1; config options
2server:
3	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	val-override-date: "20070916134226"
5	target-fetch-policy: "0 0 0 0 0"
6	fake-sha1: yes
7	trust-anchor-signaling: no
8
9auth-zone:
10	name: "example.com."
11	## zonefile (or none).
12	## zonefile: "example.com.zone"
13	## master by IP address or hostname
14	## can list multiple masters, each on one line.
15	## master:
16	## url for http fetch
17	## url:
18	## queries from downstream clients get authoritative answers.
19	## for-downstream: yes
20	for-downstream: no
21	## queries are used to fetch authoritative answers from this zone,
22	## instead of unbound itself sending queries there.
23	## for-upstream: yes
24	for-upstream: yes
25	## on failures with for-upstream, fallback to sending queries to
26	## the authority servers
27	## fallback-enabled: no
28	fallback-enabled: yes
29
30	## this line generates zonefile: \n"/tmp/xxx.example.com"\n
31	zonefile:
32TEMPFILE_NAME example.com
33	## this is the inline file /tmp/xxx.example.com
34	## the tempfiles are deleted when the testrun is over.
35TEMPFILE_CONTENTS example.com
36$ORIGIN example.com.
37example	3600	IN	SOA	dns.example.de. hostmaster.dns.example.de. (
38		1379078166 28800 7200 604800 7200 )
39	3600	IN	NS	ns.example.com.
40example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
41example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
42example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
43
44ns.example.com.         IN      A       1.2.3.4
45ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
46
47; this RR is edited to create the failure
48;www.example.com. IN A   10.20.30.40
49www.example.com. IN A   127.0.0.1
50; also edits the signature to fail, without needing crypto checks.
51;www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
52www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 28540 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
53
54TEMPFILE_END
55
56stub-zone:
57	name: "."
58	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
59CONFIG_END
60
61SCENARIO_BEGIN Test authority zone with zonefile and dnssec failure
62; the zone file has signatures, used upstream, unbound validates the reply.
63; but that fails and now it tries again, with failover to internet hosted
64; (correct) contents.
65
66; K.ROOT-SERVERS.NET.
67RANGE_BEGIN 0 100
68	ADDRESS 193.0.14.129
69ENTRY_BEGIN
70MATCH opcode qtype qname
71ADJUST copy_id
72REPLY QR NOERROR
73SECTION QUESTION
74. IN NS
75SECTION ANSWER
76. IN NS	K.ROOT-SERVERS.NET.
77SECTION ADDITIONAL
78K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
79ENTRY_END
80
81ENTRY_BEGIN
82MATCH opcode subdomain
83ADJUST copy_id copy_query
84REPLY QR NOERROR
85SECTION QUESTION
86com. IN NS
87SECTION AUTHORITY
88com.	IN NS	a.gtld-servers.net.
89SECTION ADDITIONAL
90a.gtld-servers.net.	IN 	A	192.5.6.30
91ENTRY_END
92RANGE_END
93
94; a.gtld-servers.net.
95RANGE_BEGIN 0 100
96	ADDRESS 192.5.6.30
97ENTRY_BEGIN
98MATCH opcode qtype qname
99ADJUST copy_id
100REPLY QR NOERROR
101SECTION QUESTION
102com. IN NS
103SECTION ANSWER
104com.	IN NS	a.gtld-servers.net.
105SECTION ADDITIONAL
106a.gtld-servers.net.	IN 	A	192.5.6.30
107ENTRY_END
108
109ENTRY_BEGIN
110MATCH opcode subdomain
111ADJUST copy_id copy_query
112REPLY QR NOERROR
113SECTION QUESTION
114example.com. IN NS
115SECTION AUTHORITY
116example.com.	IN NS	ns.example.com.
117SECTION ADDITIONAL
118ns.example.com. IN A 1.2.3.44
119ENTRY_END
120RANGE_END
121
122; ns.example.net.
123RANGE_BEGIN 0 100
124	ADDRESS 1.2.3.44
125ENTRY_BEGIN
126MATCH opcode qtype qname
127ADJUST copy_id
128REPLY QR NOERROR
129SECTION QUESTION
130example.net. IN NS
131SECTION ANSWER
132example.net.	IN NS	ns.example.net.
133SECTION ADDITIONAL
134ns.example.net.		IN 	A	1.2.3.44
135ENTRY_END
136
137ENTRY_BEGIN
138MATCH opcode qtype qname
139ADJUST copy_id
140REPLY QR NOERROR
141SECTION QUESTION
142ns.example.net. IN A
143SECTION ANSWER
144ns.example.net. IN A	1.2.3.44
145SECTION AUTHORITY
146example.net.	IN NS	ns.example.net.
147ENTRY_END
148
149ENTRY_BEGIN
150MATCH opcode qtype qname
151ADJUST copy_id
152REPLY QR NOERROR
153SECTION QUESTION
154ns.example.net. IN AAAA
155SECTION AUTHORITY
156example.net.	IN NS	ns.example.net.
157SECTION ADDITIONAL
158www.example.net. IN A	1.2.3.44
159ENTRY_END
160
161; response to DNSKEY priming query
162ENTRY_BEGIN
163MATCH opcode qtype qname
164ADJUST copy_id
165REPLY QR NOERROR
166SECTION QUESTION
167example.com. IN DNSKEY
168SECTION ANSWER
169example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
170example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
171ENTRY_END
172
173ENTRY_BEGIN
174MATCH opcode qtype qname
175ADJUST copy_id
176REPLY QR NOERROR
177SECTION QUESTION
178www.example.com. IN A
179SECTION ANSWER
180www.example.com. IN A   10.20.30.40
181www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
182ENTRY_END
183RANGE_END
184
185STEP 1 QUERY
186ENTRY_BEGIN
187REPLY RD DO
188SECTION QUESTION
189www.example.com. IN A
190ENTRY_END
191
192; recursion happens here.
193STEP 20 CHECK_ANSWER
194ENTRY_BEGIN
195MATCH all
196REPLY QR RD DO RA AD NOERROR
197SECTION QUESTION
198www.example.com. IN A
199SECTION ANSWER
200www.example.com. IN A   10.20.30.40
201www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
202ENTRY_END
203
204SCENARIO_END
205