From: W.C.A. Wijngaards Date: Thu, 9 Feb 2023 08:56:40 +0000 (+0100) Subject: - Fix to ignore entirely empty responses, and try at another authority. X-Git-Tag: release-1.19.0rc1~38^2~25^2~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4953daa016d67f0976655da58deed5fc8ac9a0e7;p=thirdparty%2Funbound.git - Fix to ignore entirely empty responses, and try at another authority. This turns completely empty responses, a type of noerror/nodata into a servfail, but they do not conform to RFC2308, and the retry can fetch improved content. --- diff --git a/doc/Changelog b/doc/Changelog index 6a95cf4da..9893e7846 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,9 @@ +9 February 2023: Wouter + - Fix to ignore entirely empty responses, and try at another authority. + This turns completely empty responses, a type of noerror/nodata into + a servfail, but they do not conform to RFC2308, and the retry can + fetch improved content. + 8 February 2023: Wouter - Fix #841: Unbound won't build with aaaa-filter-iterator.patch. diff --git a/iterator/iter_resptype.c b/iterator/iter_resptype.c index c2b824a0f..e85595b84 100644 --- a/iterator/iter_resptype.c +++ b/iterator/iter_resptype.c @@ -284,6 +284,13 @@ response_type_from_server(int rdset, /* If we've gotten this far, this is NOERROR/NODATA (which could * be an entirely empty message) */ + /* but ignore entirely empty messages, noerror/nodata has a soa + * negative ttl value in the authority section, this makes it try + * again at another authority. And turns it from a 5 second empty + * message into a 5 second servfail response. */ + if(msg->rep->an_numrrsets == 0 && msg->rep->ns_numrrsets == 0 && + msg->rep->ar_numrrsets == 0) + return RESPONSE_TYPE_THROWAWAY; /* check if recursive answer; saying it has empty cache */ if( (msg->rep->flags&BIT_RA) && !(msg->rep->flags&BIT_AA) && !rdset) return RESPONSE_TYPE_REC_LAME; diff --git a/testdata/auth_xfr_host.rpl b/testdata/auth_xfr_host.rpl index d052d36a4..f8bd1890e 100644 --- a/testdata/auth_xfr_host.rpl +++ b/testdata/auth_xfr_host.rpl @@ -84,6 +84,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END diff --git a/testdata/autotrust_revtp_use.rpl b/testdata/autotrust_revtp_use.rpl index b43eb60ad..952428a3d 100644 --- a/testdata/autotrust_revtp_use.rpl +++ b/testdata/autotrust_revtp_use.rpl @@ -109,6 +109,8 @@ SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER ; no AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END diff --git a/testdata/iter_dnsseclame_bug.rpl b/testdata/iter_dnsseclame_bug.rpl index cb17bbf33..c5fd13244 100644 --- a/testdata/iter_dnsseclame_bug.rpl +++ b/testdata/iter_dnsseclame_bug.rpl @@ -117,6 +117,8 @@ REPLY QR AA NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -126,6 +128,8 @@ REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; no example.net delegation answers yet. @@ -156,6 +160,8 @@ REPLY QR AA NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -165,6 +171,8 @@ REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -287,6 +295,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END @@ -321,6 +331,8 @@ ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; fine DNSKEY response. @@ -417,6 +429,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; response to query of interest diff --git a/testdata/iter_dnsseclame_ds.rpl b/testdata/iter_dnsseclame_ds.rpl index 78a11cc07..6b2bf653f 100644 --- a/testdata/iter_dnsseclame_ds.rpl +++ b/testdata/iter_dnsseclame_ds.rpl @@ -116,6 +116,8 @@ REPLY QR AA NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -125,6 +127,8 @@ REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -245,6 +249,9 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +sub.example.com. 3600 IN RRSIG SOA 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. o6B6mzZ2pzXRE9qBagNw+U5kZOCViyuYRObCJTMsEQn8kNzSIxOhuqjBoo0ifKmxvUmCxaNtsWaG4eDC+vCBdQ== ENTRY_END RANGE_END @@ -279,6 +286,8 @@ ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; fine DNSKEY response. @@ -375,6 +384,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; response to query of interest diff --git a/testdata/iter_dnsseclame_ta.rpl b/testdata/iter_dnsseclame_ta.rpl index 5799a1146..ce4414dda 100644 --- a/testdata/iter_dnsseclame_ta.rpl +++ b/testdata/iter_dnsseclame_ta.rpl @@ -119,6 +119,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -128,6 +130,8 @@ REPLY QR NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -239,6 +243,9 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= ENTRY_END RANGE_END @@ -261,6 +268,8 @@ ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; lame DNSKEY response. diff --git a/testdata/iter_donotq127.rpl b/testdata/iter_donotq127.rpl index 3668d7b6f..4b22222d2 100644 --- a/testdata/iter_donotq127.rpl +++ b/testdata/iter_donotq127.rpl @@ -35,6 +35,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_emptydp.rpl b/testdata/iter_emptydp.rpl index 82ddccfad..ecb49b6cd 100644 --- a/testdata/iter_emptydp.rpl +++ b/testdata/iter_emptydp.rpl @@ -108,6 +108,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -156,6 +158,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -180,7 +184,9 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER -; bogus +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= ENTRY_END ; response to DNSKEY priming query @@ -261,6 +267,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_emptydp_for_glue.rpl b/testdata/iter_emptydp_for_glue.rpl index 68fad6f15..94dec2bc5 100644 --- a/testdata/iter_emptydp_for_glue.rpl +++ b/testdata/iter_emptydp_for_glue.rpl @@ -135,6 +135,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -211,6 +213,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.org. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.org. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.net. zone @@ -244,6 +248,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -268,7 +274,9 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER -; bogus message. +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= ENTRY_END ; response to DNSKEY priming query @@ -343,6 +351,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.org. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.org. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.net. zone @@ -376,6 +386,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -471,6 +483,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END @@ -490,6 +503,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_ignore_empty.rpl b/testdata/iter_ignore_empty.rpl new file mode 100644 index 000000000..c70dd7e8d --- /dev/null +++ b/testdata/iter_ignore_empty.rpl @@ -0,0 +1,198 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test ignore of an empty response. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example2.com. IN NS +SECTION AUTHORITY +example2.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example.net. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns root 4 14400 3600 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns2.example2.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example2.com. IN NS +SECTION ANSWER +example2.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example2.com. IN A +SECTION ANSWER +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example2.com. IN AAAA +SECTION AUTHORITY +example2.com. IN SOA ns2 root 4 14400 3600 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +; wait for pending nameserver lookups. +STEP 20 TRAFFIC + +SCENARIO_END diff --git a/testdata/iter_lame_aaaa.rpl b/testdata/iter_lame_aaaa.rpl index 8afef770f..cef471305 100644 --- a/testdata/iter_lame_aaaa.rpl +++ b/testdata/iter_lame_aaaa.rpl @@ -76,6 +76,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -85,6 +87,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN A SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_lamescrub.rpl b/testdata/iter_lamescrub.rpl index 2de13a655..0ac19d7f8 100644 --- a/testdata/iter_lamescrub.rpl +++ b/testdata/iter_lamescrub.rpl @@ -42,6 +42,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_nxns_cached.rpl b/testdata/iter_nxns_cached.rpl index 7671df663..6cb8866ed 100644 --- a/testdata/iter_nxns_cached.rpl +++ b/testdata/iter_nxns_cached.rpl @@ -152,6 +152,8 @@ RANGE_BEGIN 31 100 REPLY QR NOERROR SECTION QUESTION nameservers.com. IN A + SECTION AUTHORITY + nameservers.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END diff --git a/testdata/iter_nxns_fallback.rpl b/testdata/iter_nxns_fallback.rpl index 324068604..2a6a3fd33 100644 --- a/testdata/iter_nxns_fallback.rpl +++ b/testdata/iter_nxns_fallback.rpl @@ -137,6 +137,8 @@ RANGE_BEGIN 0 100 REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_primenoglue.rpl b/testdata/iter_primenoglue.rpl index a0be71c78..b9808dd2c 100644 --- a/testdata/iter_primenoglue.rpl +++ b/testdata/iter_primenoglue.rpl @@ -114,15 +114,6 @@ SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -A.ROOT-SERVERS.NET. IN AAAA -SECTION ANSWER -ENTRY_END - ENTRY_BEGIN MATCH opcode qname ADJUST copy_id copy_query @@ -130,29 +121,22 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN -MATCH opcode qname +MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION -K.ROOT-SERVERS.NET. IN A +ROOT-SERVERS.NET. IN A SECTION AUTHORITY ROOT-SERVERS.NET. IN NS A.ROOT-SERVERS.NET. SECTION ADDITIONAL A.ROOT-SERVERS.NET. IN A 198.41.0.4 ENTRY_END -ENTRY_BEGIN -MATCH opcode qname -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -K.ROOT-SERVERS.NET. IN AAAA -SECTION ANSWER -ENTRY_END - ENTRY_BEGIN MATCH opcode qname ADJUST copy_id copy_query @@ -213,6 +197,7 @@ K.ROOT-SERVERS.NET. IN A SECTION ANSWER K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END + ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id @@ -222,6 +207,8 @@ K.ROOT-SERVERS.NET. IN AAAA SECTION ANSWER ; no ip6 address: we want to use only one address for K. to avoid having ; to duplicate the entries in this file for both addresses. +SECTION AUTHORITY +root-servers.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END @@ -258,6 +245,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -282,6 +271,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END @@ -363,6 +354,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END @@ -381,6 +373,7 @@ SECTION QUESTION K.ROOT-SERVERS.NET. IN AAAA SECTION ANSWER SECTION AUTHORITY +root-servers.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_privaddr.rpl b/testdata/iter_privaddr.rpl index 93a2a147d..0c87b4b9a 100644 --- a/testdata/iter_privaddr.rpl +++ b/testdata/iter_privaddr.rpl @@ -122,6 +122,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_reclame_two.rpl b/testdata/iter_reclame_two.rpl index 459dcb17f..76c310b28 100644 --- a/testdata/iter_reclame_two.rpl +++ b/testdata/iter_reclame_two.rpl @@ -95,6 +95,8 @@ REPLY QR RA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -104,6 +106,8 @@ REPLY QR RA NOERROR SECTION QUESTION lame.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_scrub_ns.rpl b/testdata/iter_scrub_ns.rpl index 365f0b54e..64f980dcd 100644 --- a/testdata/iter_scrub_ns.rpl +++ b/testdata/iter_scrub_ns.rpl @@ -39,6 +39,7 @@ REPLY QR NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 ; must be scrubbed www.burritolovers.com. IN A 10.20.30.40 SECTION AUTHORITY @@ -78,6 +79,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_scrub_ns_fwd.rpl b/testdata/iter_scrub_ns_fwd.rpl index 239dc37f9..f7a526c46 100644 --- a/testdata/iter_scrub_ns_fwd.rpl +++ b/testdata/iter_scrub_ns_fwd.rpl @@ -39,6 +39,7 @@ REPLY RD RA QR NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 ; must be scrubbed www.burritolovers.com. IN A 10.20.30.40 SECTION AUTHORITY @@ -78,6 +79,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_scrub_ns_side.rpl b/testdata/iter_scrub_ns_side.rpl index 98d00fd92..44620ebd1 100644 --- a/testdata/iter_scrub_ns_side.rpl +++ b/testdata/iter_scrub_ns_side.rpl @@ -39,6 +39,7 @@ REPLY QR NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 ; must be scrubbed www.burritolovers.com. IN A 10.20.30.40 SECTION AUTHORITY @@ -54,6 +55,7 @@ REPLY QR NOERROR SECTION QUESTION mail.example.com. IN A SECTION ANSWER +mail.example.com. IN A 1.2.3.11 SECTION AUTHORITY ; not pertinent to the query www.example.com. IN NS ns.example.com. @@ -78,6 +80,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END @@ -96,6 +99,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION mail.example.com. IN A SECTION ANSWER +mail.example.com. IN A 1.2.3.11 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_stublastresort.rpl b/testdata/iter_stublastresort.rpl index b60778910..8fac79905 100644 --- a/testdata/iter_stublastresort.rpl +++ b/testdata/iter_stublastresort.rpl @@ -105,6 +105,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -156,6 +158,8 @@ REPLY QR AA SERVFAIL SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -204,6 +208,8 @@ REPLY QR AA SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/nsid_bogus.rpl b/testdata/nsid_bogus.rpl index 7e92266cf..b92563cf2 100644 --- a/testdata/nsid_bogus.rpl +++ b/testdata/nsid_bogus.rpl @@ -117,6 +117,9 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 1440 0 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= SECTION ADDITIONAL ENTRY_END diff --git a/testdata/val_cnametoinsecure.rpl b/testdata/val_cnametoinsecure.rpl index 78d04de97..372a61f21 100644 --- a/testdata/val_cnametoinsecure.rpl +++ b/testdata/val_cnametoinsecure.rpl @@ -50,9 +50,11 @@ SECTION QUESTION unsafe.example.com. IN AAAA SECTION ANSWER ; empty response +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.com. gJkF06xR3FoD/d+rxcLOwGpT8+DV+nbxED8C6T1qZyhWfKlfpYzISNooKBWD+JQbaGKV/nfm+rT3M0fnIXPpQQ== ENTRY_END - ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id @@ -88,6 +90,9 @@ SECTION QUESTION unsafe.example.org. IN AAAA SECTION ANSWER ; empty response +SECTION AUTHORITY +example.org. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.org. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.org. lYlSk7saPytwcu6Dp3HKYdyCOIlpTm+T8kjf0hnrLgPDZuksUjw/GLB+d6onTDpWLlasHfi0eoAkNvTeuR0+1w== ENTRY_END RANGE_END @@ -112,6 +117,8 @@ www.example.com. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20 SECTION AUTHORITY unsafe.example.com. 3600 IN NSEC v.example.com. NS RRSIG NSEC unsafe.example.com. 3600 IN RRSIG NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899} +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.com. gJkF06xR3FoD/d+rxcLOwGpT8+DV+nbxED8C6T1qZyhWfKlfpYzISNooKBWD+JQbaGKV/nfm+rT3M0fnIXPpQQ== ENTRY_END ; NSEC3 @@ -134,6 +141,8 @@ www.example.org. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20 SECTION AUTHORITY ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN NSEC3 1 0 1 - ltchu0548v0cof8f25u2pj4mjf4shcmt NS ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN RRSIG NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899} +example.org. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.org. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.org. lYlSk7saPytwcu6Dp3HKYdyCOIlpTm+T8kjf0hnrLgPDZuksUjw/GLB+d6onTDpWLlasHfi0eoAkNvTeuR0+1w== ENTRY_END SCENARIO_END diff --git a/testdata/val_cnametonodata_nonsec.rpl b/testdata/val_cnametonodata_nonsec.rpl index 48158162c..cf743321b 100644 --- a/testdata/val_cnametonodata_nonsec.rpl +++ b/testdata/val_cnametonodata_nonsec.rpl @@ -146,11 +146,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. AI+pFL3opyI/Mx3pCwnULbwc99bqXrJjRp4ds1lIBPN9X/Pia3wQdkM= ; NSEC here ... SECTION ADDITIONAL ENTRY_END @@ -208,11 +210,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} ; NSEC here SECTION ADDITIONAL ENTRY_END @@ -226,6 +230,8 @@ SECTION QUESTION www.example.net. IN A SECTION ANSWER SECTION AUTHORITY +example.net. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +;example.net. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.net. ADNbj4XoTESBEkbFri3OG7SujbOUAoyrxPNHbULhxbvbB48Y0YAwvNY= ;www.example.net. IN NSEC example.net. MX NSEC RRSIG ;www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} SECTION ADDITIONAL diff --git a/testdata/val_cnametooptout.rpl b/testdata/val_cnametooptout.rpl index c9e982253..3528b8b8d 100644 --- a/testdata/val_cnametooptout.rpl +++ b/testdata/val_cnametooptout.rpl @@ -44,6 +44,8 @@ REPLY QR NOERROR SECTION QUESTION www.content.hud.gov. IN AAAA SECTION ANSWER +SECTION AUTHORITY +content.hud.gov. 86400 IN NS drfswitch.hud.gov. ENTRY_END ENTRY_BEGIN @@ -107,6 +109,7 @@ SECTION AUTHORITY 3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov. 86400 IN RRSIG NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. APf75Nx4eY9eHov3T9hduDLuG4TJfVfEUEhSgm7HIZRvSPFgajHz2q+Wy6888G3C0T1Zft1qL2PdHMonK6H1OEE+NiOxroDsZaH+aWZjAsbIO86qQ2xcC+/Z9DsddQtONk0zAqpuYxHSn879rAk/BIKeDukNoBChHCSTy8olUFiYt7XEmjz5AOoc8R5VQhMQi/vmbmC0BoFOemDxxowG2MX27Hj2MbVBEJiT8xioFEk41jsdDI0WQtpnory2NT/UM4kWZdmDdxbpwu2F8oixe3oi4AOI9j3EukoOZT9f0Sx+tCg/I9zLNZJi+VuI5oUlpZkSH5EoUyRgK33eO+KJhQ== ;{id = 64775} GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov. 86400 IN NSEC3 1 1 5 abcd gvfjd9enpjtet8a14uhb8hlrfeon2b72 A RRSIG ; flags: optout GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov. 86400 IN RRSIG NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. eQFg/RvJ640k+Fa5yIUZwkx8FvsYSivykYFjc6dOiGt7r3VprfxwGWeYpyjYr/+mzu0ugE5ePDjZWtr5naK3dvqmt7qKk4/nEvVDoUmrg7joIUmeTzami9RB9lzCq2O/ddempQ6jpwfjiIDuEKUxHMpBFpw8QQZnZSZHKKQCDB4pOj8U8J/wNJXCS+SP7plU1hEVroC+QXCOYS8NHY2wFyeuW7A+xvg9tyYp9PH6c5MoNMkRQt36Kdvfk1nk3osktwalJNLmMhDr/vtErFieGGD6E9Ud9Pg70bPF2G5nqwwLDRevy7hIFjaMDHfYrcWc4B5hrUSpGtLJkYog9vsd2w== ;{id = 64775} +content.hud.gov. 86400 IN NS drfswitch.hud.gov. ENTRY_END SCENARIO_END diff --git a/testdata/val_ds_cname.rpl b/testdata/val_ds_cname.rpl index 3b88fb5a2..1703601e5 100644 --- a/testdata/val_ds_cname.rpl +++ b/testdata/val_ds_cname.rpl @@ -78,6 +78,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END diff --git a/testdata/val_faildnskey.rpl b/testdata/val_faildnskey.rpl index 528082120..f45080a0b 100644 --- a/testdata/val_faildnskey.rpl +++ b/testdata/val_faildnskey.rpl @@ -143,10 +143,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} ENTRY_END RANGE_END diff --git a/testdata/val_faildnskey_ok.rpl b/testdata/val_faildnskey_ok.rpl index d3ac00c47..50f3184b4 100644 --- a/testdata/val_faildnskey_ok.rpl +++ b/testdata/val_faildnskey_ok.rpl @@ -144,10 +144,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} ENTRY_END RANGE_END diff --git a/testdata/val_nsec3_b2_nodata_nons.rpl b/testdata/val_nsec3_b2_nodata_nons.rpl index b47643b25..7faaafac6 100644 --- a/testdata/val_nsec3_b2_nodata_nons.rpl +++ b/testdata/val_nsec3_b2_nodata_nons.rpl @@ -97,6 +97,9 @@ ADJUST copy_id REPLY QR AA DO NOERROR SECTION QUESTION ns1.example. IN DS +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) ENTRY_END ENTRY_BEGIN diff --git a/testdata/val_nsec3_b4_wild_wr.rpl b/testdata/val_nsec3_b4_wild_wr.rpl index 50daf3809..5ca165628 100644 --- a/testdata/val_nsec3_b4_wild_wr.rpl +++ b/testdata/val_nsec3_b4_wild_wr.rpl @@ -129,6 +129,10 @@ SECTION QUESTION ns2.example. IN A SECTION ANSWER ; nothing to make sure the ns1 server is used for queries. +SECTION AUTHORITY +example. NS ns1.example. +example. NS ns2.example. +example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) ENTRY_END ENTRY_BEGIN @@ -139,6 +143,10 @@ SECTION QUESTION ns2.example. IN AAAA SECTION ANSWER ; nothing to make sure the ns1 server is used for queries. +SECTION AUTHORITY +example. NS ns1.example. +example. NS ns2.example. +example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) ENTRY_END diff --git a/testdata/val_positive_nosigs.rpl b/testdata/val_positive_nosigs.rpl index e57836f90..c48b39e6f 100644 --- a/testdata/val_positive_nosigs.rpl +++ b/testdata/val_positive_nosigs.rpl @@ -137,10 +137,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION www.example.com. IN DS SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} ENTRY_END ; response to query of interest