xref: /netbsd-src/external/bsd/unbound/dist/testdata/iter_nxns_fallback.rpl (revision 91f7d55fb697b5e0475da4718fa34c3a3ebeac85) 
1; Check if fallback to the parent side works when MAX_TARGET_NX is reached.
2
3server:
4	module-config: "iterator"
5	trust-anchor-signaling: no
6	target-fetch-policy: "0 0 0 0 0"
7	verbosity: 3
8	access-control: 127.0.0.1 allow_snoop
9	qname-minimisation: no
10	minimal-responses: no
11	rrset-roundrobin: no
12
13stub-zone:
14	name: "."
15	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
16CONFIG_END
17
18SCENARIO_BEGIN Test the NXNS fallback
19
20; K.ROOT-SERVERS.NET.
21RANGE_BEGIN 0 100
22	ADDRESS 193.0.14.129
23	ENTRY_BEGIN
24		MATCH opcode qtype qname
25		ADJUST copy_id
26		REPLY QR NOERROR
27		SECTION QUESTION
28			. IN NS
29		SECTION ANSWER
30			. IN NS	K.ROOT-SERVERS.NET.
31		SECTION ADDITIONAL
32			K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
33	ENTRY_END
34
35	ENTRY_BEGIN
36		MATCH opcode qtype subdomain
37		ADJUST copy_id copy_query
38		REPLY QR NOERROR
39		SECTION QUESTION
40			example.com. IN A
41		SECTION AUTHORITY
42			com.	IN NS	a.gtld-servers.net.
43		SECTION ADDITIONAL
44			a.gtld-servers.net.	IN 	A	192.5.6.30
45	ENTRY_END
46
47	ENTRY_BEGIN
48		MATCH opcode subdomain
49		ADJUST copy_id copy_query
50		REPLY QR NOERROR
51		SECTION QUESTION
52			nonexistant.com. IN A
53		SECTION AUTHORITY
54			com.	IN NS	a.gtld-servers.net.
55		SECTION ADDITIONAL
56			a.gtld-servers.net.	IN 	A	192.5.6.30
57	ENTRY_END
58RANGE_END
59
60; a.gtld-servers.net.
61RANGE_BEGIN 0 100
62	ADDRESS 192.5.6.30
63	ENTRY_BEGIN
64		MATCH opcode qtype qname
65		ADJUST copy_id
66		REPLY QR NOERROR
67		SECTION QUESTION
68			com. IN NS
69		SECTION ANSWER
70			com.    IN NS   a.gtld-servers.net.
71		SECTION ADDITIONAL
72			a.gtld-servers.net.     IN      A       192.5.6.30
73	ENTRY_END
74
75	ENTRY_BEGIN
76		MATCH opcode qtype subdomain
77		ADJUST copy_id copy_query
78		REPLY QR NOERROR
79		SECTION QUESTION
80			example.com. IN A
81		SECTION AUTHORITY
82			example.com.	IN NS	ns.example.com.
83		SECTION ADDITIONAL
84			ns.example.com.	10 IN A		1.2.3.4
85	ENTRY_END
86
87	ENTRY_BEGIN
88		MATCH opcode subdomain
89		ADJUST copy_id copy_query
90		REPLY QR NOERROR
91		SECTION QUESTION
92			nonexistant.com. IN A
93		SECTION AUTHORITY
94			nonexistant.com. IN NS	ns.example.com.
95		SECTION ADDITIONAL
96			ns.example.com.	 10 IN A	1.2.3.4
97	ENTRY_END
98RANGE_END
99
100; ns.example.com.
101RANGE_BEGIN 0 100
102	ADDRESS 1.2.3.4
103	ENTRY_BEGIN
104		MATCH opcode qtype qname
105		ADJUST copy_id
106		REPLY QR NOERROR
107		SECTION QUESTION
108			example.com. IN NS
109		SECTION ANSWER
110			example.com.    IN NS   ns1.nonexistant.com.
111			example.com.    IN NS   ns2.nonexistant.com.
112			example.com.    IN NS   ns3.nonexistant.com.
113			example.com.    IN NS   ns4.nonexistant.com.
114			example.com.    IN NS   ns5.nonexistant.com.
115			example.com.    IN NS   ns6.nonexistant.com.
116			example.com.    IN NS   ns7.nonexistant.com.
117			example.com.    IN NS   ns8.nonexistant.com.
118			example.com.    IN NS   ns9.nonexistant.com.
119			example.com.    IN NS   ns10.nonexistant.com.
120			example.com.    IN NS   ns11.nonexistant.com.
121			example.com.    IN NS   ns12.nonexistant.com.
122	ENTRY_END
123
124	ENTRY_BEGIN
125		MATCH opcode qtype qname
126		ADJUST copy_id
127		REPLY QR NOERROR
128		SECTION QUESTION
129			ns.example.com. IN A
130		SECTION ANSWER
131			ns.example.com. 10 IN A 1.2.3.4
132	ENTRY_END
133
134	ENTRY_BEGIN
135		MATCH opcode qtype qname
136		ADJUST copy_id
137		REPLY QR NOERROR
138		SECTION QUESTION
139			ns.example.com. IN AAAA
140		SECTION AUTHORITY
141			example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600
142	ENTRY_END
143
144	ENTRY_BEGIN
145		MATCH opcode subdomain
146		ADJUST copy_id copy_query
147		REPLY QR NXDOMAIN
148		SECTION QUESTION
149			nonexistant.com. IN A
150	ENTRY_END
151
152	ENTRY_BEGIN
153		MATCH opcode qtype qname
154		ADJUST copy_id
155		REPLY QR NOERROR
156		SECTION QUESTION
157			a.example.com. IN A
158		SECTION ANSWER
159			a.example.com. IN A	10.20.30.40
160		SECTION AUTHORITY
161			example.com.    IN NS   ns1.nonexistant.com.
162			example.com.    IN NS   ns2.nonexistant.com.
163			example.com.    IN NS   ns3.nonexistant.com.
164			example.com.    IN NS   ns4.nonexistant.com.
165			example.com.    IN NS   ns5.nonexistant.com.
166			example.com.    IN NS   ns6.nonexistant.com.
167			example.com.    IN NS   ns7.nonexistant.com.
168			example.com.    IN NS   ns8.nonexistant.com.
169			example.com.    IN NS   ns9.nonexistant.com.
170			example.com.    IN NS   ns10.nonexistant.com.
171			example.com.    IN NS   ns11.nonexistant.com.
172			example.com.    IN NS   ns12.nonexistant.com.
173	ENTRY_END
174
175	ENTRY_BEGIN
176		MATCH opcode qtype qname
177		ADJUST copy_id
178		REPLY QR NOERROR
179		SECTION QUESTION
180			b.example.com. IN A
181		SECTION ANSWER
182			b.example.com. IN A	10.20.30.40
183		SECTION AUTHORITY
184			example.com.    IN NS   ns1.nonexistant.com.
185			example.com.    IN NS   ns2.nonexistant.com.
186			example.com.    IN NS   ns3.nonexistant.com.
187			example.com.    IN NS   ns4.nonexistant.com.
188			example.com.    IN NS   ns5.nonexistant.com.
189			example.com.    IN NS   ns6.nonexistant.com.
190			example.com.    IN NS   ns7.nonexistant.com.
191			example.com.    IN NS   ns8.nonexistant.com.
192			example.com.    IN NS   ns9.nonexistant.com.
193			example.com.    IN NS   ns10.nonexistant.com.
194			example.com.    IN NS   ns11.nonexistant.com.
195			example.com.    IN NS   ns12.nonexistant.com.
196	ENTRY_END
197
198	ENTRY_BEGIN
199		MATCH opcode qtype qname
200		ADJUST copy_id
201		REPLY QR NOERROR
202		SECTION QUESTION
203			c.example.com. IN A
204		SECTION ANSWER
205			c.example.com. IN A	10.20.30.40
206		SECTION AUTHORITY
207			example.com.    IN NS   ns1.nonexistant.com.
208			example.com.    IN NS   ns2.nonexistant.com.
209			example.com.    IN NS   ns3.nonexistant.com.
210			example.com.    IN NS   ns4.nonexistant.com.
211			example.com.    IN NS   ns5.nonexistant.com.
212			example.com.    IN NS   ns6.nonexistant.com.
213			example.com.    IN NS   ns7.nonexistant.com.
214			example.com.    IN NS   ns8.nonexistant.com.
215			example.com.    IN NS   ns9.nonexistant.com.
216			example.com.    IN NS   ns10.nonexistant.com.
217			example.com.    IN NS   ns11.nonexistant.com.
218			example.com.    IN NS   ns12.nonexistant.com.
219	ENTRY_END
220
221	ENTRY_BEGIN
222		MATCH opcode qtype qname
223		ADJUST copy_id
224		REPLY QR NOERROR
225		SECTION QUESTION
226			d.example.com. IN A
227		SECTION ANSWER
228			d.example.com. IN A	10.20.30.40
229		SECTION AUTHORITY
230			example.com.    IN NS   ns1.nonexistant.com.
231			example.com.    IN NS   ns2.nonexistant.com.
232			example.com.    IN NS   ns3.nonexistant.com.
233			example.com.    IN NS   ns4.nonexistant.com.
234			example.com.    IN NS   ns5.nonexistant.com.
235			example.com.    IN NS   ns6.nonexistant.com.
236			example.com.    IN NS   ns7.nonexistant.com.
237			example.com.    IN NS   ns8.nonexistant.com.
238			example.com.    IN NS   ns9.nonexistant.com.
239			example.com.    IN NS   ns10.nonexistant.com.
240			example.com.    IN NS   ns11.nonexistant.com.
241			example.com.    IN NS   ns12.nonexistant.com.
242	ENTRY_END
243RANGE_END
244
245STEP 1 QUERY
246ENTRY_BEGIN
247REPLY RD
248SECTION QUESTION
249a.example.com. IN A
250ENTRY_END
251
252; This was resolved by asking the parent side nameservers
253STEP 2 CHECK_ANSWER
254ENTRY_BEGIN
255MATCH all
256REPLY QR RD RA NOERROR
257SECTION QUESTION
258a.example.com.	IN A
259SECTION ANSWER
260a.example.com.	IN A	10.20.30.40
261SECTION AUTHORITY
262example.com.    IN NS   ns1.nonexistant.com.
263example.com.    IN NS   ns2.nonexistant.com.
264example.com.    IN NS   ns3.nonexistant.com.
265example.com.    IN NS   ns4.nonexistant.com.
266example.com.    IN NS   ns5.nonexistant.com.
267example.com.    IN NS   ns6.nonexistant.com.
268example.com.    IN NS   ns7.nonexistant.com.
269example.com.    IN NS   ns8.nonexistant.com.
270example.com.    IN NS   ns9.nonexistant.com.
271example.com.    IN NS   ns10.nonexistant.com.
272example.com.    IN NS   ns11.nonexistant.com.
273example.com.    IN NS   ns12.nonexistant.com.
274ENTRY_END
275
276; The child side nameservers are now known to Unbound
277
278; Query again, the child server nameservers will be asked now
279STEP 3 QUERY
280ENTRY_BEGIN
281REPLY RD
282SECTION QUESTION
283b.example.com. IN A
284ENTRY_END
285
286; This was resolved by falling back to the parent side nameservers
287STEP 4 CHECK_ANSWER
288ENTRY_BEGIN
289MATCH all
290REPLY QR RD RA NOERROR
291SECTION QUESTION
292b.example.com.	IN A
293SECTION ANSWER
294b.example.com.	IN A	10.20.30.40
295SECTION AUTHORITY
296example.com.    IN NS   ns1.nonexistant.com.
297example.com.    IN NS   ns2.nonexistant.com.
298example.com.    IN NS   ns3.nonexistant.com.
299example.com.    IN NS   ns4.nonexistant.com.
300example.com.    IN NS   ns5.nonexistant.com.
301example.com.    IN NS   ns6.nonexistant.com.
302example.com.    IN NS   ns7.nonexistant.com.
303example.com.    IN NS   ns8.nonexistant.com.
304example.com.    IN NS   ns9.nonexistant.com.
305example.com.    IN NS   ns10.nonexistant.com.
306example.com.    IN NS   ns11.nonexistant.com.
307example.com.    IN NS   ns12.nonexistant.com.
308ENTRY_END
309
310; Query a third time, this will get the cached NXDOMAINs (no NX counter for
311; those) and will go to the parent as a last resort. This query will test that
312; we will not have resolution for the lame(parent side) addresses that could
313; raise the NX counter because of no address addition to the delegation point
314; (the same addresses are already there).
315STEP 5 QUERY
316ENTRY_BEGIN
317REPLY RD
318SECTION QUESTION
319c.example.com. IN A
320ENTRY_END
321
322; This was resolved by going back to the parent side nameservers (child side
323; was exhausted from cache and queries < MAX_TARGET_NX).
324STEP 6 CHECK_ANSWER
325ENTRY_BEGIN
326MATCH all
327REPLY QR RD RA NOERROR
328SECTION QUESTION
329c.example.com.	IN A
330SECTION ANSWER
331c.example.com.	IN A	10.20.30.40
332SECTION AUTHORITY
333example.com.    IN NS   ns1.nonexistant.com.
334example.com.    IN NS   ns2.nonexistant.com.
335example.com.    IN NS   ns3.nonexistant.com.
336example.com.    IN NS   ns4.nonexistant.com.
337example.com.    IN NS   ns5.nonexistant.com.
338example.com.    IN NS   ns6.nonexistant.com.
339example.com.    IN NS   ns7.nonexistant.com.
340example.com.    IN NS   ns8.nonexistant.com.
341example.com.    IN NS   ns9.nonexistant.com.
342example.com.    IN NS   ns10.nonexistant.com.
343example.com.    IN NS   ns11.nonexistant.com.
344example.com.    IN NS   ns12.nonexistant.com.
345ENTRY_END
346
347; Allow for the nameserver glue to expire
348STEP 10 TIME_PASSES ELAPSE 11
349
350; Query again for the parent side fallback
351STEP 11 QUERY
352ENTRY_BEGIN
353REPLY RD
354SECTION QUESTION
355d.example.com. IN A
356ENTRY_END
357
358; This was resolved by falling back to the parent side nameservers
359STEP 12 CHECK_ANSWER
360ENTRY_BEGIN
361MATCH all
362REPLY QR RD RA NOERROR
363SECTION QUESTION
364d.example.com.	IN A
365SECTION ANSWER
366d.example.com.	IN A	10.20.30.40
367SECTION AUTHORITY
368example.com.    IN NS   ns1.nonexistant.com.
369example.com.    IN NS   ns2.nonexistant.com.
370example.com.    IN NS   ns3.nonexistant.com.
371example.com.    IN NS   ns4.nonexistant.com.
372example.com.    IN NS   ns5.nonexistant.com.
373example.com.    IN NS   ns6.nonexistant.com.
374example.com.    IN NS   ns7.nonexistant.com.
375example.com.    IN NS   ns8.nonexistant.com.
376example.com.    IN NS   ns9.nonexistant.com.
377example.com.    IN NS   ns10.nonexistant.com.
378example.com.    IN NS   ns11.nonexistant.com.
379example.com.    IN NS   ns12.nonexistant.com.
380ENTRY_END
381
382SCENARIO_END
383