# A recommended value is 1800.
# serve-expired-client-timeout: 0
+ # Return the original TTL as received from the upstream name server rather
+ # than the decrementing TTL as stored in the cache. Enabling this feature
+ # does not impact cache expiry, it only changes the TTL unbound embeds in
+ # responses to queries. Note that enabling this feature implicitly disables
+ # enforcement of the configured minimum and maximum TTL.
+ # serve-original-ttl: no
+
# Have the validator log failed validations for your diagnosis.
# 0: off. 1: A line per failed user query. 2: With reason and bad IP.
# val-log-level: 0
--- /dev/null
+; config options
+server:
+ access-control: 127.0.0.1 allow_snoop
+ module-config: "validator iterator"
+ qname-minimisation: "no"
+ minimal-responses: no
+ serve-original-ttl: yes
+ cache-max-ttl: 1000
+ cache-min-ttl: 20
+ serve-expired: yes
+ serve-expired-reply-ttl: 123
+
+stub-zone:
+ name: "example.com"
+ stub-addr: 1.2.3.4
+CONFIG_END
+
+SCENARIO_BEGIN Test serve-original-ttl
+; Scenario overview:
+; - query for example.com. IN A
+; - check that we get an answer for example.com. IN A with the correct TTL
+; - query again after a couple seconds and check that we get the original TTL
+; (next steps are combination with serve-expired)
+; - query again after the TTL expired
+; - check that we get the expired cached answer with the original TTL
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+ ADDRESS 1.2.3.4
+ ENTRY_BEGIN
+ MATCH opcode qtype qname
+ ADJUST copy_id
+ REPLY QR NOERROR
+ SECTION QUESTION
+ example.com. IN NS
+ SECTION ANSWER
+ example.com. IN NS ns.example.com.
+ SECTION ADDITIONAL
+ ns.example.com. IN A 1.2.3.4
+ ENTRY_END
+
+ ENTRY_BEGIN
+ MATCH opcode qtype qname
+ ADJUST copy_id
+ REPLY QR NOERROR
+ SECTION QUESTION
+ example.com. IN A
+ SECTION ANSWER
+ example.com. 10 IN A 5.6.7.8
+ SECTION AUTHORITY
+ example.com. IN NS ns.example.com.
+ SECTION ADDITIONAL
+ ns.example.com. IN A 1.2.3.4
+ ENTRY_END
+RANGE_END
+
+; Query with RD flag
+STEP 1 QUERY
+ENTRY_BEGIN
+ REPLY RD
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+; Check that we got the correct answer (should be cached)
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+ MATCH all ttl
+ REPLY QR RD RA NOERROR
+ SECTION QUESTION
+ example.com. IN A
+ SECTION ANSWER
+ example.com. 10 IN A 5.6.7.8
+ SECTION AUTHORITY
+ example.com. IN NS ns.example.com.
+ SECTION ADDITIONAL
+ ns.example.com. IN A 1.2.3.4
+ENTRY_END
+
+; Wait a couple of seconds (< 10)
+STEP 11 TIME_PASSES ELAPSE 5
+
+; Query again
+STEP 20 QUERY
+ENTRY_BEGIN
+ REPLY
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+; Check that we got the cached answer with the original TTL
+; (Passively checks that minimum and maximum TTLs are ignored)
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+ MATCH all ttl
+ REPLY QR RA NOERROR
+ SECTION QUESTION
+ example.com. IN A
+ SECTION ANSWER
+ example.com. 10 A 5.6.7.8
+ SECTION AUTHORITY
+ example.com. 3600 NS ns.example.com.
+ SECTION ADDITIONAL
+ ns.example.com. 3600 A 1.2.3.4
+ENTRY_END
+
+; Wait for the TTL to expire
+STEP 31 TIME_PASSES ELAPSE 3601
+
+; Query again
+STEP 40 QUERY
+ENTRY_BEGIN
+ REPLY
+ SECTION QUESTION
+ example.com. IN A
+ENTRY_END
+
+; Check that we got a stale answer with the original TTL
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+ MATCH all ttl
+ REPLY QR RA NOERROR
+ SECTION QUESTION
+ example.com. IN A
+ SECTION ANSWER
+ example.com. 10 A 5.6.7.8
+ SECTION AUTHORITY
+ example.com. NS ns.example.com.
+ SECTION ADDITIONAL
+ ns.example.com. A 1.2.3.4
+ENTRY_END
+
+; Give time for the pending query to get answered
+STEP 51 TRAFFIC
+
+SCENARIO_END
projects / thirdparty / unbound.git / commitdiff
