xref: /netbsd-src/external/bsd/unbound/dist/testdata/iter_scrub_dname_insec.rpl (revision f42d8de7d1744f0ae38eedac13b4320e5351d1d6) 
1; config options
2server:
3	harden-referral-path: no
4	target-fetch-policy: "0 0 0 0 0"
5	qname-minimisation: "no"
6	minimal-responses: no
7
8stub-zone:
9        name: "."
10	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
11CONFIG_END
12
13SCENARIO_BEGIN Test scrub of insecure DNAME in answer section
14
15STEP 10 QUERY
16ENTRY_BEGIN
17REPLY RD
18SECTION QUESTION
19x.y.example.com. IN A
20ENTRY_END
21
22; root prime is sent
23STEP 20 CHECK_OUT_QUERY
24ENTRY_BEGIN
25MATCH qname qtype opcode
26SECTION QUESTION
27. IN NS
28ENTRY_END
29STEP 30 REPLY
30ENTRY_BEGIN
31MATCH opcode qtype qname
32ADJUST copy_id
33REPLY QR AA NOERROR
34SECTION QUESTION
35. IN NS
36SECTION ANSWER
37. IN NS K.ROOT-SERVERS.NET.
38SECTION ADDITIONAL
39K.ROOT-SERVERS.NET. IN A 193.0.14.129
40ENTRY_END
41
42; query sent to root server
43STEP 40 CHECK_OUT_QUERY
44ENTRY_BEGIN
45MATCH qname qtype opcode
46SECTION QUESTION
47x.y.example.com. IN A
48ENTRY_END
49STEP 50 REPLY
50ENTRY_BEGIN
51MATCH opcode qtype qname
52ADJUST copy_id
53REPLY QR NOERROR
54SECTION QUESTION
55x.y.example.com. IN A
56SECTION AUTHORITY
57com. IN NS a.gtld-servers.net.
58SECTION ADDITIONAL
59a.gtld-servers.net. IN A 192.5.6.30
60ENTRY_END
61
62; query sent to .com server
63STEP 60 CHECK_OUT_QUERY
64ENTRY_BEGIN
65MATCH qname qtype opcode
66SECTION QUESTION
67x.y.example.com. IN A
68ENTRY_END
69
70; STEP 62 CHECK_OUT_QUERY
71; ENTRY_BEGIN
72; MATCH qname qtype opcode
73; SECTION QUESTION
74; com. IN NS
75; ENTRY_END
76; STEP 63 REPLY
77; ENTRY_BEGIN
78; MATCH opcode qtype qname
79; ADJUST copy_id
80; REPLY QR NOERROR
81; SECTION QUESTION
82; com. IN NS
83; SECTION ANSWER
84; com. IN NS a.gtld-servers.net.
85; SECTION ADDITIONAL
86; a.gtld-servers.net. IN A 192.5.6.30
87; ENTRY_END
88
89STEP 70 REPLY
90ENTRY_BEGIN
91MATCH opcode qtype qname
92ADJUST copy_id
93REPLY QR NOERROR
94SECTION QUESTION
95x.y.example.com. IN A
96SECTION AUTHORITY
97example.com. IN NS ns1.example.com.
98SECTION ADDITIONAL
99ns1.example.com. IN A 168.192.2.2
100ENTRY_END
101
102STEP 80 CHECK_OUT_QUERY
103ENTRY_BEGIN
104MATCH qname qtype opcode
105SECTION QUESTION
106x.y.example.com. IN A
107ENTRY_END
108
109; STEP 82 CHECK_OUT_QUERY
110; ENTRY_BEGIN
111; MATCH qname qtype opcode
112; SECTION QUESTION
113; example.com. IN NS
114; ENTRY_END
115; STEP 83 REPLY
116; ENTRY_BEGIN
117; MATCH opcode qtype qname
118; ADJUST copy_id
119; REPLY QR NOERROR
120; SECTION QUESTION
121; example.com. IN NS
122; SECTION ANSWER
123; example.com. IN NS ns1.example.com.
124; SECTION ADDITIONAL
125; ns1.example.com. IN A 168.192.2.2
126; ENTRY_END
127
128STEP 90 REPLY
129ENTRY_BEGIN
130MATCH opcode qtype qname
131ADJUST copy_id
132REPLY QR AA NOERROR
133SECTION QUESTION
134x.y.example.com. IN A
135SECTION ANSWER
136y.example.com. DNAME z.example.com.
137x.y.example.com. IN CNAME x.z.example.com.
138x.z.example.com. IN A 10.20.30.0
139SECTION AUTHORITY
140example.com. IN NS ns1.example.com.
141SECTION ADDITIONAL
142ns1.example.com. IN A 168.192.2.2
143ENTRY_END
144
145STEP 100 CHECK_OUT_QUERY
146ENTRY_BEGIN
147MATCH qname qtype opcode
148SECTION QUESTION
149x.z.example.com. IN A
150ENTRY_END
151STEP 110 REPLY
152ENTRY_BEGIN
153MATCH opcode qtype qname
154ADJUST copy_id
155REPLY QR AA NOERROR
156SECTION QUESTION
157x.z.example.com. IN A
158SECTION ANSWER
159x.z.example.com. IN A 10.20.30.40
160SECTION AUTHORITY
161example.com. IN NS ns1.example.com.
162SECTION ADDITIONAL
163ns1.example.com. IN A 168.192.2.2
164ENTRY_END
165
166; answer to first query (simply puts DNAME in cache)
167STEP 120 CHECK_ANSWER
168ENTRY_BEGIN
169MATCH all
170REPLY QR RD RA
171SECTION QUESTION
172x.y.example.com. IN A
173SECTION ANSWER
174y.example.com. DNAME z.example.com.
175x.y.example.com. IN CNAME x.z.example.com.
176x.z.example.com. IN A 10.20.30.40
177SECTION AUTHORITY
178example.com. IN NS ns1.example.com.
179SECTION ADDITIONAL
180ns1.example.com. IN A 168.192.2.2
181ENTRY_END
182
183; now, DNAME insecure from cache should not be used.
184; new query
185STEP 200 QUERY
186ENTRY_BEGIN
187REPLY RD
188SECTION QUESTION
189other.y.example.com. IN A
190ENTRY_END
191
192STEP 210 CHECK_OUT_QUERY
193ENTRY_BEGIN
194MATCH qname qtype opcode
195SECTION QUESTION
196other.y.example.com. IN A
197ENTRY_END
198STEP 220 REPLY
199ENTRY_BEGIN
200MATCH opcode qtype qname
201ADJUST copy_id
202REPLY QR AA NOERROR
203SECTION QUESTION
204other.y.example.com. IN A
205SECTION ANSWER
206y.example.com. DNAME z.example.com.
207other.y.example.com. IN CNAME other.z.example.com.
208other.z.example.com. IN A 50.60.70.0
209SECTION AUTHORITY
210example.com. IN NS ns1.example.com.
211SECTION ADDITIONAL
212ns1.example.com. IN A 168.192.2.2
213ENTRY_END
214
215STEP 230 CHECK_OUT_QUERY
216ENTRY_BEGIN
217MATCH qname qtype opcode
218SECTION QUESTION
219other.z.example.com. IN A
220ENTRY_END
221STEP 240 REPLY
222ENTRY_BEGIN
223MATCH opcode qtype qname
224ADJUST copy_id
225REPLY QR AA NOERROR
226SECTION QUESTION
227other.z.example.com. IN A
228SECTION ANSWER
229other.z.example.com. IN A 50.60.70.80
230SECTION AUTHORITY
231example.com. IN NS ns1.example.com.
232SECTION ADDITIONAL
233ns1.example.com. IN A 168.192.2.2
234ENTRY_END
235
236STEP 250 CHECK_ANSWER
237ENTRY_BEGIN
238MATCH all
239REPLY QR RD RA
240SECTION QUESTION
241other.y.example.com. IN A
242SECTION ANSWER
243y.example.com. DNAME z.example.com.
244other.y.example.com. IN CNAME other.z.example.com.
245other.z.example.com. IN A 50.60.70.80
246SECTION AUTHORITY
247example.com. IN NS ns1.example.com.
248SECTION ADDITIONAL
249ns1.example.com. IN A 168.192.2.2
250ENTRY_END
251
252SCENARIO_END
253