Home | History | Annotate | Line # | Download | only in testdata 
      1 ; config options
      2 server:
      3 	target-fetch-policy: "0 0 0 0 0"
      4 	trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
      5 	trust-anchor-signaling: no
      6 	val-override-date: 20201020135527
      7 
      8 auth-zone:
      9 	name: "example.com."
     10 	zonemd-check: yes
     11 	zonemd-reject-absence: yes
     12 	## zonefile (or none).
     13 	## zonefile: "example.com.zone"
     14 	## master by IP address or hostname
     15 	## can list multiple masters, each on one line.
     16 	## master:
     17 	## url for http fetch
     18 	## url:
     19 	## queries from downstream clients get authoritative answers.
     20 	## for-downstream: yes
     21 	for-downstream: no
     22 	## queries are used to fetch authoritative answers from this zone,
     23 	## instead of unbound itself sending queries there.
     24 	## for-upstream: yes
     25 	for-upstream: yes
     26 	## on failures with for-upstream, fallback to sending queries to
     27 	## the authority servers
     28 	## fallback-enabled: no
     29 
     30 	## this line generates zonefile: \n"/tmp/xxx.example.com"\n
     31 	zonefile:
     32 TEMPFILE_NAME example.com
     33 	## this is the inline file /tmp/xxx.example.com
     34 	## the tempfiles are deleted when the testrun is over.
     35 TEMPFILE_CONTENTS example.com
     36 example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
     37 example.com. IN NS ns.example.com.
     38 ; the missing ZONEMD record
     39 ;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
     40 www.example.com. IN A 127.0.0.1
     41 ns.example.com. IN A 127.0.0.1
     42 bar.example.com. IN A 1.2.3.4
     43 ding.example.com. IN A 1.2.3.4
     44 foo.example.com. IN A 1.2.3.4
     45 TEMPFILE_END
     46 
     47 stub-zone:
     48 	name: "."
     49 	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
     50 CONFIG_END
     51 
     52 SCENARIO_BEGIN Test authority zone with reject-absence ZONEMD that is securely insecure
     53 ; the trust anchor finds an online delegation with an insecure DS referral.
     54 ; the ZONEMD is not there.  This is not allowed by the zonemd-reject-absence
     55 ; option in config, so it fails the zone.
     56 
     57 ; K.ROOT-SERVERS.NET.
     58 RANGE_BEGIN 0 100
     59 	ADDRESS 193.0.14.129
     60 ENTRY_BEGIN
     61 MATCH opcode qtype qname
     62 ADJUST copy_id
     63 REPLY QR NOERROR
     64 SECTION QUESTION
     65 . IN NS
     66 SECTION ANSWER
     67 . IN NS	K.ROOT-SERVERS.NET.
     68 SECTION ADDITIONAL
     69 K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
     70 ENTRY_END
     71 
     72 ENTRY_BEGIN
     73 MATCH opcode subdomain
     74 ADJUST copy_id copy_query
     75 REPLY QR NOERROR
     76 SECTION QUESTION
     77 com. IN NS
     78 SECTION AUTHORITY
     79 com.	IN NS	a.gtld-servers.net.
     80 SECTION ADDITIONAL
     81 a.gtld-servers.net.	IN 	A	192.5.6.30
     82 ENTRY_END
     83 RANGE_END
     84 
     85 ; a.gtld-servers.net.
     86 RANGE_BEGIN 0 100
     87 	ADDRESS 192.5.6.30
     88 ENTRY_BEGIN
     89 MATCH opcode qtype qname
     90 ADJUST copy_id
     91 REPLY QR NOERROR
     92 SECTION QUESTION
     93 com. IN NS
     94 SECTION ANSWER
     95 com.	IN NS	a.gtld-servers.net.
     96 SECTION ADDITIONAL
     97 a.gtld-servers.net.	IN 	A	192.5.6.30
     98 ENTRY_END
     99 
    100 ENTRY_BEGIN
    101 MATCH opcode qname qtype
    102 ADJUST copy_id
    103 REPLY QR AA NOERROR
    104 SECTION QUESTION
    105 example.com. IN DS
    106 SECTION AUTHORITY
    107 com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400
    108 com.	3600	IN	RRSIG	SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM=
    109 example.com. IN NSEC foo.com. NS RRSIG
    110 example.com.	3600	IN	RRSIG	NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
    111 ENTRY_END
    112 
    113 ENTRY_BEGIN
    114 MATCH opcode subdomain
    115 ADJUST copy_id copy_query
    116 REPLY QR NOERROR
    117 SECTION QUESTION
    118 example.com. IN NS
    119 SECTION AUTHORITY
    120 example.com.	IN NS	ns.example.com.
    121 example.com. IN NSEC foo.com. NS RRSIG
    122 example.com.	3600	IN	RRSIG	NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
    123 SECTION ADDITIONAL
    124 ns.example.com. IN A 1.2.3.44
    125 ENTRY_END
    126 
    127 ENTRY_BEGIN
    128 MATCH opcode qtype qname
    129 ADJUST copy_id
    130 REPLY QR AA NOERROR
    131 SECTION QUESTION
    132 com. IN DNSKEY
    133 SECTION ANSWER
    134 com.	3600	IN	DNSKEY	257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
    135 com.	3600	IN	RRSIG	DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
    136 SECTION ADDITIONAL
    137 ENTRY_END
    138 
    139 RANGE_END
    140 
    141 ; ns.example.net.
    142 RANGE_BEGIN 0 100
    143 	ADDRESS 1.2.3.44
    144 ENTRY_BEGIN
    145 MATCH opcode qtype qname
    146 ADJUST copy_id
    147 REPLY QR NOERROR
    148 SECTION QUESTION
    149 example.net. IN NS
    150 SECTION ANSWER
    151 example.net.	IN NS	ns.example.net.
    152 SECTION ADDITIONAL
    153 ns.example.net.		IN 	A	1.2.3.44
    154 ENTRY_END
    155 
    156 ENTRY_BEGIN
    157 MATCH opcode qtype qname
    158 ADJUST copy_id
    159 REPLY QR NOERROR
    160 SECTION QUESTION
    161 ns.example.net. IN A
    162 SECTION ANSWER
    163 ns.example.net. IN A	1.2.3.44
    164 SECTION AUTHORITY
    165 example.net.	IN NS	ns.example.net.
    166 ENTRY_END
    167 
    168 ENTRY_BEGIN
    169 MATCH opcode qtype qname
    170 ADJUST copy_id
    171 REPLY QR NOERROR
    172 SECTION QUESTION
    173 ns.example.net. IN AAAA
    174 SECTION AUTHORITY
    175 example.net.	IN NS	ns.example.net.
    176 SECTION ADDITIONAL
    177 www.example.net. IN A	1.2.3.44
    178 ENTRY_END
    179 
    180 ENTRY_BEGIN
    181 MATCH opcode qtype qname
    182 ADJUST copy_id
    183 REPLY QR NOERROR
    184 SECTION QUESTION
    185 example.com. IN NS
    186 SECTION ANSWER
    187 example.com.	IN NS	ns.example.net.
    188 ENTRY_END
    189 
    190 ENTRY_BEGIN
    191 MATCH opcode qtype qname
    192 ADJUST copy_id
    193 REPLY QR NOERROR
    194 SECTION QUESTION
    195 www.example.com. IN A
    196 SECTION ANSWER
    197 www.example.com. IN A	10.20.30.40
    198 ENTRY_END
    199 RANGE_END
    200 
    201 STEP 1 QUERY
    202 ENTRY_BEGIN
    203 REPLY RD
    204 SECTION QUESTION
    205 www.example.com. IN A
    206 ENTRY_END
    207 
    208 ; recursion happens here.
    209 STEP 20 CHECK_ANSWER
    210 ENTRY_BEGIN
    211 MATCH all
    212 REPLY QR RD RA SERVFAIL
    213 SECTION QUESTION
    214 www.example.com. IN A
    215 SECTION ANSWER
    216 ENTRY_END
    217 
    218 SCENARIO_END
    219