1; config options 2server: 3 target-fetch-policy: "0 0 0 0 0" 4 5auth-zone: 6 name: "unbound-auth-test.nlnetlabs.nl." 7 ## zonefile (or none). 8 ## zonefile: "example.com.zone" 9 ## master by IP address or hostname 10 ## can list multiple masters, each on one line. 11 ## master: 12 ## url for http fetch 13 ## url: 14 ## queries from downstream clients get authoritative answers. 15 ## for-downstream: yes 16 for-downstream: yes 17 ## queries are used to fetch authoritative answers from this zone, 18 ## instead of unbound itself sending queries there. 19 ## for-upstream: yes 20 for-upstream: yes 21 ## on failures with for-upstream, fallback to sending queries to 22 ## the authority servers 23 ## fallback-enabled: no 24 25 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n 26 zonefile: 27TEMPFILE_NAME unbound-auth-test.nlnetlabs.nl 28 ## this is the inline file /tmp/xxx.unbound-auth-test.nlnetlabs.nl 29 ## the tempfiles are deleted when the testrun is over. 30TEMPFILE_CONTENTS unbound-auth-test.nlnetlabs.nl 31;; Zone: unbound-auth-test.nlnetlabs.nl. 32; 33unbound-auth-test.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1554201247 14400 3600 604800 3600 34unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG SOA 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. NLFcC2oet+HC+1dhT4D/2JJFIcMiRtTM81KwvT7u8ybF3iDE4bnyrILvQk8DsizpYKwk+D3J3tMC3TV5+//qFw== 35; 36unbound-auth-test.nlnetlabs.nl. 3600 IN NS ns.nlnetlabs.nl. 37unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NS 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. Gm0UF77ljiInG4/HZ6Tkzx7z9N45WwwmbBt9KxeN3z1BkdBLiy10Du71ZBFLP71b+USs1rv5SJQ0hteZFbl8sg== 38unbound-auth-test.nlnetlabs.nl. 3600 IN DNSKEY 256 3 13 S3Da9HqpFj0pEbI8WXOdkvN3vgZ6qxNSz4XyKkmWWAG28kq5T+/lWp36DUDvnMI9wJNuixzUHtgZ6oZoAaVrPg== ;{id = 15486 (zsk), size = 256b} 39unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. 1cLFaDb6kP8KnRJujW1ieHUdS5Tgdv59TCZ+FloCRJMJBwQAow6UKAIY7HHlTb8IHTajyUrjlxX/dN8S/5VwuA== 40unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3PARAM 1 0 1 - 41unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3PARAM 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. GWgtJArNpfJ4ifoinUBUVRTlkk0CMemdozhMKY13dk3EQMP0jb4g49PcTAgEP2dBUs9efttQVQQpmFPyTGfN1w== 42tvdhfml24jp7cott1qijj9812qu9ibh3.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - 41pcah2j3fr8k99gj5pveh4igrjfc871 NS SOA RRSIG DNSKEY NSEC3PARAM ;{ flags: -, from: unbound-auth-test.nlnetlabs.nl. to: b.b.unbound-auth-test.nlnetlabs.nl.} 43tvdhfml24jp7cott1qijj9812qu9ibh3.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. DzwQTaZj4j29eHXEKllIFcq4yNWA7VMqkh8+gCrBO+GEek9+hGxL6ANsU0Hv6glyBmPDeYUZcy4xy0EEj1R4hQ== 44; 45;; Empty nonterminal: b.unbound-auth-test.nlnetlabs.nl. 46apejmh1fqds9gir0nnsf4d5gtno10tg1.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - dbs0aj50410urbvt3ghfr644n7h06gs5 ;{ flags: -, from: b.unbound-auth-test.nlnetlabs.nl. to: c.b.unbound-auth-test.nlnetlabs.nl.} 47apejmh1fqds9gir0nnsf4d5gtno10tg1.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. m9B0W8xDZF6ml/m8OujrZZBiF1O0wAeKciK/5FMT/hCjHR0hMrbXBPg/ZntpVJD/Pko2HcBvWKu87U721yTHyQ== 48; 49;; Empty nonterminal: a.b.unbound-auth-test.nlnetlabs.nl. 50toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - tvdhfml24jp7cott1qijj9812qu9ibh3 ;{ flags: -, from: a.b.unbound-auth-test.nlnetlabs.nl. to: unbound-auth-test.nlnetlabs.nl.} 51toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. Jr1oPPs+DGBVV13n4gG4AGVFsleItluLbtCIyQDcYZEA+e5JMkrLzfW3rXqXaUSUauR4iEu5FmTfs4GTsumdUw== 52; 53*.a.b.unbound-auth-test.nlnetlabs.nl. 3600 IN TXT "*.a.b" 54*.a.b.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG TXT 13 5 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. NrMUaNzZp88lXit/HLL/iDBHspDSfoM//K+/0VwUYRZjmVJQQHCHtHBGgR4NgrLi3ffvCAWq2LNGxDm+YMSl3g== 55jrtu61ssgd18lfjglqrbbs5b2vmbh6cl.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - k8r2bchsbehs5dbu5d6ivjfnmjb3jc8s TXT RRSIG ;{ flags: -, from: *.a.b.unbound-auth-test.nlnetlabs.nl. to: *.c.b.unbound-auth-test.nlnetlabs.nl.} 56jrtu61ssgd18lfjglqrbbs5b2vmbh6cl.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. kLIhE9+iz1OybJwXbtRJZst+Mk5u4OAtpZGWSwJUfqD6dXAk+h6msKAR18jpPeL7cCjXjIAKIv3x4oYRkl+uKw== 57; 58;; Empty nonterminal: b.b.unbound-auth-test.nlnetlabs.nl. 5941pcah2j3fr8k99gj5pveh4igrjfc871.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - apejmh1fqds9gir0nnsf4d5gtno10tg1 ;{ flags: -, from: b.b.unbound-auth-test.nlnetlabs.nl. to: b.unbound-auth-test.nlnetlabs.nl.} 6041pcah2j3fr8k99gj5pveh4igrjfc871.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. XlIjnuF313w0GXn6vymrAcsyuxZSaN6IShFjxQ5T2HUFePHBNvtRkL+TtMQZNlR8nTR3+MWcON0cOZIGjVCCjg== 61; 62*.b.b.unbound-auth-test.nlnetlabs.nl. 3600 IN TXT "*.b.b" 63*.b.b.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG TXT 13 5 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. FkS3ceWpoHyOKaa8OtywIl148Bwo0vkzBd263vqYe0puhuRa6IvNEk5ERdwfWt9eNEq+6IlizPT/dYxA2fXYXA== 64ft7dasbom0copm9e2ak9k151dj08kjfs.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - jrtu61ssgd18lfjglqrbbs5b2vmbh6cl TXT RRSIG ;{ flags: -, from: *.b.b.unbound-auth-test.nlnetlabs.nl. to: *.a.b.unbound-auth-test.nlnetlabs.nl.} 65ft7dasbom0copm9e2ak9k151dj08kjfs.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. 5QhLGohTRLQSGC8vstzDjqcwfrbOnLUG2OelSjvsZFy1smsWUxJBCQXQdx1+JX7xamZHlZESQtS+cELuZUqpvA== 66; 67;; Empty nonterminal: c.b.unbound-auth-test.nlnetlabs.nl. 68dbs0aj50410urbvt3ghfr644n7h06gs5.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - ft7dasbom0copm9e2ak9k151dj08kjfs ;{ flags: -, from: c.b.unbound-auth-test.nlnetlabs.nl. to: *.b.b.unbound-auth-test.nlnetlabs.nl.} 69dbs0aj50410urbvt3ghfr644n7h06gs5.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. hjk1foJWW68JK3O1Ktf0ZogoXVrMDw3mHVBBYTrpaBKX1gWR5icmJiOCYZWYx3z88PUnGkfH+kx4oDUjioqN+Q== 70; 71*.c.b.unbound-auth-test.nlnetlabs.nl. 3600 IN TXT "*.c.b" 72*.c.b.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG TXT 13 5 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. b7rFR5tlx5Y5SQqNdYBtfD6DrkNx9h79GCmnZfWrUzRz+A256k2v08IPRJDK+WxEHuYHjfNnVWxjRr9M1OW2Iw== 73k8r2bchsbehs5dbu5d6ivjfnmjb3jc8s.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - toqivctpt4pdcp5g19neqt19fvtgbgeu TXT RRSIG ;{ flags: -, from: *.c.b.unbound-auth-test.nlnetlabs.nl. to: a.b.unbound-auth-test.nlnetlabs.nl.} 74k8r2bchsbehs5dbu5d6ivjfnmjb3jc8s.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. 34BS1ajedCNdfXgUfxTyiAK1ichfFLshhJ3TnfplrUps0UsZaQLEG+EIlP4wTBtro2c6V8YCSmOuxuce4gYoDw== 75; 76TEMPFILE_END 77 78stub-zone: 79 name: "." 80 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 81CONFIG_END 82 83SCENARIO_BEGIN Test authority zone with NSEC3 empty nonterminal 84; with exact match NSEC3 in existence (eg. not a CE-proof) 85 86; K.ROOT-SERVERS.NET. 87RANGE_BEGIN 0 100 88 ADDRESS 193.0.14.129 89ENTRY_BEGIN 90MATCH opcode qtype qname 91ADJUST copy_id 92REPLY QR NOERROR 93SECTION QUESTION 94. IN NS 95SECTION ANSWER 96. IN NS K.ROOT-SERVERS.NET. 97SECTION ADDITIONAL 98K.ROOT-SERVERS.NET. IN A 193.0.14.129 99ENTRY_END 100 101ENTRY_BEGIN 102MATCH opcode subdomain 103ADJUST copy_id copy_query 104REPLY QR NOERROR 105SECTION QUESTION 106com. IN NS 107SECTION AUTHORITY 108com. IN NS a.gtld-servers.net. 109SECTION ADDITIONAL 110a.gtld-servers.net. IN A 192.5.6.30 111ENTRY_END 112RANGE_END 113 114; a.gtld-servers.net. 115RANGE_BEGIN 0 100 116 ADDRESS 192.5.6.30 117ENTRY_BEGIN 118MATCH opcode qtype qname 119ADJUST copy_id 120REPLY QR NOERROR 121SECTION QUESTION 122com. IN NS 123SECTION ANSWER 124com. IN NS a.gtld-servers.net. 125SECTION ADDITIONAL 126a.gtld-servers.net. IN A 192.5.6.30 127ENTRY_END 128 129ENTRY_BEGIN 130MATCH opcode subdomain 131ADJUST copy_id copy_query 132REPLY QR NOERROR 133SECTION QUESTION 134example.com. IN NS 135SECTION AUTHORITY 136example.com. IN NS ns.example.com. 137SECTION ADDITIONAL 138ns.example.com. IN A 1.2.3.44 139ENTRY_END 140RANGE_END 141 142; ns.example.net. 143RANGE_BEGIN 0 100 144 ADDRESS 1.2.3.44 145ENTRY_BEGIN 146MATCH opcode qtype qname 147ADJUST copy_id 148REPLY QR NOERROR 149SECTION QUESTION 150example.net. IN NS 151SECTION ANSWER 152example.net. IN NS ns.example.net. 153SECTION ADDITIONAL 154ns.example.net. IN A 1.2.3.44 155ENTRY_END 156 157ENTRY_BEGIN 158MATCH opcode qtype qname 159ADJUST copy_id 160REPLY QR NOERROR 161SECTION QUESTION 162ns.example.net. IN A 163SECTION ANSWER 164ns.example.net. IN A 1.2.3.44 165SECTION AUTHORITY 166example.net. IN NS ns.example.net. 167ENTRY_END 168 169ENTRY_BEGIN 170MATCH opcode qtype qname 171ADJUST copy_id 172REPLY QR NOERROR 173SECTION QUESTION 174ns.example.net. IN AAAA 175SECTION AUTHORITY 176example.net. IN NS ns.example.net. 177SECTION ADDITIONAL 178www.example.net. IN A 1.2.3.44 179ENTRY_END 180 181ENTRY_BEGIN 182MATCH opcode qtype qname 183ADJUST copy_id 184REPLY QR NOERROR 185SECTION QUESTION 186example.com. IN NS 187SECTION ANSWER 188example.com. IN NS ns.example.net. 189ENTRY_END 190 191ENTRY_BEGIN 192MATCH opcode qtype qname 193ADJUST copy_id 194REPLY QR NOERROR 195SECTION QUESTION 196www.example.com. IN A 197SECTION ANSWER 198www.example.com. IN A 10.20.30.40 199ENTRY_END 200RANGE_END 201 202STEP 1 QUERY 203ENTRY_BEGIN 204REPLY RD DO 205SECTION QUESTION 206a.b.unbound-auth-test.nlnetlabs.nl. IN TXT 207ENTRY_END 208 209; recursion happens here. 210STEP 20 CHECK_ANSWER 211ENTRY_BEGIN 212MATCH all 213REPLY QR AA RD RA DO NOERROR 214SECTION QUESTION 215a.b.unbound-auth-test.nlnetlabs.nl. IN TXT 216SECTION ANSWER 217SECTION AUTHORITY 218unbound-auth-test.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1554201247 14400 3600 604800 3600 219unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG SOA 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. NLFcC2oet+HC+1dhT4D/2JJFIcMiRtTM81KwvT7u8ybF3iDE4bnyrILv Qk8DsizpYKwk+D3J3tMC3TV5+//qFw== 220toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - TVDHFML24JP7COTT1QIJJ9812QU9IBH3 221toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. Jr1oPPs+DGBVV13n4gG4AGVFsleItluLbtCIyQDcYZEA+e5JMkrLzfW3 rXqXaUSUauR4iEu5FmTfs4GTsumdUw== 222ENTRY_END 223 224SCENARIO_END 225