Home | History | Annotate | Line # | Download | only in testdata 
      1 ; config options
      2 server:
      3 	target-fetch-policy: "0 0 0 0 0"
      4 	trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
      5 	trust-anchor-signaling: no
      6 	val-override-date: 20201020135527
      7 
      8 auth-zone:
      9 	name: "example.com."
     10 	## zonefile (or none).
     11 	## zonefile: "example.com.zone"
     12 	## master by IP address or hostname
     13 	## can list multiple masters, each on one line.
     14 	## master:
     15 	## url for http fetch
     16 	## url:
     17 	## queries from downstream clients get authoritative answers.
     18 	## for-downstream: yes
     19 	for-downstream: no
     20 	## queries are used to fetch authoritative answers from this zone,
     21 	## instead of unbound itself sending queries there.
     22 	## for-upstream: yes
     23 	for-upstream: yes
     24 	## on failures with for-upstream, fallback to sending queries to
     25 	## the authority servers
     26 	## fallback-enabled: no
     27 	zonemd-check: yes
     28 
     29 	## this line generates zonefile: \n"/tmp/xxx.example.com"\n
     30 	zonefile:
     31 TEMPFILE_NAME example.com
     32 	## this is the inline file /tmp/xxx.example.com
     33 	## the tempfiles are deleted when the testrun is over.
     34 TEMPFILE_CONTENTS example.com
     35 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
     36 example.com. IN NS ns.example.com.
     37 example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
     38 www.example.com. IN A 127.0.0.1
     39 ns.example.com. IN A 127.0.0.1
     40 bar.example.com. IN A 1.2.3.4
     41 ding.example.com. IN A 1.2.3.4
     42 foo.example.com. IN A 1.2.3.4
     43 TEMPFILE_END
     44 
     45 stub-zone:
     46 	name: "."
     47 	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
     48 CONFIG_END
     49 
     50 SCENARIO_BEGIN Test authority zone with ZONEMD that is securely insecure
     51 ; the trust anchor finds an online delegation with an insecure DS referral.
     52 
     53 ; K.ROOT-SERVERS.NET.
     54 RANGE_BEGIN 0 100
     55 	ADDRESS 193.0.14.129
     56 ENTRY_BEGIN
     57 MATCH opcode qtype qname
     58 ADJUST copy_id
     59 REPLY QR NOERROR
     60 SECTION QUESTION
     61 . IN NS
     62 SECTION ANSWER
     63 . IN NS	K.ROOT-SERVERS.NET.
     64 SECTION ADDITIONAL
     65 K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
     66 ENTRY_END
     67 
     68 ENTRY_BEGIN
     69 MATCH opcode subdomain
     70 ADJUST copy_id copy_query
     71 REPLY QR NOERROR
     72 SECTION QUESTION
     73 com. IN NS
     74 SECTION AUTHORITY
     75 com.	IN NS	a.gtld-servers.net.
     76 SECTION ADDITIONAL
     77 a.gtld-servers.net.	IN 	A	192.5.6.30
     78 ENTRY_END
     79 RANGE_END
     80 
     81 ; a.gtld-servers.net.
     82 RANGE_BEGIN 0 100
     83 	ADDRESS 192.5.6.30
     84 ENTRY_BEGIN
     85 MATCH opcode qtype qname
     86 ADJUST copy_id
     87 REPLY QR NOERROR
     88 SECTION QUESTION
     89 com. IN NS
     90 SECTION ANSWER
     91 com.	IN NS	a.gtld-servers.net.
     92 SECTION ADDITIONAL
     93 a.gtld-servers.net.	IN 	A	192.5.6.30
     94 ENTRY_END
     95 
     96 ENTRY_BEGIN
     97 MATCH opcode qname qtype
     98 ADJUST copy_id
     99 REPLY QR AA NOERROR
    100 SECTION QUESTION
    101 example.com. IN DS
    102 SECTION AUTHORITY
    103 com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400
    104 com.	3600	IN	RRSIG	SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM=
    105 example.com. IN NSEC foo.com. NS RRSIG
    106 example.com.	3600	IN	RRSIG	NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
    107 ENTRY_END
    108 
    109 ENTRY_BEGIN
    110 MATCH opcode subdomain
    111 ADJUST copy_id copy_query
    112 REPLY QR NOERROR
    113 SECTION QUESTION
    114 example.com. IN NS
    115 SECTION AUTHORITY
    116 example.com.	IN NS	ns.example.com.
    117 example.com. IN NSEC foo.com. NS RRSIG
    118 example.com.	3600	IN	RRSIG	NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
    119 SECTION ADDITIONAL
    120 ns.example.com. IN A 1.2.3.44
    121 ENTRY_END
    122 
    123 ENTRY_BEGIN
    124 MATCH opcode qtype qname
    125 ADJUST copy_id
    126 REPLY QR AA NOERROR
    127 SECTION QUESTION
    128 com. IN DNSKEY
    129 SECTION ANSWER
    130 com.	3600	IN	DNSKEY	257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
    131 com.	3600	IN	RRSIG	DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
    132 SECTION ADDITIONAL
    133 ENTRY_END
    134 
    135 RANGE_END
    136 
    137 ; ns.example.net.
    138 RANGE_BEGIN 0 100
    139 	ADDRESS 1.2.3.44
    140 ENTRY_BEGIN
    141 MATCH opcode qtype qname
    142 ADJUST copy_id
    143 REPLY QR NOERROR
    144 SECTION QUESTION
    145 example.net. IN NS
    146 SECTION ANSWER
    147 example.net.	IN NS	ns.example.net.
    148 SECTION ADDITIONAL
    149 ns.example.net.		IN 	A	1.2.3.44
    150 ENTRY_END
    151 
    152 ENTRY_BEGIN
    153 MATCH opcode qtype qname
    154 ADJUST copy_id
    155 REPLY QR NOERROR
    156 SECTION QUESTION
    157 ns.example.net. IN A
    158 SECTION ANSWER
    159 ns.example.net. IN A	1.2.3.44
    160 SECTION AUTHORITY
    161 example.net.	IN NS	ns.example.net.
    162 ENTRY_END
    163 
    164 ENTRY_BEGIN
    165 MATCH opcode qtype qname
    166 ADJUST copy_id
    167 REPLY QR NOERROR
    168 SECTION QUESTION
    169 ns.example.net. IN AAAA
    170 SECTION AUTHORITY
    171 example.net.	IN NS	ns.example.net.
    172 SECTION ADDITIONAL
    173 www.example.net. IN A	1.2.3.44
    174 ENTRY_END
    175 
    176 ENTRY_BEGIN
    177 MATCH opcode qtype qname
    178 ADJUST copy_id
    179 REPLY QR NOERROR
    180 SECTION QUESTION
    181 example.com. IN NS
    182 SECTION ANSWER
    183 example.com.	IN NS	ns.example.net.
    184 ENTRY_END
    185 
    186 ENTRY_BEGIN
    187 MATCH opcode qtype qname
    188 ADJUST copy_id
    189 REPLY QR NOERROR
    190 SECTION QUESTION
    191 www.example.com. IN A
    192 SECTION ANSWER
    193 www.example.com. IN A	10.20.30.40
    194 ENTRY_END
    195 RANGE_END
    196 
    197 STEP 1 QUERY
    198 ENTRY_BEGIN
    199 REPLY RD
    200 SECTION QUESTION
    201 www.example.com. IN A
    202 ENTRY_END
    203 
    204 ; recursion happens here.
    205 STEP 20 CHECK_ANSWER
    206 ENTRY_BEGIN
    207 MATCH all
    208 REPLY QR RD RA NOERROR
    209 SECTION QUESTION
    210 www.example.com. IN A
    211 SECTION ANSWER
    212 www.example.com. IN A	127.0.0.1
    213 ENTRY_END
    214 
    215 SCENARIO_END
    216