From: Philip Homburg Date: Wed, 22 Mar 2023 14:21:19 +0000 (+0100) Subject: Tests for serve-expired in combination with new 0 TTL data. X-Git-Tag: release-1.18.0rc1~24^2~48^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=072be3300f49d75a9dfd35c346bc9020f9623f9e;p=thirdparty%2Funbound.git Tests for serve-expired in combination with new 0 TTL data. --- diff --git a/testdata/serve_expired_0ttl_nodata.rpl b/testdata/serve_expired_0ttl_nodata.rpl new file mode 100644 index 000000000..e28e35255 --- /dev/null +++ b/testdata/serve_expired_0ttl_nodata.rpl @@ -0,0 +1,154 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is NODATA; will be cached for NORR_TTL(5) +; - check that the client gets the NODATA; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the NODATA (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NODATA +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Wait for the NXDOMAIN to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NODATA +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_expired_0ttl_nxdomain.rpl b/testdata/serve_expired_0ttl_nxdomain.rpl new file mode 100644 index 000000000..55b7605ad --- /dev/null +++ b/testdata/serve_expired_0ttl_nxdomain.rpl @@ -0,0 +1,154 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is NXDOMAIN; will be cached for NORR_TTL(5) +; - check that the client gets the NXDOMAIN; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NXDOMAIN +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Wait for the NXDOMAIN to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NXDOMAIN +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_expired_0ttl_servfail.rpl b/testdata/serve_expired_0ttl_servfail.rpl new file mode 100644 index 000000000..aad7aa8c9 --- /dev/null +++ b/testdata/serve_expired_0ttl_servfail.rpl @@ -0,0 +1,129 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with SERVFAIL followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) +; - check that the client gets the SERVFAIL; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached SERVFAIL +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END