xref: /netbsd-src/external/bsd/unbound/dist/testdata/ipsecmod_enabled.crpl (revision f42d8de7d1744f0ae38eedac13b4320e5351d1d6) 
1; Test ipsecmod-enabled option.
2
3; config options
4server:
5	access-control: 127.0.0.1 allow_snoop
6	module-config: "ipsecmod validator iterator"
7	; ../../ is there because the test runs from testdata/03-testbound.dir
8	ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
9	ipsecmod-strict: no
10	ipsecmod-max-ttl: 200
11	ipsecmod-enabled: no
12	qname-minimisation: "no"
13	minimal-responses: no
14
15stub-zone:
16	name: "."
17	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
18CONFIG_END
19
20SCENARIO_BEGIN Test ipsecmod-enabled option
21; Scenario overview:
22; - query for example.com. IN A
23; - check that we get an answer for example.com. IN A with the correct TTL
24; - check that the get the same answer from cache
25; - check that we don't get the IPSECKEY answer from cache
26
27; K.ROOT-SERVERS.NET.
28RANGE_BEGIN 0 100
29	ADDRESS 193.0.14.129
30	ENTRY_BEGIN
31		MATCH opcode qtype qname
32		ADJUST copy_id
33		REPLY QR NOERROR
34		SECTION QUESTION
35			. IN NS
36		SECTION ANSWER
37			. IN NS	K.ROOT-SERVERS.NET.
38		SECTION ADDITIONAL
39			K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
40	ENTRY_END
41
42	ENTRY_BEGIN
43		MATCH opcode qtype qname
44		ADJUST copy_id
45		REPLY QR AA NOERROR
46		SECTION QUESTION
47			a.gtld-servers.net.	IN AAAA
48		SECTION AUTHORITY
49			. 86400 IN SOA . . 20070304 28800 7200 604800 86400
50	ENTRY_END
51
52	ENTRY_BEGIN
53		MATCH opcode qtype qname
54		ADJUST copy_id
55		REPLY QR AA NOERROR
56		SECTION QUESTION
57			K.ROOT-SERVERS.NET.	IN	AAAA
58		SECTION AUTHORITY
59			. 86400 IN SOA . . 20070304 28800 7200 604800 86400
60	ENTRY_END
61
62	ENTRY_BEGIN
63		MATCH opcode subdomain
64		ADJUST copy_id copy_query
65		REPLY QR NOERROR
66		SECTION QUESTION
67			com. IN A
68		SECTION AUTHORITY
69			com. IN NS	a.gtld-servers.net.
70		SECTION ADDITIONAL
71			a.gtld-servers.net.	IN 	A	192.5.6.30
72	ENTRY_END
73RANGE_END
74
75; a.gtld-servers.net.
76RANGE_BEGIN 0 100
77	ADDRESS 192.5.6.30
78	ENTRY_BEGIN
79		MATCH opcode qtype qname
80		ADJUST copy_id
81		REPLY QR NOERROR
82		SECTION QUESTION
83			com. IN NS
84		SECTION ANSWER
85			com.    IN NS   a.gtld-servers.net.
86		SECTION ADDITIONAL
87			a.gtld-servers.net.     IN      A       192.5.6.30
88	ENTRY_END
89
90	ENTRY_BEGIN
91		MATCH opcode subdomain
92		ADJUST copy_id copy_query
93		REPLY QR NOERROR
94		SECTION QUESTION
95			example.com. IN A
96		SECTION AUTHORITY
97			example.com.	IN NS	ns.example.com.
98		SECTION ADDITIONAL
99			ns.example.com.		IN 	A	1.2.3.4
100	ENTRY_END
101RANGE_END
102
103; ns.example.com.
104RANGE_BEGIN 0 100
105	ADDRESS 1.2.3.4
106	ENTRY_BEGIN
107		MATCH opcode qtype qname
108		ADJUST copy_id
109		REPLY QR NOERROR
110		SECTION QUESTION
111			example.com. IN NS
112		SECTION ANSWER
113			example.com.    IN NS   ns.example.com.
114		SECTION ADDITIONAL
115			ns.example.com.         IN      A       1.2.3.4
116	ENTRY_END
117
118	ENTRY_BEGIN
119		MATCH opcode qtype qname
120		ADJUST copy_id
121		REPLY QR AA NOERROR
122		SECTION QUESTION
123			ns.example.com. IN AAAA
124		SECTION AUTHORITY
125			example.com. 10 IN SOA . . 15 28800 7200 604800 10
126	ENTRY_END
127
128	; response to A query
129	ENTRY_BEGIN
130		MATCH opcode qtype qname
131		ADJUST copy_id
132		REPLY QR NOERROR
133		SECTION QUESTION
134			example.com. IN A
135		SECTION ANSWER
136			example.com.    3600 IN      A       5.6.7.8
137		SECTION AUTHORITY
138			example.com.	IN NS	ns.example.com.
139		SECTION ADDITIONAL
140			ns.example.com.		IN 	A	1.2.3.4
141	ENTRY_END
142
143	; response to IPSECKEY query
144	ENTRY_BEGIN
145		MATCH opcode qtype qname
146		ADJUST copy_id
147		REPLY QR NOERROR
148		SECTION QUESTION
149			example.com. IN IPSECKEY
150		SECTION ANSWER
151			example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
152		SECTION AUTHORITY
153			example.com.	IN NS	ns.example.com.
154		SECTION ADDITIONAL
155			ns.example.com.		IN 	A	1.2.3.4
156	ENTRY_END
157RANGE_END
158
159; Query with RD flag
160STEP 1 QUERY
161ENTRY_BEGIN
162	REPLY RD
163	SECTION QUESTION
164		example.com. IN A
165ENTRY_END
166
167STEP 10 CHECK_ANSWER
168ENTRY_BEGIN
169	MATCH all ttl
170	REPLY QR RD RA NOERROR
171	SECTION QUESTION
172		example.com. IN A
173	SECTION ANSWER
174		example.com.  3600 IN A 5.6.7.8
175	SECTION AUTHORITY
176		example.com.	IN NS	ns.example.com.
177	SECTION ADDITIONAL
178		ns.example.com.		IN 	A	1.2.3.4
179ENTRY_END
180
181; Query without RD, check if cached and with correct TTL
182STEP 11 QUERY
183ENTRY_BEGIN
184	SECTION QUESTION
185		example.com. IN A
186ENTRY_END
187
188STEP 20 CHECK_ANSWER
189ENTRY_BEGIN
190	MATCH all ttl
191	REPLY QR RA NOERROR
192	SECTION QUESTION
193		example.com. IN A
194	SECTION ANSWER
195		example.com.  3600 IN A 5.6.7.8
196	SECTION AUTHORITY
197		example.com.	IN NS	ns.example.com.
198	SECTION ADDITIONAL
199		ns.example.com.		IN 	A	1.2.3.4
200ENTRY_END
201
202; Query without RD, check if IPSECKEY cached
203STEP 21 QUERY
204ENTRY_BEGIN
205	SECTION QUESTION
206		example.com. IN IPSECKEY
207ENTRY_END
208
209STEP 30 CHECK_ANSWER
210ENTRY_BEGIN
211	MATCH all
212	REPLY QR RA NOERROR
213	SECTION QUESTION
214		example.com. IN IPSECKEY
215	SECTION AUTHORITY
216		example.com.	IN NS	ns.example.com.
217	SECTION ADDITIONAL
218		ns.example.com.		IN 	A	1.2.3.4
219ENTRY_END
220
221SCENARIO_END
222