1 ; Check if fallback to the parent side works when MAX_TARGET_NX is reached. 2 3 server: 4 module-config: "iterator" 5 trust-anchor-signaling: no 6 target-fetch-policy: "0 0 0 0 0" 7 verbosity: 3 8 access-control: 127.0.0.1 allow_snoop 9 qname-minimisation: no 10 minimal-responses: no 11 iter-scrub-promiscuous: no 12 rrset-roundrobin: no 13 14 stub-zone: 15 name: "." 16 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 17 CONFIG_END 18 19 SCENARIO_BEGIN Test the NXNS fallback 20 21 ; K.ROOT-SERVERS.NET. 22 RANGE_BEGIN 0 100 23 ADDRESS 193.0.14.129 24 ENTRY_BEGIN 25 MATCH opcode qtype qname 26 ADJUST copy_id 27 REPLY QR NOERROR 28 SECTION QUESTION 29 . IN NS 30 SECTION ANSWER 31 . IN NS K.ROOT-SERVERS.NET. 32 SECTION ADDITIONAL 33 K.ROOT-SERVERS.NET. IN A 193.0.14.129 34 ENTRY_END 35 36 ENTRY_BEGIN 37 MATCH opcode qtype subdomain 38 ADJUST copy_id copy_query 39 REPLY QR NOERROR 40 SECTION QUESTION 41 example.com. IN A 42 SECTION AUTHORITY 43 com. IN NS a.gtld-servers.net. 44 SECTION ADDITIONAL 45 a.gtld-servers.net. IN A 192.5.6.30 46 ENTRY_END 47 48 ENTRY_BEGIN 49 MATCH opcode subdomain 50 ADJUST copy_id copy_query 51 REPLY QR NOERROR 52 SECTION QUESTION 53 nonexistent.com. IN A 54 SECTION AUTHORITY 55 com. IN NS a.gtld-servers.net. 56 SECTION ADDITIONAL 57 a.gtld-servers.net. IN A 192.5.6.30 58 ENTRY_END 59 RANGE_END 60 61 ; a.gtld-servers.net. 62 RANGE_BEGIN 0 100 63 ADDRESS 192.5.6.30 64 ENTRY_BEGIN 65 MATCH opcode qtype qname 66 ADJUST copy_id 67 REPLY QR NOERROR 68 SECTION QUESTION 69 com. IN NS 70 SECTION ANSWER 71 com. IN NS a.gtld-servers.net. 72 SECTION ADDITIONAL 73 a.gtld-servers.net. IN A 192.5.6.30 74 ENTRY_END 75 76 ENTRY_BEGIN 77 MATCH opcode qtype subdomain 78 ADJUST copy_id copy_query 79 REPLY QR NOERROR 80 SECTION QUESTION 81 example.com. IN A 82 SECTION AUTHORITY 83 example.com. IN NS ns.example.com. 84 SECTION ADDITIONAL 85 ns.example.com. 10 IN A 1.2.3.4 86 ENTRY_END 87 88 ENTRY_BEGIN 89 MATCH opcode subdomain 90 ADJUST copy_id copy_query 91 REPLY QR NOERROR 92 SECTION QUESTION 93 nonexistent.com. IN A 94 SECTION AUTHORITY 95 nonexistent.com. IN NS ns.example.com. 96 SECTION ADDITIONAL 97 ns.example.com. 10 IN A 1.2.3.4 98 ENTRY_END 99 RANGE_END 100 101 ; ns.example.com. 102 RANGE_BEGIN 0 100 103 ADDRESS 1.2.3.4 104 ENTRY_BEGIN 105 MATCH opcode qtype qname 106 ADJUST copy_id 107 REPLY QR NOERROR 108 SECTION QUESTION 109 example.com. IN NS 110 SECTION ANSWER 111 example.com. IN NS ns1.nonexistent.com. 112 example.com. IN NS ns2.nonexistent.com. 113 example.com. IN NS ns3.nonexistent.com. 114 example.com. IN NS ns4.nonexistent.com. 115 example.com. IN NS ns5.nonexistent.com. 116 example.com. IN NS ns6.nonexistent.com. 117 example.com. IN NS ns7.nonexistent.com. 118 example.com. IN NS ns8.nonexistent.com. 119 example.com. IN NS ns9.nonexistent.com. 120 example.com. IN NS ns10.nonexistent.com. 121 example.com. IN NS ns11.nonexistent.com. 122 example.com. IN NS ns12.nonexistent.com. 123 ENTRY_END 124 125 ENTRY_BEGIN 126 MATCH opcode qtype qname 127 ADJUST copy_id 128 REPLY QR NOERROR 129 SECTION QUESTION 130 ns.example.com. IN A 131 SECTION ANSWER 132 ns.example.com. 10 IN A 1.2.3.4 133 ENTRY_END 134 135 ENTRY_BEGIN 136 MATCH opcode qtype qname 137 ADJUST copy_id 138 REPLY QR NOERROR 139 SECTION QUESTION 140 ns.example.com. IN AAAA 141 SECTION AUTHORITY 142 example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 143 ENTRY_END 144 145 ENTRY_BEGIN 146 MATCH opcode subdomain 147 ADJUST copy_id copy_query 148 REPLY QR NXDOMAIN 149 SECTION QUESTION 150 nonexistent.com. IN A 151 ENTRY_END 152 153 ENTRY_BEGIN 154 MATCH opcode qtype qname 155 ADJUST copy_id 156 REPLY QR NOERROR 157 SECTION QUESTION 158 a.example.com. IN A 159 SECTION ANSWER 160 a.example.com. IN A 10.20.30.40 161 SECTION AUTHORITY 162 example.com. IN NS ns1.nonexistent.com. 163 example.com. IN NS ns2.nonexistent.com. 164 example.com. IN NS ns3.nonexistent.com. 165 example.com. IN NS ns4.nonexistent.com. 166 example.com. IN NS ns5.nonexistent.com. 167 example.com. IN NS ns6.nonexistent.com. 168 example.com. IN NS ns7.nonexistent.com. 169 example.com. IN NS ns8.nonexistent.com. 170 example.com. IN NS ns9.nonexistent.com. 171 example.com. IN NS ns10.nonexistent.com. 172 example.com. IN NS ns11.nonexistent.com. 173 example.com. IN NS ns12.nonexistent.com. 174 ENTRY_END 175 176 ENTRY_BEGIN 177 MATCH opcode qtype qname 178 ADJUST copy_id 179 REPLY QR NOERROR 180 SECTION QUESTION 181 b.example.com. IN A 182 SECTION ANSWER 183 b.example.com. IN A 10.20.30.40 184 SECTION AUTHORITY 185 example.com. IN NS ns1.nonexistent.com. 186 example.com. IN NS ns2.nonexistent.com. 187 example.com. IN NS ns3.nonexistent.com. 188 example.com. IN NS ns4.nonexistent.com. 189 example.com. IN NS ns5.nonexistent.com. 190 example.com. IN NS ns6.nonexistent.com. 191 example.com. IN NS ns7.nonexistent.com. 192 example.com. IN NS ns8.nonexistent.com. 193 example.com. IN NS ns9.nonexistent.com. 194 example.com. IN NS ns10.nonexistent.com. 195 example.com. IN NS ns11.nonexistent.com. 196 example.com. IN NS ns12.nonexistent.com. 197 ENTRY_END 198 199 ENTRY_BEGIN 200 MATCH opcode qtype qname 201 ADJUST copy_id 202 REPLY QR NOERROR 203 SECTION QUESTION 204 c.example.com. IN A 205 SECTION ANSWER 206 c.example.com. IN A 10.20.30.40 207 SECTION AUTHORITY 208 example.com. IN NS ns1.nonexistent.com. 209 example.com. IN NS ns2.nonexistent.com. 210 example.com. IN NS ns3.nonexistent.com. 211 example.com. IN NS ns4.nonexistent.com. 212 example.com. IN NS ns5.nonexistent.com. 213 example.com. IN NS ns6.nonexistent.com. 214 example.com. IN NS ns7.nonexistent.com. 215 example.com. IN NS ns8.nonexistent.com. 216 example.com. IN NS ns9.nonexistent.com. 217 example.com. IN NS ns10.nonexistent.com. 218 example.com. IN NS ns11.nonexistent.com. 219 example.com. IN NS ns12.nonexistent.com. 220 ENTRY_END 221 222 ENTRY_BEGIN 223 MATCH opcode qtype qname 224 ADJUST copy_id 225 REPLY QR NOERROR 226 SECTION QUESTION 227 d.example.com. IN A 228 SECTION ANSWER 229 d.example.com. IN A 10.20.30.40 230 SECTION AUTHORITY 231 example.com. IN NS ns1.nonexistent.com. 232 example.com. IN NS ns2.nonexistent.com. 233 example.com. IN NS ns3.nonexistent.com. 234 example.com. IN NS ns4.nonexistent.com. 235 example.com. IN NS ns5.nonexistent.com. 236 example.com. IN NS ns6.nonexistent.com. 237 example.com. IN NS ns7.nonexistent.com. 238 example.com. IN NS ns8.nonexistent.com. 239 example.com. IN NS ns9.nonexistent.com. 240 example.com. IN NS ns10.nonexistent.com. 241 example.com. IN NS ns11.nonexistent.com. 242 example.com. IN NS ns12.nonexistent.com. 243 ENTRY_END 244 RANGE_END 245 246 STEP 1 QUERY 247 ENTRY_BEGIN 248 REPLY RD 249 SECTION QUESTION 250 a.example.com. IN A 251 ENTRY_END 252 253 ; This was resolved by asking the parent side nameservers 254 STEP 2 CHECK_ANSWER 255 ENTRY_BEGIN 256 MATCH all 257 REPLY QR RD RA NOERROR 258 SECTION QUESTION 259 a.example.com. IN A 260 SECTION ANSWER 261 a.example.com. IN A 10.20.30.40 262 SECTION AUTHORITY 263 example.com. IN NS ns1.nonexistent.com. 264 example.com. IN NS ns2.nonexistent.com. 265 example.com. IN NS ns3.nonexistent.com. 266 example.com. IN NS ns4.nonexistent.com. 267 example.com. IN NS ns5.nonexistent.com. 268 example.com. IN NS ns6.nonexistent.com. 269 example.com. IN NS ns7.nonexistent.com. 270 example.com. IN NS ns8.nonexistent.com. 271 example.com. IN NS ns9.nonexistent.com. 272 example.com. IN NS ns10.nonexistent.com. 273 example.com. IN NS ns11.nonexistent.com. 274 example.com. IN NS ns12.nonexistent.com. 275 ENTRY_END 276 277 ; The child side nameservers are now known to Unbound 278 279 ; Query again, the child server nameservers will be asked now 280 STEP 3 QUERY 281 ENTRY_BEGIN 282 REPLY RD 283 SECTION QUESTION 284 b.example.com. IN A 285 ENTRY_END 286 287 ; This was resolved by falling back to the parent side nameservers 288 STEP 4 CHECK_ANSWER 289 ENTRY_BEGIN 290 MATCH all 291 REPLY QR RD RA NOERROR 292 SECTION QUESTION 293 b.example.com. IN A 294 SECTION ANSWER 295 b.example.com. IN A 10.20.30.40 296 SECTION AUTHORITY 297 example.com. IN NS ns1.nonexistent.com. 298 example.com. IN NS ns2.nonexistent.com. 299 example.com. IN NS ns3.nonexistent.com. 300 example.com. IN NS ns4.nonexistent.com. 301 example.com. IN NS ns5.nonexistent.com. 302 example.com. IN NS ns6.nonexistent.com. 303 example.com. IN NS ns7.nonexistent.com. 304 example.com. IN NS ns8.nonexistent.com. 305 example.com. IN NS ns9.nonexistent.com. 306 example.com. IN NS ns10.nonexistent.com. 307 example.com. IN NS ns11.nonexistent.com. 308 example.com. IN NS ns12.nonexistent.com. 309 ENTRY_END 310 311 ; Query a third time, this will get the cached NXDOMAINs (no NX counter for 312 ; those) and will go to the parent as a last resort. This query will test that 313 ; we will not have resolution for the lame(parent side) addresses that could 314 ; raise the NX counter because of no address addition to the delegation point 315 ; (the same addresses are already there). 316 STEP 5 QUERY 317 ENTRY_BEGIN 318 REPLY RD 319 SECTION QUESTION 320 c.example.com. IN A 321 ENTRY_END 322 323 ; This was resolved by going back to the parent side nameservers (child side 324 ; was exhausted from cache and queries < MAX_TARGET_NX). 325 STEP 6 CHECK_ANSWER 326 ENTRY_BEGIN 327 MATCH all 328 REPLY QR RD RA NOERROR 329 SECTION QUESTION 330 c.example.com. IN A 331 SECTION ANSWER 332 c.example.com. IN A 10.20.30.40 333 SECTION AUTHORITY 334 example.com. IN NS ns1.nonexistent.com. 335 example.com. IN NS ns2.nonexistent.com. 336 example.com. IN NS ns3.nonexistent.com. 337 example.com. IN NS ns4.nonexistent.com. 338 example.com. IN NS ns5.nonexistent.com. 339 example.com. IN NS ns6.nonexistent.com. 340 example.com. IN NS ns7.nonexistent.com. 341 example.com. IN NS ns8.nonexistent.com. 342 example.com. IN NS ns9.nonexistent.com. 343 example.com. IN NS ns10.nonexistent.com. 344 example.com. IN NS ns11.nonexistent.com. 345 example.com. IN NS ns12.nonexistent.com. 346 ENTRY_END 347 348 ; Allow for the nameserver glue to expire 349 STEP 10 TIME_PASSES ELAPSE 11 350 351 ; Query again for the parent side fallback 352 STEP 11 QUERY 353 ENTRY_BEGIN 354 REPLY RD 355 SECTION QUESTION 356 d.example.com. IN A 357 ENTRY_END 358 359 ; This was resolved by falling back to the parent side nameservers 360 STEP 12 CHECK_ANSWER 361 ENTRY_BEGIN 362 MATCH all 363 REPLY QR RD RA NOERROR 364 SECTION QUESTION 365 d.example.com. IN A 366 SECTION ANSWER 367 d.example.com. IN A 10.20.30.40 368 SECTION AUTHORITY 369 example.com. IN NS ns1.nonexistent.com. 370 example.com. IN NS ns2.nonexistent.com. 371 example.com. IN NS ns3.nonexistent.com. 372 example.com. IN NS ns4.nonexistent.com. 373 example.com. IN NS ns5.nonexistent.com. 374 example.com. IN NS ns6.nonexistent.com. 375 example.com. IN NS ns7.nonexistent.com. 376 example.com. IN NS ns8.nonexistent.com. 377 example.com. IN NS ns9.nonexistent.com. 378 example.com. IN NS ns10.nonexistent.com. 379 example.com. IN NS ns11.nonexistent.com. 380 example.com. IN NS ns12.nonexistent.com. 381 ENTRY_END 382 383 SCENARIO_END 384
Indexes created Mon Jun 01 00:24:59 UTC 2026