no" 8 trust-anchor-signaling: no 9 aggressive-nsec: yes 10 11auth-zone: 12 name: "example.com." 13 ## zonefile (or none). 14 ## zonefile: "example.com.zone" 15 ## master by IP address or hostname 16 ## can list multiple masters, each on one line. 17 ## master: 18 ## url for http fetch 19 ## url: 20 ## queries from downstream clients get authoritative answers. 21 ## for-downstream: yes 22 for-downstream: yes 23 ## queries are used to fetch authoritative answers from this zone, 24 ## instead of unbound itself sending queries there. 25 ## for-upstream: yes 26 for-upstream: no 27 ## on failures with for-upstream, fallback to sending queries to 28 ## the authority servers 29 ## fallback-enabled: no 30 31 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n 32 zonefile: 33TEMPFILE_NAME example.com 34 ## this is the inline file /tmp/xxx.example.com 35 ## the tempfiles are deleted when the testrun is over. 36TEMPFILE_CONTENTS example.com 37$ORIGIN com. 38example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( 39 1379078166 28800 7200 604800 7200 ) 40 3600 IN NS ns1.example.com. 41 3600 IN NS ns2.example.com. 42$ORIGIN example.com. 43www 3600 IN A 1.2.3.4 44mail 3600 IN A 1.2.3.5 45 3600 IN AAAA ::5 46ns1 3600 IN A 1.2.3.4 47ns2 3600 IN AAAA ::2 48TEMPFILE_END 49 50auth-zone: 51 name: "soa.high.com." 52 for-downstream: yes 53 for-upstream: no 54 zonefile: 55TEMPFILE_NAME soa.high.com 56TEMPFILE_CONTENTS soa.high.com 57$ORIGIN high.com. 58soa 500 IN SOA dns.example.de. hostmaster.dns.example.de. ( 59 1379078166 28800 7200 604800 200 ) 60 3600 IN NS ns1.example.com. 61 3600 IN NS ns2.example.com. 62TEMPFILE_END 63 64auth-zone: 65 name: "soa.low.com." 66 for-downstream: yes 67 for-upstream: no 68 zonefile: 69TEMPFILE_NAME soa.low.com 70TEMPFILE_CONTENTS soa.low.com 71$ORIGIN low.com. 72soa 200 IN SOA dns.example.de. hostmaster.dns.example.de. ( 73 1379078166 28800 7200 604800 500 ) 74 3600 IN NS ns1.example.com. 75 3600 IN NS ns2.example.com. 76TEMPFILE_END 77 78auth-zone: 79 name: "testzone.nlnetlabs.nl." 80 for-downstream: yes 81 for-upstream: no 82 zonefile: 83TEMPFILE_NAME testzone.nlnetlabs.nl 84TEMPFILE_CONTENTS testzone.nlnetlabs.nl 85$ORIGIN testzone.nlnetlabs.nl. 86testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 87testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= 88alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 89alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= 90testzone.nlnetlabs.nl. 4600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 91testzone.nlnetlabs.nl. 4600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= 92TEMPFILE_END 93 94stub-zone: 95 name: "." 96 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 97CONFIG_END 98 99SCENARIO_BEGIN Test authority zone with zonefile for downstream responses 100 101; K.ROOT-SERVERS.NET. 102RANGE_BEGIN 0 100 103 ADDRESS 193.0.14.129 104ENTRY_BEGIN 105MATCH opcode qtype qname 106ADJUST copy_id 107REPLY QR NOERROR 108SECTION QUESTION 109. IN NS 110SECTION ANSWER 111. IN NS K.ROOT-SERVERS.NET. 112SECTION ADDITIONAL 113K.ROOT-SERVERS.NET. IN A 193.0.14.129 114ENTRY_END 115 116ENTRY_BEGIN 117MATCH opcode subdomain 118ADJUST copy_id copy_query 119REPLY QR NOERROR 120SECTION QUESTION 121com. IN NS 122SECTION AUTHORITY 123com. IN NS a.gtld-servers.net. 124SECTION ADDITIONAL 125a.gtld-servers.net. IN A 192.5.6.30 126ENTRY_END 127RANGE_END 128 129; a.gtld-servers.net. 130RANGE_BEGIN 0 100 131 ADDRESS 192.5.6.30 132ENTRY_BEGIN 133MATCH opcode qtype qname 134ADJUST copy_id 135REPLY QR NOERROR 136SECTION QUESTION 137com. IN NS 138SECTION ANSWER 139com. IN NS a.gtld-servers.net. 140SECTION ADDITIONAL 141a.gtld-servers.net. IN A 192.5.6.30 142ENTRY_END 143 144ENTRY_BEGIN 145MATCH opcode subdomain 146ADJUST copy_id copy_query 147REPLY QR NOERROR 148SECTION QUESTION 149example.com. IN NS 150SECTION AUTHORITY 151example.com. IN NS ns.example.com. 152SECTION ADDITIONAL 153ns.example.com. IN A 1.2.3.44 154ENTRY_END 155RANGE_END 156 157; ns.example.net. 158RANGE_BEGIN 0 100 159 ADDRESS 1.2.3.44 160ENTRY_BEGIN 161MATCH opcode qtype qname 162ADJUST copy_id 163REPLY QR NOERROR 164SECTION QUESTION 165example.net. IN NS 166SECTION ANSWER 167example.net. IN NS ns.example.net. 168SECTION ADDITIONAL 169ns.example.net. IN A 1.2.3.44 170ENTRY_END 171 172ENTRY_BEGIN 173MATCH opcode qtype qname 174ADJUST copy_id 175REPLY QR NOERROR 176SECTION QUESTION 177ns.example.net. IN A 178SECTION ANSWER 179ns.example.net. IN A 1.2.3.44 180SECTION AUTHORITY 181example.net. IN NS ns.example.net. 182ENTRY_END 183 184ENTRY_BEGIN 185MATCH opcode qtype qname 186ADJUST copy_id 187REPLY QR NOERROR 188SECTION QUESTION 189ns.example.net. IN AAAA 190SECTION AUTHORITY 191example.net. IN NS ns.example.net. 192SECTION ADDITIONAL 193www.example.net. IN A 1.2.3.44 194ENTRY_END 195 196ENTRY_BEGIN 197MATCH opcode qtype qname 198ADJUST copy_id 199REPLY QR NOERROR 200SECTION QUESTION 201example.com. IN NS 202SECTION ANSWER 203example.com. IN NS ns.example.net. 204ENTRY_END 205 206ENTRY_BEGIN 207MATCH opcode qtype qname 208ADJUST copy_id 209REPLY QR NOERROR 210SECTION QUESTION 211www.example.com. IN A 212SECTION ANSWER 213www.example.com. IN A 10.20.30.40 214ENTRY_END 215RANGE_END 216 217STEP 1 QUERY 218ENTRY_BEGIN 219REPLY RD 220SECTION QUESTION 221www.example.com. IN A 222ENTRY_END 223 224; recursion happens here. 225STEP 20 CHECK_ANSWER 226ENTRY_BEGIN 227MATCH all 228REPLY QR RD RA AA NOERROR 229SECTION QUESTION 230www.example.com. IN A 231SECTION ANSWER 232www.example.com. IN A 1.2.3.4 233ENTRY_END 234 235; check SOA TTL to be the minimum of the SOA.minimum and the SOA TTL 236STEP 30 QUERY 237ENTRY_BEGIN 238REPLY RD 239SECTION QUESTION 240nonexistent.soa.high.com. IN A 241ENTRY_END 242STEP 31 CHECK_ANSWER 243ENTRY_BEGIN 244MATCH all ttl 245REPLY QR RD RA AA NXDOMAIN 246SECTION QUESTION 247nonexistent.soa.high.com IN A 248SECTION AUTHORITY 249soa.high.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 200 250ENTRY_END 251; check that the original SOA is also returned 252STEP 32 QUERY 253ENTRY_BEGIN 254REPLY RD 255SECTION QUESTION 256soa.high.com. IN SOA 257ENTRY_END 258STEP 33 CHECK_ANSWER 259ENTRY_BEGIN 260MATCH all ttl 261REPLY QR RD RA AA NOERROR 262SECTION QUESTION 263soa.high.com. IN SOA 264SECTION ANSWER 265soa.high.com. 500 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 200 266ENTRY_END 267 268; check SOA TTL to be the minimum of the SOA.minimum and the SOA TTL 269STEP 40 QUERY 270ENTRY_BEGIN 271REPLY RD 272SECTION QUESTION 273nonexistent.soa.low.com. IN A 274ENTRY_END 275STEP 41 CHECK_ANSWER 276ENTRY_BEGIN 277MATCH all ttl 278REPLY QR RD RA AA NXDOMAIN 279SECTION QUESTION 280nonexistent.soa.low.com. IN A 281SECTION AUTHORITY 282soa.low.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 500 283ENTRY_END 284; check that the original SOA is also returned 285STEP 42 QUERY 286ENTRY_BEGIN 287REPLY RD 288SECTION QUESTION 289soa.low.com. IN SOA 290ENTRY_END 291STEP 43 CHECK_ANSWER 292ENTRY_BEGIN 293MATCH all ttl 294REPLY QR RD RA AA NOERROR 295SECTION QUESTION 296soa.low.com. IN SOA 297SECTION ANSWER 298soa.low.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 500 299ENTRY_END 300 301; check SOA TTL to be minimum of the SOA.minimum and the SOA TTL for DNSSEC 302STEP 50 QUERY 303ENTRY_BEGIN 304REPLY RD DO 305SECTION QUESTION 306ant.testzone.nlnetlabs.nl. IN A 307ENTRY_END 308STEP 51 CHECK_ANSWER 309ENTRY_BEGIN 310MATCH all ttl 311REPLY QR RD DO RA AA NXDOMAIN 312SECTION QUESTION 313ant.testzone.nlnetlabs.nl. IN A 314SECTION AUTHORITY 315testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 316testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= 317alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC 318alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= 319testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY 320testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= 321ENTRY_END 322; check that the original SOA is also returned 323STEP 52 QUERY 324ENTRY_BEGIN 325REPLY RD DO 326SECTION QUESTION 327testzone.nlnetlabs.nl. IN SOA 328ENTRY_END 329STEP 53 CHECK_ANSWER 330ENTRY_BEGIN 331MATCH all ttl 332REPLY QR RD DO RA AA NOERROR 333SECTION QUESTION 334testzone.nlnetlabs.nl. IN SOA 335SECTION ANSWER 336testzone.nlnetlabs.nl. 4600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 337testzone.nlnetlabs.nl. 4600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= 338ENTRY_END 339 340SCENARIO_END 341