diff options
Diffstat (limited to 'contrib/unbound/testdata/dns_error_reporting.rpl')
| -rw-r--r-- | contrib/unbound/testdata/dns_error_reporting.rpl | 200 |
1 files changed, 0 insertions, 200 deletions
diff --git a/contrib/unbound/testdata/dns_error_reporting.rpl b/contrib/unbound/testdata/dns_error_reporting.rpl deleted file mode 100644 index f1fac12a2284..000000000000 --- a/contrib/unbound/testdata/dns_error_reporting.rpl +++ /dev/null @@ -1,200 +0,0 @@ -; Test DNS Error Reporting. - -server: - module-config: "validator iterator" - trust-anchor-signaling: no - target-fetch-policy: "0 0 0 0 0" - verbosity: 4 - qname-minimisation: no - minimal-responses: no - rrset-roundrobin: no - trust-anchor: "a.domain DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1" - ede: no # It is not needed for dns-error-reporting; only for clients to receive EDEs - dns-error-reporting: yes - do-ip6: no - -stub-zone: - name: domain - stub-addr: 0.0.0.0 -stub-zone: - name: an.agent - stub-addr: 0.0.0.2 -CONFIG_END - -SCENARIO_BEGIN Test DNS Error Reporting - -; domain -RANGE_BEGIN 0 100 - ADDRESS 0.0.0.0 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - a.domain. IN A - SECTION AUTHORITY - a.domain. IN NS ns.a.domain. - SECTION ADDITIONAL - ns.a.domain. IN A 0.0.0.1 - HEX_EDNSDATA_BEGIN - 00 12 ; opt-code (Report-Channel) - 00 0A ; opt-len - 02 61 6E 05 61 67 65 6E 74 00 ; an.agent. - HEX_EDNSDATA_END - ENTRY_END -RANGE_END - -; a.domain -RANGE_BEGIN 0 9 - ADDRESS 0.0.0.1 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - a.domain. IN DNSKEY - ENTRY_END - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - a.domain. IN A - SECTION ANSWER - a.domain. 5 IN A 0.0.0.0 - ; No RRSIG to trigger validation error (and EDE) - SECTION ADDITIONAL - ; No Report-Channel here - ENTRY_END -RANGE_END - -; a.domain -RANGE_BEGIN 10 100 - ADDRESS 0.0.0.1 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - a.domain. IN DNSKEY - ENTRY_END - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - a.domain. IN A - SECTION ANSWER - a.domain. 5 IN A 0.0.0.0 - ; No RRSIG to trigger validator error and EDE - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - 00 12 ; opt-code (Report-Channel) - 00 0A ; opt-len - 02 61 6E 05 61 67 65 6E 74 00 ; an.agent. - HEX_EDNSDATA_END - ENTRY_END -RANGE_END - -; an.agent -RANGE_BEGIN 10 20 - ADDRESS 0.0.0.2 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - _er.1.a.domain.9._er.an.agent. IN TXT - SECTION ANSWER - _er.1.a.domain.9._er.an.agent. IN TXT "OK" - ENTRY_END -RANGE_END - -; Query -STEP 0 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.domain. IN A -ENTRY_END - -; Check that validation failed (no DNS error reporting at this state; -; 'domain' did give an error reporting agent, but the latest upstream -; 'a.domain' did not) -STEP 1 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -a.domain. IN A -ENTRY_END - -; Wait for the a.domain query to expire (TTL 5) -STEP 3 TIME_PASSES ELAPSE 6 - -; Query again -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.domain. IN A -ENTRY_END - -; Check that validation failed -; (a DNS Error Report query should have been generated) -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -a.domain. IN A -ENTRY_END - -; Check explicitly that the DNS Error Report query is cached. -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -_er.1.a.domain.9._er.an.agent. IN TXT -ENTRY_END - -; At this range there are no configured agents to answer this. -; If the DNS Error Report query is not answered from the cache the test will -; fail with pending messages. -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY RD QR RA NOERROR -SECTION QUESTION -_er.1.a.domain.9._er.an.agent. IN TXT -SECTION ANSWER -_er.1.a.domain.9._er.an.agent. IN TXT "OK" -ENTRY_END - -; Wait for the a.domain query to expire (5 TTL). -; The DNS Error Report query should still be cached (SOA negative). -STEP 30 TIME_PASSES ELAPSE 6 - -; Force a DNS Error Report query generation again. -STEP 31 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.domain. IN A -ENTRY_END - -; Check that validation failed -STEP 32 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -a.domain. IN A -ENTRY_END - -; The same DNS Error Report query will be generated as above. -; No agent is configured at this range to answer the DNS Error Report query. -; If the DNS Error Report query is not used from the cache the test will fail -; with pending messages. - -SCENARIO_END |