diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in index 7dbe5760033..3189731ad52 100644 --- a/contrib/unbound/Makefile.in +++ b/contrib/unbound/Makefile.in @@ -345,14 +345,12 @@ test: unittest$(EXEEXT) testbound$(EXEEXT) ./unittest$(EXEEXT) ./testbound$(EXEEXT) -s for x in $(srcdir)/testdata/*.rpl; do \ - printf "%s" "$$x "; \ - if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then \ - echo OK; \ + output=`./testbound$(EXEEXT) -p $$x -o -vvvvv 2>&1`; \ + if test $$? -eq 0; then \ + printf "%s OK\n" "$$x "; \ else \ - echo failed; \ - ./testbound$(EXEEXT) -p $$x -o -vvvvv; \ - printf "%s" "$$x "; \ - echo failed; \ + printf "%s\n" "$$output "; \ + printf "%s failed\n" "$$x "; \ exit 1; \ fi; \ done diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in index a080dde0da2..cc1fbe86481 100644 --- a/contrib/unbound/config.h.in +++ b/contrib/unbound/config.h.in @@ -222,6 +222,10 @@ /* Define to 1 if you have the `EVP_cleanup' function. */ #undef HAVE_EVP_CLEANUP +/* Define to 1 if you have the `EVP_default_properties_is_fips_enabled' + function. */ +#undef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED + /* Define to 1 if you have the `EVP_DigestVerify' function. */ #undef HAVE_EVP_DIGESTVERIFY diff --git a/contrib/unbound/configure b/contrib/unbound/configure index a9ec94479b5..0029d5b4278 100755 --- a/contrib/unbound/configure +++ b/contrib/unbound/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.16.0. +# Generated by GNU Autoconf 2.69 for unbound 1.16.1. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.16.0' -PACKAGE_STRING='unbound 1.16.0' +PACKAGE_VERSION='1.16.1' +PACKAGE_STRING='unbound 1.16.1' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.16.0 to adapt to many kinds of systems. +\`configure' configures unbound 1.16.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1543,7 +1543,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.16.0:";; + short | recursive ) echo "Configuration of unbound 1.16.1:";; esac cat <<\_ACEOF @@ -1785,7 +1785,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.16.0 +unbound configure 1.16.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.16.0, which was +It was created by unbound $as_me 1.16.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=16 -UNBOUND_VERSION_MICRO=0 +UNBOUND_VERSION_MICRO=1 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=16 +LIBUNBOUND_REVISION=17 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2934,6 +2934,7 @@ LIBUNBOUND_AGE=1 # 1.14.0 had 9:14:1 # 1.15.0 had 9:15:1 # 1.16.0 had 9:16:1 +# 1.16.1 had 9:17:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -18545,7 +18546,7 @@ fi done -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -19967,7 +19968,46 @@ if test x_$enable_static_exe = x_yes; then else LIBS="$LIBS -lgdi32" fi - LIBS="$LIBS -lz" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compress in -lz" >&5 +$as_echo_n "checking for compress in -lz... " >&6; } +if ${ac_cv_lib_z_compress+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lz $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char compress (); +int +main () +{ +return compress (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_z_compress=yes +else + ac_cv_lib_z_compress=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_compress" >&5 +$as_echo "$ac_cv_lib_z_compress" >&6; } +if test "x$ac_cv_lib_z_compress" = xyes; then : + LIBS="$LIBS -lz" +fi + LIBS="$LIBS -l:libssp.a" fi fi @@ -19987,7 +20027,46 @@ if test x_$enable_fully_static = x_yes; then else LIBS="$LIBS -lgdi32" fi - LIBS="$LIBS -lz" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compress in -lz" >&5 +$as_echo_n "checking for compress in -lz... " >&6; } +if ${ac_cv_lib_z_compress+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lz $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char compress (); +int +main () +{ +return compress (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_z_compress=yes +else + ac_cv_lib_z_compress=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_compress" >&5 +$as_echo "$ac_cv_lib_z_compress" >&6; } +if test "x$ac_cv_lib_z_compress" = xyes; then : + LIBS="$LIBS -lz" +fi + LIBS="$LIBS -l:libssp.a" fi fi @@ -21934,7 +22013,7 @@ _ACEOF -version=1.16.0 +version=1.16.1 date=`date +'%b %e, %Y'` @@ -22453,7 +22532,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.16.0, which was +This file was extended by unbound $as_me 1.16.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22519,7 +22598,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.16.0 +unbound config.status 1.16.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac index 1453b3a2fe2..e41c811ae82 100644 --- a/contrib/unbound/configure.ac +++ b/contrib/unbound/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[16]) -m4_define([VERSION_MICRO],[0]) +m4_define([VERSION_MICRO],[1]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=16 +LIBUNBOUND_REVISION=17 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -102,6 +102,7 @@ LIBUNBOUND_AGE=1 # 1.14.0 had 9:14:1 # 1.15.0 had 9:15:1 # 1.16.0 had 9:16:1 +# 1.16.1 had 9:17:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -906,7 +907,7 @@ else AC_MSG_RESULT([no]) fi AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex]) # these check_funcs need -lssl BAKLIBS="$LIBS" @@ -1499,7 +1500,7 @@ if test x_$enable_static_exe = x_yes; then else LIBS="$LIBS -lgdi32" fi - LIBS="$LIBS -lz" + AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ]) LIBS="$LIBS -l:libssp.a" fi fi @@ -1516,7 +1517,7 @@ if test x_$enable_fully_static = x_yes; then else LIBS="$LIBS -lgdi32" fi - LIBS="$LIBS -lz" + AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ]) LIBS="$LIBS -l:libssp.a" fi fi diff --git a/contrib/unbound/contrib/metrics.awk b/contrib/unbound/contrib/metrics.awk index 5a7a2569c29..ca48c035aa0 100644 --- a/contrib/unbound/contrib/metrics.awk +++ b/contrib/unbound/contrib/metrics.awk @@ -28,6 +28,7 @@ END { print "unbound_hits_queries{type=\"total.num.prefetch\"} " val["total.num.prefetch"]; print "unbound_hits_queries{type=\"num.query.tcp\"} " val["num.query.tcp"]; print "unbound_hits_queries{type=\"num.query.tcpout\"} " val["num.query.tcpout"]; + print "unbound_hits_queries{type=\"num.query.udpout\"} " val["num.query.udpout"]; print "unbound_hits_queries{type=\"num.query.tls\"} " val["num.query.tls"]; print "unbound_hits_queries{type=\"num.query.tls.resume\"} " val["num.query.tls.resume"]; print "unbound_hits_queries{type=\"num.query.ipv6\"} " val["num.query.ipv6"]; diff --git a/contrib/unbound/contrib/unbound_munin_ b/contrib/unbound/contrib/unbound_munin_ index 5037527580e..a756a5d1ca2 100755 --- a/contrib/unbound/contrib/unbound_munin_ +++ b/contrib/unbound/contrib/unbound_munin_ @@ -253,6 +253,7 @@ if test "$1" = "config" ; then p_config "total.num.prefetch" "cache prefetch" "ABSOLUTE" p_config "num.query.tcp" "TCP queries" "ABSOLUTE" p_config "num.query.tcpout" "TCP out queries" "ABSOLUTE" + p_config "num.query.udpout" "UDP out queries" "ABSOLUTE" p_config "num.query.tls" "TLS queries" "ABSOLUTE" p_config "num.query.tls.resume" "TLS resumes" "ABSOLUTE" p_config "num.query.ipv6" "IPv6 queries" "ABSOLUTE" @@ -452,7 +453,7 @@ hits) for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state | sed -e 's/=.*//'` total.num.queries \ total.num.cachehits total.num.prefetch num.query.tcp \ - num.query.tcpout num.query.tls num.query.tls.resume \ + num.query.tcpout num.query.udpout num.query.tls num.query.tls.resume \ num.query.ipv6 unwanted.queries \ unwanted.replies; do if grep "^"$x"=" $state >/dev/null 2>&1; then diff --git a/contrib/unbound/daemon/daemon.c b/contrib/unbound/daemon/daemon.c index 0e3923b4e9f..4ed531855ee 100644 --- a/contrib/unbound/daemon/daemon.c +++ b/contrib/unbound/daemon/daemon.c @@ -795,7 +795,7 @@ daemon_delete(struct daemon* daemon) ub_c_lex_destroy(); /* libcrypto cleanup */ #ifdef HAVE_SSL -# if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST) +# if defined(USE_GOST) sldns_key_EVP_unload_gost(); # endif # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE diff --git a/contrib/unbound/daemon/remote.c b/contrib/unbound/daemon/remote.c index 675ef43970d..ec7a4d5d93f 100644 --- a/contrib/unbound/daemon/remote.c +++ b/contrib/unbound/daemon/remote.c @@ -988,6 +988,8 @@ print_ext(RES* ssl, struct ub_stats_info* s) (unsigned long)s->svr.qtcp)) return 0; if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n", (unsigned long)s->svr.qtcp_outgoing)) return 0; + if(!ssl_printf(ssl, "num.query.udpout"SQ"%lu\n", + (unsigned long)s->svr.qudp_outgoing)) return 0; if(!ssl_printf(ssl, "num.query.tls"SQ"%lu\n", (unsigned long)s->svr.qtls)) return 0; if(!ssl_printf(ssl, "num.query.tls.resume"SQ"%lu\n", diff --git a/contrib/unbound/daemon/stats.c b/contrib/unbound/daemon/stats.c index d08f18dbb13..57c42827161 100644 --- a/contrib/unbound/daemon/stats.c +++ b/contrib/unbound/daemon/stats.c @@ -281,6 +281,7 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) /* values from outside network */ s->svr.unwanted_replies = (long long)worker->back->unwanted_replies; s->svr.qtcp_outgoing = (long long)worker->back->num_tcp_outgoing; + s->svr.qudp_outgoing = (long long)worker->back->num_udp_outgoing; /* get and reset validator rrset bogus number */ s->svr.rrset_bogus = (long long)get_rrset_bogus(worker, reset); @@ -424,6 +425,7 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a) total->svr.qclass_big += a->svr.qclass_big; total->svr.qtcp += a->svr.qtcp; total->svr.qtcp_outgoing += a->svr.qtcp_outgoing; + total->svr.qudp_outgoing += a->svr.qudp_outgoing; total->svr.qtls += a->svr.qtls; total->svr.qtls_resume += a->svr.qtls_resume; total->svr.qhttps += a->svr.qhttps; diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c index bf8c5d6b676..27626ce938c 100644 --- a/contrib/unbound/daemon/worker.c +++ b/contrib/unbound/daemon/worker.c @@ -1639,10 +1639,11 @@ lookup_cache: is_secure_answer = 0; h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { + struct reply_info* rep = (struct reply_info*)e->data; /* answer from cache - we have acquired a readlock on it */ - if(answer_from_cache(worker, &qinfo, - cinfo, &need_drop, &is_expired_answer, &is_secure_answer, - &alias_rrset, &partial_rep, (struct reply_info*)e->data, + if(answer_from_cache(worker, &qinfo, cinfo, &need_drop, + &is_expired_answer, &is_secure_answer, + &alias_rrset, &partial_rep, rep, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), repinfo, &edns)) { @@ -1650,15 +1651,13 @@ lookup_cache: * Note that if there is more than one pass * its qname must be that used for cache * lookup. */ - if((worker->env.cfg->prefetch && *worker->env.now >= - ((struct reply_info*)e->data)->prefetch_ttl) || - (worker->env.cfg->serve_expired && - *worker->env.now >= ((struct reply_info*)e->data)->ttl)) { + if((worker->env.cfg->prefetch && + *worker->env.now >= rep->prefetch_ttl) || + (worker->env.cfg->serve_expired && + *worker->env.now > rep->ttl)) { - time_t leeway = ((struct reply_info*)e-> - data)->ttl - *worker->env.now; - if(((struct reply_info*)e->data)->ttl - < *worker->env.now) + time_t leeway = rep->ttl - *worker->env.now; + if(rep->ttl < *worker->env.now) leeway = 0; lock_rw_unlock(&e->lock); @@ -2218,6 +2217,7 @@ void worker_stats_clear(struct worker* worker) mesh_stats_clear(worker->env.mesh); worker->back->unwanted_replies = 0; worker->back->num_tcp_outgoing = 0; + worker->back->num_udp_outgoing = 0; } void worker_start_accept(void* arg) diff --git a/contrib/unbound/doc/Changelog b/contrib/unbound/doc/Changelog index 8df5f367c4e..d3573190e7e 100644 --- a/contrib/unbound/doc/Changelog +++ b/contrib/unbound/doc/Changelog @@ -1,6 +1,84 @@ +4 July 2022: George + - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for + one loop pass'. + - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on + outbound tcp sockets. + +4 July 2022: Wouter + - Tag for 1.16.1rc1 release. + +3 July 2022: George + - Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS + mode on openssl3. + - Merge PR #660 from Petr Menšík: Sha1 runtime insecure. + - For #660: formatting, less verbose logging, add EDE information. + - Fix for correct openssl error when adding windows CA certificates to + the openssl trust store. + - Improve val_sigcrypt.c::algo_needs_missing for one loop pass. + - Reintroduce documentation and more EDE support for + val_sigcrypt.c::dnskeyset_verify_rrset_sig. + +1 July 2022: George + - Merge PR #706: NXNS fallback. + - From #706: Cached NXDOMAIN does not increase the target nx + responses. + - From #706: Don't generate parent side queries if we already + have the lame records in cache. + - From #706: When a lame address is the best choice, don't try to + generate target queries when the missing targets are all lame. + +29 June 2022: Wouter + - iana portlist update. + - Fix detection of libz on windows compile with static option. + - Fix compile warning for windows compile. + +29 June 2022: George + - Add debug option to the mini_tdir.sh test code. + - Fix #704: [FR] Statistics counter for number of outgoing UDP queries + sent; introduces 'num.query.udpout' to the 'unbound-control stats' + command. + - Fix to not count cached NXDOMAIN for MAX_TARGET_NX. + - Allow fallback to the parent side when MAX_TARGET_NX is reached. + This will also allow MAX_TARGET_NX more NXDOMAINs. + +28 June 2022: George + - Show the output of the exact .rpl run that failed with 'make test'. + - Fix for cached 0 TTL records to not trigger prefetching when + serve-expired-client-timeout is set. + +28 June 2022: Wouter + - Fix test program dohclient close to use portability routine. + +23 June 2022: Tom + - Clarify -v flag manpage entry (#705) + +22 June 2022: Philip + - Fix #663: use after free issue with edns options. + +21 June 2022: Philip + - Fix for loading locally stored zones that have lines with blanks or + blanks and comments. + +20 June 2022: George + - Remove unused LDNS function check for GOST Engine unloading. + +14 June 2022: George + - Merge PR #688: Rpz url notify issue. + - Note in the unbound.conf text that NOTIFY is allowed from the url: + addresses for auth and rpz zones. + +3 June 2022: George + - Fix for edns client subnet to respect not looking in its cache when + instructed to do so (e.g., prefetch). + +3 June 2022: Wouter + - makedist.sh picks up 32bit libssp-0.dll when 32bit compile. + 27 May 2022: Wouter - Fix #684: [FTBS] configure script error with libmnl on openSUSE 15.3 (and possibly other distributions) - - Version is set to 1.16.0 for release. Release tag 1.16.0rc1. + - Version is set to 1.16.0 for release. Release tag 1.16.0rc1. This + became release 1.16.0 on 2 June 2022. The source code branch + continues with version 1.16.1 under development. 20 May 2022: Wouter - Fix to silence test for ede error output to the console from the diff --git a/contrib/unbound/doc/README b/contrib/unbound/doc/README index ea93afddcd5..13992ac7f9e 100644 --- a/contrib/unbound/doc/README +++ b/contrib/unbound/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.16.0 +README for Unbound 1.16.1 Copyright 2007 NLnet Labs http://unbound.net diff --git a/contrib/unbound/doc/example.conf.in b/contrib/unbound/doc/example.conf.in index 64adfe9e5e9..b01d2c58dbf 100644 --- a/contrib/unbound/doc/example.conf.in +++ b/contrib/unbound/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.16.0. +# See unbound.conf(5) man page, version 1.16.1. # # this is a comment. @@ -1045,8 +1045,8 @@ remote-control: # has a copy of the root for local usage. The second serves example.org # authoritatively. zonefile: reads from file (and writes to it if you also # download it), primary: fetches with AXFR and IXFR, or url to zonefile. -# With allow-notify: you can give additional (apart from primaries) sources of -# notifies. +# With allow-notify: you can give additional (apart from primaries and urls) +# sources of notifies. # auth-zone: # name: "." # primary: 199.9.14.201 # b.root-servers.net diff --git a/contrib/unbound/doc/libunbound.3.in b/contrib/unbound/doc/libunbound.3.in index b1be90ce0f0..8049e3ae29d 100644 --- a/contrib/unbound/doc/libunbound.3.in +++ b/contrib/unbound/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "libunbound" "3" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -44,7 +44,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.16.0 functions. +\- Unbound DNS validating resolver 1.16.1 functions. .SH "SYNOPSIS" .B #include .LP diff --git a/contrib/unbound/doc/unbound-anchor.8.in b/contrib/unbound/doc/unbound-anchor.8.in index 4da37b1d5ff..85b71fd30b8 100644 --- a/contrib/unbound/doc/unbound-anchor.8.in +++ b/contrib/unbound/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound-anchor" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/contrib/unbound/doc/unbound-checkconf.8.in b/contrib/unbound/doc/unbound-checkconf.8.in index 4c607a231b9..8133feeaa36 100644 --- a/contrib/unbound/doc/unbound-checkconf.8.in +++ b/contrib/unbound/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound-checkconf" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/contrib/unbound/doc/unbound-control.8.in b/contrib/unbound/doc/unbound-control.8.in index 3ef1d659f58..128101e2f88 100644 --- a/contrib/unbound/doc/unbound-control.8.in +++ b/contrib/unbound/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound-control" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -552,6 +552,10 @@ Number of queries that were made using TCP towards the Unbound server. Number of queries that the Unbound server made using TCP outgoing towards other servers. .TP +.I num.query.udpout +Number of queries that the Unbound server made using UDP outgoing towards +other servers. +.TP .I num.query.tls Number of queries that were made using TLS towards the Unbound server. These are also counted in num.query.tcp, because TLS uses TCP. diff --git a/contrib/unbound/doc/unbound-host.1.in b/contrib/unbound/doc/unbound-host.1.in index a30d1dfd216..fb73e625df4 100644 --- a/contrib/unbound/doc/unbound-host.1.in +++ b/contrib/unbound/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound\-host" "1" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/contrib/unbound/doc/unbound.8.in b/contrib/unbound/doc/unbound.8.in index e3492724c95..bc768c6a151 100644 --- a/contrib/unbound/doc/unbound.8.in +++ b/contrib/unbound/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.16.0. +\- Unbound DNS validating resolver 1.16.1. .SH "SYNOPSIS" .B unbound .RB [ \-h ] @@ -75,7 +75,7 @@ concurrently. .TP .B \-v Increase verbosity. If given multiple times, more information is logged. -This is in addition to the verbosity (if any) from the config file. +This is added to the verbosity (if any) from the config file. .TP .B \-V Show the version number and build options, and exit. diff --git a/contrib/unbound/doc/unbound.conf.5.in b/contrib/unbound/doc/unbound.conf.5.in index 3c891aa59e2..1157a2d1975 100644 --- a/contrib/unbound/doc/unbound.conf.5.in +++ b/contrib/unbound/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0" +.TH "unbound.conf" "5" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -2067,8 +2067,8 @@ With allow\-notify you can specify additional sources of notifies. When notified, the server attempts to first probe and then zone transfer. If the notify is from a primary, it first attempts that primary. Otherwise other primaries are attempted. If there are no primaries, but only urls, the -file is downloaded when notified. The primaries from primary: statements are -allowed notify by default. +file is downloaded when notified. The primaries from primary: and url: +statements are allowed notify by default. .TP .B fallback\-enabled: \fI Default no. If enabled, Unbound falls back to querying the internet as @@ -2682,8 +2682,8 @@ With allow\-notify you can specify additional sources of notifies. When notified, the server attempts to first probe and then zone transfer. If the notify is from a primary, it first attempts that primary. Otherwise other primaries are attempted. If there are no primaries, but only urls, the -file is downloaded when notified. The primaries from primary: statements are -allowed notify by default. +file is downloaded when notified. The primaries from primary: and url: +statements are allowed notify by default. .TP .B zonefile: \fI The filename where the zone is stored. If not given then no zonefile is used. diff --git a/contrib/unbound/edns-subnet/subnetmod.c b/contrib/unbound/edns-subnet/subnetmod.c index 25190b040d4..75446113b74 100644 --- a/contrib/unbound/edns-subnet/subnetmod.c +++ b/contrib/unbound/edns-subnet/subnetmod.c @@ -93,13 +93,14 @@ subnet_new_qstate(struct module_qstate *qstate, int id) qstate->minfo[id] = sq; memset(sq, 0, sizeof(*sq)); sq->started_no_cache_store = qstate->no_cache_store; + sq->started_no_cache_lookup = qstate->no_cache_lookup; return 1; } /** Add ecs struct to edns list, after parsing it to wire format. */ void subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list, - struct module_qstate *qstate) + struct module_qstate *qstate, struct regional *region) { size_t sn_octs, sn_octs_remainder; sldns_buffer* buf = qstate->env->scratch_buffer; @@ -131,7 +132,7 @@ subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list, edns_opt_list_append(list, qstate->env->cfg->client_subnet_opcode, sn_octs + sn_octs_remainder + 4, - sldns_buffer_begin(buf), qstate->region); + sldns_buffer_begin(buf), region); } } @@ -139,7 +140,7 @@ int ecs_whitelist_check(struct query_info* qinfo, uint16_t ATTR_UNUSED(flags), struct module_qstate* qstate, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), - struct regional* ATTR_UNUSED(region), int id, void* ATTR_UNUSED(cbargs)) + struct regional *region, int id, void* ATTR_UNUSED(cbargs)) { struct subnet_qstate *sq; struct subnet_env *sn_env; @@ -165,7 +166,7 @@ int ecs_whitelist_check(struct query_info* qinfo, if(!edns_opt_list_find(qstate->edns_opts_back_out, qstate->env->cfg->client_subnet_opcode)) { subnet_ecs_opt_list_append(&sq->ecs_server_out, - &qstate->edns_opts_back_out, qstate); + &qstate->edns_opts_back_out, qstate, region); } sq->subnet_sent = 1; } @@ -331,9 +332,11 @@ update_cache(struct module_qstate *qstate, int id) struct ecs_data *edns = &sq->ecs_client_in; size_t i; - /* We already calculated hash upon lookup */ - hashvalue_type h = qstate->minfo[id] ? - ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash : + /* We already calculated hash upon lookup (lookup_and_reply) if we were + * allowed to look in the ECS cache */ + hashvalue_type h = qstate->minfo[id] && + ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash_calculated? + ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash : query_info_hash(&qstate->qinfo, qstate->query_flags); /* Step 1, general qinfo lookup */ struct lruhash_entry *lru_entry = slabhash_lookup(subnet_msg_cache, h, @@ -416,7 +419,10 @@ lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq) memset(&sq->ecs_client_out, 0, sizeof(sq->ecs_client_out)); - if (sq) sq->qinfo_hash = h; /* Might be useful on cache miss */ + if (sq) { + sq->qinfo_hash = h; /* Might be useful on cache miss */ + sq->qinfo_hash_calculated = 1; + } e = slabhash_lookup(sne->subnet_msg_cache, h, &qstate->qinfo, 1); if (!e) return 0; /* qinfo not in cache */ data = e->data; @@ -758,18 +764,21 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, return; } - lock_rw_wrlock(&sne->biglock); - if (lookup_and_reply(qstate, id, sq)) { - sne->num_msg_cache++; - lock_rw_unlock(&sne->biglock); - verbose(VERB_QUERY, "subnetcache: answered from cache"); - qstate->ext_state[id] = module_finished; + if(!sq->started_no_cache_lookup && !qstate->blacklist) { + lock_rw_wrlock(&sne->biglock); + if(lookup_and_reply(qstate, id, sq)) { + sne->num_msg_cache++; + lock_rw_unlock(&sne->biglock); + verbose(VERB_QUERY, "subnetcache: answered from cache"); + qstate->ext_state[id] = module_finished; - subnet_ecs_opt_list_append(&sq->ecs_client_out, - &qstate->edns_opts_front_out, qstate); - return; + subnet_ecs_opt_list_append(&sq->ecs_client_out, + &qstate->edns_opts_front_out, qstate, + qstate->region); + return; + } + lock_rw_unlock(&sne->biglock); } - lock_rw_unlock(&sne->biglock); sq->ecs_server_out.subnet_addr_fam = sq->ecs_client_in.subnet_addr_fam; @@ -812,9 +821,11 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, if(qstate->ext_state[id] == module_finished && qstate->return_msg) { subnet_ecs_opt_list_append(&sq->ecs_client_out, - &qstate->edns_opts_front_out, qstate); + &qstate->edns_opts_front_out, qstate, + qstate->region); } qstate->no_cache_store = sq->started_no_cache_store; + qstate->no_cache_lookup = sq->started_no_cache_lookup; return; } if(sq && outbound) { diff --git a/contrib/unbound/edns-subnet/subnetmod.h b/contrib/unbound/edns-subnet/subnetmod.h index c877692b46b..f0bcaad33e1 100644 --- a/contrib/unbound/edns-subnet/subnetmod.h +++ b/contrib/unbound/edns-subnet/subnetmod.h @@ -76,6 +76,7 @@ struct subnet_msg_cache_data { struct subnet_qstate { /** We need the hash for both cache lookup and insert */ hashvalue_type qinfo_hash; + int qinfo_hash_calculated; /** ecs_data for client communication */ struct ecs_data ecs_client_in; struct ecs_data ecs_client_out; @@ -92,6 +93,8 @@ struct subnet_qstate { uint8_t max_scope; /** has the subnet module been started with no_cache_store? */ int started_no_cache_store; + /** has the subnet module been started with no_cache_lookup? */ + int started_no_cache_lookup; }; void subnet_data_delete(void* d, void* ATTR_UNUSED(arg)); @@ -145,7 +148,7 @@ void subnet_markdel(void* key); /** Add ecs struct to edns list, after parsing it to wire format. */ void subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list, - struct module_qstate *qstate); + struct module_qstate *qstate, struct regional *region); /** Create ecs_data from the sockaddr_storage information. */ void subnet_option_from_ss(struct sockaddr_storage *ss, struct ecs_data* ecs, diff --git a/contrib/unbound/iterator/iter_delegpt.c b/contrib/unbound/iterator/iter_delegpt.c index 80148e81089..4bffa1b3a7d 100644 --- a/contrib/unbound/iterator/iter_delegpt.c +++ b/contrib/unbound/iterator/iter_delegpt.c @@ -185,6 +185,10 @@ delegpt_add_target(struct delegpt* dp, struct regional* region, else ns->got4 = 1; if(ns->got4 && ns->got6) ns->resolved = 1; + } else { + if(addr_is_ip6(addr, addrlen)) + ns->done_pside6 = 1; + else ns->done_pside4 = 1; } log_assert(ns->port>0); return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame, @@ -338,13 +342,16 @@ delegpt_count_targets(struct delegpt* dp) } size_t -delegpt_count_missing_targets(struct delegpt* dp) +delegpt_count_missing_targets(struct delegpt* dp, int* alllame) { struct delegpt_ns* ns; - size_t n = 0; - for(ns = dp->nslist; ns; ns = ns->next) - if(!ns->resolved) - n++; + size_t n = 0, nlame = 0; + for(ns = dp->nslist; ns; ns = ns->next) { + if(ns->resolved) continue; + n++; + if(ns->lame) nlame++; + } + if(alllame && n == nlame) *alllame = 1; return n; } @@ -694,6 +701,10 @@ int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, else ns->got4 = 1; if(ns->got4 && ns->got6) ns->resolved = 1; + } else { + if(addr_is_ip6(addr, addrlen)) + ns->done_pside6 = 1; + else ns->done_pside4 = 1; } log_assert(ns->port>0); return delegpt_add_addr_mlc(dp, addr, addrlen, bogus, lame, diff --git a/contrib/unbound/iterator/iter_delegpt.h b/contrib/unbound/iterator/iter_delegpt.h index 998b98cd803..62c8edc5122 100644 --- a/contrib/unbound/iterator/iter_delegpt.h +++ b/contrib/unbound/iterator/iter_delegpt.h @@ -330,9 +330,10 @@ void delegpt_add_unused_targets(struct delegpt* dp); /** * Count number of missing targets. These are ns names with no resolved flag. * @param dp: delegation point. + * @param alllame: if set, check if all the missing targets are lame. * @return number of missing targets (or 0). */ -size_t delegpt_count_missing_targets(struct delegpt* dp); +size_t delegpt_count_missing_targets(struct delegpt* dp, int* alllame); /** count total number of targets in dp */ size_t delegpt_count_targets(struct delegpt* dp); diff --git a/contrib/unbound/iterator/iter_utils.c b/contrib/unbound/iterator/iter_utils.c index f3bea46d6c9..6d159157a99 100644 --- a/contrib/unbound/iterator/iter_utils.c +++ b/contrib/unbound/iterator/iter_utils.c @@ -367,6 +367,7 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env, struct sock_list* blacklist, time_t prefetch) { int got_num = 0, low_rtt = 0, swap_to_front, rtt_band = RTT_BAND, nth; + int alllame = 0; size_t num_results; struct delegpt_addr* a, *n, *prev=NULL; @@ -376,7 +377,10 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env, if(got_num == 0) return 0; if(low_rtt >= USEFUL_SERVER_TOP_TIMEOUT && - (delegpt_count_missing_targets(dp) > 0 || open_target > 0)) { + /* If all missing (or not fully resolved) targets are lame, + * then use the remaining lame address. */ + ((delegpt_count_missing_targets(dp, &alllame) > 0 && !alllame) || + open_target > 0)) { verbose(VERB_ALGO, "Bad choices, trying to get more choice"); return 0; /* we want more choice. The best choice is a bad one. return 0 to force the caller to fetch more */ diff --git a/contrib/unbound/iterator/iterator.c b/contrib/unbound/iterator/iterator.c index 3cfb286f449..727631d6cf8 100644 --- a/contrib/unbound/iterator/iterator.c +++ b/contrib/unbound/iterator/iterator.c @@ -253,8 +253,9 @@ error_supers(struct module_qstate* qstate, int id, struct module_qstate* super) delegpt_mark_neg(dpns, qstate->qinfo.qtype); dpns->resolved = 1; /* mark as failed */ if((dpns->got4 == 2 || !ie->supports_ipv4) && - (dpns->got6 == 2 || !ie->supports_ipv6)) + (dpns->got6 == 2 || !ie->supports_ipv6)) { target_count_increase_nx(super_iq, 1); + } } if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS) { /* prime failed to get delegation */ @@ -678,15 +679,20 @@ is_caps_whitelisted(struct iter_env* ie, struct iter_qstate* iq) iq->qchase.qclass) != NULL; } -/** create target count structure for this query */ +/** + * Create target count structure for this query. This is always explicitly + * created for the parent query. + */ static void target_count_create(struct iter_qstate* iq) { if(!iq->target_count) { - iq->target_count = (int*)calloc(3, sizeof(int)); + iq->target_count = (int*)calloc(TARGET_COUNT_MAX, sizeof(int)); /* if calloc fails we simply do not track this number */ - if(iq->target_count) - iq->target_count[0] = 1; + if(iq->target_count) { + iq->target_count[TARGET_COUNT_REF] = 1; + iq->nxns_dp = (uint8_t**)calloc(1, sizeof(uint8_t*)); + } } } @@ -695,7 +701,7 @@ target_count_increase(struct iter_qstate* iq, int num) { target_count_create(iq); if(iq->target_count) - iq->target_count[1] += num; + iq->target_count[TARGET_COUNT_QUERIES] += num; iq->dp_target_count++; } @@ -704,7 +710,7 @@ target_count_increase_nx(struct iter_qstate* iq, int num) { target_count_create(iq); if(iq->target_count) - iq->target_count[2] += num; + iq->target_count[TARGET_COUNT_NX] += num; } /** @@ -799,8 +805,10 @@ generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype, subiq->num_target_queries = 0; target_count_create(iq); subiq->target_count = iq->target_count; - if(iq->target_count) - iq->target_count[0] ++; /* extra reference */ + if(iq->target_count) { + iq->target_count[TARGET_COUNT_REF] ++; /* extra reference */ + subiq->nxns_dp = iq->nxns_dp; + } subiq->dp_target_count = 0; subiq->num_current_queries = 0; subiq->depth = iq->depth+1; @@ -1832,7 +1840,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, int toget = 0; iter_mark_cycle_targets(qstate, iq->dp); - missing = (int)delegpt_count_missing_targets(iq->dp); + missing = (int)delegpt_count_missing_targets(iq->dp, NULL); log_assert(maxtargets != 0); /* that would not be useful */ /* Generate target requests. Basically, any missing targets @@ -1851,11 +1859,12 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, if(iq->depth == ie->max_dependency_depth) return 0; if(iq->depth > 0 && iq->target_count && - iq->target_count[1] > MAX_TARGET_COUNT) { + iq->target_count[TARGET_COUNT_QUERIES] > MAX_TARGET_COUNT) { char s[LDNS_MAX_DOMAINLEN+1]; dname_str(qstate->qinfo.qname, s); verbose(VERB_QUERY, "request %s has exceeded the maximum " - "number of glue fetches %d", s, iq->target_count[1]); + "number of glue fetches %d", s, + iq->target_count[TARGET_COUNT_QUERIES]); return 0; } if(iq->dp_target_count > MAX_DP_TARGET_COUNT) { @@ -1883,7 +1892,9 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, continue; } - if(ie->supports_ipv6 && !ns->got6) { + if(ie->supports_ipv6 && + ((ns->lame && !ns->done_pside6) || + (!ns->lame && !ns->got6))) { /* Send the AAAA request. */ if(!generate_target_query(qstate, iq, id, ns->name, ns->namelen, @@ -1896,7 +1907,9 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, query_count++; } /* Send the A request. */ - if(ie->supports_ipv4 && !ns->got4) { + if(ie->supports_ipv4 && + ((ns->lame && !ns->done_pside4) || + (!ns->lame && !ns->got4))) { if(!generate_target_query(qstate, iq, id, ns->name, ns->namelen, LDNS_RR_TYPE_A, iq->qchase.qclass)) { @@ -2006,7 +2019,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, return next_state(iq, QUERYTARGETS_STATE); } /* query for an extra name added by the parent-NS record */ - if(delegpt_count_missing_targets(iq->dp) > 0) { + if(delegpt_count_missing_targets(iq->dp, NULL) > 0) { int qs = 0; verbose(VERB_ALGO, "try parent-side target name"); if(!query_for_targets(qstate, iq, ie, id, 1, &qs)) { @@ -2027,11 +2040,12 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } if(iq->depth > 0 && iq->target_count && - iq->target_count[1] > MAX_TARGET_COUNT) { + iq->target_count[TARGET_COUNT_QUERIES] > MAX_TARGET_COUNT) { char s[LDNS_MAX_DOMAINLEN+1]; dname_str(qstate->qinfo.qname, s); verbose(VERB_QUERY, "request %s has exceeded the maximum " - "number of glue fetches %d", s, iq->target_count[1]); + "number of glue fetches %d", s, + iq->target_count[TARGET_COUNT_QUERIES]); errinf(qstate, "exceeded the maximum number of glue fetches"); return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } @@ -2158,6 +2172,32 @@ processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id) return 0; } + +/** + * Check if we wait responses for sent queries and update the iterator's + * external state. + */ +static void +check_waiting_queries(struct iter_qstate* iq, struct module_qstate* qstate, + int id) +{ + if(iq->num_target_queries>0 && iq->num_current_queries>0) { + verbose(VERB_ALGO, "waiting for %d targets to " + "resolve or %d outstanding queries to " + "respond", iq->num_target_queries, + iq->num_current_queries); + qstate->ext_state[id] = module_wait_reply; + } else if(iq->num_target_queries>0) { + verbose(VERB_ALGO, "waiting for %d targets to " + "resolve", iq->num_target_queries); + qstate->ext_state[id] = module_wait_subquery; + } else { + verbose(VERB_ALGO, "waiting for %d " + "outstanding queries to respond", + iq->num_current_queries); + qstate->ext_state[id] = module_wait_reply; + } +} /** * This is the request event state where the request will be sent to one of @@ -2211,12 +2251,91 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, errinf(qstate, "exceeded the maximum number of sends"); return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } - if(iq->target_count && iq->target_count[2] > MAX_TARGET_NX) { - verbose(VERB_QUERY, "request has exceeded the maximum " - " number of nxdomain nameserver lookups with %d", - iq->target_count[2]); - errinf(qstate, "exceeded the maximum nameserver nxdomains"); - return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + + /* Check if we reached MAX_TARGET_NX limit without a fallback activation. */ + if(iq->target_count && !*iq->nxns_dp && + iq->target_count[TARGET_COUNT_NX] > MAX_TARGET_NX) { + struct delegpt_ns* ns; + /* If we can wait for resolution, do so. */ + if(iq->num_target_queries>0 || iq->num_current_queries>0) { + check_waiting_queries(iq, qstate, id); + return 0; + } + verbose(VERB_ALGO, "request has exceeded the maximum " + "number of nxdomain nameserver lookups (%d) with %d", + MAX_TARGET_NX, iq->target_count[TARGET_COUNT_NX]); + /* Check for dp because we require one below */ + if(!iq->dp) { + verbose(VERB_QUERY, "Failed to get a delegation, " + "giving up"); + errinf(qstate, "failed to get a delegation (eg. prime " + "failure)"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + /* We reached the limit but we already have parent side + * information; stop resolution */ + if(iq->dp->has_parent_side_NS) { + verbose(VERB_ALGO, "parent-side information is " + "already present for the delegation point, no " + "fallback possible"); + errinf(qstate, "exceeded the maximum nameserver nxdomains"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + verbose(VERB_ALGO, "initiating parent-side fallback for " + "nxdomain nameserver lookups"); + /* Mark all the current NSes as resolved to allow for parent + * fallback */ + for(ns=iq->dp->nslist; ns; ns=ns->next) { + ns->resolved = 1; + } + /* Note the delegation point that triggered the NXNS fallback; + * no reason for shared queries to keep trying there. + * This also marks the fallback activation. */ + *iq->nxns_dp = malloc(iq->dp->namelen); + if(!*iq->nxns_dp) { + verbose(VERB_ALGO, "out of memory while initiating " + "fallback"); + errinf(qstate, "exceeded the maximum nameserver " + "nxdomains (malloc)"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + memcpy(*iq->nxns_dp, iq->dp->name, iq->dp->namelen); + } else if(iq->target_count && *iq->nxns_dp) { + /* Handle the NXNS fallback case. */ + /* If we can wait for resolution, do so. */ + if(iq->num_target_queries>0 || iq->num_current_queries>0) { + check_waiting_queries(iq, qstate, id); + return 0; + } + /* Check for dp because we require one below */ + if(!iq->dp) { + verbose(VERB_QUERY, "Failed to get a delegation, " + "giving up"); + errinf(qstate, "failed to get a delegation (eg. prime " + "failure)"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + + if(iq->target_count[TARGET_COUNT_NX] > MAX_TARGET_NX_FALLBACK) { + verbose(VERB_ALGO, "request has exceeded the maximum " + "number of fallback nxdomain nameserver " + "lookups (%d) with %d", MAX_TARGET_NX_FALLBACK, + iq->target_count[TARGET_COUNT_NX]); + errinf(qstate, "exceeded the maximum nameserver nxdomains"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + + if(!iq->dp->has_parent_side_NS) { + struct delegpt_ns* ns; + if(!dname_canonical_compare(*iq->nxns_dp, iq->dp->name)) { + verbose(VERB_ALGO, "this delegation point " + "initiated the fallback, marking the " + "nslist as resolved"); + for(ns=iq->dp->nslist; ns; ns=ns->next) { + ns->resolved = 1; + } + } + } } /* Make sure we have a delegation point, otherwise priming failed @@ -2434,7 +2553,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, * that servfail is cached, which is not good as opportunism goes. */ if(iq->depth < ie->max_dependency_depth && iq->num_target_queries == 0 - && (!iq->target_count || iq->target_count[2]==0) + && (!iq->target_count || iq->target_count[TARGET_COUNT_NX]==0) && iq->sent_count < TARGET_FETCH_STOP) { tf_policy = ie->target_fetch_policy[iq->depth]; } @@ -2523,9 +2642,9 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, } /* Select the next usable target, filtering out unsuitable targets. */ - target = iter_server_selection(ie, qstate->env, iq->dp, + target = iter_server_selection(ie, qstate->env, iq->dp, iq->dp->name, iq->dp->namelen, iq->qchase.qtype, - &iq->dnssec_lame_query, &iq->chase_to_rd, + &iq->dnssec_lame_query, &iq->chase_to_rd, iq->num_target_queries, qstate->blacklist, qstate->prefetch_leeway); @@ -2544,7 +2663,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, /* If there is nothing to wait for, then we need * to distinguish between generating (a) new target * query, or failing. */ - if(delegpt_count_missing_targets(iq->dp) > 0) { + if(delegpt_count_missing_targets(iq->dp, NULL) > 0) { int qs = 0; verbose(VERB_ALGO, "querying for next " "missing target"); @@ -2556,7 +2675,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, LDNS_RCODE_SERVFAIL); } if(qs == 0 && - delegpt_count_missing_targets(iq->dp) == 0){ + delegpt_count_missing_targets(iq->dp, NULL) == 0){ /* it looked like there were missing * targets, but they did not turn up. * Try the bad choices again (if any), @@ -2595,23 +2714,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, /* otherwise, we have no current targets, so submerge * until one of the target or direct queries return. */ - if(iq->num_target_queries>0 && iq->num_current_queries>0) { - verbose(VERB_ALGO, "no current targets -- waiting " - "for %d targets to resolve or %d outstanding" - " queries to respond", iq->num_target_queries, - iq->num_current_queries); - qstate->ext_state[id] = module_wait_reply; - } else if(iq->num_target_queries>0) { - verbose(VERB_ALGO, "no current targets -- waiting " - "for %d targets to resolve.", - iq->num_target_queries); - qstate->ext_state[id] = module_wait_subquery; - } else { - verbose(VERB_ALGO, "no current targets -- waiting " - "for %d outstanding queries to respond.", - iq->num_current_queries); - qstate->ext_state[id] = module_wait_reply; - } + verbose(VERB_ALGO, "no current targets"); + check_waiting_queries(iq, qstate, id); /* undo qname minimise step because we'll get back here * to do it again */ if(qout_orig && iq->minimise_count > 0) { @@ -3383,8 +3487,11 @@ processTargetResponse(struct module_qstate* qstate, int id, delegpt_mark_neg(dpns, qstate->qinfo.qtype); dpns->resolved = 1; /* fail the target */ if((dpns->got4 == 2 || !ie->supports_ipv4) && - (dpns->got6 == 2 || !ie->supports_ipv6)) + (dpns->got6 == 2 || !ie->supports_ipv6) && + /* do not count cached answers */ + (qstate->reply_origin && qstate->reply_origin->len != 0)) { target_count_increase_nx(foriq, 1); + } } } @@ -4002,8 +4109,11 @@ iter_clear(struct module_qstate* qstate, int id) iq = (struct iter_qstate*)qstate->minfo[id]; if(iq) { outbound_list_clear(&iq->outlist); - if(iq->target_count && --iq->target_count[0] == 0) + if(iq->target_count && --iq->target_count[TARGET_COUNT_REF] == 0) { free(iq->target_count); + if(*iq->nxns_dp) free(*iq->nxns_dp); + free(iq->nxns_dp); + } iq->num_current_queries = 0; } qstate->minfo[id] = NULL; diff --git a/contrib/unbound/iterator/iterator.h b/contrib/unbound/iterator/iterator.h index 8b840528d9d..62f4768ea01 100644 --- a/contrib/unbound/iterator/iterator.h +++ b/contrib/unbound/iterator/iterator.h @@ -60,6 +60,9 @@ struct rbtree_type; /** max number of nxdomains allowed for target lookups for a query and * its subqueries */ #define MAX_TARGET_NX 5 +/** max number of nxdomains allowed for target lookups for a query and + * its subqueries when fallback has kicked in */ +#define MAX_TARGET_NX_FALLBACK (MAX_TARGET_NX*2) /** max number of query restarts. Determines max number of CNAME chain. */ #define MAX_RESTART_COUNT 11 /** max number of referrals. Makes sure resolver does not run away */ @@ -217,6 +220,21 @@ enum iter_state { FINISHED_STATE }; +/** + * Shared counters for queries. + */ +enum target_count_variables { + /** Reference count for the shared iter_qstate->target_count. */ + TARGET_COUNT_REF = 0, + /** Number of target queries spawned for the query and subqueries. */ + TARGET_COUNT_QUERIES, + /** Number of nxdomain responses encountered. */ + TARGET_COUNT_NX, + + /** This should stay last here, it is used for the allocation */ + TARGET_COUNT_MAX, +}; + /** * Per query state for the iterator module. */ @@ -310,15 +328,20 @@ struct iter_qstate { /** number of queries fired off */ int sent_count; - /** number of target queries spawned in [1], for this query and its - * subqueries, the malloced-array is shared, [0] refcount. - * in [2] the number of nxdomains is counted. */ + /** malloced-array shared with this query and its subqueries. It keeps + * track of the defined enum target_count_variables counters. */ int* target_count; /** number of target lookups per delegation point. Reset to 0 after * receiving referral answer. Not shared with subqueries. */ int dp_target_count; + /** Delegation point that triggered the NXNS fallback; shared with + * this query and its subqueries, count-referenced by the reference + * counter in target_count. + * This also marks the fallback activation. */ + uint8_t** nxns_dp; + /** if true, already tested for ratelimiting and passed the test */ int ratelimit_ok; diff --git a/contrib/unbound/libunbound/unbound.h b/contrib/unbound/libunbound/unbound.h index ee855875906..c779d183e38 100644 --- a/contrib/unbound/libunbound/unbound.h +++ b/contrib/unbound/libunbound/unbound.h @@ -725,6 +725,8 @@ struct ub_server_stats { long long qtcp; /** number of outgoing queries over TCP */ long long qtcp_outgoing; + /** number of outgoing queries over UDP */ + long long qudp_outgoing; /** number of queries over (DNS over) TLS */ long long qtls; /** number of queries over (DNS over) HTTPS */ diff --git a/contrib/unbound/services/authzone.c b/contrib/unbound/services/authzone.c index 6c580090e47..fee90d5697a 100644 --- a/contrib/unbound/services/authzone.c +++ b/contrib/unbound/services/authzone.c @@ -3967,7 +3967,7 @@ probe_copy_masters_for_allow_notify(struct auth_xfer* xfr) struct auth_master* list = NULL, *last = NULL; struct auth_master* p; /* build up new list with copies */ - for(p = xfr->task_probe->masters; p; p=p->next) { + for(p = xfr->task_transfer->masters; p; p=p->next) { struct auth_master* m = auth_master_copy(p); if(!m) { auth_free_masters(list); @@ -5512,6 +5512,8 @@ xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env) addr_to_str(&addr, addrlen, as, sizeof(as)); verbose(VERB_ALGO, "auth zone %s transfer next HTTP fetch from %s started", zname, as); } + /* Create or refresh the list of allow_notify addrs */ + probe_copy_masters_for_allow_notify(xfr); return 1; } diff --git a/contrib/unbound/services/mesh.c b/contrib/unbound/services/mesh.c index fbaa966bdd0..c40eb50dc55 100644 --- a/contrib/unbound/services/mesh.c +++ b/contrib/unbound/services/mesh.c @@ -811,7 +811,8 @@ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, log_err("prefetch_subnet subnet_option_from_ss: invalid data"); return; } - subnet_ecs_opt_list_append(&ecs, &s->s.edns_opts_front_in, &s->s); + subnet_ecs_opt_list_append(&ecs, &s->s.edns_opts_front_in, + &s->s, s->s.region); if(!s->s.edns_opts_front_in) { log_err("prefetch_subnet subnet_ecs_opt_list_append: out of memory"); return; diff --git a/contrib/unbound/services/outside_network.c b/contrib/unbound/services/outside_network.c index ec37a4a80d7..3f479a3a36f 100644 --- a/contrib/unbound/services/outside_network.c +++ b/contrib/unbound/services/outside_network.c @@ -271,7 +271,7 @@ outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int s; int af; char* err; -#ifdef SO_REUSEADDR +#if defined(SO_REUSEADDR) || defined(IP_BIND_ADDRESS_NO_PORT) int on = 1; #endif #ifdef INET6 @@ -317,7 +317,13 @@ outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, " setsockopt(TCP_MAXSEG) unsupported"); #endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */ } - +#ifdef IP_BIND_ADDRESS_NO_PORT + if(setsockopt(s, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, (void*)&on, + (socklen_t)sizeof(on)) < 0) { + verbose(VERB_ALGO, "outgoing tcp:" + " setsockopt(.. IP_BIND_ADDRESS_NO_PORT ..) failed"); + } +#endif /* IP_BIND_ADDRESS_NO_PORT */ return s; } @@ -1608,6 +1614,7 @@ outside_network_create(struct comm_base *base, size_t bufsize, outnet->tcp_reuse_timeout= tcp_reuse_timeout; outnet->tcp_auth_query_timeout = tcp_auth_query_timeout; outnet->num_tcp_outgoing = 0; + outnet->num_udp_outgoing = 0; outnet->infra = infra; outnet->rnd = rnd; outnet->sslctx = sslctx; @@ -2142,6 +2149,7 @@ randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout) portcomm_loweruse(outnet, pend->pc); return 0; } + outnet->num_udp_outgoing++; /* system calls to set timeout after sending UDP to make roundtrip smaller. */ diff --git a/contrib/unbound/services/outside_network.h b/contrib/unbound/services/outside_network.h index 4c5b96f8342..c383b8f09e2 100644 --- a/contrib/unbound/services/outside_network.h +++ b/contrib/unbound/services/outside_network.h @@ -113,6 +113,8 @@ struct outside_network { /** if we perform udp-connect, connect() for UDP socket to mitigate * ICMP side channel leakage */ int udp_connect; + /** number of udp packets sent. */ + size_t num_udp_outgoing; /** array of outgoing IP4 interfaces */ struct port_if* ip4_ifs; diff --git a/contrib/unbound/sldns/parse.c b/contrib/unbound/sldns/parse.c index 491c8f51bf1..8ea084661db 100644 --- a/contrib/unbound/sldns/parse.c +++ b/contrib/unbound/sldns/parse.c @@ -34,7 +34,7 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l { int c, prev_c; int p; /* 0 -> no parentheses seen, >0 nr of ( seen */ - int com, quoted; + int com, quoted, only_blank; char *t; size_t i; const char *d; @@ -53,6 +53,7 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l com = 0; quoted = 0; prev_c = 0; + only_blank = 1; /* Assume we got only until now */ t = token; if (del[0] == '"') { quoted = 1; @@ -101,6 +102,22 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l if (line_nr) { *line_nr = *line_nr + 1; } + if (only_blank && i > 0) { + /* Got only so far. Reset and try + * again with the next line. + */ + i = 0; + t = token; + } + if (p == 0) { + /* If p != 0 then the next line is a continuation. So + * we assume that the next line starts with a blank only + * if it is actually a new line. + */ + only_blank = 1; /* Assume next line starts with + * . + */ + } if (p == 0 && i > 0) { goto tokenread; } else { @@ -131,12 +148,29 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l /* check if we hit the delim */ for (d = del; *d; d++) { - if (c == *d && i > 0 && prev_c != '\\' && p == 0) { - if (c == '\n' && line_nr) { - *line_nr = *line_nr + 1; - } - goto tokenread; + if (c == *d) + break; + } + + if (c == *d && i > 0 && prev_c != '\\' && p == 0) { + if (c == '\n' && line_nr) { + *line_nr = *line_nr + 1; } + if (only_blank) { + /* Got only so far. Reset and + * try again with the next line. + */ + i = 0; + t = token; + only_blank = 1; + prev_c = c; + continue; + } + goto tokenread; + } + if (c != ' ' && c != '\t') { + /* Found something that is not */ + only_blank= 0; } if (c != '\0' && c != '\n') { i++; @@ -149,8 +183,13 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l if (c != '\0' && c != '\n') { *t++ = c; } - if (c == '\n' && line_nr) { - *line_nr = *line_nr + 1; + if (c == '\n') { + if (line_nr) { + *line_nr = *line_nr + 1; + } + only_blank = 1; /* Assume next line starts with + * . + */ } if (c == '\\' && prev_c == '\\') prev_c = 0; diff --git a/contrib/unbound/smallapp/unbound-control.c b/contrib/unbound/smallapp/unbound-control.c index 6c5c7e8479a..bcb214ca3d4 100644 --- a/contrib/unbound/smallapp/unbound-control.c +++ b/contrib/unbound/smallapp/unbound-control.c @@ -354,6 +354,7 @@ static void print_extended(struct ub_stats_info* s) /* transport */ PR_UL("num.query.tcp", s->svr.qtcp); PR_UL("num.query.tcpout", s->svr.qtcp_outgoing); + PR_UL("num.query.udpout", s->svr.qudp_outgoing); PR_UL("num.query.tls", s->svr.qtls); PR_UL("num.query.tls_resume", s->svr.qtls_resume); PR_UL("num.query.ipv6", s->svr.qipv6); @@ -486,6 +487,7 @@ static void print_stats_shm(const char* cfgfile, int quiet) config_delete(cfg); #else (void)cfgfile; + (void)quiet; #endif /* HAVE_SHMGET */ } diff --git a/contrib/unbound/testcode/readzone.c b/contrib/unbound/testcode/readzone.c deleted file mode 100644 index 94511e5771f..00000000000 --- a/contrib/unbound/testcode/readzone.c +++ /dev/null @@ -1,158 +0,0 @@ -/* - * testcode/readzone.c - readzone tool reads zonefiles - * - * Copyright (c) 2021, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Command to read and echo a zonefile. - */ - -#include "config.h" -#include -#include -#include -#include -#include - -#include -#include "sldns/str2wire.h" -#include "sldns/wire2str.h" - -int print_usage(FILE *out, const char *progname) -{ - fprintf(out, "usage: %s [ -u ] []\n", progname); - fprintf(out, "\t-u\tprint in unknown type (RFC3597) format\n"); - return out == stdout ? EXIT_SUCCESS : EXIT_FAILURE; -} - -int main(int argc, char *const *argv) -{ - char *progname = argv[0]; - uint8_t rr[LDNS_RR_BUF_SIZE]; - char *str = malloc(1024 * 1024); - size_t str_len = sizeof(str); - struct sldns_file_parse_state state; - FILE *in = NULL; - int s = -1; - int opt; - int print_in_unknown_type_format = 0; - - while ((opt = getopt(argc, argv, "hu")) != -1) { - switch (opt) { - case 'h': - free(str); - return print_usage(stdout, progname); - case 'u': - print_in_unknown_type_format = 1; - break; - default: - free(str); - return print_usage(stderr, progname); - } - } - argc -= optind; - argv += optind; - - memset(&state, 0, sizeof(state)); - state.default_ttl = 3600; - state.lineno = 1; - if (argc == 2) { - state.origin_len = sizeof(state.origin); - s = sldns_str2wire_dname_buf(argv[1], state.origin - , &state.origin_len); - if (s) { - fprintf(stderr, "Error parsing origin: %s\n" - , sldns_get_errorstr_parse(s)); - free(str); - return EXIT_FAILURE; - } - s = -1; - } - if (!str) - fprintf(stderr, "Memory allocation error: %s\n" - , strerror(errno)); - - else if (argc != 1 && argc != 2) { - free(str); - return print_usage(stderr, progname); - } - - else if (!(in = fopen(argv[0], "r"))) - fprintf(stderr, "Error opening \"%s\": %s\n" - , argv[0], strerror(errno)); - else while (!feof(in)) { - size_t rr_len = sizeof(rr), dname_len = 0; - size_t written; - - s = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len, &state); - if (s) { - fprintf( stderr, "parse error %d:%d: %s\n" - , state.lineno, LDNS_WIREPARSE_OFFSET(s) - , sldns_get_errorstr_parse(s)); - break; - } - if (rr_len == 0) - continue; - - if (print_in_unknown_type_format) - written = sldns_wire2str_rr_unknown_buf( - rr, rr_len, str, str_len); - else - written = sldns_wire2str_rr_buf( - rr, rr_len, str, str_len); - - if (written > str_len) { - while (written > str_len) - str_len *= 2; - free(str); - if (!(str = malloc(str_len))) { - fprintf(stderr, "Memory allocation error: %s\n" - , strerror(errno)); - s = -1; - break; - } - if (print_in_unknown_type_format) - (void) sldns_wire2str_rr_unknown_buf( - rr, rr_len, str, str_len); - else - (void) sldns_wire2str_rr_buf( - rr, rr_len, str, str_len); - } - fprintf(stdout, "%s", str); - } - if (in) - fclose(in); - free(str); - return !in || s ? EXIT_FAILURE : EXIT_SUCCESS; -} diff --git a/contrib/unbound/testcode/unittcpreuse.c b/contrib/unbound/testcode/unittcpreuse.c deleted file mode 100644 index 087c6c1b9d5..00000000000 --- a/contrib/unbound/testcode/unittcpreuse.c +++ /dev/null @@ -1,236 +0,0 @@ -/* - * testcode/unittcpreuse.c - unit test for tcp_reuse. - * - * Copyright (c) 2021, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ -/** - * \file - * Tests the tcp_reuse functionality. - */ - -#include "config.h" -#include "testcode/unitmain.h" -#include "util/log.h" -#include "util/random.h" -#include "services/outside_network.h" - -/** add number of new IDs to the reuse tree, randomly chosen */ -static void tcpid_addmore(struct reuse_tcp* reuse, - struct outside_network* outnet, unsigned int addnum) -{ - unsigned int i; - struct waiting_tcp* w; - for(i=0; iid = id; - w->outnet = outnet; - w->next_waiting = (void*)reuse->pending; - reuse_tree_by_id_insert(reuse, w); - } -} - -/** fill up the reuse ID tree and test assertions */ -static void tcpid_fillup(struct reuse_tcp* reuse, - struct outside_network* outnet) -{ - int t, numtest=3; - for(t=0; ttree_by_id, reuse_id_cmp); - tcpid_addmore(reuse, outnet, 65535); - reuse_del_readwait(&reuse->tree_by_id); - } -} - -/** test TCP ID selection */ -static void tcpid_test(void) -{ - struct pending_tcp pend; - struct outside_network outnet; - unit_show_func("services/outside_network.c", "reuse_tcp_select_id"); - memset(&pend, 0, sizeof(pend)); - pend.reuse.pending = &pend; - memset(&outnet, 0, sizeof(outnet)); - outnet.rnd = ub_initstate(NULL); - rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp); - tcpid_fillup(&pend.reuse, &outnet); - ub_randfree(outnet.rnd); -} - -/** check that the tree has present number of nodes and the LRU is linked - * properly. */ -static void check_tree_and_list(struct outside_network* outnet, int present) -{ - int i; - struct reuse_tcp *reuse, *next_reuse; - unit_assert(present == (int)outnet->tcp_reuse.count); - if(present < 1) { - unit_assert(outnet->tcp_reuse_first == NULL); - unit_assert(outnet->tcp_reuse_last == NULL); - return; - } - unit_assert(outnet->tcp_reuse_first->item_on_lru_list); - unit_assert(!outnet->tcp_reuse_first->lru_prev); - reuse = outnet->tcp_reuse_first; - for(i=0; iitem_on_lru_list); - unit_assert(reuse->lru_next); - unit_assert(reuse->lru_next != reuse); - next_reuse = reuse->lru_next; - unit_assert(next_reuse->lru_prev == reuse); - reuse = next_reuse; - } - unit_assert(!reuse->lru_next); - unit_assert(outnet->tcp_reuse_last->item_on_lru_list); - unit_assert(outnet->tcp_reuse_last == reuse); -} - -/** creates pending_tcp. Copy of outside_network.c:create_pending_tcp without - * the comm_point creation */ -static int create_pending_tcp(struct outside_network* outnet) -{ - size_t i; - if(outnet->num_tcp == 0) - return 1; /* no tcp needed, nothing to do */ - if(!(outnet->tcp_conns = (struct pending_tcp **)calloc( - outnet->num_tcp, sizeof(struct pending_tcp*)))) - return 0; - for(i=0; inum_tcp; i++) { - if(!(outnet->tcp_conns[i] = (struct pending_tcp*)calloc(1, - sizeof(struct pending_tcp)))) - return 0; - outnet->tcp_conns[i]->next_free = outnet->tcp_free; - outnet->tcp_free = outnet->tcp_conns[i]; - } - return 1; -} - -/** empty the tcp_reuse tree and LRU list */ -static void empty_tree(struct outside_network* outnet) -{ - size_t i; - struct reuse_tcp* reuse; - reuse = outnet->tcp_reuse_first; - i = outnet->tcp_reuse.count; - while(reuse) { - reuse_tcp_remove_tree_list(outnet, reuse); - check_tree_and_list(outnet, --i); - reuse = outnet->tcp_reuse_first; - } -} - -/** check removal of the LRU element on the given position of total elements */ -static void check_removal(struct outside_network* outnet, int position, int total) -{ - int i; - struct reuse_tcp* reuse; - empty_tree(outnet); - for(i=0; itcp_conns[i]); - } - check_tree_and_list(outnet, total); - reuse = outnet->tcp_reuse_first; - for(i=0; ilru_next; - reuse_tcp_remove_tree_list(outnet, reuse); - check_tree_and_list(outnet, total-1); -} - -/** check snipping off the last element of the LRU with total elements */ -static void check_snip(struct outside_network* outnet, int total) -{ - int i; - struct reuse_tcp* reuse; - empty_tree(outnet); - for(i=0; itcp_conns[i]); - } - check_tree_and_list(outnet, total); - reuse = reuse_tcp_lru_snip(outnet); - while(reuse) { - reuse_tcp_remove_tree_list(outnet, reuse); - check_tree_and_list(outnet, --total); - reuse = reuse_tcp_lru_snip(outnet); - } - unit_assert(outnet->tcp_reuse_first == NULL); - unit_assert(outnet->tcp_reuse_last == NULL); - unit_assert(outnet->tcp_reuse.count == 0); -} - -/** test tcp_reuse tree and LRU list functions */ -static void tcp_reuse_tree_list_test(void) -{ - size_t i; - struct outside_network outnet; - struct reuse_tcp* reuse; - memset(&outnet, 0, sizeof(outnet)); - rbtree_init(&outnet.tcp_reuse, reuse_cmp); - outnet.num_tcp = 5; - outnet.tcp_reuse_max = outnet.num_tcp; - if(!create_pending_tcp(&outnet)) fatal_exit("out of memory"); - /* add all to the tree */ - unit_show_func("services/outside_network.c", "reuse_tcp_insert"); - for(i=0; ilru_next; reuse = reuse->lru_next); - reuse_tcp_lru_touch(&outnet, reuse); - check_tree_and_list(&outnet, outnet.num_tcp); - } - /* check removal */ - unit_show_func("services/outside_network.c", "reuse_tcp_remove_tree_list"); - check_removal(&outnet, 2, 5); - check_removal(&outnet, 1, 3); - check_removal(&outnet, 1, 2); - /* check snip */ - unit_show_func("services/outside_network.c", "reuse_tcp_lru_snip"); - check_snip(&outnet, 4); - - for(i=0; i -#include "util/log.h" -#include "testcode/unitmain.h" -#include "sldns/str2wire.h" -#include "services/authzone.h" -#include "util/data/dname.h" -#include "util/regional.h" -#include "validator/val_anchor.h" - -#define xstr(s) str(s) -#define str(s) #s -#define SRCDIRSTR xstr(SRCDIR) - -/** Add zone from file for testing */ -struct auth_zone* authtest_addzone(struct auth_zones* az, const char* name, - char* fname); - -/** zonemd unit test, generate a zonemd digest and check if correct */ -static void zonemd_generate_test(const char* zname, char* zfile, - int scheme, int hashalgo, const char* digest) -{ - uint8_t zonemd_hash[512]; - size_t hashlen = 0; - char output[1024+1]; - size_t i; - struct auth_zones* az; - struct auth_zone* z; - int result; - struct regional* region = NULL; - struct sldns_buffer* buf = NULL; - char* reason = NULL; - char* digestdup; - - if(!zonemd_hashalgo_supported(hashalgo)) - return; /* cannot test unsupported algo */ - - /* setup environment */ - az = auth_zones_create(); - unit_assert(az); - region = regional_create(); - unit_assert(region); - buf = sldns_buffer_new(65535); - unit_assert(buf); - - /* read file */ - z = authtest_addzone(az, zname, zfile); - unit_assert(z); - lock_rw_wrlock(&z->lock); - z->zonemd_check = 1; - lock_rw_unlock(&z->lock); - - /* create zonemd digest */ - result = auth_zone_generate_zonemd_hash(z, scheme, hashalgo, - zonemd_hash, sizeof(zonemd_hash), &hashlen, region, buf, - &reason); - if(reason) printf("zonemd failure reason: %s\n", reason); - unit_assert(result); - - /* check digest */ - unit_assert(hashlen*2+1 <= sizeof(output)); - for(i=0; i>4]; - output[i*2+1] = hexl[zonemd_hash[i]&0xf]; - } - output[hashlen*2] = 0; - digestdup = strdup(digest); - unit_assert(digestdup); - for(i=0; i= VERB_ALGO) { - char zname[255+1]; - dname_str(z->name, zname); - printf("zonemd generated for %s in %s with " - "scheme=%d hashalgo=%d\n", zname, z->zonefile, - scheme, hashalgo); - printf("digest %s\n", output); - printf("wanted %s\n", digestdup); - } - unit_assert(strcmp(output, digestdup) == 0); - - /* delete environment */ - free(digestdup); - auth_zones_delete(az); - regional_destroy(region); - sldns_buffer_free(buf); - - if(verbosity >= VERB_ALGO) { - printf("\n"); - } -} - -/** loop over files and test generated zonemd digest */ -static void zonemd_generate_tests(void) -{ - unit_show_func("services/authzone.c", "auth_zone_generate_zonemd_hash"); - zonemd_generate_test("example.org", SRCDIRSTR "/testdata/zonemd.example1.zone", - 1, 2, "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D481B7"); - - /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 - * from section A.1 */ - zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a1.zone", - 1, 1, "c68090d90a7aed716bc459f9340e3d7c1370d4d24b7e2fc3a1ddc0b9a87153b9a9713b3c9ae5cc27777f98b8e730044c"); - - /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 - * from section A.2 */ - zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a2.zone", - 1, 1, "31cefb03814f5062ad12fa951ba0ef5f8da6ae354a415767246f7dc932ceb1e742a2108f529db6a33a11c01493de358d"); - - /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 - * from section A.3 SHA384 digest */ - zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a3.zone", - 1, 1, "62e6cf51b02e54b9b5f967d547ce43136792901f9f88e637493daaf401c92c279dd10f0edb1c56f8080211f8480ee306"); - - /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 - * from section A.3 SHA512 digest*/ - zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a3.zone", - 1, 2, "08cfa1115c7b948c4163a901270395ea226a930cd2cbcf2fa9a5e6eb85f37c8a4e114d884e66f176eab121cb02db7d652e0cc4827e7a3204f166b47e5613fd27"); - - /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 - * from section A.4 */ - zonemd_generate_test("uri.arpa", SRCDIRSTR "/testdata/zonemd.example_a4.zone", - 1, 1, "1291b78ddf7669b1a39d014d87626b709b55774c5d7d58fadc556439889a10eaf6f11d615900a4f996bd46279514e473"); - - /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 - * from section A.5 */ - zonemd_generate_test("root-servers.net", SRCDIRSTR "/testdata/zonemd.example_a5.zone", - 1, 1, "f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a978a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79"); -} - -/** test the zonemd check routine */ -static void zonemd_check_test(void) -{ - const char* zname = "example.org"; - char* zfile = SRCDIRSTR "/testdata/zonemd.example1.zone"; - int scheme = 1; - int hashalgo = 2; - const char* digest = "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D481B7"; - const char* digestwrong = "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D48100"; - uint8_t hash[512], hashwrong[512]; - size_t hashlen = 0, hashwronglen = 0; - struct auth_zones* az; - struct auth_zone* z; - int result; - struct regional* region = NULL; - struct sldns_buffer* buf = NULL; - char* reason = NULL; - - if(!zonemd_hashalgo_supported(hashalgo)) - return; /* cannot test unsupported algo */ - unit_show_func("services/authzone.c", "auth_zone_generate_zonemd_check"); - - /* setup environment */ - az = auth_zones_create(); - unit_assert(az); - region = regional_create(); - unit_assert(region); - buf = sldns_buffer_new(65535); - unit_assert(buf); - - /* read file */ - z = authtest_addzone(az, zname, zfile); - unit_assert(z); - lock_rw_wrlock(&z->lock); - z->zonemd_check = 1; - lock_rw_unlock(&z->lock); - hashlen = sizeof(hash); - if(sldns_str2wire_hex_buf(digest, hash, &hashlen) != 0) { - unit_assert(0); /* parse failure */ - } - hashwronglen = sizeof(hashwrong); - if(sldns_str2wire_hex_buf(digestwrong, hashwrong, &hashwronglen) != 0) { - unit_assert(0); /* parse failure */ - } - - /* check return values of the check routine */ - result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, - hash, hashlen, region, buf, &reason); - unit_assert(result && reason == NULL); - result = auth_zone_generate_zonemd_check(z, 241, hashalgo, - hash, hashlen, region, buf, &reason); - unit_assert(result && strcmp(reason, "unsupported scheme")==0); - result = auth_zone_generate_zonemd_check(z, scheme, 242, - hash, hashlen, region, buf, &reason); - unit_assert(result && strcmp(reason, "unsupported algorithm")==0); - result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, - hash, 2, region, buf, &reason); - unit_assert(!result && strcmp(reason, "digest length too small, less than 12")==0); - result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, - hashwrong, hashwronglen, region, buf, &reason); - unit_assert(!result && strcmp(reason, "incorrect digest")==0); - result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, - hashwrong, hashwronglen-3, region, buf, &reason); - unit_assert(!result && strcmp(reason, "incorrect digest length")==0); - - /* delete environment */ - auth_zones_delete(az); - regional_destroy(region); - sldns_buffer_free(buf); - - if(verbosity >= VERB_ALGO) { - printf("\n"); - } -} - -/** zonemd test verify */ -static void zonemd_verify_test(char* zname, char* zfile, char* tastr, - char* date_override, char* result_wanted) -{ - time_t now = 0; - struct module_stack mods; - struct module_env env; - char* result = NULL; - struct auth_zone* z; - - /* setup test harness */ - memset(&mods, 0, sizeof(mods)); - memset(&env, 0, sizeof(env)); - env.scratch = regional_create(); - if(!env.scratch) - fatal_exit("out of memory"); - env.scratch_buffer = sldns_buffer_new(65553); - if(!env.scratch_buffer) - fatal_exit("out of memory"); - env.cfg = config_create(); - if(!env.cfg) - fatal_exit("out of memory"); - env.now = &now; - env.cfg->val_date_override = cfg_convert_timeval(date_override); - if(!env.cfg->val_date_override) - fatal_exit("could not parse datetime %s", date_override); - if(env.cfg->module_conf) - free(env.cfg->module_conf); - env.cfg->module_conf = strdup("validator iterator"); - if(!env.cfg->module_conf) - fatal_exit("out of memory"); - if(tastr) { - if(!cfg_strlist_insert(&env.cfg->trust_anchor_list, - strdup(tastr))) - fatal_exit("out of memory"); - } - env.anchors = anchors_create(); - if(!env.anchors) - fatal_exit("out of memory"); - env.auth_zones = auth_zones_create(); - if(!env.auth_zones) - fatal_exit("out of memory"); - modstack_init(&mods); - if(!modstack_setup(&mods, env.cfg->module_conf, &env)) - fatal_exit("could not modstack_setup"); - env.mesh = mesh_create(&mods, &env); - if(!env.mesh) - fatal_exit("out of memory"); - - /* load data */ - z = authtest_addzone(env.auth_zones, zname, zfile); - if(!z) - fatal_exit("could not addzone %s %s", zname, zfile); - - /* test */ - lock_rw_wrlock(&z->lock); - z->zonemd_check = 1; - auth_zone_verify_zonemd(z, &env, &mods, &result, 1, 0); - lock_rw_unlock(&z->lock); - if(verbosity >= VERB_ALGO) { - printf("auth zone %s: ZONEMD verification %s: %s\n", zname, - (strcmp(result, "ZONEMD verification successful")==0?"successful":"failed"), - result); - } - if(!result) - fatal_exit("out of memory"); - unit_assert(strcmp(result, result_wanted) == 0); - if(strcmp(result, "ZONEMD verification successful") == 0 || - strcmp(result, "DNSSEC verified nonexistence of ZONEMD") == 0 || - strcmp(result, "no ZONEMD present") == 0) { - lock_rw_rdlock(&z->lock); - unit_assert(!z->zone_expired); - lock_rw_unlock(&z->lock); - } else { - lock_rw_rdlock(&z->lock); - unit_assert(z->zone_expired); - lock_rw_unlock(&z->lock); - } - free(result); - - /* desetup test harness */ - mesh_delete(env.mesh); - modstack_desetup(&mods, &env); - auth_zones_delete(env.auth_zones); - anchors_delete(env.anchors); - config_delete(env.cfg); - regional_destroy(env.scratch); - sldns_buffer_free(env.scratch_buffer); - - if(verbosity >= VERB_ALGO) { - printf("\n"); - } -} - -/** zonemd test verify suite */ -static void zonemd_verify_tests(void) -{ - unit_show_func("services/authzone.c", "auth_zone_verify_zonemd"); - /* give trustanchor for unsigned zone, should fail */ - zonemd_verify_test("example.org", - SRCDIRSTR "/testdata/zonemd.example1.zone", - "example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20180302005009", - "verify DNSKEY RRset with trust anchor failed: have trust anchor, but zone has no DNSKEY"); - /* unsigned zone without ZONEMD in it */ - zonemd_verify_test("example.org", - SRCDIRSTR "/testdata/zonemd.example1.zone", - NULL, - "20180302005009", - "no ZONEMD present"); - /* no trust anchor, so it succeeds for zone with a correct ZONEMD */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example2.zone", - NULL, - "20180302005009", - "ZONEMD verification successful"); - /* trust anchor for another zone, so it is indeterminate */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example2.zone", - "example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20180302005009", - "ZONEMD verification successful"); - - /* load a DNSSEC signed zone, but no trust anchor */ - /* this zonefile has an incorrect ZONEMD digest, with correct - * DNSSEC signature. */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example3.zone", - NULL, - "20180302005009", - "incorrect digest"); - /* load a DNSSEC zone with NSEC3, but no trust anchor */ - /* this zonefile has an incorrect ZONEMD digest, with correct - * DNSSEC signature. */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example4.zone", - NULL, - "20180302005009", - "incorrect digest"); - /* valid zonemd, in dnssec signed zone, no trust anchor*/ - /* this zonefile has a correct ZONEMD digest and - * correct DNSSEC signature */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example5.zone", - NULL, - "20180302005009", - "ZONEMD verification successful"); - /* valid zonemd, in dnssec NSEC3 zone, no trust anchor*/ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example6.zone", - NULL, - "20180302005009", - "ZONEMD verification successful"); - - /* load a DNSSEC signed zone with a trust anchor, valid ZONEMD */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example5.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", - "ZONEMD verification successful"); - /* load a DNSSEC NSEC3 signed zone with a trust anchor, valid ZONEMD */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example6.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", - "ZONEMD verification successful"); - - /* load a DNSSEC NSEC zone without ZONEMD */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example7.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", - "DNSSEC verified nonexistence of ZONEMD"); - /* load a DNSSEC NSEC3 zone without ZONEMD */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example8.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", - "DNSSEC verified nonexistence of ZONEMD"); - - /* load DNSSEC zone but RRSIG on ZONEMD is wrong */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example9.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", -#ifdef HAVE_SSL - "DNSSEC verify failed for ZONEMD RRset: signature crypto failed" -#else /* HAVE_NETTLE */ - "DNSSEC verify failed for ZONEMD RRset: RSA signature verification failed" -#endif - ); - /* load DNSSEC zone but RRSIG on SOA is wrong */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example10.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", -#ifdef HAVE_SSL - "DNSSEC verify failed for SOA RRset: signature crypto failed" -#else /* HAVE_NETTLE */ - "DNSSEC verify failed for SOA RRset: RSA signature verification failed" -#endif - ); - - /* load DNSSEC zone without ZONEMD, but NSEC bitmap says it exists */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example11.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", - "DNSSEC NSEC bitmap says type ZONEMD exists"); - /* load DNSSEC zone without ZONEMD, but NSEC3 bitmap says it exists */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example12.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", - "DNSSEC NSEC3 bitmap says type ZONEMD exists"); - - /* load DNSSEC zone without ZONEMD, but RRSIG on NSEC not okay */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example13.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", -#ifdef HAVE_SSL - "DNSSEC verify failed for NSEC RRset: signature crypto failed" -#else /* HAVE_NETTLE */ - "DNSSEC verify failed for NSEC RRset: RSA signature verification failed" -#endif - ); - /* load DNSSEC zone without ZONEMD, but RRSIG on NSEC3 not okay */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example14.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", -#ifdef HAVE_SSL - "DNSSEC verify failed for NSEC3 RRset: signature crypto failed" -#else /* HAVE_NETTLE */ - "DNSSEC verify failed for NSEC3 RRset: RSA signature verification failed" -#endif - ); - - /* load DNSSEC zone, with ZONEMD, but DNSKEY RRSIG is not okay. */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example15.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", -#ifdef HAVE_SSL - "verify DNSKEY RRset with trust anchor failed: signature crypto failed" -#else /* HAVE_NETTLE */ - "verify DNSKEY RRset with trust anchor failed: RSA signature verification failed" -#endif - ); - /* load DNSSEC zone, but trust anchor mismatches DNSKEY */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example5.zone", - /* okay anchor is - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", */ - "example.com. IN DS 55566 8 2 0000000000111111222223333444444dfcf92595148022f2c2fd98e5deee90af", - "20201020135527", - "verify DNSKEY RRset with trust anchor failed: DS hash mismatches key"); - /* load DNSSEC zone, but trust anchor fails because the zone - * has expired signatures. We set the date for it */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example5.zone", - "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", - /* okay date: "20201020135527", */ - "20221020135527", - "verify DNSKEY RRset with trust anchor failed: signature expired"); - - /* duplicate zonemd with same scheme and algorithm */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example16.zone", - NULL, - "20180302005009", - "ZONEMD RRSet contains more than one RR with the same scheme and hash algorithm"); - /* different capitalisation of ns name and owner names, should - * be canonicalized. */ - zonemd_verify_test("example.com", - SRCDIRSTR "/testdata/zonemd.example17.zone", - NULL, - "20180302005009", - "ZONEMD verification successful"); -} - -/** zonemd unit tests */ -void zonemd_test(void) -{ - unit_show_feature("zonemd"); - zonemd_generate_tests(); - zonemd_check_test(); - zonemd_verify_tests(); -} diff --git a/contrib/unbound/testdata/auth_zonemd_anchor.rpl b/contrib/unbound/testdata/auth_zonemd_anchor.rpl deleted file mode 100644 index c443f7d43f1..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_anchor.rpl +++ /dev/null @@ -1,234 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with trust anchor - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl b/contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl deleted file mode 100644 index d055174dcbe..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_anchor_fail.rpl +++ /dev/null @@ -1,236 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - ; correct anchor - ; trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" - ; wrong anchor - trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deeaaaaa" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed trust anchor - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_chain.rpl b/contrib/unbound/testdata/auth_zonemd_chain.rpl deleted file mode 100644 index 74479274fa9..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_chain.rpl +++ /dev/null @@ -1,234 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with chain of trust - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_chain_fail.rpl b/contrib/unbound/testdata/auth_zonemd_chain_fail.rpl deleted file mode 100644 index 393b1c028fa..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_chain_fail.rpl +++ /dev/null @@ -1,236 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -; dnskey is wrong: -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+AAAAA ;{id = 55566 (zsk), size = 1024b} -; dnskey that was correct: -;example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed chain of trust - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_file.rpl b/contrib/unbound/testdata/auth_zonemd_file.rpl deleted file mode 100644 index bdf0ccbae74..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_file.rpl +++ /dev/null @@ -1,183 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_file_fail.rpl b/contrib/unbound/testdata/auth_zonemd_file_fail.rpl deleted file mode 100644 index 69487cf6512..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_file_fail.rpl +++ /dev/null @@ -1,185 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; good zonemd -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; wrong zonemd -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD failure from zonefile - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_file_unknown.rpl b/contrib/unbound/testdata/auth_zonemd_file_unknown.rpl deleted file mode 100644 index f5c5f276e88..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_file_unknown.rpl +++ /dev/null @@ -1,184 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 22 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -example.com. IN ZONEMD 200154054 21 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD with unknown algo from zonefile - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_insecure.rpl b/contrib/unbound/testdata/auth_zonemd_insecure.rpl deleted file mode 100644 index 18a4117d86a..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_insecure.rpl +++ /dev/null @@ -1,215 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD that is securely insecure -; the trust anchor finds an online delegation with an insecure DS referral. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION AUTHORITY -com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 -com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl b/contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl deleted file mode 100644 index 1c3f488080e..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_insecure_absent.rpl +++ /dev/null @@ -1,217 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; the missing ZONEMD record -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with absent ZONEMD that is securely insecure -; the trust anchor finds an online delegation with an insecure DS referral. -; the ZONEMD is not there. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION AUTHORITY -com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 -com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl b/contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl deleted file mode 100644 index beb9f5b9ac8..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_insecure_absent_reject.rpl +++ /dev/null @@ -1,218 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - zonemd-check: yes - zonemd-reject-absence: yes - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; the missing ZONEMD record -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with reject-absence ZONEMD that is securely insecure -; the trust anchor finds an online delegation with an insecure DS referral. -; the ZONEMD is not there. This is not allowed by the zonemd-reject-absence -; option in config, so it fails the zone. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION AUTHORITY -com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 -com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl b/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl deleted file mode 100644 index f7aad071e3b..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl +++ /dev/null @@ -1,218 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; correct ZONEMD -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; wrong ZONEMD -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD fail that is securely insecure -; the trust anchor finds an online delegation with an insecure DS referral. -; the ZONEMD is wrong, eg. the hash does not match the zone data. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION AUTHORITY -com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 -com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_nokey.rpl b/contrib/unbound/testdata/auth_zonemd_nokey.rpl deleted file mode 100644 index a89414bf631..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_nokey.rpl +++ /dev/null @@ -1,212 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD that lacks a DNSKEY -; the zone has no DNSSEC, but the trust anchor requires it. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl b/contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl deleted file mode 100644 index 4149daa927f..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_permissive_mode.rpl +++ /dev/null @@ -1,187 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - zonemd-permissive-mode: yes - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; good zonemd -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; wrong zonemd -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test zonemd permissive mode - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr.rpl b/contrib/unbound/testdata/auth_zonemd_xfr.rpl deleted file mode 100644 index 89e22cea147..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr.rpl +++ /dev/null @@ -1,238 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -bar.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN A 1.2.3.4 -ns.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN A 127.0.0.1 -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl deleted file mode 100644 index 667de2eae0d..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_anchor.rpl +++ /dev/null @@ -1,285 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with trust anchor - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F -example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl deleted file mode 100644 index 237ed9498e3..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_anchor_fail.rpl +++ /dev/null @@ -1,266 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD fail with trust anchor - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOTIMPL -SECTION QUESTION -example.com. IN IXFR -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -; this is the bad RR that causes the wrong zonemd. RRSIG is wrong too. -bar.example.com. 3600 IN A 1.2.3.55 -; orig RR -;bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl deleted file mode 100644 index 4deb99bcbd8..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl +++ /dev/null @@ -1,310 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with chain of trust - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F -example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl deleted file mode 100644 index 3e09c9e8e40..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_chain_fail.rpl +++ /dev/null @@ -1,321 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD failure with chain of trust - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOTIMPL -SECTION QUESTION -example.com. IN IXFR -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -; this is the bad RR that causes the wrong zonemd. RRSIG is wrong too. -bar.example.com. 3600 IN A 1.2.3.55 -; orig RR -;bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F -example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -bar.example.com. 3600 IN A 1.2.3.55 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_chain_keyinxfr.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_chain_keyinxfr.rpl deleted file mode 100644 index 2feec88c075..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_chain_keyinxfr.rpl +++ /dev/null @@ -1,315 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - - ## The for-downstream and fallback are disabled, the key cannot be - ## retrieved by DNS lookup, it is in the xfr itself. - ## only after the zone is loaded can it be looked up. - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with key in xfr - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION ANSWER -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af -example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 127.0.0.1 -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F -example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl b/contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl deleted file mode 100644 index f54ca7e086f..00000000000 --- a/contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl +++ /dev/null @@ -1,241 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - master: 1.2.3.44 - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: yes - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with AXFR with failed ZONEMD - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -; serial, refresh, retry, expire, minimum -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOTIMPL -SECTION QUESTION -example.com. IN IXFR -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; old zonemd -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; wrong zonemd -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 TIME_PASSES ELAPSE 10 -STEP 40 TRAFFIC - -STEP 50 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 60 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -; the zonefile was updated with new contents -STEP 70 CHECK_TEMPFILE example.com -FILE_BEGIN -FILE_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/ede.tdir/bogus/clean.sh b/contrib/unbound/testdata/ede.tdir/bogus/clean.sh deleted file mode 100755 index 54128f80721..00000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/clean.sh +++ /dev/null @@ -1 +0,0 @@ -rm -f K* piece1 base expired notyetincepted trust-anchors dnssec-failures.test.signed dnskey-failures.test.signed nsec-failures.test.signed rrsig-failures.test.signed diff --git a/contrib/unbound/testdata/ede.tdir/bogus/dnskey-failures.test b/contrib/unbound/testdata/ede.tdir/bogus/dnskey-failures.test deleted file mode 100644 index 49d6ad5a384..00000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/dnskey-failures.test +++ /dev/null @@ -1,10 +0,0 @@ -$ORIGIN dnskey-failures.test. - -@ SOA ns hostmaster ( - 1 ; serial - 14400 ; refresh (4 hours) - 1800 ; retry (30 minutes) - 2419200 ; expire (4 weeks) - 300 ; minimum (5 minutes) -) - A 192.0.2.1 diff --git a/contrib/unbound/testdata/ede.tdir/bogus/dnssec-failures.test b/contrib/unbound/testdata/ede.tdir/bogus/dnssec-failures.test deleted file mode 100644 index 5af5941c095..00000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/dnssec-failures.test +++ /dev/null @@ -1,15 +0,0 @@ -$ORIGIN dnssec-failures.test. - -@ SOA ns hostmaster ( - 1 ; serial - 14400 ; refresh (4 hours) - 1800 ; retry (30 minutes) - 2419200 ; expire (4 weeks) - 300 ; minimum (5 minutes) -) - NS ns -ns A 192.0.2.1 -notyetincepted TXT "Not yet incepted" -expired TXT "Expired" -sigsinvalid TXT "Signatures invalid" -missingrrsigs TXT "Signatures missing" \ No newline at end of file diff --git a/contrib/unbound/testdata/ede.tdir/bogus/make-broken-zone.sh b/contrib/unbound/testdata/ede.tdir/bogus/make-broken-zone.sh deleted file mode 100755 index 67b4fcfb2d8..00000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/make-broken-zone.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env bash - -# create oudated zones -CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnssec-failures.test` -echo $CSK - -echo ". IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d" | \ - cat $CSK.ds - > bogus/trust-anchors - -# differentiate for MacOS with "gdate" -DATE=date -which gdate > /dev/null 2>&1 && DATE=gdate - -ONEMONTHAGO=`$DATE -d 'now - 1 month' +%Y%m%d` -YESTERDAY=`$DATE -d 'now - 2 days' +%Y%m%d` -TOMORROW=`$DATE -d 'now + 2 days' +%Y%m%d` - -ldns-signzone -i $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ - grep -v '^missingrrsigs\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' | \ - sed 's/Signatures invalid/Signatures INVALID/g' | \ - grep -v '^notyetincepted\.dnssec-failures\.test\..*IN.*TXT' | \ - grep -v '^notyetincepted\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' | \ - grep -v '^expired\.dnssec-failures\.test\..*IN.*TXT' | \ - grep -v '^expired\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' > base -ldns-signzone -i $ONEMONTHAGO -e $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ - grep -v '[ ]NSEC[ ]' | \ - grep '^expired\.dnssec-failures\.test\..*IN.*TXT' > expired -ldns-signzone -i $TOMORROW -f - bogus/dnssec-failures.test $CSK | \ - grep -v '[ ]NSEC[ ]' | \ - grep '^notyetincepted\.dnssec-failures\.test\..*IN.*TXT' > notyetincepted - -cat base expired notyetincepted > bogus/dnssec-failures.test.signed - -# cleanup old zone keys -rm -f $CSK.* -# create zone with DNSKEY missing -CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnskey-failures.test` -echo $CSK -cat $CSK.ds >> bogus/trust-anchors - -ldns-signzone -f tmp.signed bogus/dnskey-failures.test $CSK -grep -v ' DNSKEY ' tmp.signed > bogus/dnskey-failures.test.signed - - -# cleanup old zone keys -rm -f $CSK.* -# create zone with NSEC missing -CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom nsec-failures.test` -echo $CSK -cat $CSK.ds >> bogus/trust-anchors - -ldns-signzone -f tmp.signed bogus/nsec-failures.test $CSK -grep -v ' NSEC ' tmp.signed > bogus/nsec-failures.test.signed - - -# cleanup old zone keys -rm -f $CSK.* -# create zone with RRSIGs missing -CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom rrsig-failures.test` -echo $CSK -cat $CSK.ds >> bogus/trust-anchors - -ldns-signzone -f tmp.signed bogus/rrsig-failures.test $CSK -grep -v ' RRSIG ' tmp.signed > bogus/rrsig-failures.test.signed - -# cleanup -rm -f base expired notyetincepted tmp.signed $CSK.* diff --git a/contrib/unbound/testdata/ede.tdir/bogus/nsec-failures.test b/contrib/unbound/testdata/ede.tdir/bogus/nsec-failures.test deleted file mode 100644 index 529298df686..00000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/nsec-failures.test +++ /dev/null @@ -1,10 +0,0 @@ -$ORIGIN nsec-failures.test. - -@ SOA ns hostmaster ( - 1 ; serial - 14400 ; refresh (4 hours) - 1800 ; retry (30 minutes) - 2419200 ; expire (4 weeks) - 300 ; minimum (5 minutes) -) - A 192.0.2.1 diff --git a/contrib/unbound/testdata/ede.tdir/bogus/rrsig-failures.test b/contrib/unbound/testdata/ede.tdir/bogus/rrsig-failures.test deleted file mode 100644 index cab0b7f48d0..00000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/rrsig-failures.test +++ /dev/null @@ -1,10 +0,0 @@ -$ORIGIN rrsig-failures.test. - -@ SOA ns hostmaster ( - 1 ; serial - 14400 ; refresh (4 hours) - 1800 ; retry (30 minutes) - 2419200 ; expire (4 weeks) - 300 ; minimum (5 minutes) -) - A 192.0.2.1 diff --git a/contrib/unbound/testdata/ede.tdir/ede-auth.conf b/contrib/unbound/testdata/ede.tdir/ede-auth.conf deleted file mode 100644 index d78da0382ad..00000000000 --- a/contrib/unbound/testdata/ede.tdir/ede-auth.conf +++ /dev/null @@ -1,27 +0,0 @@ -server: - verbosity: 1 - use-syslog: no - chroot: "" - username: "" - directory: "" - pidfile: "unbound2.pid" - local-zone: test nodefault - interface: 127.0.0.1 - port: @PORT2@ - -auth-zone: - name: "dnssec-failures.test" - zonefile: "bogus/dnssec-failures.test.signed" - -auth-zone: - name: "dnskey-failures.test" - zonefile: "bogus/dnskey-failures.test.signed" - -auth-zone: - name: "nsec-failures.test" - zonefile: "bogus/nsec-failures.test.signed" - -auth-zone: - name: "rrsig-failures.test" - zonefile: "bogus/rrsig-failures.test.signed" - diff --git a/contrib/unbound/testdata/ede.tdir/ede.conf b/contrib/unbound/testdata/ede.tdir/ede.conf deleted file mode 100644 index 13730d42f2c..00000000000 --- a/contrib/unbound/testdata/ede.tdir/ede.conf +++ /dev/null @@ -1,49 +0,0 @@ -server: - verbosity: 2 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: . - pidfile: "unbound.pid" - chroot: "" - username: "" - directory: "" - val-log-level: 2 - - trust-anchor-file: "bogus/trust-anchors" - - module-config: "respip validator iterator" - - ede: yes - access-control: 127.0.0.2/32 refuse - access-control: 127.0.0.3/32 allow - - local-zone: hopsa.kidee. always_refuse - local-data: "hopsa.kidee. TXT hela hola" - - local-zone: nlnetlabs.nl transparent - local-data: "hopsa.nlnetlabs.nl. TXT hela hola" - - local-zone: uva.nl. always_null - - local-zone: example.com redirect - local-data: "example.com CNAME *.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaa." - - local-zone: test nodefault - do-not-query-localhost: no - -forward-zone: - name: "dnssec-failures.test" - forward-addr: 127.0.0.1@@PORT2@ - -forward-zone: - name: "dnskey-failures.test" - forward-addr: 127.0.0.1@@PORT2@ - -forward-zone: - name: "nsec-failures.test" - forward-addr: 127.0.0.1@@PORT2@ - -forward-zone: - name: "rrsig-failures.test" - forward-addr: 127.0.0.1@@PORT2@ diff --git a/contrib/unbound/testdata/ede.tdir/ede.dsc b/contrib/unbound/testdata/ede.tdir/ede.dsc deleted file mode 100644 index c397ded693f..00000000000 --- a/contrib/unbound/testdata/ede.tdir/ede.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: ede -Version: 1.0 -Description: Test Extended DNS Errors (rfc8914) -CreationDate: Fri Aug 20 15:42:11 UTC 2021 -Maintainer: Tom Carpay -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: ede.pre -Post: ede.post -Test: ede.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/ede.tdir/ede.post b/contrib/unbound/testdata/ede.tdir/ede.post deleted file mode 100644 index 88b26f3132a..00000000000 --- a/contrib/unbound/testdata/ede.tdir/ede.post +++ /dev/null @@ -1,10 +0,0 @@ -# #-- ede.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -# teardown -. ../common.sh -kill_pid $UNBOUND_PID -kill_pid $UNBOUND_PID2 \ No newline at end of file diff --git a/contrib/unbound/testdata/ede.tdir/ede.pre b/contrib/unbound/testdata/ede.tdir/ede.pre deleted file mode 100644 index e5a0667b0e0..00000000000 --- a/contrib/unbound/testdata/ede.tdir/ede.pre +++ /dev/null @@ -1,37 +0,0 @@ -# #-- ede.pre --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh -get_random_port 2 -UNBOUND_PORT=$RND_PORT -UNBOUND_PORT2=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "UNBOUND_PORT2=$UNBOUND_PORT2" >> .tpkg.var.test - -# rewrite config file with created ports -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' < ede.conf > temp.conf -sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < temp.conf > ub.conf -sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < ede-auth.conf > ub2.conf - -# create broken dnssec zone -bogus/make-broken-zone.sh - -# start unbound in the background -PRE="../.." -$PRE/unbound -d -c ub.conf > unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -# start authoritative unbound in the background -$PRE/unbound -d -c ub2.conf > unbound2.log 2>&1 & -UNBOUND_PID2=$! -echo "UNBOUND_PID2=$UNBOUND_PID2" >> .tpkg.var.test - - -cat .tpkg.var.test -wait_unbound_up unbound.log -wait_unbound_up unbound2.log - diff --git a/contrib/unbound/testdata/ede.tdir/ede.test b/contrib/unbound/testdata/ede.tdir/ede.test deleted file mode 100644 index 5d478bd49cb..00000000000 --- a/contrib/unbound/testdata/ede.tdir/ede.test +++ /dev/null @@ -1,72 +0,0 @@ -# #-- ede.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - - -# DNSSEC failure: Signature Expired or DNSKEY Missing (depending on the servfail configuration) -dig @127.0.0.1 -p $UNBOUND_PORT servfail.nl > servfail.txt - -# DNSSEC failure: key not incepted -dig @127.0.0.1 -p $UNBOUND_PORT notyetincepted.dnssec-failures.test. TXT +dnssec > sig_notyetincepted.txt - -if ! grep -q -e "OPT=15: 00 08" -e "EDE: 8" sig_notyetincepted.txt -then - echo "Signature not yet valid does not return EDE Signature Not Yet Valid" - cat sig_notyetincepted.txt - exit 1 -fi - -# DNSSEC failure: key expired -dig @127.0.0.1 -p $UNBOUND_PORT expired.dnssec-failures.test. TXT +dnssec > sig_expired.txt - -if ! grep -q -e "OPT=15: 00 07" -e "EDE: 7" sig_expired.txt -then - echo "Expired signature does not return EDE Signature expired" - cat sig_expired.txt - exit 1 -fi - -# DNSSEC failure: missing rrsigs -dig @127.0.0.1 -p $UNBOUND_PORT missingrrsigs.dnssec-failures.test. TXT +dnssec > missingrrsigs.txt - -if ! grep -q -e "OPT=15: 00 0a" -e "EDE: 10" missingrrsigs.txt -then - echo "Expired signature does not return EDE RRSIGs missing" - cat missingrrsigs.txt - exit 1 -fi - -# signed zone with DNSKEY missing -dig @127.0.0.1 -p $UNBOUND_PORT dnskey-failures.test > dnskey-failure.txt - -if ! grep -q -e "OPT=15: 00 09" -e "EDE: 9" dnskey-failure.txt -then - echo "Expired signature does not return EDE DNSKEY missing" - cat dnskey-failure.txt - exit 1 -fi - -# signed zone with RRSIGs missing -dig @127.0.0.1 -p $UNBOUND_PORT rrsig-failures.test > rrsig-failure.txt - -if ! grep -q -e "OPT=15: 00 0a" -e "EDE: 10" rrsig-failure.txt -then - echo "Expired signature does not return EDE RRSIGs missing" - cat rrsig-failure.txt - exit 1 -fi - -# signed zone with NSEC missing -dig @127.0.0.1 -p $UNBOUND_PORT abc.nsec-failures.test > nsec-failure.txt - -if ! grep -q -e "OPT=15: 00 0c" -e "EDE: 12" nsec-failure.txt -then - echo "Expired signature does not return EDE NSEC missing" - cat nsec-failure.txt - exit 1 -fi - - -# @TODO DNSSEC indeterminate when implemented diff --git a/contrib/unbound/testdata/ede_acl_refused.rpl b/contrib/unbound/testdata/ede_acl_refused.rpl deleted file mode 100644 index 81c9cd0a071..00000000000 --- a/contrib/unbound/testdata/ede_acl_refused.rpl +++ /dev/null @@ -1,35 +0,0 @@ -; config options -server: - access-control: 127.0.0.0/8 refuse - ede: yes -CONFIG_END - -SCENARIO_BEGIN Test ede-acl-refused -; Scenario overview: -; - query for example.com. A record with EDNS -; - check that we get a refused answer with EDE (RFC8914) code 18 - Prohibited - -; Query without RD flag -STEP 1 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - example.com. IN A - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - HEX_EDNSDATA_END -ENTRY_END - -; Check that we got ede 18 -STEP 2 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ede=18 - REPLY QR RD REFUSED - SECTION QUESTION - example.com. IN A - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - HEX_EDNSDATA_END -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/ede_cache_snoop_noth_auth.rpl b/contrib/unbound/testdata/ede_cache_snoop_noth_auth.rpl deleted file mode 100644 index d243fdde00a..00000000000 --- a/contrib/unbound/testdata/ede_cache_snoop_noth_auth.rpl +++ /dev/null @@ -1,33 +0,0 @@ -; config options -server: - ede: yes -CONFIG_END - -SCENARIO_BEGIN Test ede-cache-snoop-not-authoritative -; Scenario overview: -; - query for example.com. A record with EDNS without the RD bit -; - check that we get a refused answer with EDE (RFC8914) code 20 - Not Authoritative - -; Query without RD flag -STEP 1 QUERY -ENTRY_BEGIN - SECTION QUESTION - example.com. IN A - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - HEX_EDNSDATA_END -ENTRY_END - -; Check that we got ede 20 -STEP 10 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ede=20 - REPLY QR RA REFUSED - SECTION QUESTION - example.com. IN A - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - HEX_EDNSDATA_END -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/ede_localzone_dname_expansion.rpl b/contrib/unbound/testdata/ede_localzone_dname_expansion.rpl deleted file mode 100644 index e0540e4fbf1..00000000000 --- a/contrib/unbound/testdata/ede_localzone_dname_expansion.rpl +++ /dev/null @@ -1,37 +0,0 @@ -; config options -server: - local-zone: example.com redirect - local-data: "example.com CNAME *.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaa." - ede: yes - -CONFIG_END - -SCENARIO_BEGIN Test ede-localzone-dname-expansion -; Scenario overview: -; - query for www.qhqwer.qwer.qwer.h.example.com. (a large Qname) A record with EDNS -; - check that we get a YXDOMAIN answer with EDE (RFC8914) code 0 - Other (which adds a DNAME expansion message) - -; Query with RD flag -STEP 1 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - www.qhqwer.qwer.qwer.h.example.com A - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - HEX_EDNSDATA_END -ENTRY_END - -; Check that we got the correct answer (should be cached) -STEP 10 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ede=0 - REPLY QR AA RD RA YXDOMAIN - SECTION QUESTION - www.qhqwer.qwer.qwer.h.example.com A - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - HEX_EDNSDATA_END -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/edns_attached_once_per_upstream.rpl b/contrib/unbound/testdata/edns_attached_once_per_upstream.rpl deleted file mode 100644 index 19f1ba75df4..00000000000 --- a/contrib/unbound/testdata/edns_attached_once_per_upstream.rpl +++ /dev/null @@ -1,90 +0,0 @@ -; config options -server: - edns-client-string: 10.0.0.0/24 "abc d" - outbound-msg-retry: 1 - -stub-zone: - name: "edns-string-abc." - stub-addr: 10.0.0.3 - stub-first: yes - -forward-zone: - name: "." - forward-addr: 10.0.0.1 - -CONFIG_END - -SCENARIO_BEGIN Test that upstream specific EDNS is attached once; uses string tag option - -RANGE_BEGIN 0 1000 - ADDRESS 10.0.0.3 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR SERVFAIL -SECTION QUESTION -edns-string-abc. IN A -ENTRY_END -RANGE_END - -RANGE_BEGIN 0 1000 - ADDRESS 10.0.0.1 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -edns-string-abc. IN A -SECTION ANSWER -edns-string-abc. IN A 10.20.30.40 -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -edns-string-abc. IN A -ENTRY_END - -; This will receive SERVFAIL and the next address will be queried -STEP 20 CHECK_OUT_QUERY ADDRESS 10.0.0.3 -ENTRY_BEGIN -MATCH qname qtype opcode ednsdata -SECTION QUESTION -edns-string-abc. IN A -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - fd e9 ; Opcode 65001 - 00 05 ; Length 5 - 61 62 63 20 64 ; "abc d" - HEX_EDNSDATA_END -ENTRY_END - -; This will receive the answer; makes sure that EDNS is attached once -STEP 22 CHECK_OUT_QUERY ADDRESS 10.0.0.1 -ENTRY_BEGIN -MATCH qname qtype opcode ednsdata -SECTION QUESTION -edns-string-abc. IN A -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - fd e9 ; Opcode 65001 - 00 05 ; Length 5 - 61 62 63 20 64 ; "abc d" - HEX_EDNSDATA_END -ENTRY_END - - -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -edns-string-abc. IN A -SECTION ANSWER -edns-string-abc. IN A 10.20.30.40 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/fwd_error_retries.rpl b/contrib/unbound/testdata/fwd_error_retries.rpl deleted file mode 100644 index b63086c0f46..00000000000 --- a/contrib/unbound/testdata/fwd_error_retries.rpl +++ /dev/null @@ -1,27 +0,0 @@ -; config options -server: - outbound-msg-retry: 1 - -forward-zone: - name: "." - forward-addr: 216.0.0.1 -CONFIG_END -SCENARIO_BEGIN Test basic forwarding with servfail and retry of 1 -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END -; query fails with servfail, now we make only outgoing-msg-retry=1 retries -STEP 2 ERROR -; returns servfail -STEP 14 CHECK_ANSWER -ENTRY_BEGIN -MATCH opcode qname qtype -SECTION QUESTION -REPLY SERVFAIL QR RD RA -MATCH all -www.example.com. IN A -ENTRY_END -SCENARIO_END diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.conf b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.conf deleted file mode 100644 index 6daf2eeecc3..00000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.conf +++ /dev/null @@ -1,20 +0,0 @@ -server: - verbosity: 5 - # num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no -forward-zone: - name: "tcp.example.com" - forward-addr: "127.0.0.1@@TOPORT@" - forward-tcp-upstream: "yes" -forward-zone: - name: "udp.example.com" - forward-addr: "127.0.0.1@@TOPORT@" - forward-tcp-upstream: "no" - diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.dsc b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.dsc deleted file mode 100644 index 5b1f0d3d1ab..00000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: fwd_udp_with_tcp_upstream -Version: 1.0 -Description: Forward an UDP packet to upstream via TCP and return reply. -CreationDate: Thu Aug 5 07:44:41 CEST 2021 -Maintainer: ziollek -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: fwd_udp_with_tcp_upstream.pre -Post: fwd_udp_with_tcp_upstream.post -Test: fwd_udp_with_tcp_upstream.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.post b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.post deleted file mode 100644 index 0013eca71a4..00000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.post +++ /dev/null @@ -1,10 +0,0 @@ -# #-- fwd_udp_with_tcp_upstream.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -kill_pid $FWD_PID -kill_pid $UNBOUND_PID diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.pre b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.pre deleted file mode 100644 index 546787a5fc9..00000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.pre +++ /dev/null @@ -1,31 +0,0 @@ -# #-- fwd_udp_with_tcp_upstream.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh -get_random_port 2 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT fwd_udp_with_tcp_upstream.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < fwd_udp_with_tcp_upstream.conf > ub.conf -# start unbound in the background -PRE="../.." -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log - diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test deleted file mode 100644 index fad6497beb1..00000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test +++ /dev/null @@ -1,35 +0,0 @@ -# #-- fwd_udp_with_tcp_upstream.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -# do the test -echo "> dig tcp.example.com." -dig @localhost -p $UNBOUND_PORT tcp.example.com. | tee outfile -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> check answer" -if grep "10.20.30.40" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -echo "> dig udp.example.com." -dig @localhost -p $UNBOUND_PORT udp.example.com. | tee outfile -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> check answer" -if grep "10.20.30.80" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.testns b/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.testns deleted file mode 100644 index 04089af0e1b..00000000000 --- a/contrib/unbound/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.testns +++ /dev/null @@ -1,25 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -MATCH TCP -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -tcp IN A -SECTION ANSWER -tcp IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -MATCH UDP -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -udp IN A -SECTION ANSWER -udp IN A 10.20.30.80 -ENTRY_END diff --git a/contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone b/contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone deleted file mode 100644 index 695eb1c32bd..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone +++ /dev/null @@ -1,3 +0,0 @@ -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -example.com. IN NS ns.example.net. -www.example.com. IN A 1.2.3.4 diff --git a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf deleted file mode 100644 index c563416aefb..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.conf +++ /dev/null @@ -1,24 +0,0 @@ -auth-zone: - name: "example.com" - for-upstream: yes - for-downstream: yes - url: "https://127.0.0.1:@TOPORT@/example.com.zone" -remote-control: - control-enable: yes - control-interface: 127.0.0.1 - control-port: @CONTROL_PORT@ - server-key-file: "unbound_server.key" - server-cert-file: "unbound_server.pem" - control-key-file: "unbound_control.key" - control-cert-file: "unbound_control.pem" -server: - verbosity: 7 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - use-caps-for-id: yes diff --git a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc deleted file mode 100644 index 6b24c43fc7a..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: http_user_agent -Version: 1.0 -Description: Check the http-user-agent configuration -CreationDate: Wed 2 Jun 13:59:26 CEST 2021 -Maintainer: -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: http_user_agent.pre -Post: http_user_agent.post -Test: http_user_agent.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post deleted file mode 100644 index 797ff57c8bb..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.post +++ /dev/null @@ -1,11 +0,0 @@ -# #-- http_user_agent.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -PRE="../.." -. ../common.sh -kill_pid $UNBOUND_PID -kill_pid $PETAL_PID diff --git a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre deleted file mode 100644 index e94bd536edb..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.pre +++ /dev/null @@ -1,37 +0,0 @@ -# #-- http_user_agent.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -get_random_port 3 -UNBOUND_PORT=$RND_PORT -PETAL_PORT=$(($RND_PORT + 1)) -CONTROL_PORT=$(($RND_PORT + 3)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "PETAL_PORT=$PETAL_PORT" >> .tpkg.var.test -echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test - -get_make -(cd $PRE; $MAKE petal) - -# start https daemon -# More verbosity because we need to see the HTTP headers -$PRE/petal -vv -a "127.0.0.1" -p $PETAL_PORT >petal.log 2>&1 & -PETAL_PID=$! -echo "PETAL_PID=$PETAL_PID" >> .tpkg.var.test -cat .tpkg.var.test -wait_petal_up petal.log - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$PETAL_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/'< http_user_agent.conf > ub.conf -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_unbound_up unbound.log - diff --git a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test b/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test deleted file mode 100644 index dce2d476c8f..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/http_user_agent.test +++ /dev/null @@ -1,103 +0,0 @@ -# #-- http_user_agent.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." - -# Query and check check that we get the correct answer from the auth_zone -query () { - echo "> dig www.example.com." - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - if grep SERVFAIL outfile; then - echo "> try again" - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - if grep SERVFAIL outfile; then - echo "> try again" - sleep 10 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - if grep SERVFAIL outfile; then - echo "> try again" - sleep 10 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile - fi - echo "> check answer" - if grep "1.2.3.4" outfile; then - echo "OK" - else - echo "Not OK" - exit 1 - fi -} - -# Reload the configuration and retransfer the zone -reload_and_retransfer () { - echo "> Reloading Unbound" - echo "$PRE/unbound-control -c ub.conf reload" - $PRE/unbound-control -c ub.conf reload - if test $? -ne 0; then - echo "wrong exit value from unbound-control" - exit 1 - fi - echo "> Refetching example.com" - echo "$PRE/unbound-control -c ub.conf auth_zone_transfer example.com" - $PRE/unbound-control -c ub.conf auth_zone_transfer example.com - if test $? -ne 0; then - echo "wrong exit value from unbound-control" - exit 1 - fi -} - -# do the test -query -# add custom http-user-agent -echo "server: http-user-agent: customUA" >> ub.conf -reload_and_retransfer -query -# hide http-user-agent -echo "server: hide-http-user-agent: yes" >> ub.conf -reload_and_retransfer -query - -echo "> cat logfiles" -cat petal.log -cat unbound.log - -# check petal.log for the correct number of occurrences. -# It should be 2 User-Agents, one being the custom. -echo "> check User-Agent occurrences" -occurrences=`grep "User-Agent:" petal.log | wc -l` -echo $occurrences -if test $occurrences -eq 2; then - echo "OK" -else - echo "Not OK" - exit 1 -fi -echo "> check custom User-Agent" -if grep "User-Agent: customUA" petal.log; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/http_user_agent.tdir/petal.key b/contrib/unbound/testdata/http_user_agent.tdir/petal.key deleted file mode 100644 index 6614e498fcd..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/petal.key +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ -RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1 -QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu -O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU -J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG -Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh -mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh -qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU -6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz -lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc -Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM -XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ -Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh -C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C -EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS -3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY -F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ -kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3 -berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2 ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/http_user_agent.tdir/petal.pem b/contrib/unbound/testdata/http_user_agent.tdir/petal.pem deleted file mode 100644 index 19c8b895ba8..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/petal.pem +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICFzCCAUACCQDO660L5y5LGDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVw -ZXRhbDAeFw0xMDA5MzAxMzQzMDFaFw0zMDA2MTcxMzQzMDFaMBAxDjAMBgNVBAMT -BXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC1xQ/Kca6zszZbcCtd -OTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJRuN+Rm304SonpwghfP2/ULZNnuDgpG03 -/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ8 -67K029ypjOQtAJ85qdO3mERy7TGtdUcuO6hLeVet419YeQ2F8cfNxn63d7bOzNGL -PW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeUJ/i4YDWexFYSL+ECAwEAATANBgkqhkiG -9w0BAQUFAAOBwQBBkX9KDP2RXbg+xPmdJ4P6CwvA5x1LZwC++ydVx4NlvT0pWicD -ZUnXjcWAJlkeOuUBAqFG7WHTrXpUUAjmdqFVq2yFjteUYBdrFz0RDB2jM9feeKYO -mTgxdZyT9a6humxCxt5VfgT02axLjm/2AqCyFPMbf4PASoJDln01AEuZLZ8Xl2gV -bYHMnHTGoD1Hu6FNEzRgkMC6XT8X3YjHvzQhpc/qL5wEfEsinQGdX4twsuWbf8xd -q7miNnkO8vd0maw= ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key b/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key deleted file mode 100644 index 753a4ef6162..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA -1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ -F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR -ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm -vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb -IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL -cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr -lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov -15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf -LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ -Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 -YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 -whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c -lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax -tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ -U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 -Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc -Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 -ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ -1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN -b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz -ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C -TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF -tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y -aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 -A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU -LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U -R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy -7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj -7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw -jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 -BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar -kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR -qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 -VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 -MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa -C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem b/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem deleted file mode 100644 index a1edf7017f1..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_control.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw -WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA -A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv -OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj -1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl -NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht -A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ -Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB -TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ -nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My -+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj -4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 -hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU -9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn -ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ -pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD -72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ -muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP -uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key b/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key deleted file mode 100644 index 370a7bbb2f2..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI -0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq -GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z -uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K -WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 -FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP -q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL -A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP -7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf -XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 -iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 -2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo -MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj -WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz -O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI -IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN -qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU -dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs -bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr -YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km -7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr -gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z -5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG -ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN -oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ -s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW -zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx -ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 -oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 -BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS -mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 -kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 -7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 -RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O -jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp -O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre -MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem b/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem deleted file mode 100644 index 986807310f2..00000000000 --- a/contrib/unbound/testdata/http_user_agent.tdir/unbound_server.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 -WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB -igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 -a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 -4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot -aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 -TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ -uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 -+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz -XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx -dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW -84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 -JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca -fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg -XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF -qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 -sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD -yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe -CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/ipset.tdir/ipset.conf b/contrib/unbound/testdata/ipset.tdir/ipset.conf deleted file mode 100644 index 7cc34912dd2..00000000000 --- a/contrib/unbound/testdata/ipset.tdir/ipset.conf +++ /dev/null @@ -1,23 +0,0 @@ -server: - verbosity: 3 - num-threads: 1 - module-config: "ipset iterator" - outgoing-range: 16 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - local-zone: "example.net." ipset -stub-zone: - name: "example.net." - stub-addr: "127.0.0.1@@TOPORT@" -stub-zone: - name: "example.com." - stub-addr: "127.0.0.1@@TOPORT@" -ipset: - name-v4: atotallymadeupnamefor4 - name-v6: atotallymadeupnamefor6 diff --git a/contrib/unbound/testdata/ipset.tdir/ipset.dsc b/contrib/unbound/testdata/ipset.tdir/ipset.dsc deleted file mode 100644 index b7792b7e018..00000000000 --- a/contrib/unbound/testdata/ipset.tdir/ipset.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: ipset -Version: 1.0 -Description: mock test ipset module -CreationDate: Wed Mar 2 13:00:38 CET 2022 -Maintainer: George Thessalonikefs -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: ipset.pre -Post: ipset.post -Test: ipset.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/ipset.tdir/ipset.post b/contrib/unbound/testdata/ipset.tdir/ipset.post deleted file mode 100644 index 7af512a4d37..00000000000 --- a/contrib/unbound/testdata/ipset.tdir/ipset.post +++ /dev/null @@ -1,14 +0,0 @@ -# #-- ipset.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -PRE="../.." -if grep "define USE_IPSET 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi -kill_pid $FWD_PID -kill_pid $UNBOUND_PID -cat unbound.log -exit 0 diff --git a/contrib/unbound/testdata/ipset.tdir/ipset.pre b/contrib/unbound/testdata/ipset.tdir/ipset.pre deleted file mode 100644 index ee1aedc7093..00000000000 --- a/contrib/unbound/testdata/ipset.tdir/ipset.pre +++ /dev/null @@ -1,33 +0,0 @@ -# #-- ipset.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh - -PRE="../.." -if grep "define USE_IPSET 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi - -get_random_port 2 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT ipset.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < ipset.conf > ub.conf -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log diff --git a/contrib/unbound/testdata/ipset.tdir/ipset.test b/contrib/unbound/testdata/ipset.tdir/ipset.test deleted file mode 100644 index 9150e5e3f0b..00000000000 --- a/contrib/unbound/testdata/ipset.tdir/ipset.test +++ /dev/null @@ -1,155 +0,0 @@ -# #-- ipset.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh -PRE="../.." -if grep "define USE_IPSET 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi - -# Make all the queries. They need to succeed by the way. -echo "> dig www.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile -echo "> check answer" -if grep "1.1.1.1" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi -echo "> check ipset" -if grep "ipset: add 1.1.1.1 to atotallymadeupnamefor4 for www.example.net." unbound.log; then - echo "ipset OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -echo "> dig www.example.net. AAAA" -dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. AAAA | tee outfile -echo "> check answer" -if grep "::1" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi -echo "> check ipset" -if grep "ipset: add ::1 to atotallymadeupnamefor6 for www.example.net." unbound.log; then - echo "ipset OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -echo "> dig cname.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT cname.example.net. | tee outfile -echo "> check answer" -if grep "2.2.2.2" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi -echo "> check ipset" -if grep "ipset: add 2.2.2.2 to atotallymadeupnamefor4 for target.example.net." unbound.log; then - echo "ipset OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -echo "> dig cname.example.net. AAAA" -dig @127.0.0.1 -p $UNBOUND_PORT cname.example.net. AAAA | tee outfile -echo "> check answer" -if grep "::2" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi -echo "> check ipset" -if grep "ipset: add ::2 to atotallymadeupnamefor6 for target.example.net." unbound.log; then - echo "ipset OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -echo "> dig outsidecname.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT outsidecname.example.net. | tee outfile -echo "> check answer" -if grep "3.3.3.3" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi -echo "> check ipset" -if grep "ipset: add 3.3.3.3 to atotallymadeupnamefor4 for target.example.com." unbound.log; then - echo "ipset OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -echo "> dig outsidecname.example.net. AAAA" -dig @127.0.0.1 -p $UNBOUND_PORT outsidecname.example.net. AAAA | tee outfile -echo "> check answer" -if grep "::3" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi -echo "> check ipset" -if grep "ipset: add ::3 to atotallymadeupnamefor6 for target.example.com." unbound.log; then - echo "ipset OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -echo "> cat logfiles" -cat tap.log -cat tap.errlog -cat fwd.log -echo "> OK" -exit 0 diff --git a/contrib/unbound/testdata/ipset.tdir/ipset.testns b/contrib/unbound/testdata/ipset.tdir/ipset.testns deleted file mode 100644 index 2b626e915ea..00000000000 --- a/contrib/unbound/testdata/ipset.tdir/ipset.testns +++ /dev/null @@ -1,103 +0,0 @@ -; nameserver test file -$ORIGIN example.net. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www IN A -SECTION ANSWER -www IN A 1.1.1.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www IN AAAA -SECTION ANSWER -www IN AAAA ::1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -cname IN A -SECTION ANSWER -cname IN CNAME target.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -cname IN AAAA -SECTION ANSWER -cname IN CNAME target.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -outsidecname IN A -SECTION ANSWER -outsidecname IN CNAME target.example.com. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -outsidecname IN AAAA -SECTION ANSWER -outsidecname IN CNAME target.example.com. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -target IN A -SECTION ANSWER -target IN A 2.2.2.2 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -target IN AAAA -SECTION ANSWER -target IN AAAA ::2 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -target.example.com. IN A -SECTION ANSWER -target.example.com. IN A 3.3.3.3 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -target.example.com. IN AAAA -SECTION ANSWER -target.example.com. IN AAAA ::3 -ENTRY_END diff --git a/contrib/unbound/testdata/iter_cname_minimise.rpl b/contrib/unbound/testdata/iter_cname_minimise.rpl deleted file mode 100644 index b61c3e34468..00000000000 --- a/contrib/unbound/testdata/iter_cname_minimise.rpl +++ /dev/null @@ -1,179 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: yes - module-config: "iterator" - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test cname chain resolution with qname minimisation. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.com. IN A -SECTION ANSWER -ns.example.com. IN A 1.2.3.44 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -www.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 300 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c.example.com. IN A -SECTION ANSWER -c.example.com. 10 IN CNAME www.example.com. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c.example.com. IN CNAME -SECTION ANSWER -c.example.com. 10 IN CNAME www.example.com. -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -c.example.com. IN CNAME -ENTRY_END - -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -c.example.com. IN CNAME -SECTION ANSWER -c.example.com. 10 IN CNAME www.example.com. -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -c.example.com. IN A -ENTRY_END - -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -c.example.com. IN A -SECTION ANSWER -c.example.com. 10 IN CNAME www.example.com. -www.example.com. 300 IN A 10.20.30.40 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/iter_dp_ip6useless.rpl b/contrib/unbound/testdata/iter_dp_ip6useless.rpl deleted file mode 100644 index 9a7746e118e..00000000000 --- a/contrib/unbound/testdata/iter_dp_ip6useless.rpl +++ /dev/null @@ -1,168 +0,0 @@ -; config options -server: - do-ip6: no - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test iterator when doip6 is no and dp is useless with only ip6 - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -; short TTL here, so it can expire -ns.example.com. 1 IN A 1.2.3.4 -ns.example.com. 100 IN AAAA ::53 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -; short TTL here, so it can expire -ns.example.com. 1 IN A 1.2.3.4 -ns.example.com. 100 IN AAAA ::53 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.com. IN A -SECTION ANSWER -; short TTL -ns.example.com. 1 IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION ANSWER -ns.example.com. IN AAAA ::53 -ENTRY_END - - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -mail.example.com. IN A -SECTION ANSWER -mail.example.com. IN A 10.20.30.50 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END - -STEP 20 TIME_PASSES ELAPSE 5.0 - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -mail.example.com. IN A -ENTRY_END - -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -mail.example.com. IN A -SECTION ANSWER -mail.example.com. IN A 10.20.30.50 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/nsid_bogus.rpl b/contrib/unbound/testdata/nsid_bogus.rpl deleted file mode 100644 index 7e92266cfa4..00000000000 --- a/contrib/unbound/testdata/nsid_bogus.rpl +++ /dev/null @@ -1,175 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - nsid: "ascii_hopsa kidee" - ede: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test for NSID in SERVFAIL response due to DNSSEC bogus - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; nodata for ns.example.com AAAA -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.com. IN AAAA -SECTION ANSWER -SECTION ADDITIONAL -ENTRY_END - - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -;good signature -;www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -;missing -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2855 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - 00 03 ; Opcode NSID (3) - 00 00 ; Length 0 - HEX_EDNSDATA_END -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ede=9 -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - 00 03 ; Opcode NSID (3) - 00 0b ; Length 11 - 68 6F 70 73 61 20 ; "hopsa " - 6B 69 64 65 65 ; "kidee" - HEX_EDNSDATA_END -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.conf b/contrib/unbound/testdata/ratelimit.tdir/ratelimit.conf deleted file mode 100644 index 5d2456c3931..00000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.conf +++ /dev/null @@ -1,29 +0,0 @@ -server: - verbosity: 5 - # num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: . - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - - ratelimit: 1 - ratelimit-factor: 0 - -stub-zone: - name: "example.com." - stub-addr: "127.0.0.1@@TOPORT@" - stub-no-cache: yes - -remote-control: - control-enable: yes - control-interface: 127.0.0.1 - # control-interface: ::1 - control-port: @CONTROL_PORT@ - server-key-file: "unbound_server.key" - server-cert-file: "unbound_server.pem" - control-key-file: "unbound_control.key" - control-cert-file: "unbound_control.pem" diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.dsc b/contrib/unbound/testdata/ratelimit.tdir/ratelimit.dsc deleted file mode 100644 index abd5307c79e..00000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: ratelimit -Version: 1.0 -Description: Test ratelimit. -CreationDate: Sun Jan 30 00:40:00 CET 2022 -Maintainer: Yorgos Thessalonikefs -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: ratelimit.pre -Post: ratelimit.post -Test: ratelimit.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.post b/contrib/unbound/testdata/ratelimit.tdir/ratelimit.post deleted file mode 100644 index 6738ed55ad0..00000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.post +++ /dev/null @@ -1,14 +0,0 @@ -# #-- ratelimit.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -kill_pid $STUB_PID -kill_pid $UNBOUND_PID -if test -f unbound.log; then - echo ">>> unbound log" - cat unbound.log -fi diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.pre b/contrib/unbound/testdata/ratelimit.tdir/ratelimit.pre deleted file mode 100644 index 2404cfc00b9..00000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.pre +++ /dev/null @@ -1,33 +0,0 @@ -# #-- ratelimit.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -get_random_port 2 -UNBOUND_PORT=$RND_PORT -STUB_PORT=$(($RND_PORT + 1)) -CONTROL_PORT=$(($RND_PORT + 2)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "STUB_PORT=$STUB_PORT" >> .tpkg.var.test -echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test - -# start ldns-testns -get_ldns_testns -$LDNS_TESTNS -v -p $STUB_PORT ratelimit.testns >stub.log 2>&1 & -STUB_PID=$! -echo "STUB_PID=$STUB_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$STUB_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < ratelimit.conf > ub.conf -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -wait_ldns_testns_up stub.log -wait_unbound_up unbound.log - -cat .tpkg.var.test diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.test b/contrib/unbound/testdata/ratelimit.tdir/ratelimit.test deleted file mode 100644 index cc14717405c..00000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.test +++ /dev/null @@ -1,183 +0,0 @@ -# #-- ratelimit.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh - -get_make -(cd $PRE; $MAKE streamtcp) - -# These tests rely on second time precision. To combat false negatives the -# tests run multiple times and we allow 1/3 of the runs to fail. -total_runs=6 -success_threshold=4 # 2/3*total_runs - -successes=0 -echo "> Three parallel queries" -# For this test we send three parallel queries and we expect only one of them -# to be allowed through each second. -for i in $(seq 1 $total_runs); do - $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - cat outfile - if test `grep "rcode: SERVFAIL" outfile | wc -l` -eq 2; then - ((successes++)) - fi - # We don't have to wait for all the runs to complete if we know - # we passed the threshold. - if test $successes -ge $success_threshold; then - break - fi - sleep 1 -done -if test $successes -ge $success_threshold; then - echo "Number of ratelimited queries OK for three parallel queries" -else - echo "Number of ratelimited queries not OK for three parallel queries" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Number of ratelimited queries not OK for three parallel queries" - exit 1 -fi - -echo "> Activating ratelimit-factor" -echo "$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 3" -$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 3 -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -slipped_through=0 -echo "> Three parallel queries with ratelimit-factor" -# For this test we send three parallel queries and we expect at least two of -# them to be allowed through at a given second; one from the ratelimit itself -# and one from the ratelimit-factor. -for i in {1..10}; do - $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - cat outfile - if test `grep "rcode: SERVFAIL" outfile | wc -l` -lt 2; then - slipped_through=1 - break - fi - sleep 2 -done -if test $slipped_through -eq 0; then - echo "ratelimit-factor did not work" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "ratelimit-factor did not work" - exit 1 -fi -echo "ratelimit-factor OK" - -echo "> Disabling ratelimit-factor" -echo "$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 0" -$PRE/unbound-control -c ub.conf set_option ratelimit-factor: 0 -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "> Activating ratelimit-backoff" -echo "$PRE/unbound-control -c ub.conf set_option ratelimit-backoff: yes" -$PRE/unbound-control -c ub.conf set_option ratelimit-backoff: yes -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -successes=0 -echo "> Three parallel queries with backoff" -# For this test we send three parallel queries. The ratelimit should be reached -# for that second. Then for the next second we again send three parallel -# queries and we expect none of them to be allowed through because of the -# backoff logic that keeps rolling the RATE_WINDOW based on demand. -for i in $(seq 1 $total_runs); do - $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - sleep 1 # Limit is reached; it should also be active for the next second - $PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 - if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 - fi - cat outfile - if test `grep "rcode: SERVFAIL" outfile | wc -l` -eq 3; then - ((successes++)) - fi - # We don't have to wait for all the runs to complete if we know - # we passed the threshold. - if test $successes -ge $success_threshold; then - break - fi -done - -if test $successes -ge $success_threshold; then - echo "three parallel queries with backoff OK" -else - echo "Number of ratelimited queries not OK for three parallel queries with backoff" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Number of ratelimited queries not OK for three parallel queries with backoff" - exit 1 -fi - -echo "> Three parallel queries after backoff RATE_WINDOW" -sleep 3 # Make sure the RATE_WINDOW is renewed -# For this test we make three parallel queries after the RATE_WINDOW has passed -# without any new demand and we expect at least one query to pass through. This -# is to check that the backoff logic does not insist on past (outside of -# RATE_WINDOW) limits. -$PRE/streamtcp -na -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN www2.example.com. A IN www3.example.com. A IN >outfile 2>&1 -if test "$?" -ne 0; then - echo "exit status not OK" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Not OK" - exit 1 -fi -cat outfile -if test `grep "rcode: NOERROR" outfile | wc -l` -gt 0; then - echo "Number of ratelimited queries OK for three parallel queries after backoff RATE_WINDOW" -else - echo "Number of ratelimited queries not OK for three parallel queries after backoff RATE_WINDOW" - echo "> cat logfiles" - cat outfile - cat unbound.log - echo "Number of ratelimited queries not OK for three parallel queries after backoff RATE_WINDOW" - exit 1 -fi -exit 0 diff --git a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.testns b/contrib/unbound/testdata/ratelimit.tdir/ratelimit.testns deleted file mode 100644 index 673bd15a598..00000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/ratelimit.testns +++ /dev/null @@ -1,13 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype -REPLY QR AA NOERROR -ADJUST copy_id copy_query -SECTION QUESTION -wild IN A -SECTION ANSWER -wild IN A 10.20.30.40 -ENTRY_END diff --git a/contrib/unbound/testdata/ratelimit.tdir/unbound_control.key b/contrib/unbound/testdata/ratelimit.tdir/unbound_control.key deleted file mode 100644 index 753a4ef6162..00000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/unbound_control.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA -1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ -F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR -ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm -vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb -IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL -cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr -lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov -15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf -LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ -Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 -YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 -whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c -lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax -tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ -U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 -Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc -Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 -ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ -1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN -b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz -ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C -TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF -tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y -aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 -A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU -LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U -R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy -7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj -7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw -jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 -BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar -kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR -qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 -VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 -MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa -C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/ratelimit.tdir/unbound_control.pem b/contrib/unbound/testdata/ratelimit.tdir/unbound_control.pem deleted file mode 100644 index a1edf7017f1..00000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/unbound_control.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw -WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA -A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv -OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj -1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl -NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht -A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ -Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB -TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ -nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My -+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj -4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 -hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU -9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn -ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ -pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD -72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ -muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP -uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/ratelimit.tdir/unbound_server.key b/contrib/unbound/testdata/ratelimit.tdir/unbound_server.key deleted file mode 100644 index 370a7bbb2f2..00000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/unbound_server.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI -0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq -GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z -uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K -WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 -FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP -q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL -A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP -7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf -XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 -iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 -2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo -MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj -WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz -O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI -IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN -qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU -dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs -bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr -YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km -7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr -gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z -5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG -ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN -oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ -s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW -zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx -ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 -oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 -BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS -mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 -kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 -7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 -RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O -jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp -O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre -MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== ------END RSA PRIVATE KEY----- diff --git a/contrib/unbound/testdata/ratelimit.tdir/unbound_server.pem b/contrib/unbound/testdata/ratelimit.tdir/unbound_server.pem deleted file mode 100644 index 986807310f2..00000000000 --- a/contrib/unbound/testdata/ratelimit.tdir/unbound_server.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 -WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB -igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 -a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 -4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot -aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 -TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ -uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 -+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz -XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx -dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW -84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 -JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca -fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg -XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF -qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 -sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD -yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe -CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== ------END CERTIFICATE----- diff --git a/contrib/unbound/testdata/rpz_clientip.rpl b/contrib/unbound/testdata/rpz_clientip.rpl deleted file mode 100644 index 78e05ad9199..00000000000 --- a/contrib/unbound/testdata/rpz_clientip.rpl +++ /dev/null @@ -1,264 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - minimal-responses: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -24.0.0.0.192.rpz-client-ip CNAME . -24.0.1.0.192.rpz-client-ip CNAME *. -24.0.2.0.192.rpz-client-ip CNAME rpz-drop. -24.0.3.0.192.rpz-client-ip CNAME rpz-passthru. -24.0.4.0.192.rpz-client-ip CNAME rpz-tcp-only. -24.0.5.0.192.rpz-client-ip A 127.0.0.1 -24.0.5.0.192.rpz-client-ip TXT "42" -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ client ip triggers - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a. IN NS -SECTION ANSWER -a. IN NS ns.a. -SECTION ADDITIONAL -ns.a IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.a. IN A -SECTION ANSWER -a.a. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.a. IN AAAA -SECTION ANSWER -a.a. IN AAAA 2001:db8::123 -ENTRY_END - -RANGE_END - -; unrelated client ip address -- passthru - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -; should be NXDOMAIN - -STEP 20 QUERY ADDRESS 192.0.0.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NXDOMAIN -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -ENTRY_END - -; should be NODATA - -STEP 30 QUERY ADDRESS 192.0.1.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -ENTRY_END - -; should be PASSTHRU - -STEP 40 QUERY ADDRESS 192.0.3.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -; should be TRUNCATED - -STEP 50 QUERY ADDRESS 192.0.4.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA TC RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -ENTRY_END - -; should not be TRUNCATED via TCP - -STEP 52 QUERY ADDRESS 192.0.4.1 -ENTRY_BEGIN -MATCH TCP -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 53 CHECK_ANSWER -ENTRY_BEGIN -MATCH all TCP -REPLY QR RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -; should be synthesized - -STEP 60 QUERY ADDRESS 192.0.5.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN A -ENTRY_END - -STEP 61 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -a.a. IN A -SECTION ANSWER -a.a. IN A 127.0.0.1 -SECTION ADDITIONAL -rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) -ENTRY_END - -; should be synthesized - -STEP 62 QUERY ADDRESS 192.0.5.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 63 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "42" -SECTION ADDITIONAL -rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) -ENTRY_END - -; should be synthesized NODATA - -STEP 64 QUERY ADDRESS 192.0.5.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN AAAA -ENTRY_END - -STEP 65 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NOERROR -SECTION QUESTION -a.a. IN AAAA -SECTION ADDITIONAL -rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) -ENTRY_END - -; should be DROPPED - -STEP 90 QUERY ADDRESS 192.0.2.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_nsdname.rpl b/contrib/unbound/testdata/rpz_nsdname.rpl deleted file mode 100644 index 1c678cc13ba..00000000000 --- a/contrib/unbound/testdata/rpz_nsdname.rpl +++ /dev/null @@ -1,390 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -ns1.gotham.aa.rpz-nsdname CNAME . -ns1.gotham.bb.rpz-nsdname CNAME *. -ns1.gotham.cc.rpz-nsdname CNAME rpz-drop. -ns1.gotham.com.rpz-nsdname CNAME rpz-passthru. -ns1.gotham.dd.rpz-nsdname CNAME rpz-tcp-only. -ns1.gotham.ff.rpz-nsdname A 127.0.0.1 -ns1.gotham.ff.rpz-nsdname TXT "42" -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 1.1.1.1 -CONFIG_END - -SCENARIO_BEGIN Test RPZ nsip triggers - -; . -------------------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 1.1.1.1 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS ns.root. -SECTION ADDITIONAL -ns.root IN A 1.1.1.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS ns1.com. -SECTION ADDITIONAL -ns1.com. IN A 8.8.8.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -aa. IN A -SECTION AUTHORITY -aa. IN NS ns1.aa. -SECTION ADDITIONAL -ns1.aa. IN A 8.8.0.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -bb. IN A -SECTION AUTHORITY -bb. IN NS ns1.bb. -SECTION ADDITIONAL -ns1.bb. IN A 8.8.1.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -cc. IN A -SECTION AUTHORITY -cc. IN NS ns1.cc. -SECTION ADDITIONAL -ns1.cc. IN A 8.8.2.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -dd. IN A -SECTION AUTHORITY -dd. IN NS ns1.dd. -SECTION ADDITIONAL -ns1.dd. IN A 8.8.3.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -ee. IN A -SECTION AUTHORITY -ee. IN NS ns1.ee. -SECTION ADDITIONAL -ns1.ee. IN A 8.8.5.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -ff. IN A -SECTION AUTHORITY -ff. IN NS ns1.ff. -SECTION ADDITIONAL -ns1.ff. IN A 8.8.6.8 -ENTRY_END - -RANGE_END - -; com. ----------------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 8.8.8.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS ns1.com. -SECTION ADDITIONAL -ns1.com. IN A 8.8.8.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION AUTHORITY -gotham.com. IN NS ns1.gotham.com. -SECTION ADDITIONAL -ns1.gotham.com. IN A 192.0.6.1 -ENTRY_END - -RANGE_END - -; aa. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.0.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -aa. IN NS -SECTION ANSWER -aa. IN NS ns1.aa. -SECTION ADDITIONAL -ns1.aa. IN A 8.8.0.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.aa. IN A -SECTION AUTHORITY -gotham.aa. IN NS ns1.gotham.aa. -SECTION ADDITIONAL -ns1.gotham.aa. IN A 192.0.0.1 -ENTRY_END - -RANGE_END - -; bb. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.1.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -bb. IN NS -SECTION ANSWER -bb. IN NS ns1.bb. -SECTION ADDITIONAL -ns1.bb. IN A 8.8.1.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION AUTHORITY -gotham.bb. IN NS ns1.gotham.bb. -SECTION ADDITIONAL -ns1.gotham.bb. IN A 192.0.1.1 -ENTRY_END - -RANGE_END - -; ff. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.6.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ff. IN NS -SECTION ANSWER -ff. IN NS ns1.ff. -SECTION ADDITIONAL -ns1.ff. IN A 8.8.6.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION AUTHORITY -gotham.ff. IN NS ns1.gotham.ff. -SECTION ADDITIONAL -ns1.gotham.ff. IN A 192.0.5.1 -ENTRY_END - -RANGE_END - -; ns1.gotham.com. ------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 192.0.6.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION ANSWER -gotham.com. IN A 192.0.6.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.aa. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.0.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.aa. IN A -SECTION ANSWER -gotham.aa. IN A 192.0.0.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.bb. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.1.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION ANSWER -gotham.bb. IN A 192.0.1.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.ff. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.5.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION ANSWER -gotham.ff. IN A 192.0.5.2 -ENTRY_END - -RANGE_END - -; ---------------------------------------------------------------------------- - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.com. IN A -ENTRY_END - -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION ANSWER -gotham.com. IN A 192.0.6.2 -ENTRY_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.aa. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NXDOMAIN -SECTION QUESTION -gotham.aa. IN A -SECTION ANSWER -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.bb. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.ff. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION ANSWER -gotham.ff. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_nsip.rpl b/contrib/unbound/testdata/rpz_nsip.rpl deleted file mode 100644 index 34dbd9fef81..00000000000 --- a/contrib/unbound/testdata/rpz_nsip.rpl +++ /dev/null @@ -1,408 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.gotham.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -24.0.0.0.192.rpz-nsip CNAME . -24.0.1.0.192.rpz-nsip CNAME *. -24.0.2.0.192.rpz-nsip CNAME rpz-drop. -24.0.3.0.192.rpz-nsip CNAME rpz-passthru. -24.0.4.0.192.rpz-nsip CNAME rpz-tcp-only. -24.0.5.0.192.rpz-nsip A 127.0.0.1 -24.0.5.0.192.rpz-nsip TXT "42" -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 1.1.1.1 -CONFIG_END - -SCENARIO_BEGIN Test RPZ nsip triggers - -; . -------------------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 1.1.1.1 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS ns.root. -SECTION ADDITIONAL -ns.root IN A 1.1.1.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS ns1.com. -SECTION ADDITIONAL -ns1.com. IN A 8.8.8.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -aa. IN A -SECTION AUTHORITY -aa. IN NS ns1.aa. -SECTION ADDITIONAL -ns1.aa. IN A 8.8.0.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -bb. IN A -SECTION AUTHORITY -bb. IN NS ns1.bb. -SECTION ADDITIONAL -ns1.bb. IN A 8.8.1.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -cc. IN A -SECTION AUTHORITY -cc. IN NS ns1.cc. -SECTION ADDITIONAL -ns1.cc. IN A 8.8.2.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -dd. IN A -SECTION AUTHORITY -dd. IN NS ns1.dd. -SECTION ADDITIONAL -ns1.dd. IN A 8.8.3.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -ee. IN A -SECTION AUTHORITY -ee. IN NS ns1.ee. -SECTION ADDITIONAL -ns1.ee. IN A 8.8.5.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -ff. IN A -SECTION AUTHORITY -ff. IN NS ns1.ff. -SECTION ADDITIONAL -ns1.ff. IN A 8.8.6.8 -ENTRY_END - -RANGE_END - -; com. ----------------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 8.8.8.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS ns1.com. -SECTION ADDITIONAL -ns1.com. IN A 8.8.8.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION AUTHORITY -gotham.com. IN NS ns1.gotham.com. -SECTION ADDITIONAL -ns1.gotham.com. IN A 192.0.6.1 -ENTRY_END - -RANGE_END - -; aa. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.0.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -aa. IN NS -SECTION ANSWER -aa. IN NS ns1.aa. -SECTION ADDITIONAL -ns1.aa. IN A 8.8.0.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.aa. IN A -SECTION AUTHORITY -gotham.aa. IN NS ns1.gotham.aa. -SECTION ADDITIONAL -ns1.gotham.aa. IN A 192.0.0.1 -ENTRY_END - -RANGE_END - -; bb. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.1.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -bb. IN NS -SECTION ANSWER -bb. IN NS ns1.bb. -SECTION ADDITIONAL -ns1.bb. IN A 8.8.1.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION AUTHORITY -gotham.bb. IN NS ns1.gotham.bb. -SECTION ADDITIONAL -ns1.gotham.bb. IN A 192.0.1.1 -ENTRY_END - -RANGE_END - -; ff. ------------------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 8.8.6.8 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ff. IN NS -SECTION ANSWER -ff. IN NS ns1.ff. -SECTION ADDITIONAL -ns1.ff. IN A 8.8.6.8 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION AUTHORITY -gotham.ff. IN NS ns1.gotham.ff. -SECTION ADDITIONAL -ns1.gotham.ff. IN A 192.0.5.1 -ENTRY_END - -RANGE_END - -; ns1.gotham.com. ------------------------------------------------------------ -RANGE_BEGIN 0 100 - ADDRESS 192.0.6.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION ANSWER -gotham.com. IN A 192.0.6.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.aa. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.0.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.aa. IN A -SECTION ANSWER -gotham.aa. IN A 192.0.0.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.bb. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.1.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION ANSWER -gotham.bb. IN A 192.0.1.2 -ENTRY_END - -RANGE_END - -; ns1.gotham.ff. ------------------------------------------------------------- -RANGE_BEGIN 0 100 - ADDRESS 192.0.5.1 - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION ANSWER -gotham.ff. IN A 192.0.5.2 -ENTRY_END - -RANGE_END - -; ---------------------------------------------------------------------------- - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.com. IN A -ENTRY_END - -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -gotham.com. IN A -SECTION ANSWER -gotham.com. IN A 192.0.6.2 -ENTRY_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.aa. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD RA NXDOMAIN -SECTION QUESTION -gotham.aa. IN A -SECTION ANSWER -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.bb. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -gotham.bb. IN A -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.ff. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION ANSWER -gotham.ff. IN A 127.0.0.1 -ENTRY_END - -; again with more cache items -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -gotham.ff. IN A -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NOERROR -SECTION QUESTION -gotham.ff. IN A -SECTION ANSWER -gotham.ff. IN A 127.0.0.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_passthru.rpl b/contrib/unbound/testdata/rpz_passthru.rpl deleted file mode 100644 index 5c855754769..00000000000 --- a/contrib/unbound/testdata/rpz_passthru.rpl +++ /dev/null @@ -1,154 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-log: yes - rpz-log-name: "rpz.example.com" - rpz-action-override: passthru - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -c.a TXT "local data 1st zone" -d.a A 127.0.0.1 -TEMPFILE_END - -rpz: - name: "wl.example.com." - rpz-log: yes - rpz-log-name: "wl.example.com" - zonefile: -TEMPFILE_NAME wl.example.com -TEMPFILE_CONTENTS wl.example.com -$ORIGIN example.com. -wl 3600 IN SOA ns1.wl.example.com. hostmaster.wl.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.wl.example.com. - 3600 IN NS ns2.wl.example.com. -$ORIGIN wl.example.com. -e.a CNAME rpz-passthru. -TEMPFILE_END - -rpz: - name: "rpz2.example.com." - rpz-log: yes - rpz-log-name: "rpz2.example.com" - rpz-action-override: nxdomain - zonefile: -TEMPFILE_NAME rpz2.example.com -TEMPFILE_CONTENTS rpz2.example.com -$ORIGIN example.com. -rpz2 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz2.example.com. -c.a TXT "local data 2nd zone" -24.0.5.0.192.rpz-client-ip A 127.0.0.1 -24.0.5.0.192.rpz-client-ip TXT "clientip 2nd zone" -24.0.3.2.1.rpz-ip A 127.0.0.2 -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ passthru ends processing for later triggers. - -; a. -RANGE_BEGIN 0 1000 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c.a. IN TXT -SECTION ANSWER -c.a. IN TXT "answer from upstream ns" -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -d.a. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -e.a. IN A -SECTION ANSWER -e.a. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -STEP 10 QUERY ADDRESS 192.0.5.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -c.a. IN TXT -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -c.a. IN TXT -SECTION ANSWER -c.a. IN TXT "answer from upstream ns" -ENTRY_END - -STEP 20 QUERY ADDRESS 192.0.2.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.a. IN A -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -d.a. IN A -SECTION ANSWER -d.a. IN A 1.2.3.4 -ENTRY_END - -STEP 30 QUERY ADDRESS 192.0.2.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -e.a. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -e.a. IN A -SECTION ANSWER -e.a. IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_qname_tcponly.rpl b/contrib/unbound/testdata/rpz_qname_tcponly.rpl deleted file mode 100644 index d30b8861622..00000000000 --- a/contrib/unbound/testdata/rpz_qname_tcponly.rpl +++ /dev/null @@ -1,117 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - -rpz: - name: "rpz.example.com." - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -a.a CNAME rpz-passthru. -b.a CNAME rpz-tcp-only. -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ qname trigger and tcp-only action - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a. IN NS -SECTION ANSWER -a. IN NS ns.a. -SECTION ADDITIONAL -ns.a IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -b.a. IN TXT -SECTION ANSWER -b.a. IN TXT "upstream txt rr b.a." -ENTRY_END - -RANGE_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -STEP 20 QUERY -ENTRY_BEGIN -MATCH UDP -REPLY RD -SECTION QUESTION -b.a. IN TXT -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all UDP -REPLY QR AA TC RD RA NOERROR -SECTION QUESTION -b.a. IN TXT -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -MATCH TCP -REPLY RD -SECTION QUESTION -b.a. IN TXT -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all TCP -REPLY QR RD RA NOERROR -SECTION QUESTION -b.a. IN TXT -SECTION ANSWER -b.a. IN TXT "upstream txt rr b.a." -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_respip_tcponly.rpl b/contrib/unbound/testdata/rpz_respip_tcponly.rpl deleted file mode 100644 index c495de2038a..00000000000 --- a/contrib/unbound/testdata/rpz_respip_tcponly.rpl +++ /dev/null @@ -1,207 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - -rpz: - name: "rpz.example.com." - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -8.0.0.0.10.rpz-ip CNAME *. -16.0.0.10.10.rpz-ip CNAME . -24.0.10.10.10.rpz-ip CNAME rpz-drop. -32.10.10.10.10.rpz-ip CNAME rpz-passthru. -32.1.1.1.10.rpz-ip CNAME rpz-tcp-only. -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ response IP address trigger and tcp-only action - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS ns. -SECTION ADDITIONAL -ns. IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a. IN A -SECTION ANSWER -a. IN A 10.0.0.123 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -b. IN A -SECTION ANSWER -b. IN A 10.1.0.123 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c. IN A -SECTION ANSWER -c. IN A 10.11.0.123 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -d. IN A -SECTION ANSWER -d. IN A 10.10.0.123 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -f. IN A -SECTION ANSWER -f. IN A 10.10.10.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -y. IN A -SECTION ANSWER -y. IN A 10.1.1.1 -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a. IN A -ENTRY_END - -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -a. IN A -SECTION ANSWER -ENTRY_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -b. IN A -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -b. IN A -SECTION ANSWER -ENTRY_END - -STEP 13 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d. IN A -ENTRY_END - -STEP 14 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NXDOMAIN -SECTION QUESTION -d. IN A -SECTION ANSWER -ENTRY_END - -STEP 17 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -f. IN A -ENTRY_END - -STEP 18 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -f. IN A -SECTION ANSWER -f. IN A 10.10.10.10 -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -y. IN A -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR TC RD RA NOERROR -SECTION QUESTION -y. IN A -SECTION ANSWER -ENTRY_END - -STEP 40 QUERY -ENTRY_BEGIN -MATCH TCP -REPLY RD -SECTION QUESTION -y. IN A -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all TCP -REPLY QR RD RA NOERROR -SECTION QUESTION -y. IN A -SECTION ANSWER -y. IN A 10.1.1.1 -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_rootwc.rpl b/contrib/unbound/testdata/rpz_rootwc.rpl deleted file mode 100644 index 1fb94a1439f..00000000000 --- a/contrib/unbound/testdata/rpz_rootwc.rpl +++ /dev/null @@ -1,162 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - -rpz: - name: "rpz.example.com." - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -a CNAME . -a CNAME *. ; duplicate CNAME here on purpose -*.a TXT "wildcard local data" -* CNAME . -b.a CNAME *. -c.a CNAME rpz-passthru. -TEMPFILE_END - -rpz: - name: "rpz2.example.com." - zonefile: -TEMPFILE_NAME rpz2.example.com -TEMPFILE_CONTENTS rpz2.example.com -$ORIGIN example.com. -rpz2 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz2.example.com. -a TXT "local data 2nd zone" -d TXT "local data 2nd zone" -e CNAME *.a.example. -*.e CNAME *.b.example. -drop CNAME rpz-drop. -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -stub-zone: - name: "example." - stub-addr: 10.20.30.50 -CONFIG_END - -SCENARIO_BEGIN Test RPZ QNAME trigger for root wildcard. - -; a. -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a. IN NS -SECTION ANSWER -a. IN NS ns.a. -SECTION ADDITIONAL -ns.a IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c.a. IN TXT -SECTION ANSWER -c.a. IN TXT "answer from upstream ns" -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -x.b.a. IN TXT -SECTION ANSWER -x.b.a. IN TXT "answer from upstream ns" -ENTRY_END - -RANGE_END - -; example. -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.50 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example. IN NS -SECTION ANSWER -example. IN NS ns.example. -SECTION ADDITIONAL -ns.example IN A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -e.a.example. IN TXT -SECTION ANSWER -e.a.example. IN TXT "e.a.example. answer from upstream ns" -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -something.e.b.example. IN TXT -SECTION ANSWER -something.e.b.example. IN TXT "*.b.example. answer from upstream ns" -ENTRY_END - -RANGE_END - -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -x. IN TXT -ENTRY_END - -; wildcard deny all -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NXDOMAIN -SECTION QUESTION -x. IN TXT -SECTION ANSWER -ENTRY_END - -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -y.tld. IN TXT -ENTRY_END - -; wildcard deny all -STEP 40 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AA NXDOMAIN -SECTION QUESTION -y.tld. IN TXT -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/rpz_signal_nxdomain_ra.rpl b/contrib/unbound/testdata/rpz_signal_nxdomain_ra.rpl deleted file mode 100644 index b89498cf962..00000000000 --- a/contrib/unbound/testdata/rpz_signal_nxdomain_ra.rpl +++ /dev/null @@ -1,254 +0,0 @@ -; config options -server: - module-config: "respip validator iterator" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: no - access-control: 192.0.0.0/8 allow - -rpz: - name: "rpz.example.com." - rpz-signal-nxdomain-ra: yes - zonefile: -TEMPFILE_NAME rpz.example.com -TEMPFILE_CONTENTS rpz.example.com -$ORIGIN example.com. -rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( - 1379078166 28800 7200 604800 7200 ) - 3600 IN NS ns1.rpz.example.com. - 3600 IN NS ns2.rpz.example.com. -$ORIGIN rpz.example.com. -a.a CNAME . -b.a CNAME . -ns1.a.rpz-nsdname CNAME . -24.0.0.0.192.rpz-nsip CNAME . -24.0.3.0.192.rpz-client-ip CNAME . -TEMPFILE_END - -stub-zone: - name: "a." - stub-addr: 10.20.30.40 -CONFIG_END - -SCENARIO_BEGIN Test RPZ qname trigger and signal NXDOMAIN with unset RA. - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.40 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a. IN NS -SECTION ANSWER -a. IN NS ns.a. -SECTION ADDITIONAL -ns.a IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -a.a. IN TXT "upstream txt rr a.a." -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -b.a. IN TXT -SECTION ANSWER -b.a. IN TXT "upstream txt rr b.a." -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -c.a. IN TXT -SECTION ANSWER -c.a. IN CNAME b.a -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -d.a. IN NS -SECTION ANSWER -SECTION AUTHORITY -d.a. IN NS ns1.a. -SECTION ADDITIONAL -ns1.a. IN A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -e.a. IN NS -SECTION ANSWER -SECTION AUTHORITY -e.a. IN NS ns2.a. -SECTION ADDITIONAL -ns2.a. IN A 192.0.0.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -f.a. IN TXT -SECTION ANSWER -f.a. IN TXT "upstream txt rr f.a." -ENTRY_END - -RANGE_END - -RANGE_BEGIN 0 100 - ADDRESS 10.20.30.50 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -d.a. IN NS -SECTION ANSWER -d.a. IN NS ns1.a. -SECTION ADDITIONAL -ns1.a. IN A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -d.d.a. IN TXT -SECTION ANSWER -d.d.a. IN TXT "upstream answer for d.d.a" -ENTRY_END - -RANGE_END - -RANGE_BEGIN 0 100 - ADDRESS 192.0.0.5 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -e.a. IN NS -SECTION ANSWER -e.a. IN NS ns2.a. -SECTION ADDITIONAL -ns2.a. IN A 192.0.0.5 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -e.e.a. IN TXT -SECTION ANSWER -e.e.a. IN TXT "upstream answer for e.e.a" -ENTRY_END - -RANGE_END - -; qname trigger -STEP 10 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -a.a. IN TXT -ENTRY_END - -STEP 11 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD AA NXDOMAIN -SECTION QUESTION -a.a. IN TXT -SECTION ANSWER -ENTRY_END - -; qname trigger after cname -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -c.a. IN TXT -ENTRY_END - -STEP 21 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD AA NXDOMAIN -SECTION QUESTION -c.a. IN TXT -SECTION ANSWER -c.a. IN CNAME b.a -ENTRY_END - -; nsdname trigger -STEP 30 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -d.d.a. IN TXT -ENTRY_END - -STEP 31 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD AA NXDOMAIN -SECTION QUESTION -d.d.a. IN TXT -SECTION ANSWER -ENTRY_END - -; nsip trigger -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -e.e.a. IN TXT -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD AA NXDOMAIN -SECTION QUESTION -e.e.a. IN TXT -SECTION ANSWER -ENTRY_END - -; clientip trigger -STEP 50 QUERY ADDRESS 192.0.3.1 -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -f.a. IN TXT -ENTRY_END - -STEP 51 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR AA RD NXDOMAIN -SECTION QUESTION -f.a. IN TXT -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.conf b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.conf deleted file mode 100644 index d57c787b154..00000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.conf +++ /dev/null @@ -1,19 +0,0 @@ -server: - verbosity: 2 - # num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no -stub-zone: - name: "tcp.example.com" - stub-addr: "127.0.0.1@@TOPORT@" - stub-tcp-upstream: "yes" -stub-zone: - name: "udp.example.com" - stub-addr: "127.0.0.1@@TOPORT@" - stub-tcp-upstream: "no" \ No newline at end of file diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.dsc b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.dsc deleted file mode 100644 index 526ff67f98f..00000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: stub_udp_with_tcp_upstream -Version: 1.0 -Description: Stub server contacted via UDP with tcp upstream. -CreationDate: Thu Aug 5 07:44:41 CEST 2021 -Maintainer: ziollek -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: stub_udp_with_tcp_upstream.pre -Post: stub_udp_with_tcp_upstream.post -Test: stub_udp_with_tcp_upstream.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.post b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.post deleted file mode 100644 index c804b6c46d6..00000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.post +++ /dev/null @@ -1,10 +0,0 @@ -# #-- stub_udp_with_tcp_upstream.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -kill_pid $FWD_PID -kill_pid $UNBOUND_PID diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.pre b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.pre deleted file mode 100644 index 2bca63b9d56..00000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.pre +++ /dev/null @@ -1,35 +0,0 @@ -# #-- stub_udp_with_tcp_upstream.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test -. ../common.sh - -get_random_port 2 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT stub_udp_with_tcp_upstream.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < stub_udp_with_tcp_upstream.conf > ub.conf -# start unbound in the background -PRE="../.." -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test - -# wait for forwarder to come up -wait_ldns_testns_up fwd.log - -# wait for unbound to come up -wait_unbound_up unbound.log - diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.test b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.test deleted file mode 100644 index 43591ac16c0..00000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.test +++ /dev/null @@ -1,37 +0,0 @@ -# #-- stub_udp_with_tcp_upstream.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -# do the test -echo "> dig tcp.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT tcp.example.com. | tee outfile -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> check answer" -if grep "10.20.30.40" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - - -# check if second stub is requested via udp -echo "> dig udp.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT udp.example.com. | tee outfile -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> check answer" -if grep "10.20.30.80" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.testns b/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.testns deleted file mode 100644 index f2155414e04..00000000000 --- a/contrib/unbound/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.testns +++ /dev/null @@ -1,48 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -MATCH TCP -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -tcp IN A -SECTION ANSWER -tcp IN A 10.20.30.40 -SECTION AUTHORITY -@ IN NS ns.example.com. -SECTION ADDITIONAL -ns IN A 127.0.0.1 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -MATCH UDP -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -udp IN A -SECTION ANSWER -udp IN A 10.20.30.80 -SECTION AUTHORITY -@ IN NS ns.example.com. -SECTION ADDITIONAL -ns IN A 127.0.0.1 -ENTRY_END - -; root prime -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS root.server. -SECTION AUTHORITY -SECTION ADDITIONAL -root.server. IN A 127.0.0.1 -ENTRY_END - diff --git a/contrib/unbound/testdata/subnet_prefetch.crpl b/contrib/unbound/testdata/subnet_prefetch.crpl deleted file mode 100644 index 7083aba6a56..00000000000 --- a/contrib/unbound/testdata/subnet_prefetch.crpl +++ /dev/null @@ -1,215 +0,0 @@ -; Check if the prefetch option works properly for messages stored in the global -; cache for non-ECS clients. The prefetch query needs to result in an ECS -; outgoing query based on the client's IP. - -server: - trust-anchor-signaling: no - target-fetch-policy: "0 0 0 0 0" - send-client-subnet: 1.2.3.4 - max-client-subnet-ipv4: 21 - module-config: "subnetcache iterator" - verbosity: 3 - access-control: 127.0.0.1 allow_snoop - qname-minimisation: no - minimal-responses: no - serve-expired: yes - prefetch: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test prefetch option for global cache - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - . IN NS - SECTION ANSWER - . IN NS K.ROOT-SERVERS.NET. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - K.ROOT-SERVERS.NET. IN A 193.0.14.129 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - com. IN NS - SECTION ANSWER - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 10 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 10 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 11 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id copy_ednsdata_assume_clientsubnet - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 07 ; option length - 00 01 ; Family - 15 00 ; source mask, scopemask - 7f 00 00 ; address - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This answer should be in the global cache -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -; Try to trigger a prefetch -STEP 3 TIME_PASSES ELAPSE 11 - -STEP 11 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This expired record came from the cache and a prefetch is triggered -STEP 12 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3589 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 3589 IN A 1.2.3.4 -ENTRY_END - -; Allow upstream to reply to the prefetch query. -; It can only be answered if correct ECS was derived from the client's IP. -; Otherwise the test will fail with "messages pending". -STEP 13 TRAFFIC - -SCENARIO_END diff --git a/contrib/unbound/testdata/subnet_prefetch_with_client_ecs.crpl b/contrib/unbound/testdata/subnet_prefetch_with_client_ecs.crpl deleted file mode 100644 index b0410255e85..00000000000 --- a/contrib/unbound/testdata/subnet_prefetch_with_client_ecs.crpl +++ /dev/null @@ -1,221 +0,0 @@ -; Check if the prefetch option works properly for messages stored in the global -; cache for ECS clients. The prefetch query needs to result in an ECS -; outgoing query using the client's ECS data. - -server: - trust-anchor-signaling: no - target-fetch-policy: "0 0 0 0 0" - send-client-subnet: 1.2.3.4 - max-client-subnet-ipv4: 21 - module-config: "subnetcache iterator" - verbosity: 3 - access-control: 127.0.0.1 allow_snoop - qname-minimisation: no - minimal-responses: no - serve-expired: yes - prefetch: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test prefetch option for global cache - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - . IN NS - SECTION ANSWER - . IN NS K.ROOT-SERVERS.NET. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - K.ROOT-SERVERS.NET. IN A 193.0.14.129 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - com. IN NS - SECTION ANSWER - com. IN NS a.gtld-servers.net. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - a.gtld-servers.net. IN A 192.5.6.30 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 10 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 10 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 11 100 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ;; we expect to receive empty - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname ednsdata - ADJUST copy_id copy_ednsdata_assume_clientsubnet - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - HEX_EDNSDATA_BEGIN - ; client is 127.0.0.1 - 00 08 ; OPC - 00 05 ; option length - 00 01 ; Family - 08 00 ; source mask, scopemask - 7f ; address - HEX_EDNSDATA_END - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; This answer should be in the global cache -STEP 2 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -; Try to trigger a prefetch -STEP 3 TIME_PASSES ELAPSE 11 - -STEP 11 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -SECTION ADDITIONAL -HEX_EDNSDATA_BEGIN - 00 08 00 05 ; OPC, optlen - 00 01 08 00 ; ip4, source 8, scope 0 - 7f ; 127.0.0.0/8 -HEX_EDNSDATA_END -ENTRY_END - -; This expired record came from the cache and a prefetch is triggered -STEP 12 CHECK_ANSWER -ENTRY_BEGIN -MATCH all ttl -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. 30 IN A 10.20.30.40 -SECTION AUTHORITY -example.com. 3589 IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. 3589 IN A 1.2.3.4 -ENTRY_END - -; Allow upstream to reply to the prefetch query. -; It can only be answered if correct ECS was derived from the client's IP. -; Otherwise the test will fail with "messages pending". -STEP 13 TRAFFIC - -SCENARIO_END diff --git a/contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone b/contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone deleted file mode 100644 index 53c89c735ba..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/crypto.cloudflare.com.zone +++ /dev/null @@ -1,9 +0,0 @@ -crypto.cloudflare.com. 3600 IN SOA jobs.ns.cloudflare.com. dns.cloudflare.com. ( - 2037099480 ; serial - 10000 ; refresh (2 hours 46 minutes 40 seconds) - 2400 ; retry (40 minutes) - 604800 ; expire (1 week) - 3600 ; minimum (1 hour) - ) -crypto.cloudflare.com. 300 IN HTTPS 1 . alpn=h2 ipv4hint=162.159.135.79,162.159.136.79 echconfig=AEj+CgBETwAgACDeVpr34JzYHDGNFoGWhksj5mpBxradonbqH3X9+h7jHgAEAAEAAQAAABNjbG91ZGZsYXJlLWVzbmkuY29tAAA= ipv6hint=2606:4700:7::a29f:874f,2606:4700:7::a29f:884f - diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.dsc b/contrib/unbound/testdata/svcb.tdir/svcb.dsc deleted file mode 100644 index 6eae7638e9b..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: svcb -Version: 1.0 -Description: Test SVCB and HTTPS parsing -CreationDate: Fri May 25 12:51:22 UTC 2021 -Maintainer: Tom Carpay -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: -Post: -Test: svcb.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01 b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01 deleted file mode 100644 index c60151692ee..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-01 +++ /dev/null @@ -1,9 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; Here there are multiple instances of the same SvcParamKey in the mandatory list - -f21 HTTPS 1 foo.example.com. ech="123" -f21 HTTPS 1 foo.example.com. echconfig="123" diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02 b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02 deleted file mode 100644 index 9d6f0186d53..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-02 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; Port must be a positive number < 65536 - -f22 HTTPS 1 foo.example.com. port=65536 diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03 b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03 deleted file mode 100644 index bb819daae31..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-03 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; 65 SvcParams is too many SvcParams; the limit is 64 - -f23 HTTPS 1 foo.example.com. ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a key165=a ) \ No newline at end of file diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04 b/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04 deleted file mode 100644 index ae02ac417b1..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.failure-cases-04 +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN failure-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - -; 256 is too many characters for an alpn; maximum is 255 - -f23 HTTPS 1 foo.example.com. ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) \ No newline at end of file diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone b/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone deleted file mode 100644 index 5d6339542f6..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone +++ /dev/null @@ -1,47 +0,0 @@ -$ORIGIN success-cases. -$TTL 3600 - -@ SOA primary admin 0 0 0 0 0 - - -; A particular key does not need to have a value - -s01 SVCB 0 . key123 - - -; echconfig does not need to have a value - -s02 SVCB 0 . echconfig - - -; When "no-default-alpn" is specified in an RR, "alpn" must also be specified -; in order for the RR to be "self-consistent" - -s03 HTTPS 0 . alpn="h2,h3" no-default-alpn - - -; SHOULD is not MUST (so allowed) -; Zone-file implementations SHOULD enforce self-consistency - -s04 HTTPS 0 . no-default-alpn - - -; SHOULD is not MUST (so allowed) -; (port and no-default-alpn are automatically mandatory keys with HTTPS) -; Other automatically mandatory keys SHOULD NOT appear in the list either. - -s05 HTTPS 0 . alpn="dot" no-default-alpn port=853 mandatory=port - -; Any valid base64 is okay for ech -s06 HTTPS 0 . ech="aGVsbG93b3JsZCE=" - -; echconfig is an alias for ech -s07 HTTPS 0 . echconfig="aGVsbG93b3JsZCE=" - -; maximum size allowed in a svcb rdata set (63 SvcParams) - -s08 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a) - -; maximum alpn size allowed (255 characters) - -s09 HTTPS 0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp b/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp deleted file mode 100644 index e504e7b18ad..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.success-cases.zone.cmp +++ /dev/null @@ -1,10 +0,0 @@ -success-cases. 3600 IN SOA primary.success-cases. admin.success-cases. 0 0 0 0 0 -s01.success-cases. 3600 IN SVCB 0 . key123 -s02.success-cases. 3600 IN SVCB 0 . ech -s03.success-cases. 3600 IN HTTPS 0 . alpn="h2,h3" no-default-alpn -s04.success-cases. 3600 IN HTTPS 0 . no-default-alpn -s05.success-cases. 3600 IN HTTPS 0 . mandatory=port alpn="dot" no-default-alpn port=853 -s06.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" -s07.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" -s08.success-cases. 3600 IN HTTPS 0 . key11="a" key12="a" key13="a" key14="a" key15="a" key16="a" key17="a" key18="a" key19="a" key110="a" key111="a" key112="a" key113="a" key114="a" key115="a" key116="a" key117="a" key118="a" key119="a" key120="a" key121="a" key122="a" key123="a" key124="a" key125="a" key126="a" key127="a" key128="a" key129="a" key130="a" key131="a" key132="a" key133="a" key134="a" key135="a" key136="a" key137="a" key138="a" key139="a" key140="a" key141="a" key142="a" key143="a" key144="a" key145="a" key146="a" key147="a" key148="a" key149="a" key150="a" key151="a" key152="a" key153="a" key154="a" key155="a" key156="a" key157="a" key158="a" key159="a" key160="a" key161="a" key162="a" key163="a" -s09.success-cases. 3600 IN HTTPS 0 . alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.test b/contrib/unbound/testdata/svcb.tdir/svcb.test deleted file mode 100644 index 17330e08fde..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.test +++ /dev/null @@ -1,97 +0,0 @@ -# #-- svcb.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - - -# check and write the test vectors in their respective formats -PRE=../.. -if ! $PRE/readzone svcb.test-vectors-pf.zone > svcb.test-vectors-pf.zone.out -then - echo "Could not parse presentation format zone" - exit 1 - -elif ! $PRE/readzone svcb.test-vectors-pf.zone.out > svcb.test-vectors-pf.zone.out.out -then - echo "Could not parse output from presentation format zone" - exit 1 - -elif ! $PRE/readzone svcb.test-vectors-wf.zone > svcb.test-vectors-wf.zone.out -then - echo "Could not parse RFC3597 formatted zone" - exit 1 - -elif ! $PRE/readzone svcb.test-vectors-wf.zone.out > svcb.test-vectors-wf.zone.out.out -then - echo "Could not parse output from RFC3597 formatted zone" - exit 1 -else - echo "All test zones parsed successfully" -fi - - -# check the formatting of the written files -if ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-pf.zone.out.out -then - echo "Parsing inconsistency 1" - exit 1 - -elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out -then - echo "Parsing inconsistency 2" - exit 1 - -elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out.out -then - echo "Parsing inconsistency 3" - exit 1 -else - echo "Parsing of SVCB and HTTPS was consistent" -fi - - -# check all the failure cases -if $PRE/readzone svcb.failure-cases-01 -then - echo "Failure case 01: ech value is not base64 encoded" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-02 -then - echo "Failure case 02: port value needs to be a positive integer < 65536" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-03 -then - echo "Failure case 02: 65 SvcParams is too many SvcParams; the limit is 64" - echo "Incorrectly succeeded" - exit 1 - -elif $PRE/readzone svcb.failure-cases-04 -then - echo "Failure case 04: 256 is too many characters for an alpn; maximum is 255" - echo "Incorrectly succeeded" - exit 1 -else - echo "All failure cases test successfully" -fi - - -# check all the success and write them -if ! $PRE/readzone svcb.success-cases.zone > svcb.success-cases.zone.out -then - echo "Some particular success cases did not succeed to parse" - exit 1 - -elif ! diff svcb.success-cases.zone.out svcb.success-cases.zone.cmp -then - echo "Some success cases could not be printed" - exit 1 -else - echo "All particular success cases parsed and printed successfully" -fi - - diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone b/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone deleted file mode 100644 index d2cb5087bf9..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-pf.zone +++ /dev/null @@ -1,92 +0,0 @@ -$ORIGIN test-vectors. -$TTL 3600 - -@ SOA primary admin 1 3600 1800 7200 3600 - - NS primary -primary A 127.0.0.1 -; D.1. AliasForm - -v01 SVCB 0 foo.example.com. - -; D.2. ServiceForm -; The first form is the simple "use the ownername". - -v02 SVCB 1 . - -; This vector only has a port. - -v03 SVCB 16 foo.example.com. port=53 - -; This example has a key that is not registered, its value is unquoted. - -v04 SVCB 1 foo.example.com. key667=hello - -; This example has a key that is not registered, its value is quoted and -; contains a decimal-escaped character. - -v05 SVCB 1 foo.example.com. key667="hello\210qoo" - -; Here, two IPv6 hints are quoted in the presentation format. - -v06 SVCB 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1" - -; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. - -v07 SVCB 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100" - -; In the next vector, neither the SvcParamValues nor the mandatory keys are -; sorted in presentation format, but are correctly sorted in the wire-format. - -v08 SVCB 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn - ipv4hint=192.0.2.1) - -; This last (two) vectors has an alpn value with an escaped comma and an -; escaped backslash in two presentation formats. - -v09 SVCB 16 foo.example.org. alpn="f\\\\oo\\,bar,h2" -v10 SVCB 16 foo.example.org. alpn=f\\\092oo\092,bar,h2 - - -; D.1. AliasForm - -v11 HTTPS 0 foo.example.com. - -; D.2. ServiceForm -; The first form is the simple "use the ownername". - -v12 HTTPS 1 . - -; This vector only has a port. - -v13 HTTPS 16 foo.example.com. port=53 - -; This example has a key that is not registered, its value is unquoted. - -v14 HTTPS 1 foo.example.com. key667=hello - -; This example has a key that is not registered, its value is quoted and -; contains a decimal-escaped character. - -v15 HTTPS 1 foo.example.com. key667="hello\210qoo" - -; Here, two IPv6 hints are quoted in the presentation format. - -v16 HTTPS 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1" - -; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. - -v17 HTTPS 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100" - -; In the next vector, neither the SvcParamValues nor the mandatory keys are -; sorted in presentation format, but are correctly sorted in the wire-format. - -v18 HTTPS 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn - ipv4hint=192.0.2.1) - -; This last (two) vectors has an alpn value with an escaped comma and an -; escaped backslash in two presentation formats. - -v19 HTTPS 16 foo.example.org. alpn="f\\\\oo\\,bar,h2" -v20 HTTPS 16 foo.example.org. alpn=f\\\092oo\092,bar,h2 - diff --git a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone b/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone deleted file mode 100644 index bf47ab75c59..00000000000 --- a/contrib/unbound/testdata/svcb.tdir/svcb.test-vectors-wf.zone +++ /dev/null @@ -1,232 +0,0 @@ -$ORIGIN test-vectors. -$TTL 3600 - -@ SOA primary admin 1 3600 1800 7200 3600 - - NS primary -primary A 127.0.0.1 - -; D.1. AliasForm - -v01 SVCB \# 19 ( -00 00 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -) - -; D.2. ServiceForm -; The first form is the simple "use the ownername". - -v02 SVCB \# 3 ( -00 01 ; priority -00 ; target (root label) -) - -; This vector only has a port. - -v03 SVCB \# 25 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 03 ; key 3 -00 02 ; length 2 -00 35 ; value -) - -; This example has a key that is not registered, its value is unquoted. - -v04 SVCB \# 28 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -02 9b ; key 667 -00 05 ; length 5 -68 65 6c 6c 6f ; value -) - -; This example has a key that is not registered, its value is quoted and -; contains a decimal-escaped character. - -v05 SVCB \# 32 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -02 9b ; key 667 -00 09 ; length 9 -68 65 6c 6c 6f d2 71 6f 6f ; value -) - -; Here, two IPv6 hints are quoted in the presentation format. - -v06 SVCB \# 55 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 06 ; key 6 -00 20 ; length 32 -20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address -20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address -) - -; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. - -v07 SVCB \# 35 ( -00 01 ; priority -07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 06 ; key 6 -00 10 ; length 16 -20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address -) - -; In the next vector, neither the SvcParamValues nor the mandatory keys are -; sorted in presentation format, but are correctly sorted in the wire-format. - -v08 SVCB \# 48 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 00 ; key 0 -00 04 ; param length 4 -00 01 ; value: key 1 -00 04 ; value: key 4 -00 01 ; key 1 -00 09 ; param length 9 -02 ; alpn length 2 -68 32 ; alpn value -05 ; alpn length 5 -68 33 2d 31 39 ; alpn value -00 04 ; key 4 -00 04 ; param length 4 -c0 00 02 01 ; param value -) - -; This last (two) vectors has an alpn value with an escaped comma and an -; escaped backslash in two presentation formats. - -v09 SVCB \# 35 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 01 ; key 1 -00 0c ; param length 12 -08 ; alpn length 8 -66 5c 6f 6f 2c 62 61 72 ; alpn value -02 ; alpn length 2 -68 32 ; alpn value -) -v10 SVCB \# 35 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 01 ; key 1 -00 0c ; param length 12 -08 ; alpn length 8 -66 5c 6f 6f 2c 62 61 72 ; alpn value -02 ; alpn length 2 -68 32 ; alpn value -) - -; D.1. AliasForm - -v11 HTTPS \# 19 ( -00 00 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -) - -; D.2. ServiceForm -; The first form is the simple "use the ownername". - -v12 HTTPS \# 3 ( -00 01 ; priority -00 ; target (root label) -) - -; This vector only has a port. - -v13 HTTPS \# 25 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 03 ; key 3 -00 02 ; length 2 -00 35 ; value -) - -; This example has a key that is not registered, its value is unquoted. - -v14 HTTPS \# 28 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -02 9b ; key 667 -00 05 ; length 5 -68 65 6c 6c 6f ; value -) - -; This example has a key that is not registered, its value is quoted and -; contains a decimal-escaped character. - -v15 HTTPS \# 32 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -02 9b ; key 667 -00 09 ; length 9 -68 65 6c 6c 6f d2 71 6f 6f ; value -) - -; Here, two IPv6 hints are quoted in the presentation format. - -v16 HTTPS \# 55 ( -00 01 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 06 ; key 6 -00 20 ; length 32 -20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address -20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address -) - -; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. - -v17 HTTPS \# 35 ( -00 01 ; priority -07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target -00 06 ; key 6 -00 10 ; length 16 -20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address -) - -; In the next vector, neither the SvcParamValues nor the mandatory keys are -; sorted in presentation format, but are correctly sorted in the wire-format. - -v18 HTTPS \# 48 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 00 ; key 0 -00 04 ; param length 4 -00 01 ; value: key 1 -00 04 ; value: key 4 -00 01 ; key 1 -00 09 ; param length 9 -02 ; alpn length 2 -68 32 ; alpn value -05 ; alpn length 5 -68 33 2d 31 39 ; alpn value -00 04 ; key 4 -00 04 ; param length 4 -c0 00 02 01 ; param value -) - -; This last (two) vectors has an alpn value with an escaped comma and an -; escaped backslash in two presentation formats. - -v19 HTTPS \# 35 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 01 ; key 1 -00 0c ; param length 12 -08 ; alpn length 8 -66 5c 6f 6f 2c 62 61 72 ; alpn value -02 ; alpn length 2 -68 32 ; alpn value -) -v20 HTTPS \# 35 ( -00 10 ; priority -03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target -00 01 ; key 1 -00 0c ; param length 12 -08 ; alpn length 8 -66 5c 6f 6f 2c 62 61 72 ; alpn value -02 ; alpn length 2 -68 32 ; alpn value -) - diff --git a/contrib/unbound/testdata/zonemd.example1.zone b/contrib/unbound/testdata/zonemd.example1.zone deleted file mode 100644 index b1a44895f05..00000000000 --- a/contrib/unbound/testdata/zonemd.example1.zone +++ /dev/null @@ -1,4 +0,0 @@ -example.org. IN SOA ns.example.org. hostmaster.example.org. 200154054 28800 7200 604800 3600 -example.org. IN NS ns.example.org. -www.example.org. IN A 127.0.0.1 -ns.example.org. IN A 127.0.0.1 diff --git a/contrib/unbound/testdata/zonemd.example10.zone b/contrib/unbound/testdata/zonemd.example10.zone deleted file mode 100644 index 33ca2828e01..00000000000 --- a/contrib/unbound/testdata/zonemd.example10.zone +++ /dev/null @@ -1,35 +0,0 @@ -; DNSSEC signed but RRSIG on SOA is wrong. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -; old sig -; example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -; wrong sig -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgeAAAAA= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example11.zone b/contrib/unbound/testdata/zonemd.example11.zone deleted file mode 100644 index 7562f79729b..00000000000 --- a/contrib/unbound/testdata/zonemd.example11.zone +++ /dev/null @@ -1,33 +0,0 @@ -; DNSSEC NSEC zone, but ZONEMD is missing - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -; missing ZONEMD -;example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -;example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example12.zone b/contrib/unbound/testdata/zonemd.example12.zone deleted file mode 100644 index 4fc04bf88eb..00000000000 --- a/contrib/unbound/testdata/zonemd.example12.zone +++ /dev/null @@ -1,35 +0,0 @@ -; DNSSEC NSEC3 zone, but ZONEMD is missing - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC3PARAM 1 0 1 012345 -example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= -; missing ZONEMD -;example.com. 3600 IN TYPE63 \# 70 0bee1bc6010246e31506f321c58db811c934c6446141d651a8574fb21088a2bb6feec875fc8b60f50beae00e7f6554e2cf3cb048350ef92e2946137443e30079813db4d1bfbd -;example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. M0f4wkOn6dcYtaQtwvp698QL7HuKEgi+PPjYJawV8d1VNOWbbRTF9L9tHFDK42Ylq238uOxi223ZEk/pq4BP64Sm31dV54K2V95QqdzN9NDD34+sqKEgGyRcmBiE50gm3kZZ4ENqBQKc+GdlbZ2fHSI6gf6X694sSmZ7dfjq+2k= -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/contrib/unbound/testdata/zonemd.example13.zone b/contrib/unbound/testdata/zonemd.example13.zone deleted file mode 100644 index 9f311c91291..00000000000 --- a/contrib/unbound/testdata/zonemd.example13.zone +++ /dev/null @@ -1,33 +0,0 @@ -; DNSSEC NSEC zone without ZONEMD, but NSEC RRSIG is wrong - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY -; old sig -;example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVJEHMA= -; wrong sig -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVAAAAA= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example14.zone b/contrib/unbound/testdata/zonemd.example14.zone deleted file mode 100644 index bc4cdacdbbf..00000000000 --- a/contrib/unbound/testdata/zonemd.example14.zone +++ /dev/null @@ -1,35 +0,0 @@ -; DNSSEC NSEC3 zone without ZONEMD, but NSEC3 RRSIG is wrong - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC3PARAM 1 0 1 012345 -example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM -; old sig -;v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxq2kUQ= -; wrong sig -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxAAAAA= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/contrib/unbound/testdata/zonemd.example15.zone b/contrib/unbound/testdata/zonemd.example15.zone deleted file mode 100644 index 8a10689101d..00000000000 --- a/contrib/unbound/testdata/zonemd.example15.zone +++ /dev/null @@ -1,35 +0,0 @@ -; DNSSEC signed but DNSKEY RRSIG is wrong. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -; old sig -;example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -; wrong sig -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2AAAAA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example16.zone b/contrib/unbound/testdata/zonemd.example16.zone deleted file mode 100644 index 7520744d318..00000000000 --- a/contrib/unbound/testdata/zonemd.example16.zone +++ /dev/null @@ -1,11 +0,0 @@ -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; the ZONEMD that should be in this file, without DNSSEC -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; duplicate zonemd with same scheme and algorithm (different at end) -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D720000 -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 diff --git a/contrib/unbound/testdata/zonemd.example17.zone b/contrib/unbound/testdata/zonemd.example17.zone deleted file mode 100644 index 4315f9054af..00000000000 --- a/contrib/unbound/testdata/zonemd.example17.zone +++ /dev/null @@ -1,11 +0,0 @@ -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -; capitalisation is different here. -exaMPLe.cOM. IN NS Ns.exaMPLe.cOm. -; the ZONEMD that should be in this file, without DNSSEC -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; capitalisation is different here. -wWW.exAMPLe.cOM. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 diff --git a/contrib/unbound/testdata/zonemd.example2.zone b/contrib/unbound/testdata/zonemd.example2.zone deleted file mode 100644 index 14b7ea689ff..00000000000 --- a/contrib/unbound/testdata/zonemd.example2.zone +++ /dev/null @@ -1,15 +0,0 @@ -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; the ZONEMD that should be in this file, without DNSSEC -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; incorrect digest in example3 and example4. -;example.com. IN TYPE63 \# 70 0BEE1BC60102EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; correct digest for example 5. -;example.com. IN TYPE63 \# 70 0BEE1BC6010258F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F -; correct digest for example 6. -;example.com. IN TYPE63 \# 70 0BEE1BC6010246E31506F321C58DB811C934C6446141D651A8574FB21088A2BB6FEEC875FC8B60F50BEAE00E7F6554E2CF3CB048350EF92E2946137443E30079813DB4D1BFBD -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 diff --git a/contrib/unbound/testdata/zonemd.example3.zone b/contrib/unbound/testdata/zonemd.example3.zone deleted file mode 100644 index 12389f3d518..00000000000 --- a/contrib/unbound/testdata/zonemd.example3.zone +++ /dev/null @@ -1,34 +0,0 @@ -; signed version of zonemd.example2.zone -; with ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 -; this zonefile has an incorrect ZONEMD digest, with correct DNSSEC signature. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc60102efaa5b78b38ab1c45de57b8167bcce906451d0e72118e1f5e80b5f0c3cf04bffc65d53c011185528ead439d6f3a02f511961e090e5e4e0dfa013bd276d728b22 -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. RdHiJlugposfoRbog+Mkg2xeJXSzBi/UXxBnyHVF/Usqhp6Z7Acy4XwtRRb8YAbJevP9nBpCh23Fh4b1Vxl4xI0iB8aXWKtHeb98m81rfsflWvnTYbeau3ltfP/OJWqdmFsBy8DOwNxiN8sAMbGwQK8PFDk3lcRCqv8qq/tmow8= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example4.zone b/contrib/unbound/testdata/zonemd.example4.zone deleted file mode 100644 index dae0f17c708..00000000000 --- a/contrib/unbound/testdata/zonemd.example4.zone +++ /dev/null @@ -1,36 +0,0 @@ -; signed with NSEC3, of zonemd.example.2.zone -; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 -; this zonefile has an incorrect ZONEMD digest, with correct DNSSEC signature. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC3PARAM 1 0 1 012345 -example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= -example.com. 3600 IN TYPE63 \# 70 0bee1bc60102efaa5b78b38ab1c45de57b8167bcce906451d0e72118e1f5e80b5f0c3cf04bffc65d53c011185528ead439d6f3a02f511961e090e5e4e0dfa013bd276d728b22 -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. RdHiJlugposfoRbog+Mkg2xeJXSzBi/UXxBnyHVF/Usqhp6Z7Acy4XwtRRb8YAbJevP9nBpCh23Fh4b1Vxl4xI0iB8aXWKtHeb98m81rfsflWvnTYbeau3ltfP/OJWqdmFsBy8DOwNxiN8sAMbGwQK8PFDk3lcRCqv8qq/tmow8= -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/contrib/unbound/testdata/zonemd.example5.zone b/contrib/unbound/testdata/zonemd.example5.zone deleted file mode 100644 index d88380ade09..00000000000 --- a/contrib/unbound/testdata/zonemd.example5.zone +++ /dev/null @@ -1,34 +0,0 @@ -; signed version of zonemd.example2.zone -; with ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 -; this zonefile has a correct ZONEMD digest, with correct DNSSEC signature. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example6.zone b/contrib/unbound/testdata/zonemd.example6.zone deleted file mode 100644 index 0a7b05a8dce..00000000000 --- a/contrib/unbound/testdata/zonemd.example6.zone +++ /dev/null @@ -1,36 +0,0 @@ -; signed with NSEC3, of zonemd.example.2.zone -; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 -; this zonefile has a correct ZONEMD digest, with correct DNSSEC signature. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC3PARAM 1 0 1 012345 -example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010246e31506f321c58db811c934c6446141d651a8574fb21088a2bb6feec875fc8b60f50beae00e7f6554e2cf3cb048350ef92e2946137443e30079813db4d1bfbd -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. M0f4wkOn6dcYtaQtwvp698QL7HuKEgi+PPjYJawV8d1VNOWbbRTF9L9tHFDK42Ylq238uOxi223ZEk/pq4BP64Sm31dV54K2V95QqdzN9NDD34+sqKEgGyRcmBiE50gm3kZZ4ENqBQKc+GdlbZ2fHSI6gf6X694sSmZ7dfjq+2k= -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/contrib/unbound/testdata/zonemd.example7.zone b/contrib/unbound/testdata/zonemd.example7.zone deleted file mode 100644 index 4339bd570c5..00000000000 --- a/contrib/unbound/testdata/zonemd.example7.zone +++ /dev/null @@ -1,31 +0,0 @@ -; DNSSEC NSEC zone without ZONEMD -; created with -; ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVJEHMA= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example8.zone b/contrib/unbound/testdata/zonemd.example8.zone deleted file mode 100644 index 2900753c048..00000000000 --- a/contrib/unbound/testdata/zonemd.example8.zone +++ /dev/null @@ -1,34 +0,0 @@ -; DNSSEC NSEC3 zone without ZONEMD -; created with -; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN NSEC3PARAM 1 0 1 012345 -example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM -v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxq2kUQ= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG -c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG -r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG -f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG -2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG -91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/contrib/unbound/testdata/zonemd.example9.zone b/contrib/unbound/testdata/zonemd.example9.zone deleted file mode 100644 index 9c035aa1310..00000000000 --- a/contrib/unbound/testdata/zonemd.example9.zone +++ /dev/null @@ -1,35 +0,0 @@ -; signed zone but RRSIG on ZONEMD is wrong. - -example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= -example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} -example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= -example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f -; old sig -; example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= -; wrong sig -example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVAAAAA= -example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= -bar.example.com. 3600 IN A 1.2.3.4 -bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= -bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC -bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= -ding.example.com. 3600 IN A 1.2.3.4 -ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= -ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC -ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= -foo.example.com. 3600 IN A 1.2.3.4 -foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= -foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC -foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= -ns.example.com. 3600 IN A 127.0.0.1 -ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= -ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC -ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= -www.example.com. 3600 IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= -www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/contrib/unbound/testdata/zonemd.example_a1.zone b/contrib/unbound/testdata/zonemd.example_a1.zone deleted file mode 100644 index 331b45a153d..00000000000 --- a/contrib/unbound/testdata/zonemd.example_a1.zone +++ /dev/null @@ -1,6 +0,0 @@ -example. 86400 IN SOA ns1 admin 2018031900 ( 1800 900 604800 86400 ) - 86400 IN NS ns1 - 86400 IN NS ns2 - 86400 IN ZONEMD 2018031900 1 1 ( c68090d90a7aed71 6bc459f9340e3d7c 1370d4d24b7e2fc3 a1ddc0b9a87153b9 a9713b3c9ae5cc27 777f98b8e730044c ) -ns1 3600 IN A 203.0.113.63 -ns2 3600 IN AAAA 2001:db8::63 diff --git a/contrib/unbound/testdata/zonemd.example_a2.zone b/contrib/unbound/testdata/zonemd.example_a2.zone deleted file mode 100644 index 56d06ae066b..00000000000 --- a/contrib/unbound/testdata/zonemd.example_a2.zone +++ /dev/null @@ -1,25 +0,0 @@ -example. 86400 IN SOA ns1 admin 2018031900 ( - 1800 900 604800 86400 ) - 86400 IN NS ns1 - 86400 IN NS ns2 - 86400 IN ZONEMD 2018031900 1 1 ( - 31cefb03814f5062 - ad12fa951ba0ef5f - 8da6ae354a415767 - 246f7dc932ceb1e7 - 42a2108f529db6a3 - 3a11c01493de358d ) -ns1 3600 IN A 203.0.113.63 -ns2 3600 IN AAAA 2001:db8::63 -occluded.sub 7200 IN TXT "I'm occluded but must be digested" -sub 7200 IN NS ns1 -duplicate 300 IN TXT "I must be digested just once" -duplicate 300 IN TXT "I must be digested just once" -foo.test. 555 IN TXT "out-of-zone data must be excluded" -non-apex 900 IN ZONEMD 2018031900 1 1 ( - 616c6c6f77656420 - 6275742069676e6f - 7265642e20616c6c - 6f77656420627574 - 2069676e6f726564 - 2e20616c6c6f7765 ) diff --git a/contrib/unbound/testdata/zonemd.example_a3.zone b/contrib/unbound/testdata/zonemd.example_a3.zone deleted file mode 100644 index 45c47ad0508..00000000000 --- a/contrib/unbound/testdata/zonemd.example_a3.zone +++ /dev/null @@ -1,30 +0,0 @@ -example. 86400 IN SOA ns1 admin 2018031900 ( - 1800 900 604800 86400 ) -example. 86400 IN NS ns1.example. -example. 86400 IN NS ns2.example. -example. 86400 IN ZONEMD 2018031900 1 1 ( - 62e6cf51b02e54b9 - b5f967d547ce4313 - 6792901f9f88e637 - 493daaf401c92c27 - 9dd10f0edb1c56f8 - 080211f8480ee306 ) -example. 86400 IN ZONEMD 2018031900 1 2 ( - 08cfa1115c7b948c - 4163a901270395ea - 226a930cd2cbcf2f - a9a5e6eb85f37c8a - 4e114d884e66f176 - eab121cb02db7d65 - 2e0cc4827e7a3204 - f166b47e5613fd27 ) -example. 86400 IN ZONEMD 2018031900 1 240 ( - e2d523f654b9422a - 96c5a8f44607bbee ) -example. 86400 IN ZONEMD 2018031900 241 1 ( - e1846540e33a9e41 - 89792d18d5d131f6 - 05fc283e ) -ns1.example. 3600 IN A 203.0.113.63 -ns2.example. 86400 IN TXT "This example has multiple digests" -ns2.example. 3600 IN AAAA 2001:db8::63 diff --git a/contrib/unbound/testdata/zonemd.example_a4.zone b/contrib/unbound/testdata/zonemd.example_a4.zone deleted file mode 100644 index 74b913c89e2..00000000000 --- a/contrib/unbound/testdata/zonemd.example_a4.zone +++ /dev/null @@ -1,127 +0,0 @@ -uri.arpa. 3600 IN SOA sns.dns.icann.org. ( - noc.dns.icann.org. 2018100702 10800 3600 1209600 3600 ) -uri.arpa. 3600 IN RRSIG NSEC 8 2 3600 ( - 20181028142623 20181007205525 47155 uri.arpa. - eEC4w/oXLR1Epwgv4MBiDtSBsXhqrJVvJWUpbX8XpetAvD35bxwNCUTi - /pAJVUXefegWeiriD2rkTgCBCMmn7YQIm3gdR+HjY/+o3BXNQnz97f+e - HAE9EDDzoNVfL1PyV/2fde9tDeUuAGVVwmD399NGq9jWYMRpyri2kysr q/g= ) -uri.arpa. 86400 IN RRSIG NS 8 2 86400 ( - 20181028172020 20181007175821 47155 uri.arpa. - ATyV2A2A8ZoggC+68u4GuP5MOUuR+2rr3eWOkEU55zAHld/7FiBxl4ln - 4byJYy7NudUwlMOEXajqFZE7DVl8PpcvrP3HeeGaVzKqaWj+aus0jbKF - Bsvs2b1qDZemBfkz/IfAhUTJKnto0vSUicJKfItu0GjyYNJCz2CqEuGD Wxc= ) -uri.arpa. 600 IN RRSIG MX 8 2 600 ( - 20181028170556 20181007175821 47155 uri.arpa. - e7/r3KXDohX1lyVavetFFObp8fB8aXT76HnN9KCQDxSnSghNM83UQV0t - lTtD8JVeN1mCvcNFZpagwIgB7XhTtm6Beur/m5ES+4uSnVeS6Q66HBZK - A3mR95IpevuVIZvvJ+GcCAQpBo6KRODYvJ/c/ZG6sfYWkZ7qg/Em5/+3 4UI= ) -uri.arpa. 3600 IN RRSIG DNSKEY 8 2 3600 ( - 20181028152832 20181007175821 15796 uri.arpa. - nzpbnh0OqsgBBP8St28pLvPEQ3wZAUdEBuUwil+rtjjWlYYiqjPxZ286 - XF4Rq1usfV5x71jZz5IqswOaQgia91ylodFpLuXD6FTGs2nXGhNKkg1V - chHgtwj70mXU72GefVgo8TxrFYzxuEFP5ZTP92t97FVWVVyyFd86sbbR - 6DZj3uA2wEvqBVLECgJLrMQ9Yy7MueJl3UA4h4E6zO2JY9Yp0W9woq0B - dqkkwYTwzogyYffPmGAJG91RJ2h6cHtFjEZe2MnaY2glqniZ0WT9vXXd - uFPm0KD9U77Ac+ZtctAF9tsZwSdAoL365E2L1usZbA+K0BnPPqGFJRJk - 5R0A1w== ) -uri.arpa. 3600 IN RRSIG DNSKEY 8 2 3600 ( - 20181028152832 20181007175821 55480 uri.arpa. - lWtQV/5szQjkXmbcD47/+rOW8kJPksRFHlzxxmzt906+DBYyfrH6uq5X - nHvrUlQO6M12uhqDeL+bDFVgqSpNy+42/OaZvaK3J8EzPZVBHPJykKMV - 63T83aAiJrAyHzOaEdmzLCpalqcEE2ImzlLHSafManRfJL8Yuv+JDZFj - 2WDWfEcUuwkmIZWX11zxp+DxwzyUlRl7x4+ok5iKZWIg5UnBAf6B8T75 - WnXzlhCw3F2pXI0a5LYg71L3Tp/xhjN6Yy9jGlIRf5BjB59X2zra3a2R - PkI09SSnuEwHyF1mDaV5BmQrLGRnCjvwXA7ho2m+vv4SP5dUdXf+GTeA - 1HeBfw== ) -uri.arpa. 3600 IN RRSIG SOA 8 2 3600 ( - 20181029114753 20181008222815 47155 uri.arpa. - qn8yBNoHDjGdT79U2Wu9IIahoS0YPOgYP8lG+qwPcrZ1BwGiHywuoUa2 - Mx6BWZlg+HDyaxj2iOmox+IIqoUHhXUbO7IUkJFlgrOKCgAR2twDHrXu - 9BUQHy9SoV16wYm3kBTEPyxW5FFm8vcdnKAF7sxSY8BbaYNpRIEjDx4A JUc= ) -uri.arpa. 3600 IN NSEC ftp.uri.arpa. NS SOA ( - MX RRSIG NSEC DNSKEY ) -uri.arpa. 86400 IN NS a.iana-servers.net. -uri.arpa. 86400 IN NS b.iana-servers.net. -uri.arpa. 86400 IN NS c.iana-servers.net. -uri.arpa. 86400 IN NS ns2.lacnic.net. -uri.arpa. 86400 IN NS sec3.apnic.net. -uri.arpa. 600 IN MX 10 pechora.icann.org. -uri.arpa. 3600 IN DNSKEY 256 3 8 ( - AwEAAcBi7tSart2J599zbYWspMNGN70IBWb4ziqyQYH9MTB/VCz6WyUK - uXunwiJJbbQ3bcLqTLWEw134B6cTMHrZpjTAb5WAwg4XcWUu8mdcPTiL - Bl6qVRlRD0WiFCTzuYUfkwsh1Rbr7rvrxSQhF5rh71zSpwV5jjjp65Wx - SdJjlH0B ) -uri.arpa. 3600 IN DNSKEY 257 3 8 ( - AwEAAbNVv6ulgRdO31MtAehz7j3ALRjwZglWesnzvllQl/+hBRZr9QoY - cO2I+DkO4Q1NKxox4DUIxj8SxPO3GwDuOFR9q2/CFi2O0mZjafbdYtWc - 3zSdBbi3q0cwCIx7GuG9eqlL+pg7mdk9dgdNZfHwB0LnqTD8ebLPsrO/ - Id7kBaiqYOfMlZnh2fp+2h6OOJZHtY0DK1UlssyB5PKsE0tVzo5s6zo9 - iXKe5u+8WTMaGDY49vG80JPAKE7ezMiH/NZcUMiE0PRZ8D3foq2dYuS5 - ym+vA83Z7v8A+Rwh4UGnjxKB8zmr803V0ASAmHz/gwH5Vb0nH+LObwFt - l3wpbp+Wpm8= ) -uri.arpa. 3600 IN DNSKEY 257 3 8 ( - AwEAAbwnFTakCvaUKsXji4mgmxZUJi1IygbnGahbkmFEa0L16J+TchKR - wcgzVfsxUGa2MmeA4hgkAooC3uy+tTmoMsgy8uq/JAj24DjiHzd46LfD - FK/qMidVqFpYSHeq2Vv5ojkuIsx4oe4KsafGWYNOczKZgH5loGjN2aJG - mrIm++XCphOskgCsQYl65MIzuXffzJyxlAuts+ecAIiVeqRaqQfr8LRU - 7wIsLxinXirprtQrbor+EtvlHp9qXE6ARTZDzf4jvsNpKvLFZtmxzFf3 - e/UJz5eHjpwDSiZL7xE8aE1o1nGfPtJx9ZnB3bapltaJ5wY+5XOCKgY0 - xmJVvNQlwdE= ) -ftp.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( - 20181028080856 20181007175821 47155 uri.arpa. - HClGAqPxzkYkAT7Q/QNtQeB6YrkP6EPOef+9Qo5/2zngwAewXEAQiyF9 - jD1USJiroM11QqBS3v3aIdW/LXORs4Ez3hLcKNO1cKHsOuWAqzmE+BPP - Arfh8N95jqh/q6vpaB9UtMkQ53tM2fYU1GszOLN0knxbHgDHAh2axMGH lqM= ) -ftp.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( - 20181028103644 20181007205525 47155 uri.arpa. - WoLi+vZzkxaoLr2IGZnwkRvcDf6KxiWQd1WZP/U+AWnV+7MiqsWPZaf0 - 9toRErerGoFOiOASNxZjBGJrRgjmavOM9U+LZSconP9zrNFd4dIu6kp5 - YxlQJ0uHOvx1ZHFCj6lAt1ACUIw04ZhMydTmi27c8MzEOMepvn7iH7r7 k7k= ) -ftp.uri.arpa. 3600 IN NSEC http.uri.arpa. NAPTR ( - RRSIG NSEC ) -ftp.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( - "!^ftp://([^:/?#]*).*$!\\1!i" . ) -http.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( - 20181029010647 20181007175821 47155 uri.arpa. - U03NntQ73LHWpfLmUK8nMsqkwVsOGW2KdsyuHYAjqQSZvKbtmbv7HBmE - H1+Ii3Z+wtfdMZBy5aC/6sHdx69BfZJs16xumycMlAy6325DKTQbIMN+ - ift9GrKBC7cgCd2msF/uzSrYxxg4MJQzBPvlkwXnY3b7eJSlIXisBIn7 3b8= ) -http.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( - 20181029011815 20181007205525 47155 uri.arpa. - T7mRrdag+WSmG+n22mtBSQ/0Y3v+rdDnfQV90LN5Fq32N5K2iYFajF7F - Tp56oOznytfcL4fHrqOE0wRc9NWOCCUec9C7Wa1gJQcllEvgoAM+L6f0 - RsEjWq6+9jvlLKMXQv0xQuMX17338uoD/xiAFQSnDbiQKxwWMqVAimv5 7Zs= ) -http.uri.arpa. 3600 IN NSEC mailto.uri.arpa. NAPTR ( - RRSIG NSEC ) -http.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( - "!^http://([^:/?#]*).*$!\\1!i" . ) -mailto.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( - 20181028110727 20181007175821 47155 uri.arpa. - GvxzVL85rEukwGqtuLxek9ipwjBMfTOFIEyJ7afC8HxVMs6mfFa/nEM/ - IdFvvFg+lcYoJSQYuSAVYFl3xPbgrxVSLK125QutCFMdC/YjuZEnq5cl - fQciMRD7R3+znZfm8d8u/snLV9w4D+lTBZrJJUBe1Efc8vum5vvV7819 ZoY= ) -mailto.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( - 20181028141825 20181007205525 47155 uri.arpa. - MaADUgc3fc5v++M0YmqjGk3jBdfIA5RuP62hUSlPsFZO4k37erjIGCfF - j+g84yc+QgbSde0PQHszl9fE/+SU5ZXiS9YdcbzSZxp2erFpZOTchrpg - 916T4vx6i59scodjb0l6bDyZ+mtIPrc1w6b4hUyOUTsDQoAJYxdfEuMg Vy4= ) -mailto.uri.arpa. 3600 IN NSEC urn.uri.arpa. NAPTR ( - RRSIG NSEC ) -mailto.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( - "!^mailto:(.*)@(.*)$!\\2!i" . ) -urn.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( - 20181028123243 20181007175821 47155 uri.arpa. - Hgsw4Deops1O8uWyELGe6hpR/OEqCnTHvahlwiQkHhO5CSEQrbhmFAWe - UOkmGAdTEYrSz+skLRQuITRMwzyFf4oUkZihGyhZyzHbcxWfuDc/Pd/9 - DSl56gdeBwy1evn5wBTms8yWQVkNtphbJH395gRqZuaJs3LD/qTyJ5Dp LvA= ) -urn.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( - 20181029071816 20181007205525 47155 uri.arpa. - ALIZD0vBqAQQt40GQ0Efaj8OCyE9xSRJRdyvyn/H/wZVXFRFKrQYrLAS - D/K7q6CMTOxTRCu2J8yes63WJiaJEdnh+dscXzZkmOg4n5PsgZbkvUSW - BiGtxvz5jNncM0xVbkjbtByrvJQAO1cU1mnlDKe1FmVB1uLpVdA9Ib4J hMU= ) -urn.uri.arpa. 3600 IN NSEC uri.arpa. NAPTR RRSIG ( - NSEC ) -urn.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( - "/urn:([^:]+)/\\1/i" . ) -uri.arpa. 3600 IN SOA sns.dns.icann.org. ( - noc.dns.icann.org. 2018100702 10800 3600 1209600 3600 ) diff --git a/contrib/unbound/testdata/zonemd.example_a5.zone b/contrib/unbound/testdata/zonemd.example_a5.zone deleted file mode 100644 index 246f5e2376d..00000000000 --- a/contrib/unbound/testdata/zonemd.example_a5.zone +++ /dev/null @@ -1,48 +0,0 @@ -root-servers.net. 3600000 IN SOA a.root-servers.net. ( - nstld.verisign-grs.com. 2018091100 14400 7200 1209600 3600000 ) -root-servers.net. 3600000 IN NS a.root-servers.net. -root-servers.net. 3600000 IN NS b.root-servers.net. -root-servers.net. 3600000 IN NS c.root-servers.net. -root-servers.net. 3600000 IN NS d.root-servers.net. -root-servers.net. 3600000 IN NS e.root-servers.net. -root-servers.net. 3600000 IN NS f.root-servers.net. -root-servers.net. 3600000 IN NS g.root-servers.net. -root-servers.net. 3600000 IN NS h.root-servers.net. -root-servers.net. 3600000 IN NS i.root-servers.net. -root-servers.net. 3600000 IN NS j.root-servers.net. -root-servers.net. 3600000 IN NS k.root-servers.net. -root-servers.net. 3600000 IN NS l.root-servers.net. -root-servers.net. 3600000 IN NS m.root-servers.net. -a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 -a.root-servers.net. 3600000 IN A 198.41.0.4 -b.root-servers.net. 3600000 IN MX 20 mail.isi.edu. -b.root-servers.net. 3600000 IN AAAA 2001:500:200::b -b.root-servers.net. 3600000 IN A 199.9.14.201 -c.root-servers.net. 3600000 IN AAAA 2001:500:2::c -c.root-servers.net. 3600000 IN A 192.33.4.12 -d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d -d.root-servers.net. 3600000 IN A 199.7.91.13 -e.root-servers.net. 3600000 IN AAAA 2001:500:a8::e -e.root-servers.net. 3600000 IN A 192.203.230.10 -f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f -f.root-servers.net. 3600000 IN A 192.5.5.241 -g.root-servers.net. 3600000 IN AAAA 2001:500:12::d0d -g.root-servers.net. 3600000 IN A 192.112.36.4 -h.root-servers.net. 3600000 IN AAAA 2001:500:1::53 -h.root-servers.net. 3600000 IN A 198.97.190.53 -i.root-servers.net. 3600000 IN MX 10 mx.i.root-servers.org. -i.root-servers.net. 3600000 IN AAAA 2001:7fe::53 -i.root-servers.net. 3600000 IN A 192.36.148.17 -j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30 -j.root-servers.net. 3600000 IN A 192.58.128.30 -k.root-servers.net. 3600000 IN AAAA 2001:7fd::1 -k.root-servers.net. 3600000 IN A 193.0.14.129 -l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42 -l.root-servers.net. 3600000 IN A 199.7.83.42 -m.root-servers.net. 3600000 IN AAAA 2001:dc3::35 -m.root-servers.net. 3600000 IN A 202.12.27.33 -root-servers.net. 3600000 IN SOA a.root-servers.net. ( - nstld.verisign-grs.com. 2018091100 14400 7200 1209600 3600000 ) -root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 ( - f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a97 - 8a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79 ) diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf deleted file mode 100644 index 9afd6e2b1e2..00000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.conf +++ /dev/null @@ -1,23 +0,0 @@ -server: - verbosity: 7 - # num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - use-caps-for-id: yes -remote-control: - control-enable: yes - control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@ - control-use-cert: no -auth-zone: - name: "example.com" - for-upstream: yes - for-downstream: yes - zonefile: "zonemd_reload.zone" - zonemd-check: yes - #master: "127.0.0.1@@TOPORT@" diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc deleted file mode 100644 index 016c3d6c7ff..00000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: zonemd_reload -Version: 1.0 -Description: ZONEMD check after auth_zone_reload -CreationDate: Tue 23 Oct 12:00:00 CEST 2020 -Maintainer: dr. W.C.A. Wijngaards -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: zonemd_reload.pre -Post: zonemd_reload.post -Test: zonemd_reload.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post deleted file mode 100644 index 5e315088a09..00000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.post +++ /dev/null @@ -1,14 +0,0 @@ -# #-- zonemd_reload.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -. ../common.sh -echo "> cat logfiles" -cat fwd.log -cat unbound.log -kill_pid $FWD_PID -kill_pid $UNBOUND_PID -rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre deleted file mode 100644 index fa5e4ca29bb..00000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.pre +++ /dev/null @@ -1,35 +0,0 @@ -# #-- zonemd_reload.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh -get_random_port 2 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT zonemd_reload.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -# make config file -CONTROL_PATH=/tmp -CONTROL_PID=$$ -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < zonemd_reload.conf > ub.conf -# start unbound in the background -PRE="../.." -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test -echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test -echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log - diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test deleted file mode 100644 index fbdf0751130..00000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.test +++ /dev/null @@ -1,74 +0,0 @@ -# #-- zonemd_reload.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -# do the test -echo "> dig www.example.com." -dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -if grep SERVFAIL outfile; then - echo "> try again" - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 1 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 10 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -if grep SERVFAIL outfile; then - echo "> try again" - sleep 10 - dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile -fi -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> check answer" -if grep www.example.com outfile | grep "192.0.2.1"; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -echo "> unbound-control status" -$PRE/unbound-control -c ub.conf status -if test $? -ne 0; then - echo "wrong exit value." - exit 1 -else - echo "exit value: OK" -fi - -echo "> unbound-control auth_zone_reload example.com" -$PRE/unbound-control -c ub.conf auth_zone_reload example.com 2>&1 | tee outfile -if test $? -ne 0; then - echo "wrong exit value." - exit 1 -fi -echo "> check unbound-control output" -if grep "example.com: ZONEMD verification successful" outfile; then - echo "OK" -else - echo "Not OK" - exit 1 -fi - -exit 0 diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns deleted file mode 100644 index f1678a1ccc3..00000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.testns +++ /dev/null @@ -1,27 +0,0 @@ -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN SOA -SECTION ANSWER -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -example.com. IN NS ns.example.net. -EXTRA_PACKET -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN AXFR -SECTION ANSWER -www.example.com. IN A 1.2.3.4 -example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 -ENTRY_END diff --git a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone b/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone deleted file mode 100644 index 01e57a738e3..00000000000 --- a/contrib/unbound/testdata/zonemd_reload.tdir/zonemd_reload.zone +++ /dev/null @@ -1,8 +0,0 @@ -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -example.com. IN ZONEMD 200154054 1 2 D207FBBD1403DC8FDDC0159AB1F4B4C54A2FEB814E5CB1E82841C51D1372E78E4F6C75F7A9D710CC78C54E2DB3B92D07C72990644F93E1C44AC356EACA3980C5 -www.example.com. IN A 192.0.2.1 -ns.example.com. IN A 192.0.2.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 diff --git a/contrib/unbound/util/iana_ports.inc b/contrib/unbound/util/iana_ports.inc index c7662dc62fe..ae2986c822e 100644 --- a/contrib/unbound/util/iana_ports.inc +++ b/contrib/unbound/util/iana_ports.inc @@ -2917,6 +2917,7 @@ 3297, 3298, 3299, +3301, 3302, 3303, 3304, @@ -4342,6 +4343,13 @@ 5859, 5863, 5900, +5903, +5904, +5905, +5906, +5907, +5908, +5909, 5910, 5911, 5912, @@ -4553,6 +4561,7 @@ 6965, 6966, 6969, +6980, 6997, 6998, 6999, diff --git a/contrib/unbound/util/net_help.c b/contrib/unbound/util/net_help.c index 114920e3f90..8153dbdd181 100644 --- a/contrib/unbound/util/net_help.c +++ b/contrib/unbound/util/net_help.c @@ -1162,10 +1162,11 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx) (const unsigned char **)&pTargetCert->pbCertEncoded, pTargetCert->cbCertEncoded); if (!cert1) { + unsigned long error = ERR_get_error(); /* return error if a cert fails */ verbose(VERB_ALGO, "%s %d:%s", "Unable to parse certificate in memory", - (int)ERR_get_error(), ERR_error_string(ERR_get_error(), NULL)); + (int)error, ERR_error_string(error, NULL)); return 0; } else { @@ -1176,10 +1177,11 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx) /* Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE which means the * certificate is already in the store. */ if(ERR_GET_LIB(error) != ERR_LIB_X509 || - ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { + ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { + error = ERR_get_error(); verbose(VERB_ALGO, "%s %d:%s\n", - "Error adding certificate", (int)ERR_get_error(), - ERR_error_string(ERR_get_error(), NULL)); + "Error adding certificate", (int)error, + ERR_error_string(error, NULL)); X509_free(cert1); return 0; } diff --git a/contrib/unbound/validator/val_secalgo.c b/contrib/unbound/validator/val_secalgo.c index 7abf66f01d2..78651674991 100644 --- a/contrib/unbound/validator/val_secalgo.c +++ b/contrib/unbound/validator/val_secalgo.c @@ -97,6 +97,23 @@ log_crypto_error(const char* str, unsigned long e) log_err("%s crypto %s", str, buf); } +/** + * Output a libcrypto openssl error to the logfile as a debug message. + * @param level: debug level to use in verbose() call + * @param str: string to add to it. + * @param e: the error to output, error number from ERR_get_error(). + */ +static void +log_crypto_verbose(enum verbosity_value level, const char* str, unsigned long e) +{ + char buf[128]; + /* or use ERR_error_string if ERR_error_string_n is not avail TODO */ + ERR_error_string_n(e, buf, sizeof(buf)); + /* buf now contains */ + /* error:[error code]:[library name]:[function name]:[reason string] */ + verbose(level, "%s crypto %s", str, buf); +} + /* return size of digest if supported, or 0 otherwise */ size_t nsec3_hash_algo_size_supported(int id) @@ -215,6 +232,10 @@ ds_digest_size_supported(int algo) switch(algo) { case LDNS_SHA1: #if defined(HAVE_EVP_SHA1) && defined(USE_SHA1) +#ifdef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED + if (EVP_default_properties_is_fips_enabled(NULL)) + return 0; +#endif return SHA_DIGEST_LENGTH; #else if(fake_sha1) return 20; @@ -325,7 +346,11 @@ dnskey_algo_id_is_supported(int id) case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: #ifdef USE_SHA1 +#ifdef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED + return !EVP_default_properties_is_fips_enabled(NULL); +#else return 1; +#endif #else if(fake_sha1) return 1; return 0; @@ -341,15 +366,22 @@ dnskey_algo_id_is_supported(int id) case LDNS_ECDSAP256SHA256: case LDNS_ECDSAP384SHA384: #endif +#if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA) + return 1; +#endif #ifdef USE_ED25519 case LDNS_ED25519: #endif #ifdef USE_ED448 case LDNS_ED448: #endif -#if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA) || defined(USE_ED25519) || defined(USE_ED448) +#if defined(USE_ED25519) || defined(USE_ED448) +#ifdef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED + return !EVP_default_properties_is_fips_enabled(NULL); +#else return 1; #endif +#endif #ifdef USE_GOST case LDNS_ECC_GOST: @@ -652,6 +684,36 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, return 1; } +static void +digest_ctx_free(EVP_MD_CTX* ctx, EVP_PKEY *evp_key, + unsigned char* sigblock, int dofree, int docrypto_free) +{ +#ifdef HAVE_EVP_MD_CTX_NEW + EVP_MD_CTX_destroy(ctx); +#else + EVP_MD_CTX_cleanup(ctx); + free(ctx); +#endif + EVP_PKEY_free(evp_key); + if(dofree) free(sigblock); + else if(docrypto_free) OPENSSL_free(sigblock); +} + +static enum sec_status +digest_error_status(const char *str) +{ + unsigned long e = ERR_get_error(); +#ifdef EVP_R_INVALID_DIGEST + if (ERR_GET_LIB(e) == ERR_LIB_EVP && + ERR_GET_REASON(e) == EVP_R_INVALID_DIGEST) { + log_crypto_verbose(VERB_ALGO, str, e); + return sec_status_indeterminate; + } +#endif + log_crypto_verbose(VERB_QUERY, str, e); + return sec_status_unchecked; +} + /** * Check a canonical sig+rrset and signature against a dnskey * @param buf: buffer with data to verify, the first rrsig part and the @@ -663,10 +725,11 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, * @param keylen: length of keydata. * @param reason: bogus reason in more detail. * @return secure if verification succeeded, bogus on crypto failure, - * unchecked on format errors and alloc failures. + * unchecked on format errors and alloc failures, indeterminate + * if digest is not supported by the crypto library (openssl3+ only). */ enum sec_status -verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, +verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, unsigned int sigblock_len, unsigned char* key, unsigned int keylen, char** reason) { @@ -735,62 +798,36 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, } #ifndef HAVE_EVP_DIGESTVERIFY if(EVP_DigestInit(ctx, digest_type) == 0) { - verbose(VERB_QUERY, "verify: EVP_DigestInit failed"); -#ifdef HAVE_EVP_MD_CTX_NEW - EVP_MD_CTX_destroy(ctx); -#else - EVP_MD_CTX_cleanup(ctx); - free(ctx); -#endif - EVP_PKEY_free(evp_key); - if(dofree) free(sigblock); - else if(docrypto_free) OPENSSL_free(sigblock); - return sec_status_unchecked; + enum sec_status sec; + sec = digest_error_status("verify: EVP_DigestInit failed"); + digest_ctx_free(ctx, evp_key, sigblock, + dofree, docrypto_free); + return sec; } if(EVP_DigestUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), (unsigned int)sldns_buffer_limit(buf)) == 0) { - verbose(VERB_QUERY, "verify: EVP_DigestUpdate failed"); -#ifdef HAVE_EVP_MD_CTX_NEW - EVP_MD_CTX_destroy(ctx); -#else - EVP_MD_CTX_cleanup(ctx); - free(ctx); -#endif - EVP_PKEY_free(evp_key); - if(dofree) free(sigblock); - else if(docrypto_free) OPENSSL_free(sigblock); + log_crypto_verbose(VERB_QUERY, "verify: EVP_DigestUpdate failed", + ERR_get_error()); + digest_ctx_free(ctx, evp_key, sigblock, + dofree, docrypto_free); return sec_status_unchecked; } res = EVP_VerifyFinal(ctx, sigblock, sigblock_len, evp_key); #else /* HAVE_EVP_DIGESTVERIFY */ if(EVP_DigestVerifyInit(ctx, NULL, digest_type, NULL, evp_key) == 0) { - verbose(VERB_QUERY, "verify: EVP_DigestVerifyInit failed"); -#ifdef HAVE_EVP_MD_CTX_NEW - EVP_MD_CTX_destroy(ctx); -#else - EVP_MD_CTX_cleanup(ctx); - free(ctx); -#endif - EVP_PKEY_free(evp_key); - if(dofree) free(sigblock); - else if(docrypto_free) OPENSSL_free(sigblock); - return sec_status_unchecked; + enum sec_status sec; + sec = digest_error_status("verify: EVP_DigestVerifyInit failed"); + digest_ctx_free(ctx, evp_key, sigblock, + dofree, docrypto_free); + return sec; } res = EVP_DigestVerify(ctx, sigblock, sigblock_len, (unsigned char*)sldns_buffer_begin(buf), sldns_buffer_limit(buf)); #endif -#ifdef HAVE_EVP_MD_CTX_NEW - EVP_MD_CTX_destroy(ctx); -#else - EVP_MD_CTX_cleanup(ctx); - free(ctx); -#endif - EVP_PKEY_free(evp_key); - - if(dofree) free(sigblock); - else if(docrypto_free) OPENSSL_free(sigblock); + digest_ctx_free(ctx, evp_key, sigblock, + dofree, docrypto_free); if(res == 1) { return sec_status_secure; diff --git a/contrib/unbound/validator/val_sigcrypt.c b/contrib/unbound/validator/val_sigcrypt.c index d5f16b11f81..5ab21e20e73 100644 --- a/contrib/unbound/validator/val_sigcrypt.c +++ b/contrib/unbound/validator/val_sigcrypt.c @@ -513,25 +513,96 @@ size_t algo_needs_num_missing(struct algo_needs* n) int algo_needs_missing(struct algo_needs* n) { - int i; - /* first check if a needed algo was bogus - report that */ - for(i=0; ineeds[i] == 2) return 0; - /* now check which algo is missing */ - for(i=0; ineeds[i] == 1) - return i; + if(n->needs[i] == 1 && miss == -1) + miss = i; + } + if(miss != -1) return miss; return 0; } +/** + * verify rrset, with dnskey rrset, for a specific rrsig in rrset + * @param env: module environment, scratch space is used. + * @param ve: validator environment, date settings. + * @param now: current time for validation (can be overridden). + * @param rrset: to be validated. + * @param dnskey: DNSKEY rrset, keyset to try. + * @param sig_idx: which signature to try to validate. + * @param sortree: reused sorted order. Stored in region. Pass NULL at start, + * and for a new rrset. + * @param reason: if bogus, a string returned, fixed or alloced in scratch. + * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure. + * @param section: section of packet where this rrset comes from. + * @param qstate: qstate with region. + * @return secure if any key signs *this* signature. bogus if no key signs it, + * unchecked on error, or indeterminate if all keys are not supported by + * the crypto library (openssl3+ only). + */ static enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve, time_t now, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, size_t sig_idx, struct rbtree_type** sortree, char** reason, sldns_ede_code *reason_bogus, - sldns_pkt_section section, struct module_qstate* qstate); + sldns_pkt_section section, struct module_qstate* qstate) +{ + /* find matching keys and check them */ + enum sec_status sec = sec_status_bogus; + uint16_t tag = rrset_get_sig_keytag(rrset, sig_idx); + int algo = rrset_get_sig_algo(rrset, sig_idx); + size_t i, num = rrset_get_count(dnskey); + size_t numchecked = 0; + size_t numindeterminate = 0; + int buf_canon = 0; + verbose(VERB_ALGO, "verify sig %d %d", (int)tag, algo); + if(!dnskey_algo_id_is_supported(algo)) { + if(reason_bogus) + *reason_bogus = LDNS_EDE_UNSUPPORTED_DNSKEY_ALG; + verbose(VERB_QUERY, "verify sig: unknown algorithm"); + return sec_status_insecure; + } + + for(i=0; iscratch, + env->scratch_buffer, ve, now, rrset, dnskey, i, + sig_idx, sortree, &buf_canon, reason, reason_bogus, + section, qstate); + if(sec == sec_status_secure) + return sec; + else if(sec == sec_status_indeterminate) + numindeterminate ++; + } + if(numchecked == 0) { + *reason = "signatures from unknown keys"; + if(reason_bogus) + *reason_bogus = LDNS_EDE_DNSKEY_MISSING; + verbose(VERB_QUERY, "verify: could not find appropriate key"); + return sec_status_bogus; + } + if(numindeterminate == numchecked) { + *reason = "unsupported algorithm by crypto library"; + if(reason_bogus) + *reason_bogus = LDNS_EDE_UNSUPPORTED_DNSKEY_ALG; + verbose(VERB_ALGO, "verify sig: unsupported algorithm by " + "crypto library"); + return sec_status_indeterminate; + } + return sec_status_bogus; +} enum sec_status dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, @@ -607,14 +678,14 @@ void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s) *reason = s; } -enum sec_status +enum sec_status dnskey_verify_rrset(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, size_t dnskey_idx, char** reason, sldns_ede_code *reason_bogus, sldns_pkt_section section, struct module_qstate* qstate) { enum sec_status sec; - size_t i, num, numchecked = 0; + size_t i, num, numchecked = 0, numindeterminate = 0; rbtree_type* sortree = NULL; int buf_canon = 0; uint16_t tag = dnskey_calc_keytag(dnskey, dnskey_idx); @@ -642,56 +713,21 @@ dnskey_verify_rrset(struct module_env* env, struct val_env* ve, if(sec == sec_status_secure) return sec; numchecked ++; + if(sec == sec_status_indeterminate) + numindeterminate ++; } verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus"); - if(!numchecked) *reason = "signature missing"; - return sec_status_bogus; -} - -static enum sec_status -dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve, - time_t now, struct ub_packed_rrset_key* rrset, - struct ub_packed_rrset_key* dnskey, size_t sig_idx, - struct rbtree_type** sortree, - char** reason, sldns_ede_code *reason_bogus, - sldns_pkt_section section, struct module_qstate* qstate) -{ - /* find matching keys and check them */ - enum sec_status sec = sec_status_bogus; - uint16_t tag = rrset_get_sig_keytag(rrset, sig_idx); - int algo = rrset_get_sig_algo(rrset, sig_idx); - size_t i, num = rrset_get_count(dnskey); - size_t numchecked = 0; - int buf_canon = 0; - verbose(VERB_ALGO, "verify sig %d %d", (int)tag, algo); - if(!dnskey_algo_id_is_supported(algo)) { + if(!numchecked) { + *reason = "signature missing"; + if(reason_bogus) + *reason_bogus = LDNS_EDE_RRSIGS_MISSING; + } else if(numchecked == numindeterminate) { + verbose(VERB_ALGO, "rrset failed to verify due to algorithm " + "refusal by cryptolib"); if(reason_bogus) *reason_bogus = LDNS_EDE_UNSUPPORTED_DNSKEY_ALG; - verbose(VERB_QUERY, "verify sig: unknown algorithm"); - return sec_status_insecure; - } - - for(i=0; iscratch, - env->scratch_buffer, ve, now, rrset, dnskey, i, - sig_idx, sortree, &buf_canon, reason, reason_bogus, - section, qstate); - if(sec == sec_status_secure) - return sec; - } - if(numchecked == 0) { - *reason = "signatures from unknown keys"; - if(reason_bogus) - *reason_bogus = LDNS_EDE_DNSKEY_MISSING; - verbose(VERB_QUERY, "verify: could not find appropriate key"); - return sec_status_bogus; + *reason = "algorithm refused by cryptolib"; + return sec_status_indeterminate; } return sec_status_bogus; } diff --git a/contrib/unbound/validator/val_utils.c b/contrib/unbound/validator/val_utils.c index 18a7c9c2e95..18c963d863f 100644 --- a/contrib/unbound/validator/val_utils.c +++ b/contrib/unbound/validator/val_utils.c @@ -458,7 +458,7 @@ verify_dnskeys_with_ds_rr(struct module_env* env, struct val_env* ve, } /* If it didn't validate with the DNSKEY, try the next one! */ } - if(numsizesupp != 0) { + if(numsizesupp != 0 || sec == sec_status_indeterminate) { /* there is a working DS, but that DNSKEY is not supported */ return sec_status_insecure; }