From d3b85ed7d8174ac0b3e2ce437de526fac260cd01 Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Tue, 22 Nov 2016 13:53:51 +0000 Subject: [PATCH] - Added unit test for QNAME minimisation + harden below nxdomain synergy. git-svn-id: file:///svn/unbound/trunk@3933 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 2 + testdata/stop_nxdomain_minimised.rpl | 110 +++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100644 testdata/stop_nxdomain_minimised.rpl diff --git a/doc/Changelog b/doc/Changelog index c729e97ec..814b494a8 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,8 @@ subdomain of the NSEC owner. - QNAME minimisation uses QTYPE=A, therefore always check cache for this type in harden-below-nxdomain functionality. + - Added unit test for QNAME minimisation + harden below nxdomain + synergy. 22 November 2016: Wouter - iana portlist update. diff --git a/testdata/stop_nxdomain_minimised.rpl b/testdata/stop_nxdomain_minimised.rpl new file mode 100644 index 000000000..8882b7bd9 --- /dev/null +++ b/testdata/stop_nxdomain_minimised.rpl @@ -0,0 +1,110 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + harden-below-nxdomain: yes + qname-minimisation: yes + trust-anchor: ". IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" + val-override-date: "20070916134226" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +stub-zone: + name: "anotherexample.local." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test stop cache search on nxdomain for QNAME minimised query + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN DNSKEY +SECTION ANSWER +. 3600 IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30900 (ksk), size = 512b} +. 3600 IN RRSIG DNSKEY 5 0 3600 20070926134150 20070829134150 30900 . BlVcSh8xSgm7ne+XVCJwNHQKjk5kTJgG4Fa3sOSfp3YUjb2YclmVWyIw7XEHl0/C6CN5gdy18idnM6vT6Hy42A== ;{id = 30900} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +local. IN A +SECTION AUTHORITY +. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400 +. 86400 IN RRSIG SOA 5 0 86400 20070926134150 20070829134150 30900 . bOYbFZZp7vWWC2oxV+kph+YXjoQj2f6QJktlgmzRI7oReFX9jy/LibTPQi/sW0SGHpLaj3G5p4IfIlBibne4DA== ;{id = 30900} +. 86400 IN NSEC ac. NS SOA RRSIG NSEC DNSKEY +. 86400 IN RRSIG NSEC 5 0 86400 20070926134150 20070829134150 30900 . U+/m5+FmczzkosEx1aTP7MK/F3PpcKWct8CzM1jhjwNe2RlnW7qFe0IH8SLzD/elvxDTQMpJSMlKOhUUdapB8g== ;{id = 30900} +lk. 86400 IN NSEC lr. NS DS RRSIG NSEC +lk. 86400 IN RRSIG NSEC 5 1 86400 20070926134150 20070829134150 30900 . j6Pw5Eu9vGHDJcckTSWa8YD1b7FV7c/Z8aVkLfJCH+iPcaa40/LSp784+t2PnAAXL8fgriNL6jF/ve1rti3ANQ== ;{id = 30900} +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +anotherexample.local. IN TXT +SECTION ANSWER +anotherexample.local. 86400 IN TXT "should not resolve this" +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.local. IN TXT +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +example.local. IN TXT +SECTION AUTHORITY +. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400 +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +anotherexample.local. IN TXT +ENTRY_END + +; query should be answered using NXDOMAIN for local in cache +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +anotherexample.local. IN TXT +SECTION AUTHORITY +. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400 +ENTRY_END + +SCENARIO_END -- 2.47.3