xref: /freebsd/contrib/unbound/testdata/serve_expired_val_bogus.rpl (revision ee3960cba1068e12fb032a68c46d74841d9edab3) 
1; config options
2; The island of trust is at example.com
3server:
4	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5	val-override-date: "20070916134226"
6	target-fetch-policy: "0 0 0 0 0"
7	qname-minimisation: "no"
8	fake-sha1: yes
9	trust-anchor-signaling: no
10	minimal-responses: no
11
12	serve-expired: yes
13	serve-expired-client-timeout: 0
14	serve-expired-reply-ttl: 123
15	ede: yes
16	ede-serve-expired: yes
17
18	# No need for AAAA nameserver queries
19	do-ip6: no
20
21stub-zone:
22	name: "."
23	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
24CONFIG_END
25
26SCENARIO_BEGIN Test serve-expired with client-timeout and bogus answer
27; Scenario overview:
28; - query for www.example.com. IN A
29; - check the answer
30; - wait for the record to expire
31; - (upstream now has a bogus response)
32; - query again for www.example.com. IN A
33; - check that we get the immediate expired valid response
34; - (prefetch response is bogus and is not cached; recursion is blocked for NORR_TTL(5) because of the failure)
35; - (upstream has a valid response again)
36; - query once more
37; - check that we still get the immediate expired valid response (prefetch will not trigger because of NORR_TTL(5))
38; - query and check that cache was not updated
39; - let NORR_TTL(5) expire
40; - query once more
41; - check that we still get the immediate expired valid response
42; - (prefetch should be allowed to refresh the record at this point)
43; - (upstream does not have the answer anymore)
44; - query one last time
45; - check that we get the immediate valid cache response
46
47; The example.com NS and ns.example.com A record are commented out.
48; This to make the test succeed. It then keeps the dnssec valid lookup.
49; Otherwise, the relookup of the referral would overwrite the example.com NS
50; the serve expired response would no longer be valid. But this record must
51; be cached, for keeping the current delegation information.
52; Also the DNSKEY lookup authority and additional are cleaned to stop overwrite
53; of the NS and A record. This is more likely to keep the serve expired
54; information intact.
55
56;;
57;; K.ROOT-SERVERS.NET.
58;;
59RANGE_BEGIN 0 100
60	ADDRESS 193.0.14.129
61    ENTRY_BEGIN
62    MATCH opcode qtype qname
63    ADJUST copy_id
64    REPLY QR NOERROR
65    SECTION QUESTION
66    . IN NS
67    SECTION ANSWER
68    . IN NS	K.ROOT-SERVERS.NET.
69    SECTION ADDITIONAL
70    K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
71    ENTRY_END
72
73    ENTRY_BEGIN
74    MATCH opcode
75    ADJUST copy_id copy_query
76    REPLY QR NOERROR
77    SECTION QUESTION
78    www.example.com. IN A
79    SECTION AUTHORITY
80    com.	IN NS	a.gtld-servers.net.
81    SECTION ADDITIONAL
82    a.gtld-servers.net.	IN 	A	192.5.6.30
83    ENTRY_END
84RANGE_END
85
86;;
87;; a.gtld-servers.net.
88;;
89RANGE_BEGIN 0 100
90	ADDRESS 192.5.6.30
91    ENTRY_BEGIN
92    MATCH opcode qtype qname
93    ADJUST copy_id
94    REPLY QR NOERROR
95    SECTION QUESTION
96    com. IN NS
97    SECTION ANSWER
98    com.    IN NS   a.gtld-servers.net.
99    SECTION ADDITIONAL
100    a.gtld-servers.net.     IN      A       192.5.6.30
101    ENTRY_END
102
103    ENTRY_BEGIN
104    MATCH opcode
105    ADJUST copy_id copy_query
106    REPLY QR NOERROR
107    SECTION QUESTION
108    www.example.com. IN A
109    SECTION AUTHORITY
110    example.com.	IN NS	ns.example.com.
111    SECTION ADDITIONAL
112    ns.example.com.		IN 	A	1.2.3.4
113    ENTRY_END
114RANGE_END
115
116;;
117;; ns.example.com. with generic data
118;;
119RANGE_BEGIN 0 100
120	ADDRESS 1.2.3.4
121    ENTRY_BEGIN
122    MATCH opcode qtype qname
123    ADJUST copy_id
124    REPLY QR NOERROR
125    SECTION QUESTION
126    example.com. IN NS
127    SECTION ANSWER
128    example.com.    IN NS   ns.example.com.
129    example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
130    SECTION ADDITIONAL
131    ns.example.com.         IN      A       1.2.3.4
132    ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
133    ENTRY_END
134
135    ; response to DNSKEY priming query
136    ENTRY_BEGIN
137    MATCH opcode qtype qname
138    ADJUST copy_id
139    REPLY QR NOERROR
140    SECTION QUESTION
141    example.com. IN DNSKEY
142    SECTION ANSWER
143    example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
144    example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
145    SECTION AUTHORITY
146    example.com.	IN NS	ns.example.com.
147    example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
148    SECTION ADDITIONAL
149    ns.example.com.		IN 	A	1.2.3.4
150    ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
151    ENTRY_END
152RANGE_END
153
154;;
155;; ns.example.com. with valid data
156;;
157RANGE_BEGIN 0 10
158	ADDRESS 1.2.3.4
159    ; response to query of interest
160    ENTRY_BEGIN
161    MATCH opcode qtype qname
162    ADJUST copy_id
163    REPLY QR NOERROR
164    SECTION QUESTION
165    www.example.com. IN A
166    SECTION ANSWER
167    www.example.com. IN A	10.20.30.40
168    ;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
169    SECTION AUTHORITY
170    ;example.com.	IN NS	ns.example.com.
171    ;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
172    SECTION ADDITIONAL
173    ;ns.example.com.		IN 	A	1.2.3.4
174    www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
175    ENTRY_END
176RANGE_END
177
178;;
179;; ns.example.com. with bogus data
180;;
181RANGE_BEGIN 20 40
182	ADDRESS 1.2.3.4
183    ; response to query of interest (bogus answer)
184    ENTRY_BEGIN
185    MATCH opcode qtype qname
186    ADJUST copy_id
187    REPLY QR NOERROR
188    SECTION QUESTION
189    www.example.com. IN A
190    SECTION ANSWER
191    www.example.com. IN A	10.20.30.40
192    ;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
193    SECTION AUTHORITY
194    ;example.com.	IN NS	ns.example.com.
195    ;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
196    SECTION ADDITIONAL
197    ;ns.example.com.		IN 	A	1.2.3.4
198    ;; (valid signature)
199    ;; www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
200    ;; (bogus signature)
201    www.example.com.           3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com.
202    ENTRY_END
203RANGE_END
204
205;;
206;; ns.example.com. with valid data again
207;;
208RANGE_BEGIN 50 100
209	ADDRESS 1.2.3.4
210    ; response to query of interest
211    ENTRY_BEGIN
212    MATCH opcode qtype qname
213    ADJUST copy_id
214    REPLY QR NOERROR
215    SECTION QUESTION
216    www.example.com. IN A
217    SECTION ANSWER
218    www.example.com. IN A	10.20.30.40
219    ;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
220    SECTION AUTHORITY
221    ;example.com.	IN NS	ns.example.com.
222    ;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
223    SECTION ADDITIONAL
224    ;ns.example.com.		IN 	A	1.2.3.4
225    www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
226    ENTRY_END
227RANGE_END
228
229
230STEP 1 QUERY
231ENTRY_BEGIN
232REPLY RD DO
233SECTION QUESTION
234www.example.com. IN A
235ENTRY_END
236
237; this is the valid answer
238STEP 10 CHECK_ANSWER
239ENTRY_BEGIN
240MATCH all ttl
241REPLY QR RD RA AD DO NOERROR
242SECTION QUESTION
243www.example.com. IN A
244SECTION ANSWER
245www.example.com. IN A	10.20.30.40
246www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
247SECTION AUTHORITY
248;example.com.	IN NS	ns.example.com.
249;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
250SECTION ADDITIONAL
251;ns.example.com.		IN 	A	1.2.3.4
252;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
253ENTRY_END
254
255STEP 11 TIME_PASSES ELAPSE 3601
256
257STEP 20 QUERY
258ENTRY_BEGIN
259REPLY RD DO
260SECTION QUESTION
261www.example.com. IN A
262ENTRY_END
263
264; this is the immediate expired cache response
265STEP 30 CHECK_ANSWER
266ENTRY_BEGIN
267MATCH all ttl ede=3
268REPLY QR RD RA AD DO NOERROR
269SECTION QUESTION
270www.example.com. IN A
271SECTION ANSWER
272www.example.com. 123 IN A	10.20.30.40
273www.example.com.        123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
274SECTION AUTHORITY
275;example.com.	123 IN NS	ns.example.com.
276;example.com.    123    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
277SECTION ADDITIONAL
278;ns.example.com.	123	IN 	A	1.2.3.4
279;ns.example.com. 123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
280ENTRY_END
281
282; query with response available on the server
283STEP 40 QUERY
284ENTRY_BEGIN
285REPLY RD DO
286SECTION QUESTION
287www.example.com. IN A
288ENTRY_END
289
290; this is still the immediate expired cache response because the previous upstream response was bogus
291; upstream query did not go out because of the previous failure NORR_TTL(5).
292STEP 50 CHECK_ANSWER
293ENTRY_BEGIN
294MATCH all ttl ede=3
295REPLY QR RD RA AD DO NOERROR
296SECTION QUESTION
297www.example.com. IN A
298SECTION ANSWER
299www.example.com. 123 IN A	10.20.30.40
300www.example.com.        123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
301SECTION AUTHORITY
302;example.com.	123 IN NS	ns.example.com.
303;example.com.    123    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
304SECTION ADDITIONAL
305;ns.example.com.	123	IN 	A	1.2.3.4
306;ns.example.com. 123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
307ENTRY_END
308
309; query with response available
310STEP 60 QUERY
311ENTRY_BEGIN
312REPLY RD DO
313SECTION QUESTION
314www.example.com. IN A
315ENTRY_END
316
317; this is still the immediate expired cache response because resolution is blocked for NORR_TTL(5)
318STEP 70 CHECK_ANSWER
319ENTRY_BEGIN
320MATCH all ttl ede=3
321REPLY QR RD RA AD DO NOERROR
322SECTION QUESTION
323www.example.com. IN A
324SECTION ANSWER
325www.example.com. 123 IN A	10.20.30.40
326www.example.com.        123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
327SECTION AUTHORITY
328;example.com.	123 IN NS	ns.example.com.
329;example.com.    123    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
330SECTION ADDITIONAL
331;ns.example.com.	123	IN 	A	1.2.3.4
332;ns.example.com. 123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
333ENTRY_END
334
335; expire NORR_TTL(5)
336STEP 71 TIME_PASSES ELAPSE 5
337
338; query again
339STEP 80 QUERY
340ENTRY_BEGIN
341REPLY RD DO
342SECTION QUESTION
343www.example.com. IN A
344ENTRY_END
345
346; this is still the immediate expired cache response but prefetching will be allowed to update the cache
347STEP 90 CHECK_ANSWER
348ENTRY_BEGIN
349MATCH all ttl ede=3
350REPLY QR RD RA AD DO NOERROR
351SECTION QUESTION
352www.example.com. IN A
353SECTION ANSWER
354www.example.com. 123 IN A	10.20.30.40
355www.example.com.        123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
356SECTION AUTHORITY
357;example.com.	123 IN NS	ns.example.com.
358;example.com.    123    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
359SECTION ADDITIONAL
360;ns.example.com.	123	IN 	A	1.2.3.4
361;ns.example.com. 123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
362ENTRY_END
363
364STEP 100 QUERY
365ENTRY_BEGIN
366REPLY RD DO
367SECTION QUESTION
368www.example.com. IN A
369ENTRY_END
370
371; this is the immediate cache response because the previous upstream response was valid
372STEP 110 CHECK_ANSWER
373ENTRY_BEGIN
374MATCH all ttl
375REPLY QR RD RA AD DO NOERROR
376SECTION QUESTION
377www.example.com. IN A
378SECTION ANSWER
379www.example.com. IN A	10.20.30.40
380www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
381SECTION AUTHORITY
382;example.com.	IN NS	ns.example.com.
383;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
384SECTION ADDITIONAL
385;ns.example.com.		IN 	A	1.2.3.4
386;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
387ENTRY_END
388
389SCENARIO_END
390