1 ; config options 2 server: 3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 4 val-override-date: "20070916134226" 5 target-fetch-policy: "0 0 0 0 0" 6 fake-sha1: yes 7 trust-anchor-signaling: no 8 9 auth-zone: 10 name: "example.com." 11 ## zonefile (or none). 12 ## zonefile: "example.com.zone" 13 ## master by IP address or hostname 14 ## can list multiple masters, each on one line. 15 ## master: 16 ## url for http fetch 17 ## url: 18 ## queries from downstream clients get authoritative answers. 19 ## for-downstream: yes 20 for-downstream: no 21 ## queries are used to fetch authoritative answers from this zone, 22 ## instead of unbound itself sending queries there. 23 ## for-upstream: yes 24 for-upstream: yes 25 ## on failures with for-upstream, fallback to sending queries to 26 ## the authority servers 27 ## fallback-enabled: no 28 fallback-enabled: yes 29 30 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n 31 zonefile: 32 TEMPFILE_NAME example.com 33 ## this is the inline file /tmp/xxx.example.com 34 ## the tempfiles are deleted when the testrun is over. 35 TEMPFILE_CONTENTS example.com 36 $ORIGIN example.com. 37 example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( 38 1379078166 28800 7200 604800 7200 ) 39 3600 IN NS ns.example.com. 40 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 41 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 42 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 43 44 ns.example.com. IN A 1.2.3.4 45 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 46 47 ; this RR is edited to create the failure 48 ;www.example.com. IN A 10.20.30.40 49 www.example.com. IN A 127.0.0.1 50 ; also edits the signature to fail, without needing crypto checks. 51 ;www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 52 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 28540 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 53 54 TEMPFILE_END 55 56 stub-zone: 57 name: "." 58 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 59 CONFIG_END 60 61 SCENARIO_BEGIN Test authority zone with zonefile and dnssec failure 62 ; the zone file has signatures, used upstream, unbound validates the reply. 63 ; but that fails and now it tries again, with failover to internet hosted 64 ; (correct) contents. 65 66 ; K.ROOT-SERVERS.NET. 67 RANGE_BEGIN 0 100 68 ADDRESS 193.0.14.129 69 ENTRY_BEGIN 70 MATCH opcode qtype qname 71 ADJUST copy_id 72 REPLY QR NOERROR 73 SECTION QUESTION 74 . IN NS 75 SECTION ANSWER 76 . IN NS K.ROOT-SERVERS.NET. 77 SECTION ADDITIONAL 78 K.ROOT-SERVERS.NET. IN A 193.0.14.129 79 ENTRY_END 80 81 ENTRY_BEGIN 82 MATCH opcode subdomain 83 ADJUST copy_id copy_query 84 REPLY QR NOERROR 85 SECTION QUESTION 86 com. IN NS 87 SECTION AUTHORITY 88 com. IN NS a.gtld-servers.net. 89 SECTION ADDITIONAL 90 a.gtld-servers.net. IN A 192.5.6.30 91 ENTRY_END 92 RANGE_END 93 94 ; a.gtld-servers.net. 95 RANGE_BEGIN 0 100 96 ADDRESS 192.5.6.30 97 ENTRY_BEGIN 98 MATCH opcode qtype qname 99 ADJUST copy_id 100 REPLY QR NOERROR 101 SECTION QUESTION 102 com. IN NS 103 SECTION ANSWER 104 com. IN NS a.gtld-servers.net. 105 SECTION ADDITIONAL 106 a.gtld-servers.net. IN A 192.5.6.30 107 ENTRY_END 108 109 ENTRY_BEGIN 110 MATCH opcode subdomain 111 ADJUST copy_id copy_query 112 REPLY QR NOERROR 113 SECTION QUESTION 114 example.com. IN NS 115 SECTION AUTHORITY 116 example.com. IN NS ns.example.com. 117 SECTION ADDITIONAL 118 ns.example.com. IN A 1.2.3.44 119 ENTRY_END 120 RANGE_END 121 122 ; ns.example.net. 123 RANGE_BEGIN 0 100 124 ADDRESS 1.2.3.44 125 ENTRY_BEGIN 126 MATCH opcode qtype qname 127 ADJUST copy_id 128 REPLY QR NOERROR 129 SECTION QUESTION 130 example.net. IN NS 131 SECTION ANSWER 132 example.net. IN NS ns.example.net. 133 SECTION ADDITIONAL 134 ns.example.net. IN A 1.2.3.44 135 ENTRY_END 136 137 ENTRY_BEGIN 138 MATCH opcode qtype qname 139 ADJUST copy_id 140 REPLY QR NOERROR 141 SECTION QUESTION 142 ns.example.net. IN A 143 SECTION ANSWER 144 ns.example.net. IN A 1.2.3.44 145 SECTION AUTHORITY 146 example.net. IN NS ns.example.net. 147 ENTRY_END 148 149 ENTRY_BEGIN 150 MATCH opcode qtype qname 151 ADJUST copy_id 152 REPLY QR NOERROR 153 SECTION QUESTION 154 ns.example.net. IN AAAA 155 SECTION AUTHORITY 156 example.net. IN NS ns.example.net. 157 SECTION ADDITIONAL 158 www.example.net. IN A 1.2.3.44 159 ENTRY_END 160 161 ; response to DNSKEY priming query 162 ENTRY_BEGIN 163 MATCH opcode qtype qname 164 ADJUST copy_id 165 REPLY QR NOERROR 166 SECTION QUESTION 167 example.com. IN DNSKEY 168 SECTION ANSWER 169 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 170 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 171 ENTRY_END 172 173 ENTRY_BEGIN 174 MATCH opcode qtype qname 175 ADJUST copy_id 176 REPLY QR NOERROR 177 SECTION QUESTION 178 www.example.com. IN A 179 SECTION ANSWER 180 www.example.com. IN A 10.20.30.40 181 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 182 ENTRY_END 183 RANGE_END 184 185 STEP 1 QUERY 186 ENTRY_BEGIN 187 REPLY RD DO 188 SECTION QUESTION 189 www.example.com. IN A 190 ENTRY_END 191 192 ; recursion happens here. 193 STEP 20 CHECK_ANSWER 194 ENTRY_BEGIN 195 MATCH all 196 REPLY QR RD DO RA AD NOERROR 197 SECTION QUESTION 198 www.example.com. IN A 199 SECTION ANSWER 200 www.example.com. IN A 10.20.30.40 201 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 202 ENTRY_END 203 204 SCENARIO_END 205
Indexes created Mon Jun 01 00:24:59 UTC 2026