diff options
Diffstat (limited to 'contrib/unbound/testdata')
145 files changed, 5655 insertions, 8751 deletions
diff --git a/contrib/unbound/testdata/00-lint.tdir/00-lint.pre b/contrib/unbound/testdata/00-lint.tdir/00-lint.pre new file mode 100644 index 000000000000..507f5e1e9454 --- /dev/null +++ b/contrib/unbound/testdata/00-lint.tdir/00-lint.pre @@ -0,0 +1,14 @@ +# #-- 00-lint.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." + +if test -f $PRE/unbound_test_00-lint ; then + echo test enabled +else + skip_test "test skipped; clang linter preferred over splint" +fi diff --git a/contrib/unbound/testdata/09-unbound-control.tdir/conf.bad_credentials b/contrib/unbound/testdata/09-unbound-control.tdir/conf.bad_credentials new file mode 100644 index 000000000000..11a131130000 --- /dev/null +++ b/contrib/unbound/testdata/09-unbound-control.tdir/conf.bad_credentials @@ -0,0 +1,5 @@ +remote-control: + server-key-file: bad_server.key + server-cert-file: bad_server.pem + control-key-file: bad_control.key + control-cert-file: bad_control.pem diff --git a/contrib/unbound/testdata/09-unbound-control.tdir/conf.spoofed_credentials b/contrib/unbound/testdata/09-unbound-control.tdir/conf.spoofed_credentials new file mode 100644 index 000000000000..25cb830dca4e --- /dev/null +++ b/contrib/unbound/testdata/09-unbound-control.tdir/conf.spoofed_credentials @@ -0,0 +1,5 @@ +remote-control: + server-key-file: unbound_server.key + server-cert-file: unbound_server.pem + control-key-file: bad_control.key + control-cert-file: bad_control.pem diff --git a/contrib/unbound/testdata/auth_zonemd_anchor.rpl b/contrib/unbound/testdata/auth_zonemd_anchor.rpl deleted file mode 100644 index c443f7d43f10..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_anchor.rpl +++ /dev/null @@ -1,234 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with trust anchor - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl b/contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl deleted file mode 100644 index d055174dcbe7..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl +++ /dev/null @@ -1,236 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - ; correct anchor - ; trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" - ; wrong anchor - trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deeaaaaa" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed trust anchor - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_chain.rpl b/contrib/unbound/testdata/auth_zonemd_chain.rpl deleted file mode 100644 index 74479274fa97..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_chain.rpl +++ /dev/null @@ -1,234 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with chain of trust - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_chain_fail.rpl b/contrib/unbound/testdata/auth_zonemd_chain_fail.rpl deleted file mode 100644 index 393b1c028fa9..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_chain_fail.rpl +++ /dev/null @@ -1,236 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -; dnskey is wrong: -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+AAAAA ;{id = 55566 (zsk), size = 1024b} -; dnskey that was correct: -;example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed chain of trust - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_file.rpl b/contrib/unbound/testdata/auth_zonemd_file.rpl deleted file mode 100644 index bdf0ccbae74f..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_file.rpl +++ /dev/null @@ -1,183 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_file_fail.rpl b/contrib/unbound/testdata/auth_zonemd_file_fail.rpl deleted file mode 100644 index 69487cf6512c..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_file_fail.rpl +++ /dev/null @@ -1,185 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; good zonemd -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; wrong zonemd -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD failure from zonefile - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_insecure.rpl b/contrib/unbound/testdata/auth_zonemd_insecure.rpl deleted file mode 100644 index 18a4117d86ac..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_insecure.rpl +++ /dev/null @@ -1,215 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD that is securely insecure -; the trust anchor finds an online delegation with an insecure DS referral. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION AUTHORITY -com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 -com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl b/contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl deleted file mode 100644 index 1c3f488080ee..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl +++ /dev/null @@ -1,217 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; the missing ZONEMD record -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with absent ZONEMD that is securely insecure -; the trust anchor finds an online delegation with an insecure DS referral. -; the ZONEMD is not there. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION AUTHORITY -com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 -com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl b/contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl deleted file mode 100644 index beb9f5b9ac89..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl +++ /dev/null @@ -1,218 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - zonemd-check: yes - zonemd-reject-absence: yes - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; the missing ZONEMD record -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with reject-absence ZONEMD that is securely insecure -; the trust anchor finds an online delegation with an insecure DS referral. -; the ZONEMD is not there. This is not allowed by the zonemd-reject-absence -; option in config, so it fails the zone. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION AUTHORITY -com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 -com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl b/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl deleted file mode 100644 index f7aad071e3b9..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl +++ /dev/null @@ -1,218 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; correct ZONEMD -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; wrong ZONEMD -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD fail that is securely insecure -; the trust anchor finds an online delegation with an insecure DS referral. -; the ZONEMD is wrong, eg. the hash does not match the zone data. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION AUTHORITY -com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 -com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_nokey.rpl b/contrib/unbound/testdata/auth_zonemd_nokey.rpl deleted file mode 100644 index a89414bf631c..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_nokey.rpl +++ /dev/null @@ -1,212 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD that lacks a DNSKEY -; the zone has no DNSSEC, but the trust anchor requires it. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl b/contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl deleted file mode 100644 index 4149daa927f4..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl +++ /dev/null @@ -1,187 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - zonemd-permissive-mode: yes - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; good zonemd -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; wrong zonemd -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test zonemd permissive mode - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr.rpl b/contrib/unbound/testdata/auth_zonemd_xfr.rpl deleted file mode 100644 index 89e22cea1472..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr.rpl +++ /dev/null @@ -1,238 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -bar.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN A 1.2.3.4 -ns.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN A 127.0.0.1 -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl deleted file mode 100644 index 667de2eae0da..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl +++ /dev/null @@ -1,285 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with trust anchor - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F -example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl deleted file mode 100644 index 237ed9498e39..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl +++ /dev/null @@ -1,266 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD fail with trust anchor - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOTIMPL -SECTION QUESTION -example.com. IN IXFR -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -; this is the bad RR that causes the wrong zonemd. RRSIG is wrong too. -bar.example.com. 3600 IN A 1.2.3.55 -; orig RR -;bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl deleted file mode 100644 index 4deb99bcbd8a..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl +++ /dev/null @@ -1,310 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with chain of trust - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F -example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl deleted file mode 100644 index 3e09c9e8e40b..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl +++ /dev/null @@ -1,321 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD failure with chain of trust - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOTIMPL -SECTION QUESTION -example.com. IN IXFR -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -; this is the bad RR that causes the wrong zonemd. RRSIG is wrong too. -bar.example.com. 3600 IN A 1.2.3.55 -; orig RR -;bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F -example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -bar.example.com. 3600 IN A 1.2.3.55 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_chain_keyinxfr.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_chain_keyinxfr.rpl deleted file mode 100644 index 2feec88c075a..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_chain_keyinxfr.rpl +++ /dev/null @@ -1,315 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - - ## The for-downstream and fallback are disabled, the key cannot be - ## retrieved by DNS lookup, it is in the xfr itself. - ## only after the zone is loaded can it be looked up. - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with key in xfr - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F -example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl deleted file mode 100644 index f54ca7e086f0..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl +++ /dev/null @@ -1,241 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with failed ZONEMD - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOTIMPL -SECTION QUESTION -example.com. IN IXFR -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; old zonemd -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; wrong zonemd -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/cachedb_cached_ede.crpl b/contrib/unbound/testdata/cachedb_cached_ede.crpl new file mode 100644 index 000000000000..5eade545105f --- /dev/null +++ b/contrib/unbound/testdata/cachedb_cached_ede.crpl @@ -0,0 +1,91 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + module-config: "cachedb validator iterator" + trust-anchor-signaling: no + verbosity: 4 + ede: yes + val-log-level: 2 + trust-anchor: "example.nl. DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1" + + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + +stub-zone: + name: "example.nl" + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb support for caching EDEs. + +RANGE_BEGIN 0 10 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.nl. IN DNSKEY +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.nl. IN A +SECTION ANSWER +example.nl. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; get the entry in cache. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.nl. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + FF FE ; option code = 65534 (LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST) + 00 00 ; option length + HEX_EDNSDATA_END +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +example.nl. IN A +ENTRY_END + +; query again for the cached entry +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.nl. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + FF FE ; option code = 65534 (LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST) + 00 00 ; option length + HEX_EDNSDATA_END +ENTRY_END + +; this must be a cached answer since stub is not answering in this range +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +example.nl. IN A +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.conf index 9afd6e2b1e23..ff76cc37970c 100644 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf +++ b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.conf @@ -1,6 +1,5 @@ server: - verbosity: 7 - # num-threads: 1 + verbosity: 4 interface: 127.0.0.1 port: @PORT@ use-syslog: no @@ -8,16 +7,23 @@ server: pidfile: "unbound.pid" chroot: "" username: "" + module-config: "cachedb iterator" do-not-query-localhost: no - use-caps-for-id: yes + qname-minimisation: no + +forward-zone: + name: "." + forward-addr: 127.0.0.1@@TOPORT@ + +stub-zone: + name: "example.com" + stub-addr: 127.0.0.1@@TOPORT@ + remote-control: control-enable: yes control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@ control-use-cert: no -auth-zone: - name: "example.com" - for-upstream: yes - for-downstream: yes - zonefile: "zonemd_reload.zone" - zonemd-check: yes - #master: "127.0.0.1@@TOPORT@" + +cachedb: + backend: "testframe" + secret-seed: "testvalue" diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.dsc b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.dsc new file mode 100644 index 000000000000..9d267436edf6 --- /dev/null +++ b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.dsc @@ -0,0 +1,16 @@ +BaseName: cachedb_no_store +Version: 1.0 +Description: cachedb test the cachedb-no-store option +CreationDate: Wed 11 Oct 11:00:00 CEST 2023 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: cachedb_no_store.pre +Post: cachedb_no_store.post +Test: cachedb_no_store.test +AuxFiles: +Passed: +Failure: diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.post b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.post new file mode 100644 index 000000000000..320dcc3e3e3b --- /dev/null +++ b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.post @@ -0,0 +1,20 @@ +# #-- cachedb_no_store.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +. ../common.sh + +echo "> cat logfiles" +cat fwd.log +if test -f fwd2.log; then cat fwd2.log; else echo "no fwd2.log"; fi +if test -f fwd3.log; then cat fwd3.log; else echo "no fwd3.log"; fi +if test -f fwd4.log; then cat fwd4.log; else echo "no fwd4.log"; fi +cat unbound.log +if test -f unbound2.log; then cat unbound2.log; else echo "no unbound2.log"; fi +kill_pid $FWD_PID +kill_from_pidfile "unbound.pid" +rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.pre index fa5e4ca29bbf..e59d3b8da759 100644 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre +++ b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.pre @@ -1,10 +1,13 @@ -# #-- zonemd_reload.pre--# +# #-- cachedb_no_store.pre--# # source the master var file when it's there [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test +PRE="../.." . ../common.sh +if grep "define USE_CACHEDB 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi + get_random_port 2 UNBOUND_PORT=$RND_PORT FWD_PORT=$(($RND_PORT + 1)) @@ -13,16 +16,15 @@ echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test # start forwarder get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT zonemd_reload.testns >fwd.log 2>&1 & +$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.testns >fwd.log 2>&1 & FWD_PID=$! echo "FWD_PID=$FWD_PID" >> .tpkg.var.test # make config file CONTROL_PATH=/tmp CONTROL_PID=$$ -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < zonemd_reload.conf > ub.conf +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < cachedb_no_store.conf > ub.conf # start unbound in the background -PRE="../.." $PRE/unbound -d -c ub.conf >unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test @@ -32,4 +34,3 @@ echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test cat .tpkg.var.test wait_ldns_testns_up fwd.log wait_unbound_up unbound.log - diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.servfail.testns b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.servfail.testns new file mode 100644 index 000000000000..b41abb0ff629 --- /dev/null +++ b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.servfail.testns @@ -0,0 +1,8 @@ +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR AA SERVFAIL +SECTION QUESTION +txt1.example.com. IN TXT +SECTION ANSWER +ENTRY_END diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.test b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.test new file mode 100644 index 000000000000..47a89656c6c2 --- /dev/null +++ b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.test @@ -0,0 +1,132 @@ +# #-- cachedb_no_store.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +# do the test +get_ldns_testns + +# query for a text record that is stored by unbound's cache and cachedb +# in the testframe cache. +echo "> dig txt1.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile +if grep "example text message" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +# stop the forwarder with servfail, to check the answer came from the cache +echo "> stop ldns-testns" +kill_pid $FWD_PID +echo "> start ldns-testns with servfails" +$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.servfail.testns >fwd2.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test +wait_ldns_testns_up fwd2.log + +echo "> dig txt1.example.com. from unbound cache" +dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile +if grep "example text message" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +# clear the cache of unbound, but not cachedb testframe cache +echo "> unbound-control flush" +$PRE/unbound-control -c ub.conf flush_type txt1.example.com. TXT +if test $? -ne 0; then + echo "wrong exit value." + exit 1 +else + echo "exit value: OK" +fi + +echo "> dig txt1.example.com. from cachedb" +dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile +if grep "example text message" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +# start the forwarder again. +echo "> stop ldns-testns" +kill_pid $FWD_PID +echo "> start ldns-testns" +$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.testns >fwd3.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test +wait_ldns_testns_up fwd3.log + +# stop unbound to flush the cachedb cache +echo "> stop unbound" +kill_from_pidfile "unbound.pid" + +echo "" +echo "> config unbound with cachedb-no-store: yes" +echo "cachedb: cachedb-no-store: yes" >> ub.conf + +# start unbound again. +echo "> start unbound" +$PRE/unbound -d -c ub.conf >unbound2.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +wait_unbound_up unbound2.log + +echo "" +echo "> dig txt1.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile +if grep "example text message" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +# stop the forwarder with servfail, to check the answer came from the cache +echo "> stop ldns-testns" +kill_pid $FWD_PID +echo "> start ldns-testns with servfails" +$LDNS_TESTNS -p $FWD_PORT cachedb_no_store.servfail.testns >fwd4.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test +wait_ldns_testns_up fwd4.log + +echo "> dig txt1.example.com. from unbound cache" +dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile +if grep "example text message" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +# clear the cache of unbound, but not cachedb testframe cache +echo "> unbound-control flush" +$PRE/unbound-control -c ub.conf flush_type txt1.example.com. TXT +if test $? -ne 0; then + echo "wrong exit value." + exit 1 +else + echo "exit value: OK" +fi + +echo "> dig txt1.example.com. from cachedb, but that has no message stored" +dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile +if grep "SERVFAIL" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +exit 0 diff --git a/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.testns b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.testns new file mode 100644 index 000000000000..282b224f82bd --- /dev/null +++ b/contrib/unbound/testdata/cachedb_no_store.tdir/cachedb_no_store.testns @@ -0,0 +1,9 @@ +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +txt1.example.com. IN TXT +SECTION ANSWER +txt1.example.com. IN TXT "example text message" +ENTRY_END diff --git a/contrib/unbound/testdata/cachedb_servfail_cname.crpl b/contrib/unbound/testdata/cachedb_servfail_cname.crpl new file mode 100644 index 000000000000..221f00d4df54 --- /dev/null +++ b/contrib/unbound/testdata/cachedb_servfail_cname.crpl @@ -0,0 +1,181 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + ;serve-expired: yes + module-config: "cachedb iterator" + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb store and servfail reply from cname. +; the servfail reply should not overwrite the cache contents. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +ns2.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.example.com. +ENTRY_END +RANGE_END + +; ns2.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns2.example.com., now failing +RANGE_BEGIN 20 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME foo.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA SERVFAIL +SECTION QUESTION +foo.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA SERVFAIL +SECTION QUESTION +ns2.example.com. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA SERVFAIL +SECTION QUESTION +ns2.example.com. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END + +; get and entry in cache, to make it expired. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; it is now expired +STEP 20 TIME_PASSES ELAPSE 20 + +; get a servfail in cache for the destination +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +foo.example.com. IN A +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +foo.example.com. IN A +ENTRY_END + +; the query is now a CNAME to servfail. +; there is a valid, but expired, entry in cache. +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME foo.example.com. +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/nsid_bogus.rpl b/contrib/unbound/testdata/disable_edns_do.rpl index 1414163f8a6a..82a16da062f1 100644 --- a/contrib/unbound/testdata/nsid_bogus.rpl +++ b/contrib/unbound/testdata/disable_edns_do.rpl @@ -1,21 +1,18 @@ ; config options ; The island of trust is at example.com server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" - fake-sha1: yes trust-anchor-signaling: no minimal-responses: no - nsid: "ascii_hopsa kidee" + disable-edns-do: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END -SCENARIO_BEGIN Test for NSID in SERVFAIL response due to DNSSEC bogus +SCENARIO_BEGIN Test lookup with disable-edns-do ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 @@ -108,37 +105,37 @@ ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} ENTRY_END -; nodata for ns.example.com AAAA +; response to query of interest, when sent with EDNS DO ENTRY_BEGIN -MATCH opcode qtype qname +MATCH opcode qtype qname DO ADJUST copy_id -REPLY QR AA NOERROR +REPLY QR AA DO NOERROR SECTION QUESTION -ns.example.com. IN AAAA +www.example.com. IN A SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} ENTRY_END - -; response to query of interest +; response to query of interest, when sent without DO ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 -;good signature -;www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -;missing -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2855 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= SECTION AUTHORITY example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} ENTRY_END RANGE_END @@ -147,28 +144,21 @@ ENTRY_BEGIN REPLY RD DO SECTION QUESTION www.example.com. IN A -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - 00 03 ; Opcode NSID (3) - 00 00 ; Length 0 - HEX_EDNSDATA_END ENTRY_END ; recursion happens here. STEP 10 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA DO SERVFAIL +REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - 00 03 ; Opcode NSID (3) - 00 0b ; Length 11 - 68 6F 70 73 61 20 ; "hopsa " - 6B 69 64 65 65 ; "kidee" - HEX_EDNSDATA_END +ns.example.com. IN A 1.2.3.4 ENTRY_END SCENARIO_END diff --git a/contrib/unbound/testdata/edns_attached_once_per_upstream.rpl b/contrib/unbound/testdata/edns_attached_once_per_upstream.rpl deleted file mode 100644 index 19f1ba75df49..000000000000 --- a/contrib/unbound/testdata/edns_attached_once_per_upstream.rpl +++ /dev/null @@ -1,90 +0,0 @@ -; config options -server: - edns-client-string: 10.0.0.0/24 "abc d" - outbound-msg-retry: 1 - -stub-zone: - name: "edns-string-abc." - stub-addr: 10.0.0.3 - stub-first: yes - -forward-zone: - name: "." - forward-addr: 10.0.0.1 - -CONFIG_END - -SCENARIO_BEGIN Test that upstream specific EDNS is attached once; uses string tag option - -RANGE_BEGIN 0 1000 - ADDRESS 10.0.0.3 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR SERVFAIL -SECTION QUESTION -edns-string-abc. IN A -ENTRY_END -RANGE_END - -RANGE_BEGIN 0 1000 - ADDRESS 10.0.0.1 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -edns-string-abc. IN A -SECTION ANSWER -edns-string-abc. IN A 10.20.30.40 -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -edns-string-abc. IN A -ENTRY_END - -; This will receive SERVFAIL and the next address will be queried -STEP 20 CHECK_OUT_QUERY ADDRESS 10.0.0.3 -ENTRY_BEGIN -MATCH qname qtype opcode ednsdata -SECTION QUESTION -edns-string-abc. IN A -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - fd e9 ; Opcode 65001 - 00 05 ; Length 5 - 61 62 63 20 64 ; "abc d" - HEX_EDNSDATA_END -ENTRY_END - -; This will receive the answer; makes sure that EDNS is attached once -STEP 22 CHECK_OUT_QUERY ADDRESS 10.0.0.1 -ENTRY_BEGIN -MATCH qname qtype opcode ednsdata -SECTION QUESTION -edns-string-abc. IN A -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - fd e9 ; Opcode 65001 - 00 05 ; Length 5 - 61 62 63 20 64 ; "abc d" - HEX_EDNSDATA_END -ENTRY_END - - -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -edns-string-abc. IN A -SECTION ANSWER -edns-string-abc. IN A 10.20.30.40 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/edns_downstream_cookies.rpl b/contrib/unbound/testdata/edns_downstream_cookies.rpl new file mode 100644 index 000000000000..820bc5a7ca70 --- /dev/null +++ b/contrib/unbound/testdata/edns_downstream_cookies.rpl @@ -0,0 +1,235 @@ +; config options +server: + answer-cookie: yes + cookie-secret: "000102030405060708090a0b0c0d0e0f" + access-control: 127.0.0.1 allow_cookie + access-control: 1.2.3.4 allow + local-data: "test. TXT test" + +CONFIG_END + +SCENARIO_BEGIN Test downstream DNS Cookies + +; Note: When a valid hash was required, it was generated by running this test +; with an invalid one and checking the output for the valid one. +; Actual hash generation is tested with unit tests. + +; Query without a client cookie ... +STEP 0 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +ENTRY_END +; ... get TC and refused +STEP 1 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA TC REFUSED +SECTION QUESTION +test. IN TXT +ENTRY_END + +; Query without a client cookie on TCP ... +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +MATCH TCP +SECTION QUESTION +test. IN TXT +ENTRY_END +; ... get an answer +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +test. IN TXT +SECTION ANSWER +test. IN TXT "test" +ENTRY_END + +; Query with only a client cookie ... +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 08 ; Length 8 + 31 32 33 34 35 36 37 38 ; Random bits +HEX_EDNSDATA_END +ENTRY_END +; ... get BADCOOKIE and a new cookie +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode +SECTION QUESTION +test. IN TXT +ENTRY_END + +; Query with an invalid cookie ... +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 02 00 00 00 ; wrong version + 00 00 00 00 ; Timestamp + 31 32 33 34 35 36 37 38 ; wrong hash +HEX_EDNSDATA_END +ENTRY_END +; ... get BADCOOKIE and a new cookie +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode +SECTION QUESTION +test. IN TXT +ENTRY_END + +; Query with an invalid cookie from a non-cookie protected address ... +STEP 40 QUERY ADDRESS 1.2.3.4 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 02 00 00 00 ; wrong version + 00 00 00 00 ; Timestamp + 31 32 33 34 35 36 37 38 ; wrong hash +HEX_EDNSDATA_END +ENTRY_END +; ... get answer and a cookie +STEP 41 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA AA DO NOERROR +SECTION QUESTION +test. IN TXT +SECTION ANSWER +test. IN TXT "test" +ENTRY_END + +; Query with a valid cookie ... +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 01 00 00 00 ; Version/Reserved + 00 00 00 00 ; Timestamp + 38 52 7b a8 c6 a4 ea 96 ; Hash +HEX_EDNSDATA_END +ENTRY_END +; ... get answer and the cookie +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA AA DO NOERROR +SECTION QUESTION +test. IN TXT +SECTION ANSWER +test. IN TXT "test" +ENTRY_END + +; Query with a valid >30 minutes old cookie ... +STEP 59 TIME_PASSES ELAPSE 1801 +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 01 00 00 00 ; Version/Reserved + 00 00 00 00 ; Timestamp + 38 52 7b a8 c6 a4 ea 96 ; Hash +HEX_EDNSDATA_END +ENTRY_END +; ... Get answer and a refreshed cookie +; (we don't check the re-freshness here; it has its own unit test) +STEP 61 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA AA DO NOERROR +SECTION QUESTION +test. IN TXT +SECTION ANSWER +test. IN TXT "test" +ENTRY_END + +; Query with a hash-valid >60 minutes old cookie ... +STEP 69 TIME_PASSES ELAPSE 3601 +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 01 00 00 00 ; Version/Reserved + 00 00 07 09 ; Timestamp (1801) + 77 81 38 e3 8f aa 72 86 ; Hash +HEX_EDNSDATA_END +ENTRY_END +; ... get BADCOOKIE and a new cookie +STEP 71 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode +SECTION QUESTION +test. IN TXT +ENTRY_END + +; Query with a valid future (<5 minutes) cookie ... +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 01 00 00 00 ; Version/Reserved + 00 00 16 45 ; Timestamp (1801 + 3601 + 299) + 4a f5 0f df f0 e8 c7 09 ; Hash +HEX_EDNSDATA_END +ENTRY_END +; ... get an answer +STEP 81 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA AA DO NOERROR +SECTION QUESTION +test. IN TXT +SECTION ANSWER +test. IN TXT "test" +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/fwd_error_retries.rpl b/contrib/unbound/testdata/fwd_error_retries.rpl deleted file mode 100644 index b63086c0f46a..000000000000 --- a/contrib/unbound/testdata/fwd_error_retries.rpl +++ /dev/null @@ -1,27 +0,0 @@ -; config options -server: - outbound-msg-retry: 1 - -forward-zone: - name: "." - forward-addr: 216.0.0.1 -CONFIG_END -SCENARIO_BEGIN Test basic forwarding with servfail and retry of 1 -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END -; query fails with servfail, now we make only outgoing-msg-retry=1 retries -STEP 2 ERROR -; returns servfail -STEP 14 CHECK_ANSWER -ENTRY_BEGIN -MATCH opcode qname qtype -SECTION QUESTION -REPLY SERVFAIL QR RD RA -MATCH all -www.example.com. IN A -ENTRY_END -SCENARIO_END diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.conf b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.conf deleted file mode 100644 index 6daf2eeecc36..000000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.conf +++ /dev/null @@ -1,20 +0,0 @@ -server: - verbosity: 5 - # num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no -forward-zone: - name: "tcp.example.com" - forward-addr: "127.0.0.1@@TOPORT@" - forward-tcp-upstream: "yes" -forward-zone: - name: "udp.example.com" - forward-addr: "127.0.0.1@@TOPORT@" - forward-tcp-upstream: "no" - diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.dsc b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.dsc deleted file mode 100644 index 5b1f0d3d1ab4..000000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: fwd_udp_with_tcp_upstream -Version: 1.0 -Description: Forward an UDP packet to upstream via TCP and return reply. -CreationDate: Thu Aug 5 07:44:41 CEST 2021 -Maintainer: ziollek -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: fwd_udp_with_tcp_upstream.pre -Post: fwd_udp_with_tcp_upstream.post -Test: fwd_udp_with_tcp_upstream.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.post b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.post deleted file mode 100644 index 0013eca71a4d..000000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.post +++ /dev/null @@ -1,10 +0,0 @@ -# #-- fwd_udp_with_tcp_upstream.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -kill_pid $FWD_PID -kill_pid $UNBOUND_PID diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.pre b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.pre deleted file mode 100644 index 546787a5fc9f..000000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.pre +++ /dev/null @@ -1,31 +0,0 @@ -# #-- fwd_udp_with_tcp_upstream.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh -get_random_port 2 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT fwd_udp_with_tcp_upstream.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < fwd_udp_with_tcp_upstream.conf > ub.conf -# start unbound in the background -PRE="../.." -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log - diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test deleted file mode 100644 index fad6497beb15..000000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test +++ /dev/null @@ -1,35 +0,0 @@ -# #-- fwd_udp_with_tcp_upstream.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -# do the test -echo "> dig tcp.example.com." -dig @localhost -p $UNBOUND_PORT tcp.example.com. | tee outfile -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> check answer" -if grep "10.20.30.40" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -echo "> dig udp.example.com." -dig @localhost -p $UNBOUND_PORT udp.example.com. | tee outfile -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> check answer" -if grep "10.20.30.80" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.testns b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.testns deleted file mode 100644 index 04089af0e1b6..000000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.testns +++ /dev/null @@ -1,25 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -MATCH TCP -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -tcp IN A -SECTION ANSWER -tcp IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -MATCH UDP -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -udp IN A -SECTION ANSWER -udp IN A 10.20.30.80 -ENTRY_END diff --git a/contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone b/contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone deleted file mode 100644 index 695eb1c32bd4..000000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone +++ /dev/null @@ -1,3 +0,0 @@ -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -example.com. IN NS ns.example.net. -www.example.com. IN A 1.2.3.4 diff --git a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc deleted file mode 100644 index 6b24c43fc7ab..000000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: http_user_agent -Version: 1.0 -Description: Check the http-user-agent configuration -CreationDate: Wed 2 Jun 13:59:26 CEST 2021 -Maintainer: -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: http_user_agent.pre -Post: http_user_agent.post -Test: http_user_agent.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post deleted file mode 100644 index 797ff57c8bbc..000000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post +++ /dev/null @@ -1,11 +0,0 @@ -# #-- http_user_agent.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -PRE="../.." -. ../common.sh -kill_pid $UNBOUND_PID -kill_pid $PETAL_PID diff --git a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre deleted file mode 100644 index e94bd536edb4..000000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre +++ /dev/null @@ -1,37 +0,0 @@ -# #-- http_user_agent.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -get_random_port 3 -UNBOUND_PORT=$RND_PORT -PETAL_PORT=$(($RND_PORT + 1)) -CONTROL_PORT=$(($RND_PORT + 3)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "PETAL_PORT=$PETAL_PORT" >> .tpkg.var.test -echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test - -get_make -(cd $PRE; $MAKE petal) - -# start https daemon -# More verbosity because we need to see the HTTP headers -$PRE/petal -vv -a "127.0.0.1" -p $PETAL_PORT >petal.log 2>&1 & -PETAL_PID=$! -echo "PETAL_PID=$PETAL_PID" >> .tpkg.var.test -cat .tpkg.var.test -wait_petal_up petal.log - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$PETAL_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/'< http_user_agent.conf > ub.conf -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_unbound_up unbound.log - diff --git a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test deleted file mode 100644 index dce2d476c8f6..000000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test +++ /dev/null @@ -1,103 +0,0 @@ -# #-- http_user_agent.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." - -# Query and check check that we get the correct answer from the auth_zone -query () { - echo "> dig www.example.com." - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - if grep SERVFAIL outfile; then - echo "> try again" - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - if grep SERVFAIL outfile; then - echo "> try again" - sleep 10 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - if grep SERVFAIL outfile; then - echo "> try again" - sleep 10 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - echo "> check answer" - if grep "1.2.3.4" outfile; then - echo "OK" - else - echo "Not OK" - exit 1 - fi -} - -# Reload the configuration and retransfer the zone -reload_and_retransfer () { - echo "> Reloading Unbound" - echo "$PRE/unbound-control -c ub.conf reload" - $PRE/unbound-control -c ub.conf reload - if test $? -ne 0; then - echo "wrong exit value from unbound-control" - exit 1 - fi - echo "> Refetching example.com" - echo "$PRE/unbound-control -c ub.conf auth_zone_transfer example.com" - $PRE/unbound-control -c ub.conf auth_zone_transfer example.com - if test $? -ne 0; then - echo "wrong exit value from unbound-control" - exit 1 - fi -} - -# do the test -query -# add custom http-user-agent -echo "server: http-user-agent: customUA" >> ub.conf -reload_and_retransfer -query -# hide http-user-agent -echo "server: hide-http-user-agent: yes" >> ub.conf -reload_and_retransfer -query - -echo "> cat logfiles" -cat petal.log -cat unbound.log - -# check petal.log for the correct number of occurrences. -# It should be 2 User-Agents, one being the custom. -echo "> check User-Agent occurrences" -occurrences=`grep "User-Agent:" petal.log | wc -l` -echo $occurrences -if test $occurrences -eq 2; then - echo "OK" -else - echo "Not OK" - exit 1 -fi -echo "> check custom User-Agent" -if grep "User-Agent: customUA" petal.log; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/http_user_agent.tdir/petal.key b/contrib/unbound/testdata/http_user_agent.tdir/petal.key deleted file mode 100644 index 6614e498fcd2..000000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/petal.key +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ -RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1 -QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu -O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU -J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG -Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh -mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh -qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU -6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz -lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc -Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM -XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ -Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh -C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C -EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS -3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY -F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ -kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3 -berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2 ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/http_user_agent.tdir/petal.pem b/contrib/unbound/testdata/http_user_agent.tdir/petal.pem deleted file mode 100644 index 19c8b895ba86..000000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/petal.pem +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICFzCCAUACCQDO660L5y5LGDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVw -ZXRhbDAeFw0xMDA5MzAxMzQzMDFaFw0zMDA2MTcxMzQzMDFaMBAxDjAMBgNVBAMT -BXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC1xQ/Kca6zszZbcCtd -OTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJRuN+Rm304SonpwghfP2/ULZNnuDgpG03 -/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ8 -67K029ypjOQtAJ85qdO3mERy7TGtdUcuO6hLeVet419YeQ2F8cfNxn63d7bOzNGL -PW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeUJ/i4YDWexFYSL+ECAwEAATANBgkqhkiG -9w0BAQUFAAOBwQBBkX9KDP2RXbg+xPmdJ4P6CwvA5x1LZwC++ydVx4NlvT0pWicD -ZUnXjcWAJlkeOuUBAqFG7WHTrXpUUAjmdqFVq2yFjteUYBdrFz0RDB2jM9feeKYO -mTgxdZyT9a6humxCxt5VfgT02axLjm/2AqCyFPMbf4PASoJDln01AEuZLZ8Xl2gV -bYHMnHTGoD1Hu6FNEzRgkMC6XT8X3YjHvzQhpc/qL5wEfEsinQGdX4twsuWbf8xd -q7miNnkO8vd0maw= ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.conf b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.conf index 5d2456c39311..ae7d0cda0d9d 100644 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.conf +++ b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.conf @@ -8,15 +8,14 @@ server: pidfile: "unbound.pid" chroot: "" username: "" - do-not-query-localhost: no + local-data: "test. IN TXT localdata" - ratelimit: 1 - ratelimit-factor: 0 - -stub-zone: - name: "example.com." - stub-addr: "127.0.0.1@@TOPORT@" - stub-no-cache: yes + ip-ratelimit: 1 + ip-ratelimit-cookie: 0 + ip-ratelimit-factor: 0 + ip-ratelimit-backoff: yes + answer-cookie: yes + access-control: 127.0.0.0/8 allow_cookie remote-control: control-enable: yes diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc new file mode 100644 index 000000000000..a6f6192360cd --- /dev/null +++ b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc @@ -0,0 +1,16 @@ +BaseName: ip_ratelimit +Version: 1.0 +Description: Test IP source ratelimit. +CreationDate: Tue Aug 8 00:00:00 CET 2023 +Maintainer: Yorgos Thessalonikefs +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: ip_ratelimit.pre +Post: ip_ratelimit.post +Test: ip_ratelimit.test +AuxFiles: +Passed: +Failure: diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.post b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.post index 6738ed55ad07..1f86d008587d 100644 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.post +++ b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.post @@ -1,4 +1,4 @@ -# #-- ratelimit.post --# +# #-- ip_ratelimit.post --# # source the master var file when it's there [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master # source the test var file when it's there @@ -6,7 +6,6 @@ # # do your teardown here . ../common.sh -kill_pid $STUB_PID kill_pid $UNBOUND_PID if test -f unbound.log; then echo ">>> unbound log" diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.pre b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.pre index 2404cfc00b93..c4589a0ea4fe 100644 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.pre +++ b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.pre @@ -1,4 +1,4 @@ -# #-- ratelimit.pre--# +# #-- ip_ratelimit.pre--# # source the master var file when it's there [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master # use .tpkg.var.test for in test variable passing @@ -8,26 +8,17 @@ PRE="../.." . ../common.sh get_random_port 2 UNBOUND_PORT=$RND_PORT -STUB_PORT=$(($RND_PORT + 1)) -CONTROL_PORT=$(($RND_PORT + 2)) +CONTROL_PORT=$(($RND_PORT + 1)) echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "STUB_PORT=$STUB_PORT" >> .tpkg.var.test echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test -# start ldns-testns -get_ldns_testns -$LDNS_TESTNS -v -p $STUB_PORT ratelimit.testns >stub.log 2>&1 & -STUB_PID=$! -echo "STUB_PID=$STUB_PID" >> .tpkg.var.test - # make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$STUB_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < ratelimit.conf > ub.conf +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < ip_ratelimit.conf > ub.conf # start unbound in the background $PRE/unbound -d -c ub.conf >unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test -wait_ldns_testns_up stub.log wait_unbound_up unbound.log cat .tpkg.var.test diff --git a/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.test b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.test new file mode 100644 index 000000000000..f58b7edcbe2a --- /dev/null +++ b/contrib/unbound/testdata/ip_ratelimit.tdir/ip_ratelimit.test @@ -0,0 +1,165 @@ +# #-- ip_ratelimit.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +get_make +(cd $PRE; $MAKE streamtcp) + +# These tests rely on second time precision. To combat false negatives the +# tests run multiple times and we allow 1/3 of the runs to fail. +total_runs=6 +success_threshold=4 # 2/3*total_runs + +if dig -h 2>&1 | grep "cookie" >/dev/null; then + nocookie="+nocookie" +else + nocookie="" +fi + +echo "> First get a valid cookie" +dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:0102030405060708 $nocookie +tcp +retry=0 +time=1 test. TXT >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 +fi +if test `grep "COOKIE: " outfile | wc -l` -ne 1; then + echo "Could not get cookie" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 +fi +cookie=`grep "COOKIE: " outfile | cut -d ' ' -f 3` + +successes=0 +echo "> Three parallel queries with backoff and cookie" +# For this test we send three parallel queries. The ratelimit should be reached +# for that second. We send a query to verify that there is no reply. +# Then for the next second we again send three parallel queries and we expect +# none of them to be allowed through because of the backoff logic that keeps +# rolling the RATE_WINDOW based on demand. +# Again we send another query but with a valid cookie and we expect to receive +# an answer. +for i in $(seq 1 $total_runs); do + # Try to hit limit + $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 + if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 + fi + # Expect no answer because of limit + dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 + if test "$?" -eq 0; then + continue + fi + # Try to keep limit + $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 + if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 + fi + # Expect answer because of DNS cookie + dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:$cookie $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 + if test "$?" -ne 0; then + continue + fi + ((successes++)) + # We don't have to wait for all the runs to complete if we know + # we passed the threshold. + if test $successes -ge $success_threshold; then + break + fi +done + +if test $successes -ge $success_threshold; then + echo "Three parallel queries with backoff and cookie OK" +else + echo "Three parallel queries with backoff and cookie NOT OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Three parallel queries with backoff and cookie NOT OK" + exit 1 +fi + +echo "> Activating ip-ratelimit-cookie" +echo "$PRE/unbound-control -c ub.conf set_option ip-ratelimit-cookie: 1" +$PRE/unbound-control -c ub.conf set_option ip-ratelimit-cookie: 1 +if test $? -ne 0; then + echo "wrong exit value after success" + exit 1 +fi + +successes=0 +echo "> Three parallel queries with backoff and cookie with ip-ratelimit-cookie" +# This is the exact same test as above with the exception that we don't expect +# an answer on the last query because ip-ratelimit-cookie is now enabled. +for i in $(seq 1 $total_runs); do + # Try to hit limit + $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 + if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 + fi + # Expect no answer because of limit + dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 + if test "$?" -eq 0; then + continue + fi + # Try to keep limit + $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 + if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 + fi + # Expect no answer because of ip-ratelimit-cookie + dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:$cookie $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 + if test "$?" -eq 0; then + continue + fi + ((successes++)) + # We don't have to wait for all the runs to complete if we know + # we passed the threshold. + if test $successes -ge $success_threshold; then + break + fi +done + +if test $successes -ge $success_threshold; then + echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie OK" +else + echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie NOT OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie NOT OK" + exit 1 +fi + +exit 0 diff --git a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.key index 753a4ef6162e..753a4ef6162e 100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key +++ b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.key diff --git a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.pem index a1edf7017f1d..a1edf7017f1d 100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem +++ b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_control.pem diff --git a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.key index 370a7bbb2f22..370a7bbb2f22 100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key +++ b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.key diff --git a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.pem index 986807310f2b..986807310f2b 100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem +++ b/contrib/unbound/testdata/ip_ratelimit.tdir/unbound_server.pem diff --git a/contrib/unbound/testdata/iter_cname_minimise_nx.rpl b/contrib/unbound/testdata/iter_cname_minimise_nx.rpl new file mode 100644 index 000000000000..a04eb8b24791 --- /dev/null +++ b/contrib/unbound/testdata/iter_cname_minimise_nx.rpl @@ -0,0 +1,245 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: yes + module-config: "validator iterator" + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test cname chain resolution of nxdomain with qname minimisation. +; the qtype CNAME lookup has NXDOMAIN. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 300 IN SOA a. b. 1 2 3 4 300 +example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= +v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC +v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= +example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +c.example.com. IN A +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +SECTION AUTHORITY +example.com. 300 IN SOA a. b. 1 2 3 4 300 +example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= +v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC +v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= +example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +c.example.com. IN CNAME +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +c.example.com. IN CNAME +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +c.example.com. IN CNAME +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +c.example.com. IN CNAME +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +c.example.com. IN CNAME +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +ENTRY_END + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +c.example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +c.example.com. IN A +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +SECTION AUTHORITY +example.com. 300 IN SOA a. b. 1 2 3 4 300 +example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= +v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC +v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= +example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/iter_dname_ttl.rpl b/contrib/unbound/testdata/iter_dname_ttl.rpl new file mode 100644 index 000000000000..115947af3ab3 --- /dev/null +++ b/contrib/unbound/testdata/iter_dname_ttl.rpl @@ -0,0 +1,310 @@ +; config options +; The island of trust is at example.com +; validation is enabled because the pickup of DNAME from cache wants +; a DNSSEC signed DNAME. +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test iterator for TTL of synthesized CNAME of a DNAME from cache. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN CNAME +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 3600 IN CNAME www.example.net. +www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN A +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +foo.example.net. IN A +SECTION ANSWER +foo.example.net. IN A 11.12.13.15 +foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA== +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +foo2.example.net. IN A +SECTION ANSWER +foo2.example.net. IN A 11.12.13.16 +foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ== +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 TIME_PASSES ELAPSE 10 +; Get DNAME in cache and then pick it up again from cache. +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo.test-dname.example.com. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +foo.test-dname.example.com. IN A +SECTION ANSWER +test-dname.example.com. 3600 IN DNAME example.net. +test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo.test-dname.example.com. 3600 IN CNAME foo.example.net. +foo.example.net. IN A 11.12.13.15 +foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA== +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 + +; Use DNAME from cache +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo2.test-dname.example.com. IN A +ENTRY_END + +; Test the TTL on the synthesized CNAME for the DNAME record from cache. +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +foo2.test-dname.example.com. IN A +SECTION ANSWER +test-dname.example.com. 3590 IN DNAME example.net. +test-dname.example.com. 3590 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0= +foo2.test-dname.example.com. 3590 IN CNAME foo2.example.net. +foo2.example.net. 3600 IN A 11.12.13.16 +foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ== +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/iter_failreply.rpl b/contrib/unbound/testdata/iter_failreply.rpl new file mode 100644 index 000000000000..393714196d89 --- /dev/null +++ b/contrib/unbound/testdata/iter_failreply.rpl @@ -0,0 +1,132 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no + log-servfail: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test iterator fail_reply report + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example.net. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. IN AAAA ::1 +ns2.example.net. IN AAAA ::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example.net. IN A +SECTION ANSWER +ns2.example.net. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example.net. IN AAAA +SECTION ANSWER +ns2.example.net. IN AAAA ::1 +ENTRY_END + +RANGE_END + +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 20 CHECK_OUT_QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 21 TIMEOUT +STEP 22 TIMEOUT +STEP 23 TIMEOUT +STEP 24 TIMEOUT +STEP 25 TIMEOUT + +STEP 31 TIMEOUT +STEP 32 TIMEOUT +STEP 33 TIMEOUT +STEP 34 TIMEOUT + +; recursion happens here. +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/iter_ignore_empty.rpl b/contrib/unbound/testdata/iter_ignore_empty.rpl new file mode 100644 index 000000000000..4b2f695b8501 --- /dev/null +++ b/contrib/unbound/testdata/iter_ignore_empty.rpl @@ -0,0 +1,248 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test ignore of an empty response. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example2.com. IN NS +SECTION AUTHORITY +example2.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.foo.com. +SECTION ADDITIONAL +ns.foo.com. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example.net. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns root 4 14400 3600 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns2.example2.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example2.com. IN NS +SECTION ANSWER +example2.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example2.com. IN A +SECTION ANSWER +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example2.com. IN AAAA +SECTION AUTHORITY +example2.com. IN SOA ns2 root 4 14400 3600 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +; foo.com +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.foo.com. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.foo.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +;foo.com. IN SOA ns2.foo.com root.foo.com 4 14400 3600 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +; wait for pending nameserver lookups. +STEP 20 TRAFFIC + +; Test that a nodata stays a nodata. +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.foo.com. IN A +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.foo.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/iter_nat64.rpl b/contrib/unbound/testdata/iter_nat64.rpl new file mode 100644 index 000000000000..dde0a25596c1 --- /dev/null +++ b/contrib/unbound/testdata/iter_nat64.rpl @@ -0,0 +1,117 @@ +; config options +server: + do-nat64: yes + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 2001:db8::1 +CONFIG_END + +SCENARIO_BEGIN Test NAT64 transport for a v4-only server. + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8::1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS FAKE.ROOT. +SECTION ADDITIONAL +FAKE.ROOT. IN AAAA 2001:db8::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +; replies from NS over "NAT64" + +RANGE_BEGIN 0 100 + ADDRESS 64:ff9b::c000:0201 + +; A over NAT64 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN A +SECTION ANSWER +ns.v4only. IN A 192.0.2.1 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +ENTRY_END + +; no AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN AAAA +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION ANSWER +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test.v4only. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/iter_nat64_prefix.rpl b/contrib/unbound/testdata/iter_nat64_prefix.rpl new file mode 100644 index 000000000000..ecb6508dcf55 --- /dev/null +++ b/contrib/unbound/testdata/iter_nat64_prefix.rpl @@ -0,0 +1,119 @@ +; config options +server: + do-nat64: yes + nat64-prefix: 2001:db8:1234::/96 + target-fetch-policy: "0 0 0 0 0" + do-ip4: no + +stub-zone: + name: "." + stub-addr: 2001:db8::1 +CONFIG_END + +SCENARIO_BEGIN Test NAT64 transport for a v4-only server, custom NAT64 prefix. + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8::1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS FAKE.ROOT. +SECTION ADDITIONAL +FAKE.ROOT. IN AAAA 2001:db8::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +; replies from NS over "NAT64" + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8:1234::c000:0201 + +; A over NAT64 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN A +SECTION ANSWER +ns.v4only. IN A 192.0.2.1 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +ENTRY_END + +; no AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN AAAA +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION ANSWER +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test.v4only. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/iter_nat64_prefix48.rpl b/contrib/unbound/testdata/iter_nat64_prefix48.rpl new file mode 100644 index 000000000000..e7c32e8ffc6a --- /dev/null +++ b/contrib/unbound/testdata/iter_nat64_prefix48.rpl @@ -0,0 +1,118 @@ +; config options +server: + do-nat64: yes + nat64-prefix: 2001:db8:2345::/48 + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 2001:db8::1 +CONFIG_END + +SCENARIO_BEGIN Test NAT64 transport, this time with /48 NAT64 prefix. + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8::1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS FAKE.ROOT. +SECTION ADDITIONAL +FAKE.ROOT. IN AAAA 2001:db8::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +; replies from NS over "NAT64" + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8:2345:c000:0002:0100:: + +; A over NAT64 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN A +SECTION ANSWER +ns.v4only. IN A 192.0.2.1 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +ENTRY_END + +; no AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN AAAA +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION ANSWER +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test.v4only. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/iter_scrub_rr_length.rpl b/contrib/unbound/testdata/iter_scrub_rr_length.rpl new file mode 100644 index 000000000000..2ef73c2fe152 --- /dev/null +++ b/contrib/unbound/testdata/iter_scrub_rr_length.rpl @@ -0,0 +1,298 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no + rrset-roundrobin: no + ede: yes + log-servfail: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test scrub of RRs of inappropriate length + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 200 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 200 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 200 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. IN A \# 3 030405 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +www.example.com. IN AAAA 2001:db8::1234 +www.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +broken1.example.com. IN A +SECTION ANSWER +broken1.example.com. IN A \# 3 030405 +broken1.example.com. IN A \# 3 030406 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +broken1.example.com. IN AAAA +SECTION ANSWER +broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F +broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E30 +broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E31 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +broken2.example.com. IN A +SECTION ANSWER +broken2.example.com. IN A 1.2.3.4 +broken2.example.com. IN A \# 3 030405 +broken2.example.com. IN A 1.2.3.5 +broken2.example.com. IN A \# 3 030406 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A \# 3 030407 +ns.example.com. IN A 1.2.3.6 +ns.example.com. IN A \# 3 030408 +ns.example.com. IN A \# 3 030409 +ns.example.com. IN A 1.2.3.7 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN AAAA +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +www.example.com. IN AAAA 2001:db8::1234 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +broken1.example.com. IN A +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +broken1.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +broken1.example.com. IN AAAA +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +broken1.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +broken2.example.com. IN A +ENTRY_END + +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +broken2.example.com. IN A +SECTION ANSWER +broken2.example.com. IN A 1.2.3.4 +broken2.example.com. IN A 1.2.3.5 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.6 +ns.example.com. IN A 1.2.3.7 +ENTRY_END + +STEP 100 QUERY +ENTRY_BEGIN +REPLY RD CD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 110 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=0 +REPLY QR RD CD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.6 +ns.example.com. IN A 1.2.3.7 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.dsc b/contrib/unbound/testdata/ratelimit.tdir/ratelimit.dsc deleted file mode 100644 index abd5307c79ef..000000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: ratelimit -Version: 1.0 -Description: Test ratelimit. -CreationDate: Sun Jan 30 00:40:00 CET 2022 -Maintainer: Yorgos Thessalonikefs -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: ratelimit.pre -Post: ratelimit.post -Test: ratelimit.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.test b/contrib/unbound/testdata/ratelimit.tdir/ratelimit.test deleted file mode 100644 index cc14717405c6..000000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.test +++ /dev/null @@ -1,183 +0,0 @@ -# #-- ratelimit.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh - -get_make -(cd $PRE; $MAKE streamtcp) - -# These tests rely on second time precision. To combat false negatives the -# tests run multiple times and we allow 1/3 of the runs to fail. -total_runs=6 -success_threshold=4 # 2/3*total_runs - -successes=0 -echo "> Three parallel queries" -# For this test we send three parallel queries and we expect only one of them -# to be allowed through each second. -for i in $(seq 1 $total_runs); do - $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - cat outfile - if test `grep "rcode: SERVFAIL" outfile | wc -l` -eq 2; then - ((successes++)) - fi - # We don't have to wait for all the runs to complete if we know - # we passed the threshold. - if test $successes -ge $success_threshold; then - break - fi - sleep 1 -done -if test $successes -ge $success_threshold; then - echo "Number of ratelimited queries OK for three parallel queries" -else - echo "Number of ratelimited queries not OK for three parallel queries" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Number of ratelimited queries not OK for three parallel queries" - exit 1 -fi - -echo "> Activating ratelimit-factor" -echo "$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 3" -$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 3 -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -slipped_through=0 -echo "> Three parallel queries with ratelimit-factor" -# For this test we send three parallel queries and we expect at least two of -# them to be allowed through at a given second; one from the ratelimit itself -# and one from the ratelimit-factor. -for i in {1..10}; do - $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - cat outfile - if test `grep "rcode: SERVFAIL" outfile | wc -l` -lt 2; then - slipped_through=1 - break - fi - sleep 2 -done -if test $slipped_through -eq 0; then - echo "ratelimit-factor did not work" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "ratelimit-factor did not work" - exit 1 -fi -echo "ratelimit-factor OK" - -echo "> Disabling ratelimit-factor" -echo "$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 0" -$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 0 -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "> Activating ratelimit-backoff" -echo "$PRE/unbound-control -c ub.conf set_option ratelimit-backoff: yes" -$PRE/unbound-control -c ub.conf set_option ratelimit-backoff: yes -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -successes=0 -echo "> Three parallel queries with backoff" -# For this test we send three parallel queries. The ratelimit should be reached -# for that second. Then for the next second we again send three parallel -# queries and we expect none of them to be allowed through because of the -# backoff logic that keeps rolling the RATE_WINDOW based on demand. -for i in $(seq 1 $total_runs); do - $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - sleep 1 # Limit is reached; it should also be active for the next second - $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - cat outfile - if test `grep "rcode: SERVFAIL" outfile | wc -l` -eq 3; then - ((successes++)) - fi - # We don't have to wait for all the runs to complete if we know - # we passed the threshold. - if test $successes -ge $success_threshold; then - break - fi -done - -if test $successes -ge $success_threshold; then - echo "three parallel queries with backoff OK" -else - echo "Number of ratelimited queries not OK for three parallel queries with backoff" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Number of ratelimited queries not OK for three parallel queries with backoff" - exit 1 -fi - -echo "> Three parallel queries after backoff RATE_WINDOW" -sleep 3 # Make sure the RATE_WINDOW is renewed -# For this test we make three parallel queries after the RATE_WINDOW has passed -# without any new demand and we expect at least one query to pass through. This -# is to check that the backoff logic does not insist on past (outside of -# RATE_WINDOW) limits. -$PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 -if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 -fi -cat outfile -if test `grep "rcode: NOERROR" outfile | wc -l` -gt 0; then - echo "Number of ratelimited queries OK for three parallel queries after backoff RATE_WINDOW" -else - echo "Number of ratelimited queries not OK for three parallel queries after backoff RATE_WINDOW" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Number of ratelimited queries not OK for three parallel queries after backoff RATE_WINDOW" - exit 1 -fi -exit 0 diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.testns b/contrib/unbound/testdata/ratelimit.tdir/ratelimit.testns deleted file mode 100644 index 673bd15a598b..000000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.testns +++ /dev/null @@ -1,13 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype -REPLY QR AA NOERROR -ADJUST copy_id copy_query -SECTION QUESTION -wild IN A -SECTION ANSWER -wild IN A 10.20.30.40 -ENTRY_END diff --git a/contrib/unbound/testdata/ratelimit.tdir/unbound_control.key b/contrib/unbound/testdata/ratelimit.tdir/unbound_control.key deleted file mode 100644 index 753a4ef6162e..000000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/unbound_control.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA -1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ -F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR -ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm -vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb -IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL -cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr -lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov -15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf -LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ -Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 -YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 -whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c -lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax -tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ -U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 -Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc -Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 -ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ -1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN -b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz -ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C -TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF -tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y -aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 -A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU -LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U -R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy -7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj -7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw -jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 -BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar -kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR -qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 -VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 -MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa -C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/ratelimit.tdir/unbound_control.pem b/contrib/unbound/testdata/ratelimit.tdir/unbound_control.pem deleted file mode 100644 index a1edf7017f1d..000000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/unbound_control.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw -WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA -A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv -OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj -1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl -NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht -A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ -Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB -TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ -nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My -+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj -4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 -hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU -9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn -ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ -pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD -72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ -muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP -uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/ratelimit.tdir/unbound_server.key b/contrib/unbound/testdata/ratelimit.tdir/unbound_server.key deleted file mode 100644 index 370a7bbb2f22..000000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/unbound_server.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI -0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq -GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z -uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K -WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 -FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP -q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL -A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP -7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf -XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 -iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 -2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo -MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj -WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz -O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI -IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN -qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU -dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs -bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr -YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km -7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr -gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z -5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG -ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN -oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ -s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW -zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx -ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 -oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 -BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS -mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 -kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 -7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 -RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O -jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp -O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre -MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/ratelimit.tdir/unbound_server.pem b/contrib/unbound/testdata/ratelimit.tdir/unbound_server.pem deleted file mode 100644 index 986807310f2b..000000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/unbound_server.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 -WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB -igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 -a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 -4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot -aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 -TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ -uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 -+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz -XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx -dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW -84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 -JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca -fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg -XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF -qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 -sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD -yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe -CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.conf b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.conf new file mode 100644 index 000000000000..befb4fbe97b3 --- /dev/null +++ b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.conf @@ -0,0 +1,34 @@ +server: + verbosity: 7 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + # for the test, so that DNSSEC verification works. + #val-override-date: 20230929090000 + trust-anchor: ". DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D" + +remote-control: + control-enable: yes + control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@ + control-use-cert: no + +# for the test, an upstream server in the test setup. +stub-zone: + name: "." + stub-addr: 127.0.0.1@@TOPORT@ + +# hyperlocal root zone +auth-zone: + name: "." + fallback-enabled: yes + for-downstream: no + for-upstream: yes + zonefile: "root.zone" + zonemd-check: yes + zonemd-reject-absence: yes diff --git a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.dsc b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.dsc new file mode 100644 index 000000000000..8015ac2d13ad --- /dev/null +++ b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.dsc @@ -0,0 +1,16 @@ +BaseName: root_zonemd +Version: 1.0 +Description: ZONEMD check for root zone +CreationDate: Fri 29 Sep 09:00:00 CEST 2023 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: root_zonemd.pre +Post: root_zonemd.post +Test: root_zonemd.test +AuxFiles: +Passed: +Failure: diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.post index 5e315088a097..a28599fafe7a 100644 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post +++ b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.post @@ -1,4 +1,4 @@ -# #-- zonemd_reload.post --# +# #-- root_zonemd.post --# # source the master var file when it's there [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master # source the test var file when it's there diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.pre b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.pre index 2bca63b9d56b..fe369bb20bbb 100644 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.pre +++ b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.pre @@ -1,10 +1,25 @@ -# #-- stub_udp_with_tcp_upstream.pre--# +# #-- root_zonemd.pre--# # source the master var file when it's there [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test + . ../common.sh +# attempt to download the root zone +from=k.root-servers.net +dig @$from . AXFR > root.txt +if test $? -ne 0; then + echo "could not fetch root zone" + skip_test "could not fetch root zone" +fi +grep " SOA " root.txt | head -1 > root.soa +cat root.soa >> root.zone +grep -v " SOA " root.txt >> root.zone +echo "fetched root.zone" +ls -l root.zone +cat root.soa + get_random_port 2 UNBOUND_PORT=$RND_PORT FWD_PORT=$(($RND_PORT + 1)) @@ -13,23 +28,23 @@ echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test # start forwarder get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT stub_udp_with_tcp_upstream.testns >fwd.log 2>&1 & +$LDNS_TESTNS -p $FWD_PORT root_zonemd.testns >fwd.log 2>&1 & FWD_PID=$! echo "FWD_PID=$FWD_PID" >> .tpkg.var.test # make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < stub_udp_with_tcp_upstream.conf > ub.conf +CONTROL_PATH=/tmp +CONTROL_PID=$$ +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < root_zonemd.conf > ub.conf # start unbound in the background PRE="../.." $PRE/unbound -d -c ub.conf >unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test +echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test cat .tpkg.var.test - -# wait for forwarder to come up wait_ldns_testns_up fwd.log - -# wait for unbound to come up wait_unbound_up unbound.log diff --git a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.test b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.test new file mode 100644 index 000000000000..2745b5009e8f --- /dev/null +++ b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.test @@ -0,0 +1,63 @@ +# #-- root_zonemd.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +# do the test +echo "> dig . SOA" +dig @127.0.0.1 -p $UNBOUND_PORT . SOA | tee outfile +echo "> check answer" +if grep root-servers outfile | grep "nstld.verisign-grs.com"; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +echo "> unbound-control status" +$PRE/unbound-control -c ub.conf status +if test $? -ne 0; then + echo "wrong exit value." + exit 1 +else + echo "exit value: OK" +fi + +# This is the output when an unsupported algorithm is used. +if grep "auth zone . zonemd DNSSEC verification of SOA and ZONEMD RRsets secure" unbound.log; then + echo "OK" +else + echo "ZONEMD verification not OK" + exit 1 +fi +if grep "auth-zone . ZONEMD hash is correct" unbound.log; then + echo "OK" +else + echo "ZONEMD verification not OK" + exit 1 +fi +if grep "auth zone . ZONEMD verification successful" unbound.log; then + echo "OK" +else + echo "ZONEMD verification not OK" + exit 1 +fi + +echo "> unbound-control auth_zone_reload ." +$PRE/unbound-control -c ub.conf auth_zone_reload . 2>&1 | tee outfile +if test $? -ne 0; then + echo "wrong exit value." + exit 1 +fi +# The output of the reload can be checked. +echo "> check unbound-control output" +if grep ".: ZONEMD verification successful" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +exit 0 diff --git a/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.testns b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.testns new file mode 100644 index 000000000000..d538f2215ecf --- /dev/null +++ b/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.testns @@ -0,0 +1,9 @@ +# reply to everything +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR SERVFAIL +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +ENTRY_END diff --git a/contrib/unbound/testdata/rpz_cached_cname.rpl b/contrib/unbound/testdata/rpz_cached_cname.rpl new file mode 100644 index 000000000000..198b946310bf --- /dev/null +++ b/contrib/unbound/testdata/rpz_cached_cname.rpl @@ -0,0 +1,122 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + rrset-roundrobin: no + access-control: 192.0.0.0/8 allow + +rpz: + name: "rpz.example.com" + rpz-log: yes + rpz-log-name: "rpz.example.com" + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +rpz.example.com. 3600 IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 1 3600 900 86400 3600 +rpz.example.com. 3600 IN NS ns.rpz.example.net. +a.foo.rpz.example.com. 120 IN A 10.99.99.99 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 10.20.30.40 + +CONFIG_END + +SCENARIO_BEGIN Test RPZ with cached CNAME to A record + +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.40 + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS ns. +SECTION ADDITIONAL +ns. IN NS 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +b.foo. IN A +SECTION ANSWER +b.foo. 30 CNAME a.foo. +a.foo. 30 A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +a.foo. IN A +SECTION ANSWER +a.foo. A 1.2.3.4 +ENTRY_END + +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.foo. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +a.foo. IN A +SECTION ANSWER +a.foo. 120 A 10.99.99.99 +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +b.foo. IN A +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +b.foo. IN A +SECTION ANSWER +b.foo. 30 CNAME a.foo. +a.foo. 120 A 10.99.99.99 +ENTRY_END + +STEP 50 TIME_PASSES ELAPSE 3 + +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +b.foo. IN A +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +b.foo. IN A +SECTION ANSWER +b.foo. 30 CNAME a.foo. +a.foo. 120 A 10.99.99.99 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_clientip.rpl b/contrib/unbound/testdata/rpz_clientip.rpl deleted file mode 100644 index 78e05ad91994..000000000000 --- a/contrib/unbound/testdata/rpz_clientip.rpl +++ /dev/null @@ -1,264 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -24.0.0.0.192.rpz-client-ip CNAME . -24.0.1.0.192.rpz-client-ip CNAME *. -24.0.2.0.192.rpz-client-ip CNAME rpz-drop. -24.0.3.0.192.rpz-client-ip CNAME rpz-passthru. -24.0.4.0.192.rpz-client-ip CNAME rpz-tcp-only. -24.0.5.0.192.rpz-client-ip A 127.0.0.1 -24.0.5.0.192.rpz-client-ip TXT "42" -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ client ip triggers - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a. IN NS -SECTION ANSWER -a. IN NS ns.a. -SECTION ADDITIONAL -ns.a IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.a. IN A -SECTION ANSWER -a.a. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.a. IN AAAA -SECTION ANSWER -a.a. IN AAAA 2001:db8::123 -ENTRY_END - -RANGE_END - -; unrelated client ip address -- passthru - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -; should be NXDOMAIN - -STEP 20 QUERY ADDRESS 192.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NXDOMAIN -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -ENTRY_END - -; should be NODATA - -STEP 30 QUERY ADDRESS 192.0.1.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -ENTRY_END - -; should be PASSTHRU - -STEP 40 QUERY ADDRESS 192.0.3.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -; should be TRUNCATED - -STEP 50 QUERY ADDRESS 192.0.4.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA TC RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -ENTRY_END - -; should not be TRUNCATED via TCP - -STEP 52 QUERY ADDRESS 192.0.4.1 -ENTRY_BEGIN -MATCH TCP -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 53 CHECK_ANSWER -ENTRY_BEGIN -MATCH all TCP -REPLY QR RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -; should be synthesized - -STEP 60 QUERY ADDRESS 192.0.5.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN A -ENTRY_END - -STEP 61 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -a.a. IN A -SECTION ANSWER -a.a. IN A 127.0.0.1 -SECTION ADDITIONAL -rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) -ENTRY_END - -; should be synthesized - -STEP 62 QUERY ADDRESS 192.0.5.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 63 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "42" -SECTION ADDITIONAL -rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) -ENTRY_END - -; should be synthesized NODATA - -STEP 64 QUERY ADDRESS 192.0.5.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN AAAA -ENTRY_END - -STEP 65 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -a.a. IN AAAA -SECTION ADDITIONAL -rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) -ENTRY_END - -; should be DROPPED - -STEP 90 QUERY ADDRESS 192.0.2.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_nsdname.rpl b/contrib/unbound/testdata/rpz_nsdname.rpl deleted file mode 100644 index 1c678cc13bad..000000000000 --- a/contrib/unbound/testdata/rpz_nsdname.rpl +++ /dev/null @@ -1,390 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -ns1.gotham.aa.rpz-nsdname CNAME . -ns1.gotham.bb.rpz-nsdname CNAME *. -ns1.gotham.cc.rpz-nsdname CNAME rpz-drop. -ns1.gotham.com.rpz-nsdname CNAME rpz-passthru. -ns1.gotham.dd.rpz-nsdname CNAME rpz-tcp-only. -ns1.gotham.ff.rpz-nsdname A 127.0.0.1 -ns1.gotham.ff.rpz-nsdname TXT "42" -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 1.1.1.1 -CONFIG_END - -SCENARIO_BEGIN Test RPZ nsip triggers - -; . -------------------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 1.1.1.1 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS ns.root. -SECTION ADDITIONAL -ns.root IN A 1.1.1.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS ns1.com. -SECTION ADDITIONAL -ns1.com. IN A 8.8.8.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -aa. IN A -SECTION AUTHORITY -aa. IN NS ns1.aa. -SECTION ADDITIONAL -ns1.aa. IN A 8.8.0.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -bb. IN A -SECTION AUTHORITY -bb. IN NS ns1.bb. -SECTION ADDITIONAL -ns1.bb. IN A 8.8.1.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -cc. IN A -SECTION AUTHORITY -cc. IN NS ns1.cc. -SECTION ADDITIONAL -ns1.cc. IN A 8.8.2.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -dd. IN A -SECTION AUTHORITY -dd. IN NS ns1.dd. -SECTION ADDITIONAL -ns1.dd. IN A 8.8.3.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -ee. IN A -SECTION AUTHORITY -ee. IN NS ns1.ee. -SECTION ADDITIONAL -ns1.ee. IN A 8.8.5.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -ff. IN A -SECTION AUTHORITY -ff. IN NS ns1.ff. -SECTION ADDITIONAL -ns1.ff. IN A 8.8.6.8 -ENTRY_END - -RANGE_END - -; com. ----------------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 8.8.8.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS ns1.com. -SECTION ADDITIONAL -ns1.com. IN A 8.8.8.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION AUTHORITY -gotham.com. IN NS ns1.gotham.com. -SECTION ADDITIONAL -ns1.gotham.com. IN A 192.0.6.1 -ENTRY_END - -RANGE_END - -; aa. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.0.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -aa. IN NS -SECTION ANSWER -aa. IN NS ns1.aa. -SECTION ADDITIONAL -ns1.aa. IN A 8.8.0.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.aa. IN A -SECTION AUTHORITY -gotham.aa. IN NS ns1.gotham.aa. -SECTION ADDITIONAL -ns1.gotham.aa. IN A 192.0.0.1 -ENTRY_END - -RANGE_END - -; bb. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.1.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -bb. IN NS -SECTION ANSWER -bb. IN NS ns1.bb. -SECTION ADDITIONAL -ns1.bb. IN A 8.8.1.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION AUTHORITY -gotham.bb. IN NS ns1.gotham.bb. -SECTION ADDITIONAL -ns1.gotham.bb. IN A 192.0.1.1 -ENTRY_END - -RANGE_END - -; ff. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.6.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ff. IN NS -SECTION ANSWER -ff. IN NS ns1.ff. -SECTION ADDITIONAL -ns1.ff. IN A 8.8.6.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION AUTHORITY -gotham.ff. IN NS ns1.gotham.ff. -SECTION ADDITIONAL -ns1.gotham.ff. IN A 192.0.5.1 -ENTRY_END - -RANGE_END - -; ns1.gotham.com. ------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 192.0.6.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION ANSWER -gotham.com. IN A 192.0.6.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.aa. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.0.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.aa. IN A -SECTION ANSWER -gotham.aa. IN A 192.0.0.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.bb. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.1.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION ANSWER -gotham.bb. IN A 192.0.1.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.ff. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.5.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION ANSWER -gotham.ff. IN A 192.0.5.2 -ENTRY_END - -RANGE_END - -; ---------------------------------------------------------------------------- - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.com. IN A -ENTRY_END - -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION ANSWER -gotham.com. IN A 192.0.6.2 -ENTRY_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.aa. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NXDOMAIN -SECTION QUESTION -gotham.aa. IN A -SECTION ANSWER -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.bb. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.ff. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION ANSWER -gotham.ff. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_nsip.rpl b/contrib/unbound/testdata/rpz_nsip.rpl deleted file mode 100644 index 34dbd9fef816..000000000000 --- a/contrib/unbound/testdata/rpz_nsip.rpl +++ /dev/null @@ -1,408 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.gotham.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -24.0.0.0.192.rpz-nsip CNAME . -24.0.1.0.192.rpz-nsip CNAME *. -24.0.2.0.192.rpz-nsip CNAME rpz-drop. -24.0.3.0.192.rpz-nsip CNAME rpz-passthru. -24.0.4.0.192.rpz-nsip CNAME rpz-tcp-only. -24.0.5.0.192.rpz-nsip A 127.0.0.1 -24.0.5.0.192.rpz-nsip TXT "42" -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 1.1.1.1 -CONFIG_END - -SCENARIO_BEGIN Test RPZ nsip triggers - -; . -------------------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 1.1.1.1 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS ns.root. -SECTION ADDITIONAL -ns.root IN A 1.1.1.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS ns1.com. -SECTION ADDITIONAL -ns1.com. IN A 8.8.8.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -aa. IN A -SECTION AUTHORITY -aa. IN NS ns1.aa. -SECTION ADDITIONAL -ns1.aa. IN A 8.8.0.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -bb. IN A -SECTION AUTHORITY -bb. IN NS ns1.bb. -SECTION ADDITIONAL -ns1.bb. IN A 8.8.1.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -cc. IN A -SECTION AUTHORITY -cc. IN NS ns1.cc. -SECTION ADDITIONAL -ns1.cc. IN A 8.8.2.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -dd. IN A -SECTION AUTHORITY -dd. IN NS ns1.dd. -SECTION ADDITIONAL -ns1.dd. IN A 8.8.3.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -ee. IN A -SECTION AUTHORITY -ee. IN NS ns1.ee. -SECTION ADDITIONAL -ns1.ee. IN A 8.8.5.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -ff. IN A -SECTION AUTHORITY -ff. IN NS ns1.ff. -SECTION ADDITIONAL -ns1.ff. IN A 8.8.6.8 -ENTRY_END - -RANGE_END - -; com. ----------------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 8.8.8.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS ns1.com. -SECTION ADDITIONAL -ns1.com. IN A 8.8.8.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION AUTHORITY -gotham.com. IN NS ns1.gotham.com. -SECTION ADDITIONAL -ns1.gotham.com. IN A 192.0.6.1 -ENTRY_END - -RANGE_END - -; aa. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.0.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -aa. IN NS -SECTION ANSWER -aa. IN NS ns1.aa. -SECTION ADDITIONAL -ns1.aa. IN A 8.8.0.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.aa. IN A -SECTION AUTHORITY -gotham.aa. IN NS ns1.gotham.aa. -SECTION ADDITIONAL -ns1.gotham.aa. IN A 192.0.0.1 -ENTRY_END - -RANGE_END - -; bb. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.1.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -bb. IN NS -SECTION ANSWER -bb. IN NS ns1.bb. -SECTION ADDITIONAL -ns1.bb. IN A 8.8.1.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION AUTHORITY -gotham.bb. IN NS ns1.gotham.bb. -SECTION ADDITIONAL -ns1.gotham.bb. IN A 192.0.1.1 -ENTRY_END - -RANGE_END - -; ff. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.6.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ff. IN NS -SECTION ANSWER -ff. IN NS ns1.ff. -SECTION ADDITIONAL -ns1.ff. IN A 8.8.6.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION AUTHORITY -gotham.ff. IN NS ns1.gotham.ff. -SECTION ADDITIONAL -ns1.gotham.ff. IN A 192.0.5.1 -ENTRY_END - -RANGE_END - -; ns1.gotham.com. ------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 192.0.6.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION ANSWER -gotham.com. IN A 192.0.6.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.aa. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.0.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.aa. IN A -SECTION ANSWER -gotham.aa. IN A 192.0.0.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.bb. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.1.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION ANSWER -gotham.bb. IN A 192.0.1.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.ff. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.5.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION ANSWER -gotham.ff. IN A 192.0.5.2 -ENTRY_END - -RANGE_END - -; ---------------------------------------------------------------------------- - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.com. IN A -ENTRY_END - -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION ANSWER -gotham.com. IN A 192.0.6.2 -ENTRY_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.aa. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NXDOMAIN -SECTION QUESTION -gotham.aa. IN A -SECTION ANSWER -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.bb. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.ff. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION ANSWER -gotham.ff. IN A 127.0.0.1 -ENTRY_END - -; again with more cache items -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.ff. IN A -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION ANSWER -gotham.ff. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_qname_tcponly.rpl b/contrib/unbound/testdata/rpz_qname_tcponly.rpl deleted file mode 100644 index d30b88616227..000000000000 --- a/contrib/unbound/testdata/rpz_qname_tcponly.rpl +++ /dev/null @@ -1,117 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - -rpz: - name: "rpz.example.com." - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -a.a CNAME rpz-passthru. -b.a CNAME rpz-tcp-only. -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ qname trigger and tcp-only action - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a. IN NS -SECTION ANSWER -a. IN NS ns.a. -SECTION ADDITIONAL -ns.a IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -b.a. IN TXT -SECTION ANSWER -b.a. IN TXT "upstream txt rr b.a." -ENTRY_END - -RANGE_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -MATCH UDP -REPLY RD -SECTION QUESTION -b.a. IN TXT -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all UDP -REPLY QR AA TC RD RA NOERROR -SECTION QUESTION -b.a. IN TXT -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -MATCH TCP -REPLY RD -SECTION QUESTION -b.a. IN TXT -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all TCP -REPLY QR RD RA NOERROR -SECTION QUESTION -b.a. IN TXT -SECTION ANSWER -b.a. IN TXT "upstream txt rr b.a." -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_respip_tcponly.rpl b/contrib/unbound/testdata/rpz_respip_tcponly.rpl deleted file mode 100644 index c495de2038a1..000000000000 --- a/contrib/unbound/testdata/rpz_respip_tcponly.rpl +++ /dev/null @@ -1,207 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - -rpz: - name: "rpz.example.com." - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -8.0.0.0.10.rpz-ip CNAME *. -16.0.0.10.10.rpz-ip CNAME . -24.0.10.10.10.rpz-ip CNAME rpz-drop. -32.10.10.10.10.rpz-ip CNAME rpz-passthru. -32.1.1.1.10.rpz-ip CNAME rpz-tcp-only. -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ response IP address trigger and tcp-only action - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS ns. -SECTION ADDITIONAL -ns. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a. IN A -SECTION ANSWER -a. IN A 10.0.0.123 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -b. IN A -SECTION ANSWER -b. IN A 10.1.0.123 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c. IN A -SECTION ANSWER -c. IN A 10.11.0.123 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -d. IN A -SECTION ANSWER -d. IN A 10.10.0.123 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -f. IN A -SECTION ANSWER -f. IN A 10.10.10.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -y. IN A -SECTION ANSWER -y. IN A 10.1.1.1 -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a. IN A -ENTRY_END - -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -a. IN A -SECTION ANSWER -ENTRY_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -b. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -b. IN A -SECTION ANSWER -ENTRY_END - -STEP 13 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d. IN A -ENTRY_END - -STEP 14 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NXDOMAIN -SECTION QUESTION -d. IN A -SECTION ANSWER -ENTRY_END - -STEP 17 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -f. IN A -ENTRY_END - -STEP 18 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -f. IN A -SECTION ANSWER -f. IN A 10.10.10.10 -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -y. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR TC RD RA NOERROR -SECTION QUESTION -y. IN A -SECTION ANSWER -ENTRY_END - -STEP 40 QUERY -ENTRY_BEGIN -MATCH TCP -REPLY RD -SECTION QUESTION -y. IN A -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all TCP -REPLY QR RD RA NOERROR -SECTION QUESTION -y. IN A -SECTION ANSWER -y. IN A 10.1.1.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_rootwc.rpl b/contrib/unbound/testdata/rpz_rootwc.rpl deleted file mode 100644 index 1fb94a1439fa..000000000000 --- a/contrib/unbound/testdata/rpz_rootwc.rpl +++ /dev/null @@ -1,162 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - -rpz: - name: "rpz.example.com." - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -a CNAME . -a CNAME *. ; duplicate CNAME here on purpose -*.a TXT "wildcard local data" -* CNAME . -b.a CNAME *. -c.a CNAME rpz-passthru. -TEMPFILE_END - -rpz: - name: "rpz2.example.com." - zonefile: -TEMPFILE_NAME rpz2.example.com -TEMPFILE_CONTENTS rpz2.example.com -$ORIGIN example.com. -rpz2 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz2.example.com. -a TXT "local data 2nd zone" -d TXT "local data 2nd zone" -e CNAME *.a.example. -*.e CNAME *.b.example. -drop CNAME rpz-drop. -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -stub-zone: - name: "example." - stub-addr: 10.20.30.50 -CONFIG_END - -SCENARIO_BEGIN Test RPZ QNAME trigger for root wildcard. - -; a. -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a. IN NS -SECTION ANSWER -a. IN NS ns.a. -SECTION ADDITIONAL -ns.a IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c.a. IN TXT -SECTION ANSWER -c.a. IN TXT "answer from upstream ns" -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -x.b.a. IN TXT -SECTION ANSWER -x.b.a. IN TXT "answer from upstream ns" -ENTRY_END - -RANGE_END - -; example. -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.50 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example. IN NS -SECTION ANSWER -example. IN NS ns.example. -SECTION ADDITIONAL -ns.example IN A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -e.a.example. IN TXT -SECTION ANSWER -e.a.example. IN TXT "e.a.example. answer from upstream ns" -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -something.e.b.example. IN TXT -SECTION ANSWER -something.e.b.example. IN TXT "*.b.example. answer from upstream ns" -ENTRY_END - -RANGE_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -x. IN TXT -ENTRY_END - -; wildcard deny all -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NXDOMAIN -SECTION QUESTION -x. IN TXT -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -y.tld. IN TXT -ENTRY_END - -; wildcard deny all -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NXDOMAIN -SECTION QUESTION -y.tld. IN TXT -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_signal_nxdomain_ra.rpl b/contrib/unbound/testdata/rpz_signal_nxdomain_ra.rpl deleted file mode 100644 index b89498cf9626..000000000000 --- a/contrib/unbound/testdata/rpz_signal_nxdomain_ra.rpl +++ /dev/null @@ -1,254 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-signal-nxdomain-ra: yes - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -a.a CNAME . -b.a CNAME . -ns1.a.rpz-nsdname CNAME . -24.0.0.0.192.rpz-nsip CNAME . -24.0.3.0.192.rpz-client-ip CNAME . -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ qname trigger and signal NXDOMAIN with unset RA. - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a. IN NS -SECTION ANSWER -a. IN NS ns.a. -SECTION ADDITIONAL -ns.a IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -b.a. IN TXT -SECTION ANSWER -b.a. IN TXT "upstream txt rr b.a." -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c.a. IN TXT -SECTION ANSWER -c.a. IN CNAME b.a -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -d.a. IN NS -SECTION ANSWER -SECTION AUTHORITY -d.a. IN NS ns1.a. -SECTION ADDITIONAL -ns1.a. IN A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -e.a. IN NS -SECTION ANSWER -SECTION AUTHORITY -e.a. IN NS ns2.a. -SECTION ADDITIONAL -ns2.a. IN A 192.0.0.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -f.a. IN TXT -SECTION ANSWER -f.a. IN TXT "upstream txt rr f.a." -ENTRY_END - -RANGE_END - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.50 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -d.a. IN NS -SECTION ANSWER -d.a. IN NS ns1.a. -SECTION ADDITIONAL -ns1.a. IN A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -d.d.a. IN TXT -SECTION ANSWER -d.d.a. IN TXT "upstream answer for d.d.a" -ENTRY_END - -RANGE_END - -RANGE_BEGIN 0 100 - ADDRESS 192.0.0.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -e.a. IN NS -SECTION ANSWER -e.a. IN NS ns2.a. -SECTION ADDITIONAL -ns2.a. IN A 192.0.0.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -e.e.a. IN TXT -SECTION ANSWER -e.e.a. IN TXT "upstream answer for e.e.a" -ENTRY_END - -RANGE_END - -; qname trigger -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD AA NXDOMAIN -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -ENTRY_END - -; qname trigger after cname -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -c.a. IN TXT -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD AA NXDOMAIN -SECTION QUESTION -c.a. IN TXT -SECTION ANSWER -c.a. IN CNAME b.a -ENTRY_END - -; nsdname trigger -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.d.a. IN TXT -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD AA NXDOMAIN -SECTION QUESTION -d.d.a. IN TXT -SECTION ANSWER -ENTRY_END - -; nsip trigger -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -e.e.a. IN TXT -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD AA NXDOMAIN -SECTION QUESTION -e.e.a. IN TXT -SECTION ANSWER -ENTRY_END - -; clientip trigger -STEP 50 QUERY ADDRESS 192.0.3.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -f.a. IN TXT -ENTRY_END - -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD NXDOMAIN -SECTION QUESTION -f.a. IN TXT -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rrset_use_cached.rpl b/contrib/unbound/testdata/rrset_use_cached.rpl new file mode 100644 index 000000000000..8420ae02afe6 --- /dev/null +++ b/contrib/unbound/testdata/rrset_use_cached.rpl @@ -0,0 +1,151 @@ +server: + minimal-responses: no + serve-expired: yes + # The value does not matter, we will not simulate delay. + # We do not want only serve-expired because fetches from that + # apply a generous PREFETCH_LEEWAY. + serve-expired-client-timeout: 1000 + # So that we can only have to give one SERVFAIL answer. + outbound-msg-retry: 0 + +forward-zone: name: "." forward-addr: 216.0.0.1 +CONFIG_END + +SCENARIO_BEGIN RRset from cache updates the message TTL. + +STEP 1 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A +ENTRY_END +; the query is sent to the forwarder - no cache yet. +STEP 2 CHECK_OUT_QUERY +ENTRY_BEGIN + MATCH qname qtype opcode + SECTION QUESTION + www.example.com. IN A +ENTRY_END +STEP 3 REPLY +ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + ; authoritative answer + REPLY QR AA RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 5 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 10.20.30.50 +ENTRY_END +STEP 4 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 5 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 10.20.30.50 +ENTRY_END + +; Wait for the A RRSET to expire. +STEP 5 TIME_PASSES ELAPSE 6 + +STEP 6 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A +ENTRY_END +; expired answer will not be served due to serve-expired-client-timeout. +STEP 7 CHECK_OUT_QUERY +ENTRY_BEGIN + MATCH qname qtype opcode + SECTION QUESTION + www.example.com. IN A +ENTRY_END +STEP 8 REPLY +ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + ; authoritative answer + REPLY QR AA RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 5 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 10.20.30.50 +ENTRY_END +; The cached NS related RRSETs will not be overwritten by the fresh answer. +; The message should have a TTL of 4 instead of 5 from above. +STEP 9 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 5 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. 4 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 4 IN A 10.20.30.50 +ENTRY_END + +; Wait for the NS RRSETs to expire. +STEP 10 TIME_PASSES ELAPSE 5 + +STEP 11 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A +ENTRY_END +; The message should be expired, again no expired answer at this point due to +; serve-expired-client-timeout. +STEP 12 CHECK_OUT_QUERY +ENTRY_BEGIN + MATCH qname qtype opcode + SECTION QUESTION + www.example.com. IN A +ENTRY_END +STEP 13 REPLY +ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR RD RA SERVFAIL + SECTION QUESTION + www.example.com. IN A +ENTRY_END +; The SERVFAIL will trigger the serve-expired-client-timeout logic to try and +; replace the SERVFAIL with a possible cached (expired) answer. +; The A RRSET would be at 0TTL left (not expired) but the message should have +; been updated to use a TTL of 4 so expired by now. +; If the message TTL was not updated (bug), this message would be treated as +; non-expired and the now expired NS related RRSETs would fail sanity checks +; for non-expired messages. The result would be SERVFAIL here. +STEP 14 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 0 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. 30 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 30 IN A 10.20.30.50 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_0ttl_nodata.rpl b/contrib/unbound/testdata/serve_expired_0ttl_nodata.rpl new file mode 100644 index 000000000000..7f1b5a565853 --- /dev/null +++ b/contrib/unbound/testdata/serve_expired_0ttl_nodata.rpl @@ -0,0 +1,154 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is NODATA; will be cached for the SOA negative TTL. +; - check that the client gets the NODATA; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the NODATA (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NODATA +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Wait for the NXDOMAIN to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NODATA +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_0ttl_nxdomain.rpl b/contrib/unbound/testdata/serve_expired_0ttl_nxdomain.rpl new file mode 100644 index 000000000000..4adb4b839a69 --- /dev/null +++ b/contrib/unbound/testdata/serve_expired_0ttl_nxdomain.rpl @@ -0,0 +1,154 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is NXDOMAIN; will be cached for the SOA negative TTL. +; - check that the client gets the NXDOMAIN; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NXDOMAIN +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Wait for the NXDOMAIN to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NXDOMAIN +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_0ttl_servfail.rpl b/contrib/unbound/testdata/serve_expired_0ttl_servfail.rpl new file mode 100644 index 000000000000..6833af17b827 --- /dev/null +++ b/contrib/unbound/testdata/serve_expired_0ttl_servfail.rpl @@ -0,0 +1,129 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with SERVFAIL followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) +; - check that the client gets the SERVFAIL; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached SERVFAIL +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_cached_servfail.rpl b/contrib/unbound/testdata/serve_expired_cached_servfail.rpl new file mode 100644 index 000000000000..f5f4c7030198 --- /dev/null +++ b/contrib/unbound/testdata/serve_expired_cached_servfail.rpl @@ -0,0 +1,130 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 123 + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply +; Scenario overview: +; - query for example.com. IN A +; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) +; - check that the client gets the SERVFAIL; also cached +; - query again right after the TTL expired +; - cached SERVFAIL should be ignored and upstream queried +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the cached SERVFAIL +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 31 TIME_PASSES ELAPSE 6 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/serve_expired_cached_servfail_refresh.rpl b/contrib/unbound/testdata/serve_expired_cached_servfail_refresh.rpl new file mode 100644 index 000000000000..9b7c1fda16c1 --- /dev/null +++ b/contrib/unbound/testdata/serve_expired_cached_servfail_refresh.rpl @@ -0,0 +1,145 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 123 + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply +; Scenario overview: +; - query for example.com. IN A +; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) +; - check that the client gets the SERVFAIL; also cached +; - query again right after the TTL expired +; - cached SERVFAIL should be ignored and upstream queried +; - answer from upstream is still SERVFAIL; the cached error response will be +; refreshed for another NORR_TTL(5) +; - check that the client gets the SERVFAIL +; - query again; the upstream now has the answer available +; - check that we get the refreshed cached response instead + +; ns.example.com. +RANGE_BEGIN 0 50 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 60 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the cached SERVFAIL +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 31 TIME_PASSES ELAPSE 6 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be refreshed) +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Query again, upstream has the real answer available +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the refreshed cached SERVFAIL +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values_cachedb.conf b/contrib/unbound/testdata/stat_values.tdir/stat_values_cachedb.conf new file mode 100644 index 000000000000..b5e9b0e02932 --- /dev/null +++ b/contrib/unbound/testdata/stat_values.tdir/stat_values_cachedb.conf @@ -0,0 +1,36 @@ +server: + verbosity: 5 + module-config: "cachedb iterator" + serve-expired: yes + num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + extended-statistics: yes + identity: "stat_values" + outbound-msg-retry: 0 + root-key-sentinel: no + trust-anchor-signaling: no + + local-zone: local.zone static + local-data: "www.local.zone A 192.0.2.1" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +forward-zone: + name: "expired." + forward-addr: "127.0.0.1@@EXPIREDPORT@" diff --git a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf b/contrib/unbound/testdata/stat_values.tdir/stat_values_downstream_cookies.conf index c563416aefbe..21e78829fc8e 100644 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf +++ b/contrib/unbound/testdata/stat_values.tdir/stat_values_downstream_cookies.conf @@ -1,18 +1,7 @@ -auth-zone: - name: "example.com" - for-upstream: yes - for-downstream: yes - url: "https://127.0.0.1:@TOPORT@/example.com.zone" -remote-control: - control-enable: yes - control-interface: 127.0.0.1 - control-port: @CONTROL_PORT@ - server-key-file: "unbound_server.key" - server-cert-file: "unbound_server.pem" - control-key-file: "unbound_control.key" - control-cert-file: "unbound_control.pem" server: - verbosity: 7 + verbosity: 5 + module-config: "iterator" + num-threads: 1 interface: 127.0.0.1 port: @PORT@ use-syslog: no @@ -20,5 +9,24 @@ server: pidfile: "unbound.pid" chroot: "" username: "" - do-not-query-localhost: no - use-caps-for-id: yes + extended-statistics: yes + identity: "stat_values" + outbound-msg-retry: 0 + root-key-sentinel: no + trust-anchor-signaling: no + + local-zone: local.zone static + local-data: "www.local.zone A 192.0.2.1" + + answer-cookie: yes + access-control: 127.0.0.1 allow_cookie + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.conf b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.conf deleted file mode 100644 index d57c787b154c..000000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.conf +++ /dev/null @@ -1,19 +0,0 @@ -server: - verbosity: 2 - # num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no -stub-zone: - name: "tcp.example.com" - stub-addr: "127.0.0.1@@TOPORT@" - stub-tcp-upstream: "yes" -stub-zone: - name: "udp.example.com" - stub-addr: "127.0.0.1@@TOPORT@" - stub-tcp-upstream: "no"
\ No newline at end of file diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.dsc b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.dsc deleted file mode 100644 index 526ff67f98f9..000000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: stub_udp_with_tcp_upstream -Version: 1.0 -Description: Stub server contacted via UDP with tcp upstream. -CreationDate: Thu Aug 5 07:44:41 CEST 2021 -Maintainer: ziollek -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: stub_udp_with_tcp_upstream.pre -Post: stub_udp_with_tcp_upstream.post -Test: stub_udp_with_tcp_upstream.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.post b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.post deleted file mode 100644 index c804b6c46d64..000000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.post +++ /dev/null @@ -1,10 +0,0 @@ -# #-- stub_udp_with_tcp_upstream.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -kill_pid $FWD_PID -kill_pid $UNBOUND_PID diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.test b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.test deleted file mode 100644 index 43591ac16c0f..000000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.test +++ /dev/null @@ -1,37 +0,0 @@ -# #-- stub_udp_with_tcp_upstream.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -# do the test -echo "> dig tcp.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT tcp.example.com. | tee outfile -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> check answer" -if grep "10.20.30.40" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - - -# check if second stub is requested via udp -echo "> dig udp.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT udp.example.com. | tee outfile -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> check answer" -if grep "10.20.30.80" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.testns b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.testns deleted file mode 100644 index f2155414e045..000000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.testns +++ /dev/null @@ -1,48 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -MATCH TCP -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -tcp IN A -SECTION ANSWER -tcp IN A 10.20.30.40 -SECTION AUTHORITY -@ IN NS ns.example.com. -SECTION ADDITIONAL -ns IN A 127.0.0.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -MATCH UDP -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -udp IN A -SECTION ANSWER -udp IN A 10.20.30.80 -SECTION AUTHORITY -@ IN NS ns.example.com. -SECTION ADDITIONAL -ns IN A 127.0.0.1 -ENTRY_END - -; root prime -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS root.server. -SECTION AUTHORITY -SECTION ADDITIONAL -root.server. IN A 127.0.0.1 -ENTRY_END - diff --git a/contrib/unbound/testdata/subnet_cached_ede.crpl b/contrib/unbound/testdata/subnet_cached_ede.crpl new file mode 100644 index 000000000000..36bb28fcc180 --- /dev/null +++ b/contrib/unbound/testdata/subnet_cached_ede.crpl @@ -0,0 +1,114 @@ +; Ask the same question twice. Check to see second is answered +; from cache + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache validator iterator" + verbosity: 3 + qname-minimisation: no + minimal-responses: no + ede: yes + val-log-level: 2 + trust-anchor: "example.nl. DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1" + +stub-zone: + name: "example.nl" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test subnetcache support for caching EDEs. + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.nl. IN DNSKEY +SECTION ANSWER +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.nl. IN A +SECTION ANSWER +example.nl. IN A 1.2.3.4 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END +RANGE_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; get the entry in cache. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.nl. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 00 00 ; 127.0.0.0/17 + HEX_EDNSDATA_END +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +example.nl. IN A +ENTRY_END + +; query again for the cached entry +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.nl. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 00 00 ; 127.0.0.0/17 + HEX_EDNSDATA_END +ENTRY_END + +; this must be a cached answer since stub is not answering in this range +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +example.nl. IN A +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_cached_servfail.crpl b/contrib/unbound/testdata/subnet_cached_servfail.crpl new file mode 100644 index 000000000000..9c746d579124 --- /dev/null +++ b/contrib/unbound/testdata/subnet_cached_servfail.crpl @@ -0,0 +1,167 @@ +; Check if an expired SERVFAIL answer stored in the global cache does not block +; ECS queries to reach the ECS cache. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 21 + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + serve-expired: yes + prefetch: yes + +stub-zone: + name: "example.com." + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR SERVFAIL + SECTION QUESTION + www.example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 11 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 05 ; option length + 00 01 ; Family + 08 00 ; source mask, scopemask + 7f ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; Bring the cached SERVFAIL to prefetch time +STEP 10 TIME_PASSES ELAPSE 5 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 05 ; OPC, optlen + 00 01 08 00 ; ip4, source 8, scope 0 + 7f ; 127.0.0.0/8 +HEX_EDNSDATA_END +ENTRY_END + +; This answer was cached but a prefetch was triggerred +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 13 TIME_PASSES ELAPSE 2 + +; Query again to verify that the record was prefetched and stored in the ECS +; cache (because the server replied with ECS this time) +STEP 14 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 05 ; OPC, optlen + 00 01 08 00 ; ip4, source 8, scope 0 + 7f ; 127.0.0.0/8 +HEX_EDNSDATA_END +ENTRY_END + +; This record came from the ECS cache +STEP 15 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3598 IN NS ns.example.com. +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 05 ; OPC, optlen + 00 01 08 08 ; ip4, source 8, scope 0 + 7f ; 127.0.0.0/8 +HEX_EDNSDATA_END +ns.example.com. 3598 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_global_prefetch.crpl b/contrib/unbound/testdata/subnet_global_prefetch.crpl new file mode 100644 index 000000000000..2f005d43b905 --- /dev/null +++ b/contrib/unbound/testdata/subnet_global_prefetch.crpl @@ -0,0 +1,236 @@ +; Check if the prefetch option works properly for messages stored in the global +; cache for non-ECS clients. The prefetch query needs to result in an ECS +; outgoing query based on the client's IP. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 21 + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + prefetch: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 11 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache (because no ECS from upstream) +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Try to trigger a prefetch +STEP 3 TIME_PASSES ELAPSE 9 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the global cache and a prefetch was triggered. +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 1 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3591 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3591 IN A 1.2.3.4 +ENTRY_END + +; Allow time to pass so that the global cache record is expired. +STEP 13 TIME_PASSES ELAPSE 2 + +; Query again to verify that the record was prefetched and stored in the ECS +; cache. +STEP 15 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the ECS cache. +STEP 16 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3598 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3598 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_global_prefetch_always_forward.crpl b/contrib/unbound/testdata/subnet_global_prefetch_always_forward.crpl new file mode 100644 index 000000000000..ccfe5dfd6ea1 --- /dev/null +++ b/contrib/unbound/testdata/subnet_global_prefetch_always_forward.crpl @@ -0,0 +1,167 @@ +; Check if the prefetch option works properly when serve-expired is combined +; with client-subnet-always-forward for non-ECS clients. The prefetch query +; needs to result in an outgoing query without ECS. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + serve-expired: yes + client-subnet-always-forward: yes + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test serve-expired and client-subnet-always-forward without ECS in the request + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Wait for the TTL to expire +STEP 3 TIME_PASSES ELAPSE 20 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the global cache and a prefetch was triggered +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3580 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3580 IN A 1.2.3.4 +ENTRY_END + +STEP 13 CHECK_OUT_QUERY +ENTRY_BEGIN + MATCH all + REPLY NOERROR DO + SECTION QUESTION + www.example.com. IN A +ENTRY_END + +STEP 14 TRAFFIC + +SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_global_prefetch_expired.crpl b/contrib/unbound/testdata/subnet_global_prefetch_expired.crpl new file mode 100644 index 000000000000..de1b780553a9 --- /dev/null +++ b/contrib/unbound/testdata/subnet_global_prefetch_expired.crpl @@ -0,0 +1,241 @@ +; Check if the prefetch option works properly for messages stored in the global +; cache for non-ECS clients. The prefetch query needs to result in an ECS +; outgoing query based on the client's IP. +; Prefetch initiated via serve-expired. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 21 + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + serve-expired: yes + serve-expired-ttl: 1 + prefetch: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled (initiated via serve-expired) + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 11 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache (because no ECS from upstream) +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Try to trigger a prefetch with expired data +STEP 3 TIME_PASSES ELAPSE 11 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This expired record came from the global cache and a prefetch is triggered. +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3589 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3589 IN A 1.2.3.4 +ENTRY_END + +;STEP 13 TRAFFIC +; Allow enough time to pass so that the expired record from the global cache +; cannot be used anymore. +STEP 14 TIME_PASSES ELAPSE 1 + +; Query again to verify that the record was prefetched and stored in the ECS +; cache. +STEP 15 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the ECS cache. +STEP 16 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 9 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3599 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3599 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_prezero.crpl b/contrib/unbound/testdata/subnet_prezero.crpl new file mode 100644 index 000000000000..22cdfffb03b3 --- /dev/null +++ b/contrib/unbound/testdata/subnet_prezero.crpl @@ -0,0 +1,155 @@ +; subnet unit test +server: + trust-anchor-signaling: no + send-client-subnet: 1.2.3.4 + send-client-subnet: 1.2.3.5 + target-fetch-policy: "0 0 0 0 0" + module-config: "subnetcache validator iterator" + qname-minimisation: no + minimal-responses: no + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test subnetcache source prefix zero from client. +; In RFC7871 section-7.1.2 (para. 2). +; It says that the recursor must send no EDNS subnet or its own address +; in the EDNS subnet to the upstream server. And use that answer for the +; source prefix length zero query. That type of query is for privacy. +; The authority server is then going to use the resolver's IP, if any, to +; tailor the answer to the query source address. + +; ns.example.com +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + +; reply with 0.0.0.0/0 in reply +; For the test the answers for 0.0.0.0/0 queries are SERVFAIL, the normal +; answers are NOERROR. +ENTRY_BEGIN +MATCH opcode qtype qname ednsdata +ADJUST copy_id +REPLY QR AA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME star.c10r.example.com. +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 04 ; OPCODE=subnet, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ; 0.0.0.0/0 +HEX_EDNSDATA_END +ENTRY_END + +; reply without subnet +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME star.c10r.example.com. +ENTRY_END + +; delegation answer for c10r.example.com, with subnet /0 +ENTRY_BEGIN +MATCH opcode subdomain ednsdata +ADJUST copy_id copy_query +REPLY QR DO SERVFAIL +SECTION QUESTION +c10r.example.com. IN NS +SECTION AUTHORITY +c10r.example.com. IN NS ns.c10r.example.com. +SECTION ADDITIONAL +ns.c10r.example.com. IN A 1.2.3.5 +HEX_EDNSDATA_BEGIN + 00 08 00 04 ; OPCODE=subnet, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ; 0.0.0.0/0 +HEX_EDNSDATA_END +ENTRY_END + +; delegation answer for c10r.example.com, without subnet +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR DO NOERROR +SECTION QUESTION +c10r.example.com. IN NS +SECTION AUTHORITY +c10r.example.com. IN NS ns.c10r.example.com. +SECTION ADDITIONAL +ns.c10r.example.com. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.c10r.example.com +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 + +; reply with 0.0.0.0/0 in reply +ENTRY_BEGIN +MATCH opcode qtype qname ednsdata +ADJUST copy_id +REPLY QR AA DO SERVFAIL +SECTION QUESTION +star.c10r.example.com. IN A +SECTION ANSWER +star.c10r.example.com. IN A 1.2.3.6 +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 04 ; OPCODE=subnet, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ; 0.0.0.0/0 +HEX_EDNSDATA_END +ENTRY_END + +; reply without subnet +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +star.c10r.example.com. IN A +SECTION ANSWER +star.c10r.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ask for www.example.com +; server answers with CNAME to a delegation, that then +; returns a /24 answer. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 04 ; OPCODE=subnet, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ; 0.0.0.0/0 +HEX_EDNSDATA_END +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME star.c10r.example.com. +star.c10r.example.com. IN A 1.2.3.6 +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 04 ; OPCODE=subnet, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ; 0.0.0.0/0 +HEX_EDNSDATA_END +ENTRY_END +SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_scopezero_noedns.crpl b/contrib/unbound/testdata/subnet_scopezero_noedns.crpl new file mode 100644 index 000000000000..25df0dd71cf2 --- /dev/null +++ b/contrib/unbound/testdata/subnet_scopezero_noedns.crpl @@ -0,0 +1,441 @@ +; scope of 0, if the query also had scope of 0, do not answer this +; to everyone, but only for scope 0 queries. Otherwise can answer cached. + +server: + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + module-config: "subnetcache validator iterator" + verbosity: 4 + qname-minimisation: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test subnet cache with scope zero response without EDNS. + +; the upstream server. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + +ENTRY_BEGIN +MATCH opcode qtype qname ednsdata +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ;; we expect to receive empty +HEX_EDNSDATA_END +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 11 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +;copy_ednsdata_assume_clientsubnet +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 00 00 ; address +HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +RANGE_BEGIN 20 31 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +;copy_ednsdata_assume_clientsubnet +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.41 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 01 00 ; address +HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +RANGE_BEGIN 40 51 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +;copy_ednsdata_assume_clientsubnet +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.42 +SECTION AUTHORITY +SECTION ADDITIONAL +;no EDNS in this answer. Tests if the back_parsed callback +;is called to process the lack of edns contents. +;HEX_EDNSDATA_BEGIN + ;00 08 ; OPC + ;00 04 ; option length + ;00 01 ; Family + ;00 00 ; source mask, scopemask + ; ; address 0.0.0.0/0 scope 0 +;HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +RANGE_BEGIN 120 131 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +;copy_ednsdata_assume_clientsubnet +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.43 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 00 ; source mask, scopemask + 7f 02 00 ; address 127.2.0.0/24 scope 0 +HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +; query for 127.0.0.0/24 +STEP 1 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 00 00 ;127.0.0.0/24 +HEX_ANSWER_END +ENTRY_END + +; answer is 10.20.30.40 for 127.0.0.0/24 scope 17 +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 00 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +; query for 127.1.0.0/24 +STEP 20 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 01 00 ;127.1.0.0/24 +HEX_ANSWER_END +ENTRY_END + +; answer is 10.20.30.41 for 127.1.0.0/24 scope 17 +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.41 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.1.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 01 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +; query for 0.0.0.0/0 +STEP 40 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 08 + + 00 08 00 04 ; OPC, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ;0.0.0.0/0 +HEX_ANSWER_END +ENTRY_END + +; answer is 10.20.30.42 for 0.0.0.0/0 scope 0 +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.42 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 ; OPC + 00 04 ; option length + 00 01 ; Family + 00 00 ; source mask, scopemask + ; address +HEX_EDNSDATA_END +ENTRY_END + +; query for 127.0.0.0/24, again, it should be in cache. +; and not from the scope 0 answer. +STEP 60 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 00 00 ;127.0.0.0/24 +HEX_ANSWER_END +ENTRY_END + +; answer should be 10.20.30.40 for 127.0.0.0/24 scope 17 +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 00 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +; query for 127.1.0.0/24, again, it should be in cache. +STEP 80 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 01 00 ;127.1.0.0/24 +HEX_ANSWER_END +ENTRY_END + +; answer should be 10.20.30.41 for 127.1.0.0/24 scope 17 +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.41 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.1.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 01 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +; query for 0.0.0.0/0, again. +STEP 100 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 08 + + 00 08 00 04 ; OPC, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ;0.0.0.0/0 +HEX_ANSWER_END +ENTRY_END + +; answer should be 10.20.30.42 for 0.0.0.0/0 scope 0 +STEP 110 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.42 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 ; OPC + 00 04 ; option length + 00 01 ; Family + 00 00 ; source mask, scopemask + ; address +HEX_EDNSDATA_END +ENTRY_END + +; now a query for a /24 that gets an answer for a /0. +STEP 120 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 02 00 ;127.2.0.0/24 +HEX_ANSWER_END +ENTRY_END + +; answer should be 10.20.30.43 for 127.2.0.0/24 scope 0 +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.43 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.2.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 00 ; source mask, scopemask + 7f 02 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +; the scope 0 answer is now used to answer queries from +; query for 127.0.0.0/24 +STEP 140 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 00 00 ;127.0.0.0/24 +HEX_ANSWER_END +ENTRY_END + +STEP 150 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.43 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 00 ; source mask, scopemask + 7f 00 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone b/contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone deleted file mode 100644 index 53c89c735ba1..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone +++ /dev/null @@ -1,9 +0,0 @@ -crypto.cloudflare.com. 3600 IN SOA jobs.ns.cloudflare.com. dns.cloudflare.com. ( - 2037099480 ; serial - 10000 ; refresh (2 hours 46 minutes 40 seconds) - 2400 ; retry (40 minutes) - 604800 ; expire (1 week) - 3600 ; minimum (1 hour) - ) -crypto.cloudflare.com. 300 IN HTTPS 1 . alpn=h2 ipv4hint=162.159.135.79,162.159.136.79 echconfig=AEj+CgBETwAgACDeVpr34JzYHDGNFoGWhksj5mpBxradonbqH3X9+h7jHgAEAAEAAQAAABNjbG91ZGZsYXJlLWVzbmkuY29tAAA= ipv6hint=2606:4700:7::a29f:874f,2606:4700:7::a29f:884f - diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.dsc b/contrib/unbound/testdata/svcb.tdir/svcb.dsc deleted file mode 100644 index 6eae7638e9b0..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: svcb -Version: 1.0 -Description: Test SVCB and HTTPS parsing -CreationDate: Fri May 25 12:51:22 UTC 2021 -Maintainer: Tom Carpay -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: -Post: -Test: svcb.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01 b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01 deleted file mode 100644 index c60151692ee8..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01 +++ /dev/null @@ -1,9 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; Here there are multiple instances of the same SvcParamKey in the mandatory list - -f21 HTTPS 1 foo.example.com. ech="123" -f21 HTTPS 1 foo.example.com. echconfig="123" diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02 b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02 deleted file mode 100644 index 9d6f0186d535..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; Port must be a positive number < 65536 - -f22 HTTPS 1 foo.example.com. port=65536 diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03 b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03 deleted file mode 100644 index bb819daae316..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; 65 SvcParams is too many SvcParams; the limit is 64 - -f23 HTTPS 1 foo.example.com. ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a key165=a )
\ No newline at end of file diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04 b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04 deleted file mode 100644 index ae02ac417b1b..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; 256 is too many characters for an alpn; maximum is 255 - -f23 HTTPS 1 foo.example.com. ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" )
\ No newline at end of file diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone b/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone deleted file mode 100644 index 5d6339542f67..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone +++ /dev/null @@ -1,47 +0,0 @@ -$ORIGIN success-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - - -; A particular key does not need to have a value - -s01 SVCB 0 . key123 - - -; echconfig does not need to have a value - -s02 SVCB 0 . echconfig - - -; When "no-default-alpn" is specified in an RR, "alpn" must also be specified -; in order for the RR to be "self-consistent" - -s03 HTTPS 0 . alpn="h2,h3" no-default-alpn - - -; SHOULD is not MUST (so allowed) -; Zone-file implementations SHOULD enforce self-consistency - -s04 HTTPS 0 . no-default-alpn - - -; SHOULD is not MUST (so allowed) -; (port and no-default-alpn are automatically mandatory keys with HTTPS) -; Other automatically mandatory keys SHOULD NOT appear in the list either. - -s05 HTTPS 0 . alpn="dot" no-default-alpn port=853 mandatory=port - -; Any valid base64 is okay for ech -s06 HTTPS 0 . ech="aGVsbG93b3JsZCE=" - -; echconfig is an alias for ech -s07 HTTPS 0 . echconfig="aGVsbG93b3JsZCE=" - -; maximum size allowed in a svcb rdata set (63 SvcParams) - -s08 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a) - -; maximum alpn size allowed (255 characters) - -s09 HTTPS 0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp b/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp deleted file mode 100644 index e504e7b18ad5..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp +++ /dev/null @@ -1,10 +0,0 @@ -success-cases. 3600 IN SOA primary.success-cases. admin.success-cases. 0 0 0 0 0 -s01.success-cases. 3600 IN SVCB 0 . key123 -s02.success-cases. 3600 IN SVCB 0 . ech -s03.success-cases. 3600 IN HTTPS 0 . alpn="h2,h3" no-default-alpn -s04.success-cases. 3600 IN HTTPS 0 . no-default-alpn -s05.success-cases. 3600 IN HTTPS 0 . mandatory=port alpn="dot" no-default-alpn port=853 -s06.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" -s07.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" -s08.success-cases. 3600 IN HTTPS 0 . key11="a" key12="a" key13="a" key14="a" key15="a" key16="a" key17="a" key18="a" key19="a" key110="a" key111="a" key112="a" key113="a" key114="a" key115="a" key116="a" key117="a" key118="a" key119="a" key120="a" key121="a" key122="a" key123="a" key124="a" key125="a" key126="a" key127="a" key128="a" key129="a" key130="a" key131="a" key132="a" key133="a" key134="a" key135="a" key136="a" key137="a" key138="a" key139="a" key140="a" key141="a" key142="a" key143="a" key144="a" key145="a" key146="a" key147="a" key148="a" key149="a" key150="a" key151="a" key152="a" key153="a" key154="a" key155="a" key156="a" key157="a" key158="a" key159="a" key160="a" key161="a" key162="a" key163="a" -s09.success-cases. 3600 IN HTTPS 0 . alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.test b/contrib/unbound/testdata/svcb.tdir/svcb.test deleted file mode 100644 index 17330e08fde6..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.test +++ /dev/null @@ -1,97 +0,0 @@ -# #-- svcb.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - - -# check and write the test vectors in their respective formats -PRE=../.. -if ! $PRE/readzone svcb.test-vectors-pf.zone > svcb.test-vectors-pf.zone.out -then - echo "Could not parse presentation format zone" - exit 1 - -elif ! $PRE/readzone svcb.test-vectors-pf.zone.out > svcb.test-vectors-pf.zone.out.out -then - echo "Could not parse output from presentation format zone" - exit 1 - -elif ! $PRE/readzone svcb.test-vectors-wf.zone > svcb.test-vectors-wf.zone.out -then - echo "Could not parse RFC3597 formatted zone" - exit 1 - -elif ! $PRE/readzone svcb.test-vectors-wf.zone.out > svcb.test-vectors-wf.zone.out.out -then - echo "Could not parse output from RFC3597 formatted zone" - exit 1 -else - echo "All test zones parsed successfully" -fi - - -# check the formatting of the written files -if ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-pf.zone.out.out -then - echo "Parsing inconsistency 1" - exit 1 - -elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out -then - echo "Parsing inconsistency 2" - exit 1 - -elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out.out -then - echo "Parsing inconsistency 3" - exit 1 -else - echo "Parsing of SVCB and HTTPS was consistent" -fi - - -# check all the failure cases -if $PRE/readzone svcb.failure-cases-01 -then - echo "Failure case 01: ech value is not base64 encoded" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-02 -then - echo "Failure case 02: port value needs to be a positive integer < 65536" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-03 -then - echo "Failure case 02: 65 SvcParams is too many SvcParams; the limit is 64" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-04 -then - echo "Failure case 04: 256 is too many characters for an alpn; maximum is 255" - echo "Incorrectly succeeded" - exit 1 -else - echo "All failure cases test successfully" -fi - - -# check all the success and write them -if ! $PRE/readzone svcb.success-cases.zone > svcb.success-cases.zone.out -then - echo "Some particular success cases did not succeed to parse" - exit 1 - -elif ! diff svcb.success-cases.zone.out svcb.success-cases.zone.cmp -then - echo "Some success cases could not be printed" - exit 1 -else - echo "All particular success cases parsed and printed successfully" -fi - - diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone b/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone deleted file mode 100644 index d2cb5087bf9a..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone +++ /dev/null @@ -1,92 +0,0 @@ -$ORIGIN test-vectors. -$TTL 3600 - -@ SOA primary admin 1 3600 1800 7200 3600 - - NS primary -primary A 127.0.0.1 -; D.1. AliasForm - -v01 SVCB 0 foo.example.com. - -; D.2. ServiceForm -; The first form is the simple "use the ownername". - -v02 SVCB 1 . - -; This vector only has a port. - -v03 SVCB 16 foo.example.com. port=53 - -; This example has a key that is not registered, its value is unquoted. - -v04 SVCB 1 foo.example.com. key667=hello - -; This example has a key that is not registered, its value is quoted and -; contains a decimal-escaped character. - -v05 SVCB 1 foo.example.com. key667="hello\210qoo" - -; Here, two IPv6 hints are quoted in the presentation format. - -v06 SVCB 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1" - -; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. - -v07 SVCB 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100" - -; In the next vector, neither the SvcParamValues nor the mandatory keys are -; sorted in presentation format, but are correctly sorted in the wire-format. - -v08 SVCB 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn - ipv4hint=192.0.2.1) - -; This last (two) vectors has an alpn value with an escaped comma and an -; escaped backslash in two presentation formats. - -v09 SVCB 16 foo.example.org. alpn="f\\\\oo\\,bar,h2" -v10 SVCB 16 foo.example.org. alpn=f\\\092oo\092,bar,h2 - - -; D.1. AliasForm - -v11 HTTPS 0 foo.example.com. - -; D.2. ServiceForm -; The first form is the simple "use the ownername". - -v12 HTTPS 1 . - -; This vector only has a port. - -v13 HTTPS 16 foo.example.com. port=53 - -; This example has a key that is not registered, its value is unquoted. - -v14 HTTPS 1 foo.example.com. key667=hello - -; This example has a key that is not registered, its value is quoted and -; contains a decimal-escaped character. - -v15 HTTPS 1 foo.example.com. key667="hello\210qoo" - -; Here, two IPv6 hints are quoted in the presentation format. - -v16 HTTPS 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1" - -; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. - -v17 HTTPS 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100" - -; In the next vector, neither the SvcParamValues nor the mandatory keys are -; sorted in presentation format, but are correctly sorted in the wire-format. - -v18 HTTPS 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn - ipv4hint=192.0.2.1) - -; This last (two) vectors has an alpn value with an escaped comma and an -; escaped backslash in two presentation formats. - -v19 HTTPS 16 foo.example.org. alpn="f\\\\oo\\,bar,h2" -v20 HTTPS 16 foo.example.org. alpn=f\\\092oo\092,bar,h2 - diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone b/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone deleted file mode 100644 index bf47ab75c594..000000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone +++ /dev/null @@ -1,232 +0,0 @@ -$ORIGIN test-vectors. -$TTL 3600 - -@ SOA primary admin 1 3600 1800 7200 3600 - - NS primary -primary A 127.0.0.1 - -; D.1. AliasForm - -v01 SVCB \# 19 ( -00 00 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -) - -; D.2. ServiceForm -; The first form is the simple "use the ownername". - -v02 SVCB \# 3 ( -00 01 ; priority -00 ; target (root label) -) - -; This vector only has a port. - -v03 SVCB \# 25 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 03 ; key 3 -00 02 ; length 2 -00 35 ; value -) - -; This example has a key that is not registered, its value is unquoted. - -v04 SVCB \# 28 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -02 9b ; key 667 -00 05 ; length 5 -68 65 6c 6c 6f ; value -) - -; This example has a key that is not registered, its value is quoted and -; contains a decimal-escaped character. - -v05 SVCB \# 32 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -02 9b ; key 667 -00 09 ; length 9 -68 65 6c 6c 6f d2 71 6f 6f ; value -) - -; Here, two IPv6 hints are quoted in the presentation format. - -v06 SVCB \# 55 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 06 ; key 6 -00 20 ; length 32 -20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address -20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address -) - -; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. - -v07 SVCB \# 35 ( -00 01 ; priority -07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 06 ; key 6 -00 10 ; length 16 -20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address -) - -; In the next vector, neither the SvcParamValues nor the mandatory keys are -; sorted in presentation format, but are correctly sorted in the wire-format. - -v08 SVCB \# 48 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 00 ; key 0 -00 04 ; param length 4 -00 01 ; value: key 1 -00 04 ; value: key 4 -00 01 ; key 1 -00 09 ; param length 9 -02 ; alpn length 2 -68 32 ; alpn value -05 ; alpn length 5 -68 33 2d 31 39 ; alpn value -00 04 ; key 4 -00 04 ; param length 4 -c0 00 02 01 ; param value -) - -; This last (two) vectors has an alpn value with an escaped comma and an -; escaped backslash in two presentation formats. - -v09 SVCB \# 35 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 01 ; key 1 -00 0c ; param length 12 -08 ; alpn length 8 -66 5c 6f 6f 2c 62 61 72 ; alpn value -02 ; alpn length 2 -68 32 ; alpn value -) -v10 SVCB \# 35 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 01 ; key 1 -00 0c ; param length 12 -08 ; alpn length 8 -66 5c 6f 6f 2c 62 61 72 ; alpn value -02 ; alpn length 2 -68 32 ; alpn value -) - -; D.1. AliasForm - -v11 HTTPS \# 19 ( -00 00 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -) - -; D.2. ServiceForm -; The first form is the simple "use the ownername". - -v12 HTTPS \# 3 ( -00 01 ; priority -00 ; target (root label) -) - -; This vector only has a port. - -v13 HTTPS \# 25 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 03 ; key 3 -00 02 ; length 2 -00 35 ; value -) - -; This example has a key that is not registered, its value is unquoted. - -v14 HTTPS \# 28 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -02 9b ; key 667 -00 05 ; length 5 -68 65 6c 6c 6f ; value -) - -; This example has a key that is not registered, its value is quoted and -; contains a decimal-escaped character. - -v15 HTTPS \# 32 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -02 9b ; key 667 -00 09 ; length 9 -68 65 6c 6c 6f d2 71 6f 6f ; value -) - -; Here, two IPv6 hints are quoted in the presentation format. - -v16 HTTPS \# 55 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 06 ; key 6 -00 20 ; length 32 -20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address -20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address -) - -; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. - -v17 HTTPS \# 35 ( -00 01 ; priority -07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 06 ; key 6 -00 10 ; length 16 -20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address -) - -; In the next vector, neither the SvcParamValues nor the mandatory keys are -; sorted in presentation format, but are correctly sorted in the wire-format. - -v18 HTTPS \# 48 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 00 ; key 0 -00 04 ; param length 4 -00 01 ; value: key 1 -00 04 ; value: key 4 -00 01 ; key 1 -00 09 ; param length 9 -02 ; alpn length 2 -68 32 ; alpn value -05 ; alpn length 5 -68 33 2d 31 39 ; alpn value -00 04 ; key 4 -00 04 ; param length 4 -c0 00 02 01 ; param value -) - -; This last (two) vectors has an alpn value with an escaped comma and an -; escaped backslash in two presentation formats. - -v19 HTTPS \# 35 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 01 ; key 1 -00 0c ; param length 12 -08 ; alpn length 8 -66 5c 6f 6f 2c 62 61 72 ; alpn value -02 ; alpn length 2 -68 32 ; alpn value -) -v20 HTTPS \# 35 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 01 ; key 1 -00 0c ; param length 12 -08 ; alpn length 8 -66 5c 6f 6f 2c 62 61 72 ; alpn value -02 ; alpn length 2 -68 32 ; alpn value -) - diff --git a/contrib/unbound/testdata/val_any_negcache.rpl b/contrib/unbound/testdata/val_any_negcache.rpl new file mode 100644 index 000000000000..8800a2140219 --- /dev/null +++ b/contrib/unbound/testdata/val_any_negcache.rpl @@ -0,0 +1,243 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + rrset-roundrobin: no + aggressive-nsec: yes + harden-unknown-additional: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with response to qtype ANY and negative cache. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response with NODATA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN LOC +SECTION AUTHORITY +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION ANSWER +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} +example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. +example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} +example.com. 86400 IN AAAA 2001:7b8:206:1::1 +example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} +example.com. 86400 IN TXT "Stichting NLnet Labs" +example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} +example.com. 86400 IN MX 100 v.net.example. +example.com. 86400 IN MX 50 open.example.com. +example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} +example.com. 86400 IN NS v.net.example. +example.com. 86400 IN NS open.example.com. +example.com. 86400 IN NS ns7.domain-registry.example. +example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} +example.com. 86400 IN A 213.154.224.1 +example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ns7.domain-registry.example. 80173 IN A 62.4.86.230 +open.example.com. 600 IN A 213.154.224.1 +open.example.com. 600 IN AAAA 2001:7b8:206:1::53 +open.example.com. 600 IN AAAA 2001:7b8:206:1::1 +v.net.example. 28800 IN A 213.154.224.17 +v.net.example. 28800 IN AAAA 2001:7b8:206:1:200:39ff:fe59:b187 +johnny.example.com. 600 IN A 213.154.224.44 +open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} +open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} +johnny.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854} +_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854} +_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com. +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +MATCH TCP +REPLY RD DO +SECTION QUESTION +example.com. IN LOC +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +example.com. IN LOC +SECTION ANSWER +SECTION AUTHORITY +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +MATCH TCP +REPLY RD DO +SECTION QUESTION +example.com. IN ANY +ENTRY_END + +; Allow validation resuming for the RRSIGs +STEP 21 TIME_PASSES ELAPSE 0.05 + +; recursion happens here. +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION ANSWER +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} +example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. +example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} +example.com. 86400 IN AAAA 2001:7b8:206:1::1 +example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} +example.com. 86400 IN TXT "Stichting NLnet Labs" +example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} +example.com. 86400 IN MX 100 v.net.example. +example.com. 86400 IN MX 50 open.example.com. +example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} +example.com. 86400 IN NS v.net.example. +example.com. 86400 IN NS open.example.com. +example.com. 86400 IN NS ns7.domain-registry.example. +example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} +example.com. 86400 IN A 213.154.224.1 +example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +open.example.com. 600 IN A 213.154.224.1 +open.example.com. 600 IN AAAA 2001:7b8:206:1::53 +open.example.com. 600 IN AAAA 2001:7b8:206:1::1 +open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} +open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/val_scrub_rr_length.rpl b/contrib/unbound/testdata/val_scrub_rr_length.rpl new file mode 100644 index 000000000000..0219b918e421 --- /dev/null +++ b/contrib/unbound/testdata/val_scrub_rr_length.rpl @@ -0,0 +1,164 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + trust-anchor-signaling: no + minimal-responses: no + rrset-roundrobin: no + ede: yes + log-servfail: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with scrub of RR for inappropriate length + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 55566 example.com. Ni7Q17l2dzKcAnHdU3Mycpdwo0I6qgGxRvBhBNI43xIUFHJpgKpbeMFxKvVTkbwHyMPMIuHmOaC82IBhOpGD10SExVh4erQhWS3Hvl+m4Cwl3WI9N+AW6CTB9yj+d4xzX3bHjjBt6MSk4bU8ABR7qIoAjgjY7zdtUDWQlaM+d18= +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. IN A \# 5 0102030405 +; RRSIG includes the malformed record. +www.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. W4WFu9B81uRvp3Dj8uLIscypznKWuLuKrZqVg1on5/45/3/xyjHvj3TjTL3gruWFXPiQpldvOstXLZ5eN3OpqILdkVey0eqVATujpHwIruY6GWztVx5WptmFfK6E6zzshZ3RmAARqq/czQ+IZli2A9xixdY2H0o1dSU6gohEjjE= +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=0 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/contrib/unbound/testdata/zonemd.example1.zone b/contrib/unbound/testdata/zonemd.example1.zone deleted file mode 100644 index b1a44895f05c..000000000000 --- a/contrib/unbound/testdata/zonemd.example1.zone +++ /dev/null @@ -1,4 +0,0 @@ -example.org. IN SOA ns.example.org. hostmaster.example.org. 200154054 28800 7200 604800 3600 -example.org. IN NS ns.example.org. -www.example.org. IN A 127.0.0.1 -ns.example.org. IN A 127.0.0.1 diff --git a/contrib/unbound/testdata/zonemd.example10.zone b/contrib/unbound/testdata/zonemd.example10.zone deleted file mode 100644 index 33ca2828e019..000000000000 --- a/contrib/unbound/testdata/zonemd.example10.zone +++ /dev/null @@ -1,35 +0,0 @@ -; DNSSEC signed but RRSIG on SOA is wrong. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -; old sig -; example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -; wrong sig -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgeAAAAA= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example11.zone b/contrib/unbound/testdata/zonemd.example11.zone deleted file mode 100644 index 7562f79729b7..000000000000 --- a/contrib/unbound/testdata/zonemd.example11.zone +++ /dev/null @@ -1,33 +0,0 @@ -; DNSSEC NSEC zone, but ZONEMD is missing - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -; missing ZONEMD -;example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -;example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example12.zone b/contrib/unbound/testdata/zonemd.example12.zone deleted file mode 100644 index 4fc04bf88eb2..000000000000 --- a/contrib/unbound/testdata/zonemd.example12.zone +++ /dev/null @@ -1,35 +0,0 @@ -; DNSSEC NSEC3 zone, but ZONEMD is missing - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC3PARAM 1 0 1 012345 -example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= -; missing ZONEMD -;example.com. 3600 IN TYPE63 \# 70 0bee1bc6010246e31506f321c58db811c934c6446141d651a8574fb21088a2bb6feec875fc8b60f50beae00e7f6554e2cf3cb048350ef92e2946137443e30079813db4d1bfbd -;example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. M0f4wkOn6dcYtaQtwvp698QL7HuKEgi+PPjYJawV8d1VNOWbbRTF9L9tHFDK42Ylq238uOxi223ZEk/pq4BP64Sm31dV54K2V95QqdzN9NDD34+sqKEgGyRcmBiE50gm3kZZ4ENqBQKc+GdlbZ2fHSI6gf6X694sSmZ7dfjq+2k= -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/contrib/unbound/testdata/zonemd.example13.zone b/contrib/unbound/testdata/zonemd.example13.zone deleted file mode 100644 index 9f311c91291e..000000000000 --- a/contrib/unbound/testdata/zonemd.example13.zone +++ /dev/null @@ -1,33 +0,0 @@ -; DNSSEC NSEC zone without ZONEMD, but NSEC RRSIG is wrong - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY -; old sig -;example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVJEHMA= -; wrong sig -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVAAAAA= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example14.zone b/contrib/unbound/testdata/zonemd.example14.zone deleted file mode 100644 index bc4cdacdbbf5..000000000000 --- a/contrib/unbound/testdata/zonemd.example14.zone +++ /dev/null @@ -1,35 +0,0 @@ -; DNSSEC NSEC3 zone without ZONEMD, but NSEC3 RRSIG is wrong - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC3PARAM 1 0 1 012345 -example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM -; old sig -;v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxq2kUQ= -; wrong sig -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxAAAAA= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/contrib/unbound/testdata/zonemd.example15.zone b/contrib/unbound/testdata/zonemd.example15.zone deleted file mode 100644 index 8a10689101d7..000000000000 --- a/contrib/unbound/testdata/zonemd.example15.zone +++ /dev/null @@ -1,35 +0,0 @@ -; DNSSEC signed but DNSKEY RRSIG is wrong. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -; old sig -;example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -; wrong sig -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2AAAAA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example16.zone b/contrib/unbound/testdata/zonemd.example16.zone deleted file mode 100644 index 7520744d3180..000000000000 --- a/contrib/unbound/testdata/zonemd.example16.zone +++ /dev/null @@ -1,11 +0,0 @@ -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; the ZONEMD that should be in this file, without DNSSEC -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; duplicate zonemd with same scheme and algorithm (different at end) -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D720000 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 diff --git a/contrib/unbound/testdata/zonemd.example17.zone b/contrib/unbound/testdata/zonemd.example17.zone deleted file mode 100644 index 4315f9054af4..000000000000 --- a/contrib/unbound/testdata/zonemd.example17.zone +++ /dev/null @@ -1,11 +0,0 @@ -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -; capitalisation is different here. -exaMPLe.cOM. IN NS Ns.exaMPLe.cOm. -; the ZONEMD that should be in this file, without DNSSEC -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; capitalisation is different here. -wWW.exAMPLe.cOM. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 diff --git a/contrib/unbound/testdata/zonemd.example2.zone b/contrib/unbound/testdata/zonemd.example2.zone deleted file mode 100644 index 14b7ea689ffa..000000000000 --- a/contrib/unbound/testdata/zonemd.example2.zone +++ /dev/null @@ -1,15 +0,0 @@ -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; the ZONEMD that should be in this file, without DNSSEC -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; incorrect digest in example3 and example4. -;example.com. IN TYPE63 \# 70 0BEE1BC60102EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; correct digest for example 5. -;example.com. IN TYPE63 \# 70 0BEE1BC6010258F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F -; correct digest for example 6. -;example.com. IN TYPE63 \# 70 0BEE1BC6010246E31506F321C58DB811C934C6446141D651A8574FB21088A2BB6FEEC875FC8B60F50BEAE00E7F6554E2CF3CB048350EF92E2946137443E30079813DB4D1BFBD -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 diff --git a/contrib/unbound/testdata/zonemd.example3.zone b/contrib/unbound/testdata/zonemd.example3.zone deleted file mode 100644 index 12389f3d5181..000000000000 --- a/contrib/unbound/testdata/zonemd.example3.zone +++ /dev/null @@ -1,34 +0,0 @@ -; signed version of zonemd.example2.zone -; with ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 -; this zonefile has an incorrect ZONEMD digest, with correct DNSSEC signature. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc60102efaa5b78b38ab1c45de57b8167bcce906451d0e72118e1f5e80b5f0c3cf04bffc65d53c011185528ead439d6f3a02f511961e090e5e4e0dfa013bd276d728b22 -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. RdHiJlugposfoRbog+Mkg2xeJXSzBi/UXxBnyHVF/Usqhp6Z7Acy4XwtRRb8YAbJevP9nBpCh23Fh4b1Vxl4xI0iB8aXWKtHeb98m81rfsflWvnTYbeau3ltfP/OJWqdmFsBy8DOwNxiN8sAMbGwQK8PFDk3lcRCqv8qq/tmow8= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example4.zone b/contrib/unbound/testdata/zonemd.example4.zone deleted file mode 100644 index dae0f17c708c..000000000000 --- a/contrib/unbound/testdata/zonemd.example4.zone +++ /dev/null @@ -1,36 +0,0 @@ -; signed with NSEC3, of zonemd.example.2.zone -; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 -; this zonefile has an incorrect ZONEMD digest, with correct DNSSEC signature. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC3PARAM 1 0 1 012345 -example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= -example.com. 3600 IN TYPE63 \# 70 0bee1bc60102efaa5b78b38ab1c45de57b8167bcce906451d0e72118e1f5e80b5f0c3cf04bffc65d53c011185528ead439d6f3a02f511961e090e5e4e0dfa013bd276d728b22 -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. RdHiJlugposfoRbog+Mkg2xeJXSzBi/UXxBnyHVF/Usqhp6Z7Acy4XwtRRb8YAbJevP9nBpCh23Fh4b1Vxl4xI0iB8aXWKtHeb98m81rfsflWvnTYbeau3ltfP/OJWqdmFsBy8DOwNxiN8sAMbGwQK8PFDk3lcRCqv8qq/tmow8= -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/contrib/unbound/testdata/zonemd.example5.zone b/contrib/unbound/testdata/zonemd.example5.zone deleted file mode 100644 index d88380ade09f..000000000000 --- a/contrib/unbound/testdata/zonemd.example5.zone +++ /dev/null @@ -1,34 +0,0 @@ -; signed version of zonemd.example2.zone -; with ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 -; this zonefile has a correct ZONEMD digest, with correct DNSSEC signature. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example6.zone b/contrib/unbound/testdata/zonemd.example6.zone deleted file mode 100644 index 0a7b05a8dcea..000000000000 --- a/contrib/unbound/testdata/zonemd.example6.zone +++ /dev/null @@ -1,36 +0,0 @@ -; signed with NSEC3, of zonemd.example.2.zone -; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 -; this zonefile has a correct ZONEMD digest, with correct DNSSEC signature. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC3PARAM 1 0 1 012345 -example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010246e31506f321c58db811c934c6446141d651a8574fb21088a2bb6feec875fc8b60f50beae00e7f6554e2cf3cb048350ef92e2946137443e30079813db4d1bfbd -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. M0f4wkOn6dcYtaQtwvp698QL7HuKEgi+PPjYJawV8d1VNOWbbRTF9L9tHFDK42Ylq238uOxi223ZEk/pq4BP64Sm31dV54K2V95QqdzN9NDD34+sqKEgGyRcmBiE50gm3kZZ4ENqBQKc+GdlbZ2fHSI6gf6X694sSmZ7dfjq+2k= -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/contrib/unbound/testdata/zonemd.example7.zone b/contrib/unbound/testdata/zonemd.example7.zone deleted file mode 100644 index 4339bd570c56..000000000000 --- a/contrib/unbound/testdata/zonemd.example7.zone +++ /dev/null @@ -1,31 +0,0 @@ -; DNSSEC NSEC zone without ZONEMD -; created with -; ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVJEHMA= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example8.zone b/contrib/unbound/testdata/zonemd.example8.zone deleted file mode 100644 index 2900753c0483..000000000000 --- a/contrib/unbound/testdata/zonemd.example8.zone +++ /dev/null @@ -1,34 +0,0 @@ -; DNSSEC NSEC3 zone without ZONEMD -; created with -; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC3PARAM 1 0 1 012345 -example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxq2kUQ= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/contrib/unbound/testdata/zonemd.example9.zone b/contrib/unbound/testdata/zonemd.example9.zone deleted file mode 100644 index 9c035aa1310d..000000000000 --- a/contrib/unbound/testdata/zonemd.example9.zone +++ /dev/null @@ -1,35 +0,0 @@ -; signed zone but RRSIG on ZONEMD is wrong. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -; old sig -; example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -; wrong sig -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVAAAAA= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example_a1.zone b/contrib/unbound/testdata/zonemd.example_a1.zone deleted file mode 100644 index 331b45a153d6..000000000000 --- a/contrib/unbound/testdata/zonemd.example_a1.zone +++ /dev/null @@ -1,6 +0,0 @@ -example. 86400 IN SOA ns1 admin 2018031900 ( 1800 900 604800 86400 ) - 86400 IN NS ns1 - 86400 IN NS ns2 - 86400 IN ZONEMD 2018031900 1 1 ( c68090d90a7aed71 6bc459f9340e3d7c 1370d4d24b7e2fc3 a1ddc0b9a87153b9 a9713b3c9ae5cc27 777f98b8e730044c ) -ns1 3600 IN A 203.0.113.63 -ns2 3600 IN AAAA 2001:db8::63 diff --git a/contrib/unbound/testdata/zonemd.example_a2.zone b/contrib/unbound/testdata/zonemd.example_a2.zone deleted file mode 100644 index 56d06ae066bf..000000000000 --- a/contrib/unbound/testdata/zonemd.example_a2.zone +++ /dev/null @@ -1,25 +0,0 @@ -example. 86400 IN SOA ns1 admin 2018031900 ( - 1800 900 604800 86400 ) - 86400 IN NS ns1 - 86400 IN NS ns2 - 86400 IN ZONEMD 2018031900 1 1 ( - 31cefb03814f5062 - ad12fa951ba0ef5f - 8da6ae354a415767 - 246f7dc932ceb1e7 - 42a2108f529db6a3 - 3a11c01493de358d ) -ns1 3600 IN A 203.0.113.63 -ns2 3600 IN AAAA 2001:db8::63 -occluded.sub 7200 IN TXT "I'm occluded but must be digested" -sub 7200 IN NS ns1 -duplicate 300 IN TXT "I must be digested just once" -duplicate 300 IN TXT "I must be digested just once" -foo.test. 555 IN TXT "out-of-zone data must be excluded" -non-apex 900 IN ZONEMD 2018031900 1 1 ( - 616c6c6f77656420 - 6275742069676e6f - 7265642e20616c6c - 6f77656420627574 - 2069676e6f726564 - 2e20616c6c6f7765 ) diff --git a/contrib/unbound/testdata/zonemd.example_a3.zone b/contrib/unbound/testdata/zonemd.example_a3.zone deleted file mode 100644 index 45c47ad0508e..000000000000 --- a/contrib/unbound/testdata/zonemd.example_a3.zone +++ /dev/null @@ -1,30 +0,0 @@ -example. 86400 IN SOA ns1 admin 2018031900 ( - 1800 900 604800 86400 ) -example. 86400 IN NS ns1.example. -example. 86400 IN NS ns2.example. -example. 86400 IN ZONEMD 2018031900 1 1 ( - 62e6cf51b02e54b9 - b5f967d547ce4313 - 6792901f9f88e637 - 493daaf401c92c27 - 9dd10f0edb1c56f8 - 080211f8480ee306 ) -example. 86400 IN ZONEMD 2018031900 1 2 ( - 08cfa1115c7b948c - 4163a901270395ea - 226a930cd2cbcf2f - a9a5e6eb85f37c8a - 4e114d884e66f176 - eab121cb02db7d65 - 2e0cc4827e7a3204 - f166b47e5613fd27 ) -example. 86400 IN ZONEMD 2018031900 1 240 ( - e2d523f654b9422a - 96c5a8f44607bbee ) -example. 86400 IN ZONEMD 2018031900 241 1 ( - e1846540e33a9e41 - 89792d18d5d131f6 - 05fc283e ) -ns1.example. 3600 IN A 203.0.113.63 -ns2.example. 86400 IN TXT "This example has multiple digests" -ns2.example. 3600 IN AAAA 2001:db8::63 diff --git a/contrib/unbound/testdata/zonemd.example_a4.zone b/contrib/unbound/testdata/zonemd.example_a4.zone deleted file mode 100644 index 74b913c89e2b..000000000000 --- a/contrib/unbound/testdata/zonemd.example_a4.zone +++ /dev/null @@ -1,127 +0,0 @@ -uri.arpa. 3600 IN SOA sns.dns.icann.org. ( - noc.dns.icann.org. 2018100702 10800 3600 1209600 3600 ) -uri.arpa. 3600 IN RRSIG NSEC 8 2 3600 ( - 20181028142623 20181007205525 47155 uri.arpa. - eEC4w/oXLR1Epwgv4MBiDtSBsXhqrJVvJWUpbX8XpetAvD35bxwNCUTi - /pAJVUXefegWeiriD2rkTgCBCMmn7YQIm3gdR+HjY/+o3BXNQnz97f+e - HAE9EDDzoNVfL1PyV/2fde9tDeUuAGVVwmD399NGq9jWYMRpyri2kysr q/g= ) -uri.arpa. 86400 IN RRSIG NS 8 2 86400 ( - 20181028172020 20181007175821 47155 uri.arpa. - ATyV2A2A8ZoggC+68u4GuP5MOUuR+2rr3eWOkEU55zAHld/7FiBxl4ln - 4byJYy7NudUwlMOEXajqFZE7DVl8PpcvrP3HeeGaVzKqaWj+aus0jbKF - Bsvs2b1qDZemBfkz/IfAhUTJKnto0vSUicJKfItu0GjyYNJCz2CqEuGD Wxc= ) -uri.arpa. 600 IN RRSIG MX 8 2 600 ( - 20181028170556 20181007175821 47155 uri.arpa. - e7/r3KXDohX1lyVavetFFObp8fB8aXT76HnN9KCQDxSnSghNM83UQV0t - lTtD8JVeN1mCvcNFZpagwIgB7XhTtm6Beur/m5ES+4uSnVeS6Q66HBZK - A3mR95IpevuVIZvvJ+GcCAQpBo6KRODYvJ/c/ZG6sfYWkZ7qg/Em5/+3 4UI= ) -uri.arpa. 3600 IN RRSIG DNSKEY 8 2 3600 ( - 20181028152832 20181007175821 15796 uri.arpa. - nzpbnh0OqsgBBP8St28pLvPEQ3wZAUdEBuUwil+rtjjWlYYiqjPxZ286 - XF4Rq1usfV5x71jZz5IqswOaQgia91ylodFpLuXD6FTGs2nXGhNKkg1V - chHgtwj70mXU72GefVgo8TxrFYzxuEFP5ZTP92t97FVWVVyyFd86sbbR - 6DZj3uA2wEvqBVLECgJLrMQ9Yy7MueJl3UA4h4E6zO2JY9Yp0W9woq0B - dqkkwYTwzogyYffPmGAJG91RJ2h6cHtFjEZe2MnaY2glqniZ0WT9vXXd - uFPm0KD9U77Ac+ZtctAF9tsZwSdAoL365E2L1usZbA+K0BnPPqGFJRJk - 5R0A1w== ) -uri.arpa. 3600 IN RRSIG DNSKEY 8 2 3600 ( - 20181028152832 20181007175821 55480 uri.arpa. - lWtQV/5szQjkXmbcD47/+rOW8kJPksRFHlzxxmzt906+DBYyfrH6uq5X - nHvrUlQO6M12uhqDeL+bDFVgqSpNy+42/OaZvaK3J8EzPZVBHPJykKMV - 63T83aAiJrAyHzOaEdmzLCpalqcEE2ImzlLHSafManRfJL8Yuv+JDZFj - 2WDWfEcUuwkmIZWX11zxp+DxwzyUlRl7x4+ok5iKZWIg5UnBAf6B8T75 - WnXzlhCw3F2pXI0a5LYg71L3Tp/xhjN6Yy9jGlIRf5BjB59X2zra3a2R - PkI09SSnuEwHyF1mDaV5BmQrLGRnCjvwXA7ho2m+vv4SP5dUdXf+GTeA - 1HeBfw== ) -uri.arpa. 3600 IN RRSIG SOA 8 2 3600 ( - 20181029114753 20181008222815 47155 uri.arpa. - qn8yBNoHDjGdT79U2Wu9IIahoS0YPOgYP8lG+qwPcrZ1BwGiHywuoUa2 - Mx6BWZlg+HDyaxj2iOmox+IIqoUHhXUbO7IUkJFlgrOKCgAR2twDHrXu - 9BUQHy9SoV16wYm3kBTEPyxW5FFm8vcdnKAF7sxSY8BbaYNpRIEjDx4A JUc= ) -uri.arpa. 3600 IN NSEC ftp.uri.arpa. NS SOA ( - MX RRSIG NSEC DNSKEY ) -uri.arpa. 86400 IN NS a.iana-servers.net. -uri.arpa. 86400 IN NS b.iana-servers.net. -uri.arpa. 86400 IN NS c.iana-servers.net. -uri.arpa. 86400 IN NS ns2.lacnic.net. -uri.arpa. 86400 IN NS sec3.apnic.net. -uri.arpa. 600 IN MX 10 pechora.icann.org. -uri.arpa. 3600 IN DNSKEY 256 3 8 ( - AwEAAcBi7tSart2J599zbYWspMNGN70IBWb4ziqyQYH9MTB/VCz6WyUK - uXunwiJJbbQ3bcLqTLWEw134B6cTMHrZpjTAb5WAwg4XcWUu8mdcPTiL - Bl6qVRlRD0WiFCTzuYUfkwsh1Rbr7rvrxSQhF5rh71zSpwV5jjjp65Wx - SdJjlH0B ) -uri.arpa. 3600 IN DNSKEY 257 3 8 ( - AwEAAbNVv6ulgRdO31MtAehz7j3ALRjwZglWesnzvllQl/+hBRZr9QoY - cO2I+DkO4Q1NKxox4DUIxj8SxPO3GwDuOFR9q2/CFi2O0mZjafbdYtWc - 3zSdBbi3q0cwCIx7GuG9eqlL+pg7mdk9dgdNZfHwB0LnqTD8ebLPsrO/ - Id7kBaiqYOfMlZnh2fp+2h6OOJZHtY0DK1UlssyB5PKsE0tVzo5s6zo9 - iXKe5u+8WTMaGDY49vG80JPAKE7ezMiH/NZcUMiE0PRZ8D3foq2dYuS5 - ym+vA83Z7v8A+Rwh4UGnjxKB8zmr803V0ASAmHz/gwH5Vb0nH+LObwFt - l3wpbp+Wpm8= ) -uri.arpa. 3600 IN DNSKEY 257 3 8 ( - AwEAAbwnFTakCvaUKsXji4mgmxZUJi1IygbnGahbkmFEa0L16J+TchKR - wcgzVfsxUGa2MmeA4hgkAooC3uy+tTmoMsgy8uq/JAj24DjiHzd46LfD - FK/qMidVqFpYSHeq2Vv5ojkuIsx4oe4KsafGWYNOczKZgH5loGjN2aJG - mrIm++XCphOskgCsQYl65MIzuXffzJyxlAuts+ecAIiVeqRaqQfr8LRU - 7wIsLxinXirprtQrbor+EtvlHp9qXE6ARTZDzf4jvsNpKvLFZtmxzFf3 - e/UJz5eHjpwDSiZL7xE8aE1o1nGfPtJx9ZnB3bapltaJ5wY+5XOCKgY0 - xmJVvNQlwdE= ) -ftp.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( - 20181028080856 20181007175821 47155 uri.arpa. - HClGAqPxzkYkAT7Q/QNtQeB6YrkP6EPOef+9Qo5/2zngwAewXEAQiyF9 - jD1USJiroM11QqBS3v3aIdW/LXORs4Ez3hLcKNO1cKHsOuWAqzmE+BPP - Arfh8N95jqh/q6vpaB9UtMkQ53tM2fYU1GszOLN0knxbHgDHAh2axMGH lqM= ) -ftp.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( - 20181028103644 20181007205525 47155 uri.arpa. - WoLi+vZzkxaoLr2IGZnwkRvcDf6KxiWQd1WZP/U+AWnV+7MiqsWPZaf0 - 9toRErerGoFOiOASNxZjBGJrRgjmavOM9U+LZSconP9zrNFd4dIu6kp5 - YxlQJ0uHOvx1ZHFCj6lAt1ACUIw04ZhMydTmi27c8MzEOMepvn7iH7r7 k7k= ) -ftp.uri.arpa. 3600 IN NSEC http.uri.arpa. NAPTR ( - RRSIG NSEC ) -ftp.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( - "!^ftp://([^:/?#]*).*$!\\1!i" . ) -http.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( - 20181029010647 20181007175821 47155 uri.arpa. - U03NntQ73LHWpfLmUK8nMsqkwVsOGW2KdsyuHYAjqQSZvKbtmbv7HBmE - H1+Ii3Z+wtfdMZBy5aC/6sHdx69BfZJs16xumycMlAy6325DKTQbIMN+ - ift9GrKBC7cgCd2msF/uzSrYxxg4MJQzBPvlkwXnY3b7eJSlIXisBIn7 3b8= ) -http.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( - 20181029011815 20181007205525 47155 uri.arpa. - T7mRrdag+WSmG+n22mtBSQ/0Y3v+rdDnfQV90LN5Fq32N5K2iYFajF7F - Tp56oOznytfcL4fHrqOE0wRc9NWOCCUec9C7Wa1gJQcllEvgoAM+L6f0 - RsEjWq6+9jvlLKMXQv0xQuMX17338uoD/xiAFQSnDbiQKxwWMqVAimv5 7Zs= ) -http.uri.arpa. 3600 IN NSEC mailto.uri.arpa. NAPTR ( - RRSIG NSEC ) -http.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( - "!^http://([^:/?#]*).*$!\\1!i" . ) -mailto.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( - 20181028110727 20181007175821 47155 uri.arpa. - GvxzVL85rEukwGqtuLxek9ipwjBMfTOFIEyJ7afC8HxVMs6mfFa/nEM/ - IdFvvFg+lcYoJSQYuSAVYFl3xPbgrxVSLK125QutCFMdC/YjuZEnq5cl - fQciMRD7R3+znZfm8d8u/snLV9w4D+lTBZrJJUBe1Efc8vum5vvV7819 ZoY= ) -mailto.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( - 20181028141825 20181007205525 47155 uri.arpa. - MaADUgc3fc5v++M0YmqjGk3jBdfIA5RuP62hUSlPsFZO4k37erjIGCfF - j+g84yc+QgbSde0PQHszl9fE/+SU5ZXiS9YdcbzSZxp2erFpZOTchrpg - 916T4vx6i59scodjb0l6bDyZ+mtIPrc1w6b4hUyOUTsDQoAJYxdfEuMg Vy4= ) -mailto.uri.arpa. 3600 IN NSEC urn.uri.arpa. NAPTR ( - RRSIG NSEC ) -mailto.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( - "!^mailto:(.*)@(.*)$!\\2!i" . ) -urn.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( - 20181028123243 20181007175821 47155 uri.arpa. - Hgsw4Deops1O8uWyELGe6hpR/OEqCnTHvahlwiQkHhO5CSEQrbhmFAWe - UOkmGAdTEYrSz+skLRQuITRMwzyFf4oUkZihGyhZyzHbcxWfuDc/Pd/9 - DSl56gdeBwy1evn5wBTms8yWQVkNtphbJH395gRqZuaJs3LD/qTyJ5Dp LvA= ) -urn.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( - 20181029071816 20181007205525 47155 uri.arpa. - ALIZD0vBqAQQt40GQ0Efaj8OCyE9xSRJRdyvyn/H/wZVXFRFKrQYrLAS - D/K7q6CMTOxTRCu2J8yes63WJiaJEdnh+dscXzZkmOg4n5PsgZbkvUSW - BiGtxvz5jNncM0xVbkjbtByrvJQAO1cU1mnlDKe1FmVB1uLpVdA9Ib4J hMU= ) -urn.uri.arpa. 3600 IN NSEC uri.arpa. NAPTR RRSIG ( - NSEC ) -urn.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( - "/urn:([^:]+)/\\1/i" . ) -uri.arpa. 3600 IN SOA sns.dns.icann.org. ( - noc.dns.icann.org. 2018100702 10800 3600 1209600 3600 ) diff --git a/contrib/unbound/testdata/zonemd.example_a5.zone b/contrib/unbound/testdata/zonemd.example_a5.zone deleted file mode 100644 index 246f5e2376db..000000000000 --- a/contrib/unbound/testdata/zonemd.example_a5.zone +++ /dev/null @@ -1,48 +0,0 @@ -root-servers.net. 3600000 IN SOA a.root-servers.net. ( - nstld.verisign-grs.com. 2018091100 14400 7200 1209600 3600000 ) -root-servers.net. 3600000 IN NS a.root-servers.net. -root-servers.net. 3600000 IN NS b.root-servers.net. -root-servers.net. 3600000 IN NS c.root-servers.net. -root-servers.net. 3600000 IN NS d.root-servers.net. -root-servers.net. 3600000 IN NS e.root-servers.net. -root-servers.net. 3600000 IN NS f.root-servers.net. -root-servers.net. 3600000 IN NS g.root-servers.net. -root-servers.net. 3600000 IN NS h.root-servers.net. -root-servers.net. 3600000 IN NS i.root-servers.net. -root-servers.net. 3600000 IN NS j.root-servers.net. -root-servers.net. 3600000 IN NS k.root-servers.net. -root-servers.net. 3600000 IN NS l.root-servers.net. -root-servers.net. 3600000 IN NS m.root-servers.net. -a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 -a.root-servers.net. 3600000 IN A 198.41.0.4 -b.root-servers.net. 3600000 IN MX 20 mail.isi.edu. -b.root-servers.net. 3600000 IN AAAA 2001:500:200::b -b.root-servers.net. 3600000 IN A 199.9.14.201 -c.root-servers.net. 3600000 IN AAAA 2001:500:2::c -c.root-servers.net. 3600000 IN A 192.33.4.12 -d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d -d.root-servers.net. 3600000 IN A 199.7.91.13 -e.root-servers.net. 3600000 IN AAAA 2001:500:a8::e -e.root-servers.net. 3600000 IN A 192.203.230.10 -f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f -f.root-servers.net. 3600000 IN A 192.5.5.241 -g.root-servers.net. 3600000 IN AAAA 2001:500:12::d0d -g.root-servers.net. 3600000 IN A 192.112.36.4 -h.root-servers.net. 3600000 IN AAAA 2001:500:1::53 -h.root-servers.net. 3600000 IN A 198.97.190.53 -i.root-servers.net. 3600000 IN MX 10 mx.i.root-servers.org. -i.root-servers.net. 3600000 IN AAAA 2001:7fe::53 -i.root-servers.net. 3600000 IN A 192.36.148.17 -j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30 -j.root-servers.net. 3600000 IN A 192.58.128.30 -k.root-servers.net. 3600000 IN AAAA 2001:7fd::1 -k.root-servers.net. 3600000 IN A 193.0.14.129 -l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42 -l.root-servers.net. 3600000 IN A 199.7.83.42 -m.root-servers.net. 3600000 IN AAAA 2001:dc3::35 -m.root-servers.net. 3600000 IN A 202.12.27.33 -root-servers.net. 3600000 IN SOA a.root-servers.net. ( - nstld.verisign-grs.com. 2018091100 14400 7200 1209600 3600000 ) -root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 ( - f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a97 - 8a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79 ) diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc deleted file mode 100644 index 016c3d6c7ff0..000000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: zonemd_reload -Version: 1.0 -Description: ZONEMD check after auth_zone_reload -CreationDate: Tue 23 Oct 12:00:00 CEST 2020 -Maintainer: dr. W.C.A. Wijngaards -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: zonemd_reload.pre -Post: zonemd_reload.post -Test: zonemd_reload.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test deleted file mode 100644 index fbdf07511306..000000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test +++ /dev/null @@ -1,74 +0,0 @@ -# #-- zonemd_reload.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -# do the test -echo "> dig www.example.com." -dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -if grep SERVFAIL outfile; then - echo "> try again" - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 10 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 10 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> check answer" -if grep www.example.com outfile | grep "192.0.2.1"; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -echo "> unbound-control status" -$PRE/unbound-control -c ub.conf status -if test $? -ne 0; then - echo "wrong exit value." - exit 1 -else - echo "exit value: OK" -fi - -echo "> unbound-control auth_zone_reload example.com" -$PRE/unbound-control -c ub.conf auth_zone_reload example.com 2>&1 | tee outfile -if test $? -ne 0; then - echo "wrong exit value." - exit 1 -fi -echo "> check unbound-control output" -if grep "example.com: ZONEMD verification successful" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns deleted file mode 100644 index f1678a1ccc30..000000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns +++ /dev/null @@ -1,27 +0,0 @@ -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -example.com. IN NS ns.example.net. -EXTRA_PACKET -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -www.example.com. IN A 1.2.3.4 -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone deleted file mode 100644 index 01e57a738e37..000000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone +++ /dev/null @@ -1,8 +0,0 @@ -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 2 D207FBBD1403DC8FDDC0159AB1F4B4C54A2FEB814E5CB1E82841C51D1372E78E4F6C75F7A9D710CC78C54E2DB3B92D07C72990644F93E1C44AC356EACA3980C5 -www.example.com. IN A 192.0.2.1 -ns.example.com. IN A 192.0.2.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 |