1; config options 2server: 3 target-fetch-policy: "0 0 0 0 0" 4 5auth-zone: 6 name: "example.com." 7 ## zonefile (or none). 8 ## zonefile: "example.com.zone" 9 ## master by IP address or hostname 10 ## can list multiple masters, each on one line. 11 ## master: 12 master: 1.2.3.44 13 ## url for http fetch 14 ## url: 15 ## queries from downstream clients get authoritative answers. 16 ## for-downstream: yes 17 for-downstream: yes 18 ## queries are used to fetch authoritative answers from this zone, 19 ## instead of unbound itself sending queries there. 20 ## for-upstream: yes 21 for-upstream: yes 22 ## on failures with for-upstream, fallback to sending queries to 23 ## the authority servers 24 ## fallback-enabled: no 25 zonemd-check: yes 26 27 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n 28 zonefile: 29TEMPFILE_NAME example.com 30 ## this is the inline file /tmp/xxx.example.com 31 ## the tempfiles are deleted when the testrun is over. 32TEMPFILE_CONTENTS example.com 33TEMPFILE_END 34 35stub-zone: 36 name: "." 37 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 38CONFIG_END 39 40SCENARIO_BEGIN Test authority zone with AXFR with failed ZONEMD 41 42; K.ROOT-SERVERS.NET. 43RANGE_BEGIN 0 100 44 ADDRESS 193.0.14.129 45ENTRY_BEGIN 46MATCH opcode qtype qname 47ADJUST copy_id 48REPLY QR NOERROR 49SECTION QUESTION 50. IN NS 51SECTION ANSWER 52. IN NS K.ROOT-SERVERS.NET. 53SECTION ADDITIONAL 54K.ROOT-SERVERS.NET. IN A 193.0.14.129 55ENTRY_END 56 57ENTRY_BEGIN 58MATCH opcode subdomain 59ADJUST copy_id copy_query 60REPLY QR NOERROR 61SECTION QUESTION 62com. IN NS 63SECTION AUTHORITY 64com. IN NS a.gtld-servers.net. 65SECTION ADDITIONAL 66a.gtld-servers.net. IN A 192.5.6.30 67ENTRY_END 68RANGE_END 69 70; a.gtld-servers.net. 71RANGE_BEGIN 0 100 72 ADDRESS 192.5.6.30 73ENTRY_BEGIN 74MATCH opcode qtype qname 75ADJUST copy_id 76REPLY QR NOERROR 77SECTION QUESTION 78com. IN NS 79SECTION ANSWER 80com. IN NS a.gtld-servers.net. 81SECTION ADDITIONAL 82a.gtld-servers.net. IN A 192.5.6.30 83ENTRY_END 84 85ENTRY_BEGIN 86MATCH opcode subdomain 87ADJUST copy_id copy_query 88REPLY QR NOERROR 89SECTION QUESTION 90example.com. IN NS 91SECTION AUTHORITY 92example.com. IN NS ns.example.com. 93SECTION ADDITIONAL 94ns.example.com. IN A 1.2.3.44 95ENTRY_END 96RANGE_END 97 98; ns.example.net. 99RANGE_BEGIN 0 100 100 ADDRESS 1.2.3.44 101ENTRY_BEGIN 102MATCH opcode qtype qname 103ADJUST copy_id 104REPLY QR NOERROR 105SECTION QUESTION 106example.net. IN NS 107SECTION ANSWER 108example.net. IN NS ns.example.net. 109SECTION ADDITIONAL 110ns.example.net. IN A 1.2.3.44 111ENTRY_END 112 113ENTRY_BEGIN 114MATCH opcode qtype qname 115ADJUST copy_id 116REPLY QR NOERROR 117SECTION QUESTION 118ns.example.net. IN A 119SECTION ANSWER 120ns.example.net. IN A 1.2.3.44 121SECTION AUTHORITY 122example.net. IN NS ns.example.net. 123ENTRY_END 124 125ENTRY_BEGIN 126MATCH opcode qtype qname 127ADJUST copy_id 128REPLY QR NOERROR 129SECTION QUESTION 130ns.example.net. IN AAAA 131SECTION AUTHORITY 132example.net. IN NS ns.example.net. 133SECTION ADDITIONAL 134www.example.net. IN A 1.2.3.44 135ENTRY_END 136 137ENTRY_BEGIN 138MATCH opcode qtype qname 139ADJUST copy_id 140REPLY QR NOERROR 141SECTION QUESTION 142example.com. IN NS 143SECTION ANSWER 144example.com. IN NS ns.example.net. 145ENTRY_END 146 147ENTRY_BEGIN 148MATCH opcode qtype qname 149ADJUST copy_id 150REPLY QR NOERROR 151SECTION QUESTION 152www.example.com. IN A 153SECTION ANSWER 154www.example.com. IN A 10.20.30.40 155ENTRY_END 156 157ENTRY_BEGIN 158MATCH opcode qtype qname 159ADJUST copy_id 160REPLY QR NOERROR 161SECTION QUESTION 162example.com. IN SOA 163SECTION ANSWER 164; serial, refresh, retry, expire, minimum 165example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 166ENTRY_END 167 168ENTRY_BEGIN 169MATCH opcode qtype qname 170ADJUST copy_id 171REPLY QR AA NOTIMPL 172SECTION QUESTION 173example.com. IN IXFR 174SECTION ANSWER 175ENTRY_END 176 177ENTRY_BEGIN 178MATCH opcode qtype qname 179ADJUST copy_id 180REPLY QR AA NOERROR 181SECTION QUESTION 182example.com. IN AXFR 183SECTION ANSWER 184example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 185example.com. IN NS ns.example.com. 186; old zonemd 187;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 188; wrong zonemd 189example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA 190www.example.com. IN A 127.0.0.1 191ns.example.com. IN A 127.0.0.1 192bar.example.com. IN A 1.2.3.4 193ding.example.com. IN A 1.2.3.4 194foo.example.com. IN A 1.2.3.4 195example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 196ENTRY_END 197RANGE_END 198 199STEP 1 QUERY 200ENTRY_BEGIN 201REPLY RD 202SECTION QUESTION 203www.example.com. IN A 204ENTRY_END 205 206; recursion happens here. 207STEP 20 CHECK_ANSWER 208ENTRY_BEGIN 209MATCH all 210REPLY QR AA RD RA SERVFAIL 211SECTION QUESTION 212www.example.com. IN A 213SECTION ANSWER 214ENTRY_END 215 216STEP 30 TIME_PASSES ELAPSE 10 217STEP 40 TRAFFIC 218 219STEP 50 QUERY 220ENTRY_BEGIN 221REPLY RD 222SECTION QUESTION 223www.example.com. IN A 224ENTRY_END 225 226; recursion happens here. 227STEP 60 CHECK_ANSWER 228ENTRY_BEGIN 229MATCH all 230REPLY QR AA RD RA SERVFAIL 231SECTION QUESTION 232www.example.com. IN A 233SECTION ANSWER 234ENTRY_END 235 236; the zonefile was updated with new contents 237STEP 70 CHECK_TEMPFILE example.com 238FILE_BEGIN 239FILE_END 240 241SCENARIO_END 242