xref: /netbsd-src/external/bsd/unbound/dist/testdata/ipsecmod_max_ttl.crpl (revision f42d8de7d1744f0ae38eedac13b4320e5351d1d6) 
1; Test ipsecmod-max-ttl option.
2
3; config options
4server:
5	access-control: 127.0.0.1 allow_snoop
6	module-config: "ipsecmod validator iterator"
7	; ../../ is there because the test runs from testdata/03-testbound.dir
8	ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
9	ipsecmod-strict: no
10	ipsecmod-max-ttl: 200
11	qname-minimisation: "no"
12	minimal-responses: no
13
14stub-zone:
15	name: "."
16	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
17CONFIG_END
18
19SCENARIO_BEGIN Test ipsecmod-max-ttl option
20; Scenario overview:
21; - query for example.com. IN A
22; - check that query for example.com. IN IPSECKEY is generated
23; - check that we get an answer for example.com. IN A with the correct TTL
24; - check that the get the same answer from cache
25; - check that we get the IPSECKEY answer from cache
26
27; K.ROOT-SERVERS.NET.
28RANGE_BEGIN 0 100
29	ADDRESS 193.0.14.129
30	ENTRY_BEGIN
31		MATCH opcode qtype qname
32		ADJUST copy_id
33		REPLY QR NOERROR
34		SECTION QUESTION
35			. IN NS
36		SECTION ANSWER
37			. IN NS	K.ROOT-SERVERS.NET.
38		SECTION ADDITIONAL
39			K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
40	ENTRY_END
41
42	ENTRY_BEGIN
43		MATCH opcode qtype qname
44		ADJUST copy_id
45		REPLY QR AA NOERROR
46		SECTION QUESTION
47			a.gtld-servers.net.	IN AAAA
48		SECTION AUTHORITY
49			. 86400 IN SOA . . 20070304 28800 7200 604800 86400
50	ENTRY_END
51
52	ENTRY_BEGIN
53		MATCH opcode qtype qname
54		ADJUST copy_id
55		REPLY QR AA NOERROR
56		SECTION QUESTION
57			K.ROOT-SERVERS.NET.	IN	AAAA
58		SECTION AUTHORITY
59			. 86400 IN SOA . . 20070304 28800 7200 604800 86400
60	ENTRY_END
61
62	ENTRY_BEGIN
63		MATCH opcode subdomain
64		ADJUST copy_id copy_query
65		REPLY QR NOERROR
66		SECTION QUESTION
67			com. IN A
68		SECTION AUTHORITY
69			com. IN NS	a.gtld-servers.net.
70		SECTION ADDITIONAL
71			a.gtld-servers.net.	IN 	A	192.5.6.30
72	ENTRY_END
73RANGE_END
74
75; a.gtld-servers.net.
76RANGE_BEGIN 0 100
77	ADDRESS 192.5.6.30
78	ENTRY_BEGIN
79		MATCH opcode qtype qname
80		ADJUST copy_id
81		REPLY QR NOERROR
82		SECTION QUESTION
83			com. IN NS
84		SECTION ANSWER
85			com.    IN NS   a.gtld-servers.net.
86		SECTION ADDITIONAL
87			a.gtld-servers.net.     IN      A       192.5.6.30
88	ENTRY_END
89
90	ENTRY_BEGIN
91		MATCH opcode subdomain
92		ADJUST copy_id copy_query
93		REPLY QR NOERROR
94		SECTION QUESTION
95			example.com. IN A
96		SECTION AUTHORITY
97			example.com.	IN NS	ns.example.com.
98		SECTION ADDITIONAL
99			ns.example.com.		IN 	A	1.2.3.4
100	ENTRY_END
101RANGE_END
102
103; ns.example.com.
104RANGE_BEGIN 0 100
105	ADDRESS 1.2.3.4
106	ENTRY_BEGIN
107		MATCH opcode qtype qname
108		ADJUST copy_id
109		REPLY QR NOERROR
110		SECTION QUESTION
111			example.com. IN NS
112		SECTION ANSWER
113			example.com.    IN NS   ns.example.com.
114		SECTION ADDITIONAL
115			ns.example.com.         IN      A       1.2.3.4
116	ENTRY_END
117
118	ENTRY_BEGIN
119		MATCH opcode qtype qname
120		ADJUST copy_id
121		REPLY QR AA NOERROR
122		SECTION QUESTION
123			ns.example.com. IN AAAA
124		SECTION AUTHORITY
125			example.com. 10 IN SOA . . 15 28800 7200 604800 10
126	ENTRY_END
127
128	; response to A query
129	ENTRY_BEGIN
130		MATCH opcode qtype qname
131		ADJUST copy_id
132		REPLY QR NOERROR
133		SECTION QUESTION
134			example.com. IN A
135		SECTION ANSWER
136			example.com.    3600 IN      A       5.6.7.8
137		SECTION AUTHORITY
138			example.com.	IN NS	ns.example.com.
139		SECTION ADDITIONAL
140			ns.example.com.		IN 	A	1.2.3.4
141	ENTRY_END
142
143	; response to IPSECKEY query
144	ENTRY_BEGIN
145		MATCH opcode qtype qname
146		ADJUST copy_id
147		REPLY QR NOERROR
148		SECTION QUESTION
149			example.com. IN IPSECKEY
150		SECTION ANSWER
151			example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
152		SECTION AUTHORITY
153			example.com.	IN NS	ns.example.com.
154		SECTION ADDITIONAL
155			ns.example.com.		IN 	A	1.2.3.4
156	ENTRY_END
157RANGE_END
158
159; Query with RD flag
160STEP 1 QUERY
161ENTRY_BEGIN
162	REPLY RD
163	SECTION QUESTION
164		example.com. IN A
165ENTRY_END
166
167STEP 2 CHECK_OUT_QUERY
168ENTRY_BEGIN
169	MATCH qname qtype opcode
170	SECTION QUESTION
171		example.com. IN IPSECKEY
172ENTRY_END
173
174STEP 10 CHECK_ANSWER
175ENTRY_BEGIN
176	MATCH all ttl
177	REPLY QR RD RA NOERROR
178	SECTION QUESTION
179		example.com. IN A
180	SECTION ANSWER
181		example.com.  200 IN A 5.6.7.8
182	SECTION AUTHORITY
183		example.com.	IN NS	ns.example.com.
184	SECTION ADDITIONAL
185		ns.example.com.		IN 	A	1.2.3.4
186ENTRY_END
187
188; Query without RD, check if cached and with correct TTL
189STEP 11 QUERY
190ENTRY_BEGIN
191	SECTION QUESTION
192		example.com. IN A
193ENTRY_END
194
195STEP 20 CHECK_ANSWER
196ENTRY_BEGIN
197	MATCH all ttl
198	REPLY QR RA NOERROR
199	SECTION QUESTION
200		example.com. IN A
201	SECTION ANSWER
202		example.com.  200 IN A 5.6.7.8
203	SECTION AUTHORITY
204		example.com.	IN NS	ns.example.com.
205	SECTION ADDITIONAL
206		ns.example.com.		IN 	A	1.2.3.4
207ENTRY_END
208
209; Query without RD, check if IPSECKEY cached
210STEP 21 QUERY
211ENTRY_BEGIN
212	SECTION QUESTION
213		example.com. IN IPSECKEY
214ENTRY_END
215
216STEP 30 CHECK_ANSWER
217ENTRY_BEGIN
218	MATCH all
219	REPLY QR RA NOERROR
220	SECTION QUESTION
221		example.com. IN IPSECKEY
222	SECTION ANSWER
223		example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
224	SECTION AUTHORITY
225		example.com.	IN NS	ns.example.com.
226	SECTION ADDITIONAL
227		ns.example.com.		IN 	A	1.2.3.4
228ENTRY_END
229
230SCENARIO_END
231