--- /dev/null
+; config options
+server:
+ target-fetch-policy: "0 0 0 0 0"
+ qname-minimisation: no
+ minimal-responses: no
+ serve-expired: yes
+ serve-expired-reply-ttl: 30
+
+ ; disable the serve expired client timeout.
+ serve-expired-client-timeout: 0
+ send-client-subnet: 1.2.3.4
+ max-client-subnet-ipv4: 17
+ ; subnetcache is to the left of cachedb, because it sets no cache
+ ; store for edns subnet content for modules to the right of it.
+ ; this keeps subnet content out of cachedb as global content.
+ module-config: "subnetcache cachedb iterator"
+
+cachedb:
+ backend: "testframe"
+ secret-seed: "testvalue"
+ cachedb-check-when-serve-expired: yes
+
+stub-zone:
+ name: "."
+ stub-addr: 193.0.14.129
+CONFIG_END
+
+SCENARIO_BEGIN Test cachedb, subnet and serve-expired, with a domain change from global to subnet.
+; So the CNAME first points to a global record, then points to a subnet record.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 400
+ ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 400
+ ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com. IN NS ns2.example.com.
+SECTION ADDITIONAL
+ns2.example.com. IN A 1.2.3.5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+foo.com. IN NS
+SECTION AUTHORITY
+foo.com. IN NS ns.foo.com.
+SECTION ADDITIONAL
+ns.foo.com. IN A 1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+initial.com. IN NS
+SECTION AUTHORITY
+initial.com. IN NS ns.initial.com.
+SECTION ADDITIONAL
+ns.initial.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns2.example.com.
+RANGE_BEGIN 0 30
+ ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qname qtype
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 10 IN CNAME www.initial.com.
+ENTRY_END
+RANGE_END
+
+; ns2.example.com. - after change
+RANGE_BEGIN 40 80
+ ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qname qtype
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 10 IN CNAME example.foo.com.
+ENTRY_END
+RANGE_END
+
+; ns.initial.com.
+RANGE_BEGIN 0 400
+ ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qname qtype
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.initial.com. IN A
+SECTION ANSWER
+www.initial.com. 10 IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.foo.com.
+RANGE_BEGIN 40 80
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype ednsdata
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.foo.com. IN A
+SECTION ANSWER
+example.foo.com. 10 IN A 1.2.3.5
+SECTION ADDITIONAL
+ HEX_EDNSDATA_BEGIN
+ ; client is 127.0.0.1
+ 00 08 ; OPC
+ 00 07 ; option length
+ 00 01 ; Family
+ 11 00 ; source mask, scopemask
+ 7f 00 00 ; address
+ HEX_EDNSDATA_END
+ENTRY_END
+RANGE_END
+
+; ns2.example.com. - later
+RANGE_BEGIN 90 200
+ ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qname qtype
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 10 IN CNAME example.foo.com.
+ENTRY_END
+RANGE_END
+
+; ns.foo.com. - later
+RANGE_BEGIN 90 200
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype ednsdata
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.foo.com. IN A
+SECTION ANSWER
+example.foo.com. 10 IN A 1.2.3.6
+SECTION ADDITIONAL
+ HEX_EDNSDATA_BEGIN
+ ; client is 127.0.0.1
+ 00 08 ; OPC
+ 00 07 ; option length
+ 00 01 ; Family
+ 11 00 ; source mask, scopemask
+ 7f 00 00 ; address
+ HEX_EDNSDATA_END
+ENTRY_END
+RANGE_END
+
+; make time not 0
+STEP 2 TIME_PASSES ELAPSE 212
+
+; Get an entry in cache.
+STEP 4 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; get the answer for it
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ttl
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 10 IN CNAME www.initial.com.
+www.initial.com. 10 IN A 1.2.3.4
+ENTRY_END
+
+; now valid in cache and valid in cachedb, without subnet.
+STEP 30 TIME_PASSES ELAPSE 20
+
+; now the cache and cachedb have an expired entry.
+; the upstream is updated to CNAME to a subnet zone A record.
+
+STEP 40 QUERY ADDRESS 127.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; the expired answer, while the ECS answer is looked up.
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ttl
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 30 IN CNAME www.initial.com.
+www.initial.com. 30 IN A 1.2.3.4
+ENTRY_END
+
+; check that subnet has the query in cache.
+STEP 58 TIME_PASSES ELAPSE 2
+STEP 60 QUERY ADDRESS 127.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 70 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 8 IN CNAME example.foo.com.
+example.foo.com. 8 IN A 1.2.3.5
+ENTRY_END
+
+; everything is expired, cache, subnetcache and cachedb.
+STEP 80 TIME_PASSES ELAPSE 20
+
+STEP 90 QUERY ADDRESS 127.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 100 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 10 IN CNAME example.foo.com.
+example.foo.com. 10 IN A 1.2.3.6
+ENTRY_END
+
+; see the entry now in cache, from the subnetcache.
+STEP 142 TIME_PASSES ELAPSE 2
+STEP 150 QUERY ADDRESS 127.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 160 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 8 IN CNAME example.foo.com.
+example.foo.com. 8 IN A 1.2.3.6
+ENTRY_END
+
+SCENARIO_END
--- /dev/null
+; config options
+server:
+ target-fetch-policy: "0 0 0 0 0"
+ qname-minimisation: no
+ minimal-responses: no
+ serve-expired: yes
+ serve-expired-reply-ttl: 30
+ ; at least one second, so we can time skip past the timer in the
+ ; testbound script steps, but also reply within the time.
+ serve-expired-client-timeout: 1200
+ send-client-subnet: 1.2.3.4
+ max-client-subnet-ipv4: 17
+ ; subnetcache is to the left of cachedb, because it sets no cache
+ ; store for edns subnet content for modules to the right of it.
+ ; this keeps subnet content out of cachedb as global content.
+ module-config: "subnetcache cachedb iterator"
+
+cachedb:
+ backend: "testframe"
+ secret-seed: "testvalue"
+ cachedb-check-when-serve-expired: yes
+
+stub-zone:
+ name: "."
+ stub-addr: 193.0.14.129
+CONFIG_END
+
+SCENARIO_BEGIN Test cachedb, subnet and serve-expired, with a domain change from global to subnet with serve-expired-client-timeout enabled.
+; So the CNAME first points to a global record, then points to a subnet record.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 400
+ ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 400
+ ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com. IN NS ns2.example.com.
+SECTION ADDITIONAL
+ns2.example.com. IN A 1.2.3.5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+foo.com. IN NS
+SECTION AUTHORITY
+foo.com. IN NS ns.foo.com.
+SECTION ADDITIONAL
+ns.foo.com. IN A 1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+initial.com. IN NS
+SECTION AUTHORITY
+initial.com. IN NS ns.initial.com.
+SECTION ADDITIONAL
+ns.initial.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; ns2.example.com.
+RANGE_BEGIN 0 30
+ ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qname qtype
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 10 IN CNAME www.initial.com.
+ENTRY_END
+RANGE_END
+
+; ns2.example.com. - after change
+RANGE_BEGIN 40 100
+ ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qname qtype
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 10 IN CNAME example.foo.com.
+ENTRY_END
+RANGE_END
+
+; ns.initial.com.
+RANGE_BEGIN 0 400
+ ADDRESS 1.2.3.6
+ENTRY_BEGIN
+MATCH opcode qname qtype
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.initial.com. IN A
+SECTION ANSWER
+www.initial.com. 10 IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.foo.com.
+RANGE_BEGIN 40 100
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype ednsdata
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.foo.com. IN A
+SECTION ANSWER
+example.foo.com. 10 IN A 1.2.3.5
+SECTION ADDITIONAL
+ HEX_EDNSDATA_BEGIN
+ ; client is 127.0.0.1
+ 00 08 ; OPC
+ 00 07 ; option length
+ 00 01 ; Family
+ 11 00 ; source mask, scopemask
+ 7f 00 00 ; address
+ HEX_EDNSDATA_END
+ENTRY_END
+RANGE_END
+
+; make time not 0
+STEP 2 TIME_PASSES ELAPSE 212
+
+; Get an entry in cache.
+STEP 4 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; get the answer for it
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ttl
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 10 IN CNAME www.initial.com.
+www.initial.com. 10 IN A 1.2.3.4
+ENTRY_END
+
+; now valid in cache and valid in cachedb, without subnet.
+STEP 30 TIME_PASSES ELAPSE 20
+
+; now the cache and cachedb have an expired entry.
+; the upstream is updated to CNAME to a subnet zone A record.
+
+STEP 40 QUERY ADDRESS 127.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; this answer is returned by the subnet lookup within
+; the serve-expired-client-timeout.
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ttl
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 10 IN CNAME example.foo.com.
+example.foo.com. 10 IN A 1.2.3.5
+ENTRY_END
+
+; check that subnet has the query in cache.
+STEP 58 TIME_PASSES ELAPSE 2
+STEP 60 QUERY ADDRESS 127.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 70 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 8 IN CNAME example.foo.com.
+example.foo.com. 8 IN A 1.2.3.5
+ENTRY_END
+
+SCENARIO_END
projects / thirdparty / unbound.git / commitdiff
