1; config options 2server: 3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 4 val-override-date: "20070916134226" 5 target-fetch-policy: "0 0 0 0 0" 6 fake-sha1: yes 7 trust-anchor-signaling: no 8 9auth-zone: 10 name: "example.com." 11 ## zonefile (or none). 12 ## zonefile: "example.com.zone" 13 ## master by IP address or hostname 14 ## can list multiple masters, each on one line. 15 ## master: 16 ## url for http fetch 17 ## url: 18 ## queries from downstream clients get authoritative answers. 19 ## for-downstream: yes 20 for-downstream: no 21 ## queries are used to fetch authoritative answers from this zone, 22 ## instead of unbound itself sending queries there. 23 ## for-upstream: yes 24 for-upstream: yes 25 ## on failures with for-upstream, fallback to sending queries to 26 ## the authority servers 27 ## fallback-enabled: no 28 fallback-enabled: yes 29 30 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n 31 zonefile: 32TEMPFILE_NAME example.com 33 ## this is the inline file /tmp/xxx.example.com 34 ## the tempfiles are deleted when the testrun is over. 35TEMPFILE_CONTENTS example.com 36$ORIGIN example.com. 37example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( 38 1379078166 28800 7200 604800 7200 ) 39 3600 IN NS ns.example.com. 40example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 41example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 42example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 43 44ns.example.com. IN A 1.2.3.4 45ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 46 47; this RR is edited to create the failure 48;www.example.com. IN A 10.20.30.40 49www.example.com. IN A 127.0.0.1 50; also edits the signature to fail, without needing crypto checks. 51;www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 52www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 28540 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 53 54TEMPFILE_END 55 56stub-zone: 57 name: "." 58 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 59CONFIG_END 60 61SCENARIO_BEGIN Test authority zone with zonefile and dnssec failure 62; the zone file has signatures, used upstream, unbound validates the reply. 63; but that fails and now it tries again, with failover to internet hosted 64; (correct) contents. 65 66; K.ROOT-SERVERS.NET. 67RANGE_BEGIN 0 100 68 ADDRESS 193.0.14.129 69ENTRY_BEGIN 70MATCH opcode qtype qname 71ADJUST copy_id 72REPLY QR NOERROR 73SECTION QUESTION 74. IN NS 75SECTION ANSWER 76. IN NS K.ROOT-SERVERS.NET. 77SECTION ADDITIONAL 78K.ROOT-SERVERS.NET. IN A 193.0.14.129 79ENTRY_END 80 81ENTRY_BEGIN 82MATCH opcode subdomain 83ADJUST copy_id copy_query 84REPLY QR NOERROR 85SECTION QUESTION 86com. IN NS 87SECTION AUTHORITY 88com. IN NS a.gtld-servers.net. 89SECTION ADDITIONAL 90a.gtld-servers.net. IN A 192.5.6.30 91ENTRY_END 92RANGE_END 93 94; a.gtld-servers.net. 95RANGE_BEGIN 0 100 96 ADDRESS 192.5.6.30 97ENTRY_BEGIN 98MATCH opcode qtype qname 99ADJUST copy_id 100REPLY QR NOERROR 101SECTION QUESTION 102com. IN NS 103SECTION ANSWER 104com. IN NS a.gtld-servers.net. 105SECTION ADDITIONAL 106a.gtld-servers.net. IN A 192.5.6.30 107ENTRY_END 108 109ENTRY_BEGIN 110MATCH opcode subdomain 111ADJUST copy_id copy_query 112REPLY QR NOERROR 113SECTION QUESTION 114example.com. IN NS 115SECTION AUTHORITY 116example.com. IN NS ns.example.com. 117SECTION ADDITIONAL 118ns.example.com. IN A 1.2.3.44 119ENTRY_END 120RANGE_END 121 122; ns.example.net. 123RANGE_BEGIN 0 100 124 ADDRESS 1.2.3.44 125ENTRY_BEGIN 126MATCH opcode qtype qname 127ADJUST copy_id 128REPLY QR NOERROR 129SECTION QUESTION 130example.net. IN NS 131SECTION ANSWER 132example.net. IN NS ns.example.net. 133SECTION ADDITIONAL 134ns.example.net. IN A 1.2.3.44 135ENTRY_END 136 137ENTRY_BEGIN 138MATCH opcode qtype qname 139ADJUST copy_id 140REPLY QR NOERROR 141SECTION QUESTION 142ns.example.net. IN A 143SECTION ANSWER 144ns.example.net. IN A 1.2.3.44 145SECTION AUTHORITY 146example.net. IN NS ns.example.net. 147ENTRY_END 148 149ENTRY_BEGIN 150MATCH opcode qtype qname 151ADJUST copy_id 152REPLY QR NOERROR 153SECTION QUESTION 154ns.example.net. IN AAAA 155SECTION AUTHORITY 156example.net. IN NS ns.example.net. 157SECTION ADDITIONAL 158www.example.net. IN A 1.2.3.44 159ENTRY_END 160 161; response to DNSKEY priming query 162ENTRY_BEGIN 163MATCH opcode qtype qname 164ADJUST copy_id 165REPLY QR NOERROR 166SECTION QUESTION 167example.com. IN DNSKEY 168SECTION ANSWER 169example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 170example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 171ENTRY_END 172 173ENTRY_BEGIN 174MATCH opcode qtype qname 175ADJUST copy_id 176REPLY QR NOERROR 177SECTION QUESTION 178www.example.com. IN A 179SECTION ANSWER 180www.example.com. IN A 10.20.30.40 181www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 182ENTRY_END 183RANGE_END 184 185STEP 1 QUERY 186ENTRY_BEGIN 187REPLY RD DO 188SECTION QUESTION 189www.example.com. IN A 190ENTRY_END 191 192; recursion happens here. 193STEP 20 CHECK_ANSWER 194ENTRY_BEGIN 195MATCH all 196REPLY QR RD DO RA AD NOERROR 197SECTION QUESTION 198www.example.com. IN A 199SECTION ANSWER 200www.example.com. IN A 10.20.30.40 201www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 202ENTRY_END 203 204SCENARIO_END 205