--- /dev/null
+; config options
+server:
+ target-fetch-policy: "0 0 0 0 0"
+ qname-minimisation: no
+ minimal-responses: no
+ module-config: "cachedb validator iterator"
+ trust-anchor-signaling: no
+ ede: yes
+ val-log-level: 2
+ trust-anchor: "example.nl. DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1"
+
+
+cachedb:
+ backend: "testframe"
+ secret-seed: "testvalue"
+
+stub-zone:
+ name: "example.nl"
+ stub-addr: 193.0.14.129
+CONFIG_END
+
+SCENARIO_BEGIN Test cachedb support for caching EDEs.
+
+RANGE_BEGIN 0 10
+ ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.nl. IN DNSKEY
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.nl. IN A
+SECTION ANSWER
+example.nl. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; get the entry in cache.
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+example.nl. IN A
+SECTION ADDITIONAL
+ HEX_EDNSDATA_BEGIN
+ C0 00 ; option code = 49152
+ 00 00 ; option length
+ HEX_EDNSDATA_END
+ENTRY_END
+
+; get the answer for it
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ede=9
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+example.nl. IN A
+ENTRY_END
+
+; query again for the cached entry
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+example.nl. IN A
+SECTION ADDITIONAL
+ HEX_EDNSDATA_BEGIN
+ C0 00 ; option code = 49152
+ 00 00 ; option length
+ HEX_EDNSDATA_END
+ENTRY_END
+
+; this must be a cached answer since stub is not answering in this range
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ede=9
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+example.nl. IN A
+ENTRY_END
+
+SCENARIO_END
+++ /dev/null
-server:
- verbosity: 1
- use-syslog: no
- chroot: ""
- username: ""
- directory: ""
- pidfile: "unbound2.pid"
- interface: 127.0.0.1
- port: @PORT2@
-
-auth-zone:
- name: "example.nl"
- zonefile: "example.nl.zone"
+++ /dev/null
-server:
- verbosity: 3
- interface: 127.0.0.1
- port: @PORT@
- use-syslog: no
- directory: .
- pidfile: "unbound.pid"
- chroot: ""
- username: ""
- directory: ""
- val-log-level: 2
-
- auto-trust-anchor-file: "root.key"
-
- module-config: "cachedb validator iterator"
-
- ede: yes
-
- do-not-query-localhost: no
-
-forward-zone:
- name: "example.nl"
- forward-addr: 127.0.0.1@@PORT2@
-
-cachedb:
- backend: testframe
+++ /dev/null
-BaseName: ede_caching_cachedb
-Version: 1.0
-Description: Test caching of Extended DNS Errors (rfc8914) in the cachedb
-CreationDate: Mon Nov 21 11:42:11 UTC 2022
-Maintainer: Tom Carpay
-Category:
-Component:
-CmdDepends:
-Depends:
-Help:
-Pre: ede_caching_cachedb.pre
-Post: ede_caching_cachedb.post
-Test: ede_caching_cachedb.test
-AuxFiles:
-Passed:
-Failure:
+++ /dev/null
-# #-- ede_caching_cachedb.post --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-# teardown
-. ../common.sh
-kill_pid $UNBOUND_PID
+++ /dev/null
-# #-- ede_caching_cachedb.pre --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-
-$PRE/unbound -V > cachedb_module_check.txt
-
-if ! grep -q -e "enable-cachedb" cachedb_module_check.txt
-then
- echo "Missing cachedb_module in the ./configure stage:"
- echo "'unbound -V' output:"
- cat cachedb_module_check.txt
- exit 1
-fi
-
-get_random_port 2
-UNBOUND_PORT=$RND_PORT
-UNBOUND_PORT2=$(($RND_PORT + 1))
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-echo "UNBOUND_PORT2=$UNBOUND_PORT2" >> .tpkg.var.test
-
-# rewrite config file with created ports
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' < ede.conf > temp.conf
-sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < temp.conf > ub.conf
-sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < ede-auth.conf > ub2.conf
-
-# start unbound in the background
-$PRE/unbound -d -c ub.conf > unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-
-# start authoritative unbound in the background
-$PRE/unbound -d -c ub2.conf > unbound2.log 2>&1 &
-UNBOUND_PID2=$!
-echo "UNBOUND_PID2=$UNBOUND_PID2" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_unbound_up unbound.log
-wait_unbound_up unbound2.log
+++ /dev/null
-# #-- ede_caching_cachedbtest --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-. ../common.sh
-
-# query with the priming edns opt
-dig @127.0.0.1 -p $UNBOUND_PORT example.nl +ednsopt=49152 > query1.txt
-
-if ! grep -q -e "OPT=15: 00 09" -e "EDE: 9" query1.txt
-then
- echo "Priming query fails"
- cat query1.txt
- exit 1
-fi
-
-# kill the authoritative Unbound instance?
-kill_pid $UNBOUND_PID2
-
-# query again to see if we have indeed cached the response
-dig @127.0.0.1 -p $UNBOUND_PORT example.nl +ednsopt=49152 > query2.txt
-
-if ! grep -q -e "OPT=15: 00 09" -e "EDE: 9" query2.txt
-then
- echo "Cached query fails"
- cat query2.txt
- exit 1
-fi
+++ /dev/null
-$ORIGIN example.nl.
-$TTL 86400 ; default time-to-live for this zone
-
-example.nl. IN SOA ns.example.nl. noc.dns.icann.org. (
- 2020080302 ;Serial
- 7200 ;Refresh
- 3600 ;Retry
- 1209600 ;Expire
- 3600 ;Negative response caching TTL
-)
-
-; The nameserver that are authoritative for this zone.
- NS example.nl.
-
-; these A records below are equivalent
-example.nl. A 1.2.3.4
+++ /dev/null
-; autotrust trust anchor file
-;;id: . 1
-;;last_queried: 1669040556 ;;Mon Nov 21 15:22:36 2022
-;;last_success: 1669040556 ;;Mon Nov 21 15:22:36 2022
-;;next_probe_time: 1669081693 ;;Tue Nov 22 02:48:13 2022
-;;query_failed: 0
-;;query_interval: 43200
-;;retry_time: 8640
-. 86400 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1628842824 ;;Fri Aug 13 10:20:24 2021
+++ /dev/null
-server:
- verbosity: 1
- use-syslog: no
- chroot: ""
- username: ""
- directory: ""
- pidfile: "unbound2.pid"
- interface: 127.0.0.1
- port: @PORT2@
-
-auth-zone:
- name: "example.nl"
- zonefile: "example.nl.zone"
+++ /dev/null
-server:
- verbosity: 3
- interface: 127.0.0.1
- port: @PORT@
- use-syslog: no
- directory: .
- pidfile: "unbound.pid"
- chroot: ""
- username: ""
- directory: ""
- val-log-level: 2
-
- auto-trust-anchor-file: "root.key"
-
- module-config: "subnetcache validator iterator"
-
- client-subnet-always-forward: yes
-
- ede: yes
-
- do-not-query-localhost: no
-
-forward-zone:
- name: "example.nl"
- forward-addr: 127.0.0.1@@PORT2@
+++ /dev/null
-BaseName: ede_caching_subnetcache
-Version: 1.0
-Description: Test caching of Extended DNS Errors (rfc8914) in the subnetcache
-CreationDate: Mon Nov 21 11:42:11 UTC 2022
-Maintainer: Tom Carpay
-Category:
-Component:
-CmdDepends:
-Depends:
-Help:
-Pre: ede_caching_subnetcache.pre
-Post: ede_caching_subnetcache.post
-Test: ede_caching_subnetcache.test
-AuxFiles:
-Passed:
-Failure:
+++ /dev/null
-# #-- ede_caching_subnetcache.post --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-# teardown
-. ../common.sh
-kill_pid $UNBOUND_PID
+++ /dev/null
-# #-- ede_caching_cachedb.pre --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-
-$PRE/unbound -V > subnet_module_check.txt
-
-if ! grep -q -e "enable-subnet" subnet_module_check.txt
-then
- echo "Missing subnet_module in the ./configure stage:"
- echo "'unbound -V' output:"
- cat subnet_module_check.txt
- exit 1
-fi
-
-get_random_port 2
-UNBOUND_PORT=$RND_PORT
-UNBOUND_PORT2=$(($RND_PORT + 1))
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-echo "UNBOUND_PORT2=$UNBOUND_PORT2" >> .tpkg.var.test
-
-# rewrite config file with created ports
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' < ede.conf > temp.conf
-sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < temp.conf > ub.conf
-sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < ede-auth.conf > ub2.conf
-
-# start unbound in the background
-$PRE/unbound -d -c ub.conf > unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-
-# start authoritative unbound in the background
-$PRE/unbound -d -c ub2.conf > unbound2.log 2>&1 &
-UNBOUND_PID2=$!
-echo "UNBOUND_PID2=$UNBOUND_PID2" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_unbound_up unbound.log
-wait_unbound_up unbound2.log
+++ /dev/null
-# #-- ede_caching_subnetcache.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-. ../common.sh
-
-# query with the priming edns opt
-dig @127.0.0.1 -p $UNBOUND_PORT example.nl +subnet=127.0.0.0/17 > query1.txt
-
-if ! grep -q -e "OPT=15: 00 09" -e "EDE: 9" query1.txt
-then
- echo "Priming query fails"
- cat query1.txt
- exit 1
-fi
-
-# kill the authoritative Unbound instance?
-kill_pid $UNBOUND_PID2
-
-# query again to see if we have indeed cached the response
-dig @127.0.0.1 -p $UNBOUND_PORT example.nl +subnet=127.0.0.0/17 > query2.txt
-
-if ! grep -q -e "OPT=15: 00 09" -e "EDE: 9" query2.txt
-then
- echo "Cached query fails"
- cat query2.txt
- exit 1
-fi
+++ /dev/null
-$ORIGIN example.nl.
-$TTL 86400 ; default time-to-live for this zone
-
-example.nl. IN SOA ns.example.nl. noc.dns.icann.org. (
- 2020080302 ;Serial
- 7200 ;Refresh
- 3600 ;Retry
- 1209600 ;Expire
- 3600 ;Negative response caching TTL
-)
-
-; The nameserver that are authoritative for this zone.
- NS example.nl.
-
-; these A records below are equivalent
-example.nl. A 1.2.3.4
+++ /dev/null
-; autotrust trust anchor file
-;;id: . 1
-;;last_queried: 1669040556 ;;Mon Nov 21 15:22:36 2022
-;;last_success: 1669040556 ;;Mon Nov 21 15:22:36 2022
-;;next_probe_time: 1669081693 ;;Tue Nov 22 02:48:13 2022
-;;query_failed: 0
-;;query_interval: 43200
-;;retry_time: 8640
-. 86400 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1628842824 ;;Fri Aug 13 10:20:24 2021
--- /dev/null
+; Ask the same question twice. Check to see second is answered
+; from cache
+
+server:
+ trust-anchor-signaling: no
+ target-fetch-policy: "0 0 0 0 0"
+ send-client-subnet: 1.2.3.4
+ max-client-subnet-ipv4: 17
+ module-config: "subnetcache validator iterator"
+ verbosity: 3
+ qname-minimisation: no
+ minimal-responses: no
+ ede: yes
+ val-log-level: 2
+ trust-anchor: "example.nl. DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1"
+
+stub-zone:
+ name: "example.nl"
+ stub-addr: 1.2.3.4
+CONFIG_END
+
+SCENARIO_BEGIN Test subnetcache support for caching EDEs.
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.nl. IN DNSKEY
+SECTION ANSWER
+SECTION ADDITIONAL
+ HEX_EDNSDATA_BEGIN
+ ; client is 127.0.0.1
+ 00 08 ; OPC
+ 00 07 ; option length
+ 00 01 ; Family
+ 11 00 ; source mask, scopemask
+ 7f 00 00 ; address
+ HEX_EDNSDATA_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.nl. IN A
+SECTION ANSWER
+example.nl. IN A 1.2.3.4
+SECTION ADDITIONAL
+ HEX_EDNSDATA_BEGIN
+ ; client is 127.0.0.1
+ 00 08 ; OPC
+ 00 07 ; option length
+ 00 01 ; Family
+ 11 00 ; source mask, scopemask
+ 7f 00 00 ; address
+ HEX_EDNSDATA_END
+ENTRY_END
+RANGE_END
+ ns.example.com. IN A 1.2.3.4
+ www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+ ENTRY_END
+RANGE_END
+
+; get the entry in cache.
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+example.nl. IN A
+SECTION ADDITIONAL
+ HEX_EDNSDATA_BEGIN
+ 00 08 00 07 ; OPC, optlen
+ 00 01 11 00 ; ip4, scope 17, source 0
+ 7f 00 00 ;127.0.0.0/17
+ HEX_EDNSDATA_END
+ENTRY_END
+
+; get the answer for it
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ede=9
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+example.nl. IN A
+ENTRY_END
+
+; query again for the cached entry
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+example.nl. IN A
+SECTION ADDITIONAL
+ HEX_EDNSDATA_BEGIN
+ 00 08 00 07 ; OPC, optlen
+ 00 01 11 00 ; ip4, scope 17, source 0
+ 7f 00 00 ;127.0.0.0/17
+ HEX_EDNSDATA_END
+ENTRY_END
+
+; this must be a cached answer since stub is not answering in this range
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ede=9
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+example.nl. IN A
+ENTRY_END
+
+;STEP 10 CHECK_ANSWER
+;ENTRY_BEGIN
+; MATCH all ednsdata
+; REPLY QR RD RA AD NOERROR
+; SECTION QUESTION
+; www.example.com. IN A
+; SECTION ANSWER
+; www.example.com. IN A 10.20.30.40
+; www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+; SECTION AUTHORITY
+; example.com. IN NS ns.example.com.
+; example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+; SECTION ADDITIONAL
+; HEX_EDNSDATA_BEGIN
+; ; client is 127.0.0.1
+; 00 08 ; OPC
+; 00 07 ; option length
+; 00 01 ; Family
+; 11 11 ; source mask, scopemask
+; 7f 00 00 ; address
+; HEX_EDNSDATA_END
+; ns.example.com. IN A 1.2.3.4
+; ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+;ENTRY_END
+;
+;STEP 11 QUERY
+;
+;ENTRY_BEGIN
+; HEX_ANSWER_BEGIN;
+; 00 00 00 00 00 01 00 00 ;ID 0, no RD
+; 00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
+; 07 65 78 61 6d 70 6c 65
+; 03 63 6f 6d 00 00 01 00
+; 01 00 00 29 10 00 00 00
+; 80 00 00 0b
+;
+; 00 08 00 07 ; OPC, optlen
+; 00 01 12 00 ; ip4, scope 18, source 0
+; 7f 00 00 ;127.0.0.0/18
+; HEX_ANSWER_END
+;ENTRY_END
+;
+;STEP 20 CHECK_ANSWER
+;ENTRY_BEGIN
+; MATCH all ednsdata
+; REPLY QR RA AD NOERROR
+; SECTION QUESTION
+; www.example.com. IN A
+; SECTION ANSWER
+; www.example.com. IN A 10.20.30.40
+; www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
+; SECTION AUTHORITY
+; example.com. IN NS ns.example.com.
+; example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+; SECTION ADDITIONAL
+; HEX_EDNSDATA_BEGIN
+; ; client is 127.0.0.1
+; 00 08 ; OPC
+; 00 07 ; option length
+; 00 01 ; Family
+; 12 11 ; source mask, scopemask
+; 7f 00 00 ; address
+; HEX_EDNSDATA_END
+; ns.example.com. IN A 1.2.3.4
+; ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
+;ENTRY_END
+
+SCENARIO_END
projects / thirdparty / unbound.git / commitdiff
