--- /dev/null
+; config options
+server:
+ module-config: "validator iterator"
+ qname-minimisation: "no"
+ minimal-responses: no
+ serve-expired: yes
+ serve-expired-reply-ttl: 123
+ log-servfail: yes
+ ede: yes
+ ede-serve-expired: yes
+
+
+stub-zone:
+ name: "example.com"
+ stub-addr: 1.2.3.4
+CONFIG_END
+
+SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply
+; Scenario overview:
+; - query for example.com. IN A
+; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
+; - check that the client gets the SERVFAIL; also cached
+; - query again right after the TTL expired
+; - cached SERVFAIL should be ignored and upstream queried
+; - answer from upstream is still SERVFAIL; the cached error response will be
+; refreshed for another NORR_TTL(5)
+; - check that the client gets the SERVFAIL
+; - query again; the upstream now has the answer available
+; - check that we get the refreshed cached response instead
+
+; ns.example.com.
+RANGE_BEGIN 0 50
+ ADDRESS 1.2.3.4
+ ; response to A query
+ ENTRY_BEGIN
+ MATCH opcode qtype qname
+ ADJUST copy_id
+ REPLY QR AA SERVFAIL
+ SECTION QUESTION
+ example.com. IN A
+ ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 60 100
+ ADDRESS 1.2.3.4
+ ENTRY_BEGIN
+ MATCH opcode qtype qname
+ ADJUST copy_id
+ REPLY QR NOERROR
+ SECTION QUESTION
+ example.com. 10 IN NS
+ SECTION ANSWER
+ example.com. 10 IN NS ns.example.com.
+ SECTION ADDITIONAL
+ ns.example.com. 10 IN A 1.2.3.4
+ ENTRY_END
+
+ ENTRY_BEGIN
+ MATCH opcode qtype qname
+ ADJUST copy_id
+ REPLY QR NOERROR
+ SECTION QUESTION
+ example.com. IN A
+ SECTION ANSWER
+ example.com. 10 IN A 5.6.7.8
+ SECTION AUTHORITY
+ example.com. 10 IN NS ns.example.com.
+ SECTION ADDITIONAL
+ ns.example.com. 10 IN A 1.2.3.4
+ ENTRY_END
+RANGE_END
+
+; Query with RD flag
+STEP 0 QUERY
+ENTRY_BEGIN
+ REPLY RD
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+; Check that we get the SERVFAIL (will be cached)
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+ MATCH all
+ REPLY QR RD RA SERVFAIL
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+; Query again
+STEP 20 QUERY
+ENTRY_BEGIN
+ REPLY RD
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+; Check that we get the cached SERVFAIL
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+ MATCH all
+ REPLY QR RD RA SERVFAIL
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+; Wait for the SERVFAIL to expire
+STEP 31 TIME_PASSES ELAPSE 6
+
+; Query again
+STEP 40 QUERY
+ENTRY_BEGIN
+ REPLY RD
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+; Check that we get the SERVFAIL (will be refreshed)
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+ MATCH all
+ REPLY QR RD RA SERVFAIL
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+; Query again, upstream has the real answer available
+STEP 60 QUERY
+ENTRY_BEGIN
+ REPLY RD
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+; Check that we get the refreshed cached SERVFAIL
+STEP 70 CHECK_ANSWER
+ENTRY_BEGIN
+ MATCH all
+ REPLY QR RD RA SERVFAIL
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+SCENARIO_END
projects / thirdparty / unbound.git / commitdiff
