upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-06 07:12:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

unbound: Vendor import 1.19.3

Browse source 
Release notes at
	https://www.nlnetlabs.nl/news/2024/Mar/14/unbound-1.19.3-released/
This commit is contained in:
Cy Schubert 2024-03-16 17:58:33 -06:00
parent 217a625642
commit 5a33598e88
128 changed files with 7745 additions and 8095 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

121
acx_nlnetlabs.m4
View file

@ -2,7 +2,10 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 46
# Version 48
# 2024-01-16 fix to add -l:libssp.a to -lcrypto link check.
# and check for getaddrinfo with only header.
# 2024-01-15 fix to add crypt32 to -lcrypto link check when checking for gdi32.
# 2023-05-04 fix to remove unused whitespace.
# 2023-01-26 fix -Wstrict-prototypes.
# 2022-09-01 fix checking if nonblocking sockets work on OpenBSD.
@ -707,7 +710,7 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir_lib"
ACX_RUNTIME_PATH_ADD([$ssldir_lib])
fi
AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
LIBS="$LIBS -lcrypto"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
@ -732,40 +735,73 @@ AC_DEFUN([ACX_SSL_CHECKS], [
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
AC_MSG_CHECKING([if -lcrypto needs -ldl])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl -pthread"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])
LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
AC_MSG_CHECKING([if -lcrypto needs -ldl])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl -pthread"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])
])
])
])
])
])
])
])
fi
@ -779,7 +815,7 @@ AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT])
dnl Check for SSL, where SSL is mandatory
dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found
dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS.
dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS.
dnl Checks main header files of SSL.
dnl
AC_DEFUN([ACX_WITH_SSL],
@ -872,7 +908,7 @@ dnl see if on windows
if test "$ac_cv_header_windows_h" = "yes"; then
AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
USE_WINSOCK="1"
if echo $LIBS | grep 'lws2_32' >/dev/null; then
if echo "$LIBS" | grep 'lws2_32' >/dev/null; then
:
else
LIBS="$LIBS -lws2_32"
@ -880,6 +916,24 @@ if test "$ac_cv_header_windows_h" = "yes"; then
fi
],
dnl no quick getaddrinfo, try mingw32 and winsock2 library.
dnl perhaps getaddrinfo needs only the include
AC_LINK_IFELSE(
[AC_LANG_PROGRAM(
[
#ifdef HAVE_WS2TCPIP_H
#include <ws2tcpip.h>
#endif
],
[
(void)getaddrinfo(NULL, NULL, NULL, NULL);
]
)],
[
ac_cv_func_getaddrinfo="yes"
AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
USE_WINSOCK="1"
],
ORIGLIBS="$LIBS"
LIBS="$LIBS -lws2_32"
AC_LINK_IFELSE(
@ -904,6 +958,7 @@ ac_cv_func_getaddrinfo="no"
LIBS="$ORIGLIBS"
])
)
)
AC_MSG_RESULT($ac_cv_func_getaddrinfo)
if test $ac_cv_func_getaddrinfo = yes; then

1456
config.h.in~
View file

File diff suppressed because it is too large Load diff

350
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.19.1.
# Generated by GNU Autoconf 2.69 for unbound 1.19.3.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
#
@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.19.1'
PACKAGE_STRING='unbound 1.19.1'
PACKAGE_VERSION='1.19.3'
PACKAGE_STRING='unbound 1.19.3'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL=''
@ -655,6 +655,8 @@ DNSTAP_SOCKET_TESTBIN
DNSTAP_SOCKET_PATH
opt_dnstap_socket_path
ENABLE_DNSTAP
PROTOBUFC_LIBS
PROTOBUFC_CFLAGS
PROTOC_C
UBSYMS
EXTRALINK
@ -926,7 +928,9 @@ SYSTEMD_CFLAGS
SYSTEMD_LIBS
SYSTEMD_DAEMON_CFLAGS
SYSTEMD_DAEMON_LIBS
PYTHON_VERSION'
PYTHON_VERSION
PROTOBUFC_CFLAGS
PROTOBUFC_LIBS'
# Initialize some variables set by options.
@ -1477,7 +1481,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unbound 1.19.1 to adapt to many kinds of systems.
\`configure' configures unbound 1.19.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1543,7 +1547,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.19.1:";;
short | recursive ) echo "Configuration of unbound 1.19.3:";;
esac
cat <<\_ACEOF
@ -1718,6 +1722,10 @@ Some influential environment variables:
The installed Python version to use, for example '2.3'. This
string will be appended to the Python interpreter canonical
name.
PROTOBUFC_CFLAGS
C compiler flags for PROTOBUFC, overriding pkg-config
PROTOBUFC_LIBS
linker flags for PROTOBUFC, overriding pkg-config
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
@ -1785,7 +1793,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unbound configure 1.19.1
unbound configure 1.19.3
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2494,7 +2502,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by unbound $as_me 1.19.1, which was
It was created by unbound $as_me 1.19.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2846,11 +2854,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=19
UNBOUND_VERSION_MICRO=1
UNBOUND_VERSION_MICRO=3
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=24
LIBUNBOUND_REVISION=26
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -2942,6 +2950,8 @@ LIBUNBOUND_AGE=1
# 1.18.0 had 9:22:1
# 1.19.0 had 9:23:1
# 1.19.1 had 9:24:1
# 1.19.2 had 9:25:1
# 1.19.3 had 9:26:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -14416,7 +14426,7 @@ CC=$lt_save_CC
# pkg-config is only needed for these options, do not require it otherwise
if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
if test "$enable_systemd" = "yes" -o "$enable_dnstap" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
@ -18104,19 +18114,86 @@ else
$as_echo "no" >&6; }
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5
LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32" >&5
$as_echo_n "checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
int EVP_sha256(void);
(void)EVP_sha256();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" >&5
$as_echo_n "checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
int EVP_sha256(void);
(void)EVP_sha256();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5
$as_echo_n "checking if -lcrypto needs -ldl... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
int EVP_sha256(void);
(void)EVP_sha256();
int EVP_sha256(void);
(void)EVP_sha256();
;
return 0;
@ -18127,28 +18204,28 @@ if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl -pthread"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl -pthread"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5
$as_echo_n "checking if -lcrypto needs -ldl -pthread... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
int EVP_sha256(void);
(void)EVP_sha256();
int EVP_sha256(void);
(void)EVP_sha256();
;
return 0;
@ -18159,14 +18236,22 @@ if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5
as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
rm -f core conftest.err conftest.$ac_objext \
@ -19847,7 +19932,7 @@ if test x_$enable_static_exe = x_yes; then
if test "$on_mingw" = yes; then
staticexe="-all-static"
# for static compile, include gdi32 and zlib here.
if echo $LIBS | grep 'lgdi32' >/dev/null; then
if echo "$LIBS" | grep 'lgdi32' >/dev/null; then
:
else
LIBS="$LIBS -lgdi32"
@ -19892,7 +19977,11 @@ if test "x$ac_cv_lib_z_compress" = xyes; then :
LIBS="$LIBS -lz"
fi
LIBS="$LIBS -l:libssp.a"
if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then
:
else
LIBS="$LIBS -l:libssp.a"
fi
fi
fi
@ -19951,7 +20040,11 @@ if test "x$ac_cv_lib_z_compress" = xyes; then :
LIBS="$LIBS -lz"
fi
LIBS="$LIBS -l:libssp.a"
if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then
:
else
LIBS="$LIBS -l:libssp.a"
fi
fi
fi
@ -19998,13 +20091,40 @@ if test "$ac_cv_header_windows_h" = "yes"; then
$as_echo "#define USE_WINSOCK 1" >>confdefs.h
USE_WINSOCK="1"
if echo $LIBS | grep 'lws2_32' >/dev/null; then
if echo "$LIBS" | grep 'lws2_32' >/dev/null; then
:
else
LIBS="$LIBS -lws2_32"
fi
fi
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifdef HAVE_WS2TCPIP_H
#include <ws2tcpip.h>
#endif
int
main ()
{
(void)getaddrinfo(NULL, NULL, NULL, NULL);
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_func_getaddrinfo="yes"
$as_echo "#define USE_WINSOCK 1" >>confdefs.h
USE_WINSOCK="1"
else
ORIGLIBS="$LIBS"
LIBS="$LIBS -lws2_32"
@ -20047,6 +20167,10 @@ fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getaddrinfo" >&5
$as_echo "$ac_cv_func_getaddrinfo" >&6; }
if test $ac_cv_func_getaddrinfo = yes; then
@ -20166,7 +20290,11 @@ else
WINDRES="$ac_cv_prog_WINDRES"
fi
LIBS="$LIBS -liphlpapi -lcrypt32"
if echo "$LIBS" | grep crypt32 >/dev/null; then
LIBS="$LIBS -liphlpapi"
else
LIBS="$LIBS -liphlpapi -lcrypt32"
fi
WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe"
WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c"
@ -21199,7 +21327,7 @@ fi
# check for dnstap if requested
# Check whether --enable-dnstap was given.
# Check whether --enable-dnstap was given.
if test "${enable_dnstap+set}" = set; then :
enableval=$enable_dnstap; opt_dnstap=$enableval
else
@ -21216,8 +21344,8 @@ else
fi
if test "x$opt_dnstap" != "xno"; then
# Extract the first word of "protoc-c", so it can be a program name with args.
if test "x$opt_dnstap" != "xno"; then
# Extract the first word of "protoc-c", so it can be a program name with args.
set dummy protoc-c; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
@ -21257,36 +21385,132 @@ $as_echo "no" >&6; }
fi
if test -z "$PROTOC_C"; then
as_fn_error $? "The protoc-c program was not found. Please install protobuf-c!" "$LINENO" 5
fi
if test -z "$PROTOC_C"; then
as_fn_error $? "The protoc-c program was not found. Please install protobuf-c!" "$LINENO" 5
fi
# Check whether --with-protobuf-c was given.
if test "${with_protobuf_c+set}" = set; then :
withval=$with_protobuf_c;
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f $withval/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I$withval/include/google"
else
CFLAGS="$CFLAGS -I$withval/include"
fi
LDFLAGS="$LDFLAGS -L$withval/lib"
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f $withval/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I$withval/include/google"
else
CFLAGS="$CFLAGS -I$withval/include"
fi
LDFLAGS="$LDFLAGS -L$withval/lib"
else
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f /usr/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/include/google"
else
if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/local/include/google"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
fi
fi
pkg_failed=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PROTOBUFC" >&5
$as_echo_n "checking for PROTOBUFC... " >&6; }
if test -n "$PROTOBUFC_CFLAGS"; then
pkg_cv_PROTOBUFC_CFLAGS="$PROTOBUFC_CFLAGS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libprotobuf-c\""; } >&5
($PKG_CONFIG --exists --print-errors "libprotobuf-c") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
pkg_cv_PROTOBUFC_CFLAGS=`$PKG_CONFIG --cflags "libprotobuf-c" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
fi
else
pkg_failed=untried
fi
if test -n "$PROTOBUFC_LIBS"; then
pkg_cv_PROTOBUFC_LIBS="$PROTOBUFC_LIBS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libprotobuf-c\""; } >&5
($PKG_CONFIG --exists --print-errors "libprotobuf-c") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
pkg_cv_PROTOBUFC_LIBS=`$PKG_CONFIG --libs "libprotobuf-c" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
fi
else
pkg_failed=untried
fi
if test $pkg_failed = yes; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
_pkg_short_errors_supported=yes
else
_pkg_short_errors_supported=no
fi
if test $_pkg_short_errors_supported = yes; then
PROTOBUFC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libprotobuf-c" 2>&1`
else
PROTOBUFC_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libprotobuf-c" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$PROTOBUFC_PKG_ERRORS" >&5
# pkg-config failed; try falling back to known values
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f /usr/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/include/google"
else
if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/local/include/google"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
else
as_fn_error $? "The protobuf-c package was not found with pkg-config. Please install protobuf-c!" "$LINENO" 5
fi
fi
elif test $pkg_failed = untried; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
# pkg-config failed; try falling back to known values
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f /usr/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/include/google"
else
if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/local/include/google"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
else
as_fn_error $? "The protobuf-c package was not found with pkg-config. Please install protobuf-c!" "$LINENO" 5
fi
fi
else
PROTOBUFC_CFLAGS=$pkg_cv_PROTOBUFC_CFLAGS
PROTOBUFC_LIBS=$pkg_cv_PROTOBUFC_LIBS
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
CFLAGS="$CFLAGS $PROTOBUFC_CFLAGS"
LIBS="$LIBS $PROTOBUFC_LIBS"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing protobuf_c_message_pack" >&5
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing protobuf_c_message_pack" >&5
$as_echo_n "checking for library containing protobuf_c_message_pack... " >&6; }
if ${ac_cv_search_protobuf_c_message_pack+:} false; then :
$as_echo_n "(cached) " >&6
@ -21368,13 +21592,13 @@ _ACEOF
DNSTAP_OBJ="dnstap.lo dnstap.pb-c.lo dnstap_fstrm.lo dtstream.lo"
else
else
ENABLE_DNSTAP=0
fi
fi
# check for dnscrypt if requested
@ -21895,7 +22119,7 @@ _ACEOF
version=1.19.1
version=1.19.3
date=`date +'%b %e, %Y'`
@ -22414,7 +22638,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unbound $as_me 1.19.1, which was
This file was extended by unbound $as_me 1.19.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -22480,7 +22704,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unbound config.status 1.19.1
unbound config.status 1.19.3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

28
configure.ac
View file

@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[19])
m4_define([VERSION_MICRO],[1])
m4_define([VERSION_MICRO],[3])
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=24
LIBUNBOUND_REVISION=26
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -110,6 +110,8 @@ LIBUNBOUND_AGE=1
# 1.18.0 had 9:22:1
# 1.19.0 had 9:23:1
# 1.19.1 had 9:24:1
# 1.19.2 had 9:25:1
# 1.19.3 had 9:26:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -407,7 +409,7 @@ AC_CHECK_TOOL(STRIP, strip)
ACX_LIBTOOL_C_ONLY
# pkg-config is only needed for these options, do not require it otherwise
if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
if test "$enable_systemd" = "yes" -o "$enable_dnstap" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
PKG_PROG_PKG_CONFIG
fi
@ -1526,13 +1528,17 @@ if test x_$enable_static_exe = x_yes; then
if test "$on_mingw" = yes; then
staticexe="-all-static"
# for static compile, include gdi32 and zlib here.
if echo $LIBS | grep 'lgdi32' >/dev/null; then
if echo "$LIBS" | grep 'lgdi32' >/dev/null; then
:
else
LIBS="$LIBS -lgdi32"
fi
AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ])
LIBS="$LIBS -l:libssp.a"
if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then
:
else
LIBS="$LIBS -l:libssp.a"
fi
fi
fi
@ -1549,7 +1555,11 @@ if test x_$enable_fully_static = x_yes; then
LIBS="$LIBS -lgdi32"
fi
AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ])
LIBS="$LIBS -l:libssp.a"
if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then
:
else
LIBS="$LIBS -l:libssp.a"
fi
fi
fi
@ -1569,7 +1579,11 @@ if test "$USE_WINSOCK" = 1; then
#include <windows.h>
])
AC_CHECK_TOOL(WINDRES, windres)
LIBS="$LIBS -liphlpapi -lcrypt32"
if echo "$LIBS" | grep crypt32 >/dev/null; then
LIBS="$LIBS -liphlpapi"
else
LIBS="$LIBS -liphlpapi -lcrypt32"
fi
WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe"
AC_SUBST(WINAPPS)
WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c"

10
daemon/remote.c
View file

@ -553,7 +553,7 @@ ssl_print_text(RES* res, const char* text)
static int
ssl_print_vmsg(RES* ssl, const char* format, va_list args)
{
char msg[1024];
char msg[65535];
vsnprintf(msg, sizeof(msg), format, args);
return ssl_print_text(ssl, msg);
}
@ -3181,10 +3181,10 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd,
do_flush_bogus(ssl, worker);
} else if(cmdcmp(p, "flush_negative", 14)) {
do_flush_negative(ssl, worker);
} else if(cmdcmp(p, "rpz_enable", 10)) {
do_rpz_enable(ssl, worker, skipwhite(p+10));
} else if(cmdcmp(p, "rpz_disable", 11)) {
do_rpz_disable(ssl, worker, skipwhite(p+11));
} else if(cmdcmp(p, "rpz_enable", 10)) {
do_rpz_enable(ssl, worker, skipwhite(p+10));
} else if(cmdcmp(p, "rpz_disable", 11)) {
do_rpz_disable(ssl, worker, skipwhite(p+11));
} else {
(void)ssl_printf(ssl, "error unknown command '%s'\n", p);
}

28
daemon/worker.c
View file

@ -1151,7 +1151,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl,
log_assert(sldns_buffer_limit(c->buffer) >= LDNS_HEADER_SIZE
&& LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) == 1);
sldns_buffer_skip(c->buffer, LDNS_HEADER_SIZE); /* skip header */
sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE); /* skip header */
/* check additional section is present and that we respond with EDEs */
if(LDNS_ARCOUNT(sldns_buffer_begin(c->buffer)) != 1
@ -1163,6 +1163,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl,
LDNS_QR_SET(sldns_buffer_begin(c->buffer));
LDNS_RCODE_SET(sldns_buffer_begin(c->buffer),
LDNS_RCODE_REFUSED);
sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE);
sldns_buffer_flip(c->buffer);
return 1;
}
@ -1326,15 +1327,6 @@ deny_refuse_non_local(struct comm_point* c, enum acl_access acl,
worker, repinfo, acladdr, ede, check_result);
}
/* Returns 1 if the ip rate limit check can happen before EDNS parsing,
* else 0 */
static int
pre_edns_ip_ratelimit_check(enum acl_access acl)
{
if(acl == acl_allow_cookie) return 0;
return 1;
}
/* Check if the query is blocked by source IP rate limiting.
* Returns 1 if it passes the check, 0 otherwise. */
static int
@ -1463,7 +1455,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
if(worker->dtenv.log_client_query_messages) {
log_addr(VERB_ALGO, "request from client", &repinfo->client_addr, repinfo->client_addrlen);
log_addr(VERB_ALGO, "to local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen);
dt_msg_send_client_query(&worker->dtenv, &repinfo->client_addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer,
dt_msg_send_client_query(&worker->dtenv, &repinfo->client_addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->ssl, c->buffer,
((worker->env.cfg->sock_queue_timeout && timeval_isset(&c->recv_tv))?&c->recv_tv:NULL));
}
#endif
@ -1498,7 +1490,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
}
worker->stats.num_queries++;
pre_edns_ip_ratelimit = pre_edns_ip_ratelimit_check(acl);
pre_edns_ip_ratelimit = !worker->env.cfg->do_answer_cookie
|| sldns_buffer_limit(c->buffer) < LDNS_HEADER_SIZE
|| LDNS_ARCOUNT(sldns_buffer_begin(c->buffer)) == 0;
/* If the IP rate limiting check needs extra EDNS information (e.g.,
* DNS Cookies) postpone the check until after EDNS is parsed. */
@ -1952,7 +1946,7 @@ send_reply_rc:
if(worker->dtenv.log_client_response_messages) {
log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen);
log_addr(VERB_ALGO, "response to client", &repinfo->client_addr, repinfo->client_addrlen);
dt_msg_send_client_response(&worker->dtenv, &repinfo->client_addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer);
dt_msg_send_client_response(&worker->dtenv, &repinfo->client_addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->ssl, c->buffer);
}
#endif
if(worker->env.cfg->log_replies)
@ -1966,11 +1960,15 @@ send_reply_rc:
qinfo.qname = qinfo.local_alias->rrset->rk.dname;
log_reply_info(NO_VERBOSE, &qinfo,
&repinfo->client_addr, repinfo->client_addrlen,
tv, 1, c->buffer);
tv, 1, c->buffer,
(worker->env.cfg->log_destaddr?(void*)repinfo->c->socket->addr->ai_addr:NULL),
c->type);
} else {
log_reply_info(NO_VERBOSE, &qinfo,
&repinfo->client_addr, repinfo->client_addrlen,
tv, 1, c->buffer);
tv, 1, c->buffer,
(worker->env.cfg->log_destaddr?(void*)repinfo->c->socket->addr->ai_addr:NULL),
c->type);
}
}
#ifdef USE_DNSCRYPT

32
dnstap/dnstap.c
View file

@ -305,6 +305,7 @@ dt_msg_fill_net(struct dt_msg *dm,
struct sockaddr_storage *qs,
struct sockaddr_storage *rs,
enum comm_point_type cptype,
void *cpssl,
ProtobufCBinaryData *qaddr, protobuf_c_boolean *has_qaddr,
uint32_t *qport, protobuf_c_boolean *has_qport,
ProtobufCBinaryData *raddr, protobuf_c_boolean *has_raddr,
@ -371,13 +372,26 @@ dt_msg_fill_net(struct dt_msg *dm,
*has_rport = 1;
}
log_assert(cptype == comm_udp || cptype == comm_tcp);
if (cptype == comm_udp) {
/* socket_protocol */
dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__UDP;
dm->m.has_socket_protocol = 1;
} else if (cptype == comm_tcp) {
if (cpssl == NULL) {
/* socket_protocol */
dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__TCP;
dm->m.has_socket_protocol = 1;
} else {
/* socket_protocol */
dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__DOT;
dm->m.has_socket_protocol = 1;
}
} else if (cptype == comm_http) {
/* socket_protocol */
dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__DOH;
dm->m.has_socket_protocol = 1;
} else {
/* other socket protocol */
dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__TCP;
dm->m.has_socket_protocol = 1;
}
@ -388,6 +402,7 @@ dt_msg_send_client_query(struct dt_env *env,
struct sockaddr_storage *qsock,
struct sockaddr_storage *rsock,
enum comm_point_type cptype,
void *cpssl,
sldns_buffer *qmsg,
struct timeval* tstamp)
{
@ -410,8 +425,7 @@ dt_msg_send_client_query(struct dt_env *env,
dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message);
/* socket_family, socket_protocol, query_address, query_port, response_address, response_port */
log_assert(cptype == comm_udp || cptype == comm_tcp);
dt_msg_fill_net(&dm, qsock, rsock, cptype,
dt_msg_fill_net(&dm, qsock, rsock, cptype, cpssl,
&dm.m.query_address, &dm.m.has_query_address,
&dm.m.query_port, &dm.m.has_query_port,
&dm.m.response_address, &dm.m.has_response_address,
@ -427,6 +441,7 @@ dt_msg_send_client_response(struct dt_env *env,
struct sockaddr_storage *qsock,
struct sockaddr_storage *rsock,
enum comm_point_type cptype,
void *cpssl,
sldns_buffer *rmsg)
{
struct dt_msg dm;
@ -446,8 +461,7 @@ dt_msg_send_client_response(struct dt_env *env,
dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message);
/* socket_family, socket_protocol, query_address, query_port, response_address, response_port */
log_assert(cptype == comm_udp || cptype == comm_tcp);
dt_msg_fill_net(&dm, qsock, rsock, cptype,
dt_msg_fill_net(&dm, qsock, rsock, cptype, cpssl,
&dm.m.query_address, &dm.m.has_query_address,
&dm.m.query_port, &dm.m.has_query_port,
&dm.m.response_address, &dm.m.has_response_address,
@ -462,6 +476,7 @@ dt_msg_send_outside_query(struct dt_env *env,
struct sockaddr_storage *rsock,
struct sockaddr_storage *qsock,
enum comm_point_type cptype,
void *cpssl,
uint8_t *zone, size_t zone_len,
sldns_buffer *qmsg)
{
@ -497,8 +512,7 @@ dt_msg_send_outside_query(struct dt_env *env,
dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message);
/* socket_family, socket_protocol, response_address, response_port, query_address, query_port */
log_assert(cptype == comm_udp || cptype == comm_tcp);
dt_msg_fill_net(&dm, rsock, qsock, cptype,
dt_msg_fill_net(&dm, rsock, qsock, cptype, cpssl,
&dm.m.response_address, &dm.m.has_response_address,
&dm.m.response_port, &dm.m.has_response_port,
&dm.m.query_address, &dm.m.has_query_address,
@ -513,6 +527,7 @@ dt_msg_send_outside_response(struct dt_env *env,
struct sockaddr_storage *rsock,
struct sockaddr_storage *qsock,
enum comm_point_type cptype,
void *cpssl,
uint8_t *zone, size_t zone_len,
uint8_t *qbuf, size_t qbuf_len,
const struct timeval *qtime,
@ -556,8 +571,7 @@ dt_msg_send_outside_response(struct dt_env *env,
dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message);
/* socket_family, socket_protocol, response_address, response_port, query_address, query_port */
log_assert(cptype == comm_udp || cptype == comm_tcp);
dt_msg_fill_net(&dm, rsock, qsock, cptype,
dt_msg_fill_net(&dm, rsock, qsock, cptype, cpssl,
&dm.m.response_address, &dm.m.has_response_address,
&dm.m.response_port, &dm.m.has_response_port,
&dm.m.query_address, &dm.m.has_query_address,

4
dnstap/dnstap.h
View file

@ -133,6 +133,7 @@ dt_msg_send_client_query(struct dt_env *env,
struct sockaddr_storage *qsock,
struct sockaddr_storage *rsock,
enum comm_point_type cptype,
void *cpssl,
struct sldns_buffer *qmsg,
struct timeval* tstamp);
@ -149,6 +150,7 @@ dt_msg_send_client_response(struct dt_env *env,
struct sockaddr_storage *qsock,
struct sockaddr_storage *rsock,
enum comm_point_type cptype,
void *cpssl,
struct sldns_buffer *rmsg);
/**
@ -168,6 +170,7 @@ dt_msg_send_outside_query(struct dt_env *env,
struct sockaddr_storage *rsock,
struct sockaddr_storage *qsock,
enum comm_point_type cptype,
void *cpssl,
uint8_t *zone, size_t zone_len,
struct sldns_buffer *qmsg);
@ -192,6 +195,7 @@ dt_msg_send_outside_response(struct dt_env *env,
struct sockaddr_storage *rsock,
struct sockaddr_storage *qsock,
enum comm_point_type cptype,
void *cpssl,
uint8_t *zone, size_t zone_len,
uint8_t *qbuf, size_t qbuf_len,
const struct timeval *qtime,

107
dnstap/dnstap.m4
View file

@ -5,45 +5,76 @@
# Check for required dnstap libraries and add dnstap configure args.
AC_DEFUN([dt_DNSTAP],
[
AC_ARG_ENABLE([dnstap],
AS_HELP_STRING([--enable-dnstap],
[Enable dnstap support (requires protobuf-c)]),
[opt_dnstap=$enableval], [opt_dnstap=no])
AC_ARG_ENABLE([dnstap],
AS_HELP_STRING([--enable-dnstap],
[Enable dnstap support (requires protobuf-c)]),
[opt_dnstap=$enableval],
[opt_dnstap=no])
AC_ARG_WITH([dnstap-socket-path],
AS_HELP_STRING([--with-dnstap-socket-path=pathname],
[set default dnstap socket path]),
[opt_dnstap_socket_path=$withval], [opt_dnstap_socket_path="$1"])
AC_ARG_WITH([dnstap-socket-path],
AS_HELP_STRING([--with-dnstap-socket-path=pathname],
[set default dnstap socket path]),
[opt_dnstap_socket_path=$withval],
[opt_dnstap_socket_path="$1"])
if test "x$opt_dnstap" != "xno"; then
AC_PATH_PROG([PROTOC_C], [protoc-c])
if test -z "$PROTOC_C"; then
AC_MSG_ERROR([The protoc-c program was not found. Please install protobuf-c!])
if test "x$opt_dnstap" != "xno"; then
AC_PATH_PROG([PROTOC_C], [protoc-c])
if test -z "$PROTOC_C"; then
AC_MSG_ERROR([The protoc-c program was not found. Please install protobuf-c!])
fi
AC_ARG_WITH([protobuf-c],
AS_HELP_STRING([--with-protobuf-c=path], [Path where protobuf-c is installed, for dnstap]),
[
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f $withval/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I$withval/include/google"
else
CFLAGS="$CFLAGS -I$withval/include"
fi
LDFLAGS="$LDFLAGS -L$withval/lib"
],
[
ifdef([PKG_CHECK_MODULES],
[
PKG_CHECK_MODULES([PROTOBUFC], [libprotobuf-c],
[
CFLAGS="$CFLAGS $PROTOBUFC_CFLAGS"
LIBS="$LIBS $PROTOBUFC_LIBS"
],
[
# pkg-config failed; try falling back to known values
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f /usr/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/include/google"
else
if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/local/include/google"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
else
AC_MSG_ERROR([The protobuf-c package was not found with pkg-config. Please install protobuf-c!])
fi
fi
]
)
],
[
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f /usr/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/include/google"
else
if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/local/include/google"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
fi
fi
]
)
]
)
AC_SEARCH_LIBS([protobuf_c_message_pack], [protobuf-c], [],
AC_MSG_ERROR([The protobuf-c library was not found. Please install the development libraries for protobuf-c!]))
$2
else
$3
fi
AC_ARG_WITH([protobuf-c], AS_HELP_STRING([--with-protobuf-c=path],
[Path where protobuf-c is installed, for dnstap]), [
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f $withval/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I$withval/include/google"
else
CFLAGS="$CFLAGS -I$withval/include"
fi
LDFLAGS="$LDFLAGS -L$withval/lib"
], [
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
if test -f /usr/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/include/google"
else
if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then
CFLAGS="$CFLAGS -I/usr/local/include/google"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
fi
fi
])
AC_SEARCH_LIBS([protobuf_c_message_pack], [protobuf-c], [],
AC_MSG_ERROR([The protobuf-c library was not found. Please install the development libraries for protobuf-c!]))
$2
else
$3
fi
])

82
dnstap/dnstap.proto
View file

@ -13,8 +13,8 @@
// with this file. If not, see:
//
// <http://creativecommons.org/publicdomain/zero/1.0/>.
syntax = "proto2";
syntax = "proto2";
package dnstap;
// "Dnstap": this is the top-level dnstap type, which is a "union" type that
@ -56,11 +56,60 @@ enum SocketFamily {
INET6 = 2; // IPv6 (RFC 2460)
}
// SocketProtocol: the transport protocol of a socket. This specifies how to
// interpret "transport port" fields.
// SocketProtocol: the protocol used to transport a DNS message.
enum SocketProtocol {
UDP = 1; // User Datagram Protocol (RFC 768)
TCP = 2; // Transmission Control Protocol (RFC 793)
UDP = 1; // DNS over UDP transport (RFC 1035 section 4.2.1)
TCP = 2; // DNS over TCP transport (RFC 1035 section 4.2.2)
DOT = 3; // DNS over TLS (RFC 7858)
DOH = 4; // DNS over HTTPS (RFC 8484)
DNSCryptUDP = 5; // DNSCrypt over UDP (https://dnscrypt.info/protocol)
DNSCryptTCP = 6; // DNSCrypt over TCP (https://dnscrypt.info/protocol)
DOQ = 7; // DNS over QUIC (RFC 9250)
}
// Policy: information about any name server operator policy
// applied to the processing of a DNS message.
message Policy {
// Match: what aspect of the message or message exchange
// triggered the application of the Policy.
enum Match {
QNAME = 1; // Name in question section of query
CLIENT_IP = 2; // Client IP address
RESPONSE_IP = 3; // Address in A/AAAA RRSet
NS_NAME = 4; // Authoritative name server, by name
NS_IP = 5; // Authoritative name server, by IP address
}
// The Action taken to implement the Policy.
enum Action {
NXDOMAIN = 1; // Respond with NXDOMAIN
NODATA = 2; // Respond with empty answer section
PASS = 3; // Do not alter the response (passthrough)
DROP = 4; // Do not respond.
TRUNCATE = 5; // Truncate UDP response, forcing TCP retry
LOCAL_DATA = 6; // Respond with local data from policy
}
// type: the type of policy applied, e.g. "RPZ" for a
// policy from a Response Policy Zone.
optional string type = 1;
// rule: the rule matched by the message.
//
// In a RPZ context, this is the owner name of the rule in
// the Reponse Policy Zone in wire format.
optional bytes rule = 2;
// action: the policy action taken in response to the
// rule match.
optional Action action = 3;
// match: the feature of the message exchange which matched the rule.
optional Match match = 4;
// The matched value. Format depends on the matched feature .
optional bytes value = 5;
}
// Message: a wire-format (RFC 1035 section 4) DNS message and associated
@ -158,6 +207,24 @@ message Message {
// STUB_RESPONSE is a DNS response message sent from a DNS server to a
// stub resolver, from the perspective of the stub resolver.
STUB_RESPONSE = 10;
// TOOL_QUERY is a DNS query message sent from a DNS software tool to a
// DNS server, from the perspective of the tool.
TOOL_QUERY = 11;
// TOOL_RESPONSE is a DNS response message received by a DNS software
// tool from a DNS server, from the perspective of the tool.
TOOL_RESPONSE = 12;
// UPDATE_QUERY is a Dynamic DNS Update request (RFC 2136) received
// by an authoritative name server, from the perspective of the
// authoritative name server.
UPDATE_QUERY = 13;
// UPDATE_RESPONSE is a Dynamic DNS Update response (RFC 2136) sent
// from an authoritative name server, from the perspective of the
// authoritative name server.
UPDATE_RESPONSE = 14;
}
// One of the Type values described above.
@ -215,6 +282,9 @@ message Message {
// The responder's original wire-format DNS response message, verbatim.
optional bytes response_message = 14;
// Operator policy applied to the processing of this message, if any.
optional Policy policy = 15;
}
// All fields except for 'type' in the Message schema are optional.
@ -236,7 +306,6 @@ message Message {
// RESOLVER_QUERY:
// socket_family, socket_protocol
// query_name, query_type, query_class
// query_message
// query_time_sec, query_time_nsec
// query_zone
@ -244,7 +313,6 @@ message Message {
// RESOLVER_RESPONSE:
// socket_family, socket_protocol
// query_name, query_type, query_class
// query_time_sec, query_time_nsec
// query_zone
// response_address, response_port

140
doc/Changelog
View file

@ -1,6 +1,144 @@
8 March 2024: Wouter
- Fix unbound-control-setup.cmd to use 3072 bits so that certificates
are long enough for newer OpenSSL versions.
- Fix TTL of synthesized CNAME when a DNAME is used from cache.
- Fix unbound-control-setup.cmd to have CA v3 basicConstraints,
like unbound-control-setup.sh has.
7 March 2024: Wouter
- Version set to 1.19.3 for release. After 1.19.2 point release with
security fix for CVE-2024-1931, Denial of service when trimming
EDE text on positive replies. The code repo includes the fix and
is for version 1.19.3.
5 March 2024: Wouter
- Fix for #1022: Fix ede prohibited in access control refused answers.
4 March 2024: Wouter
- Fix edns subnet replies for scope zero answers to not get stored
in the global cache, and in cachedb, when the upstream replies
without an EDNS record.
28 February 2024: Wouter
- Move github workflows to use checkoutv4.
23 February 2024: Yorgos
- Document the suspend argument for process_ds_response().
22 February 2024: Wouter
- Fix trim of EDE text from large udp responses from spinning cpu.
20 February 2024: Yorgos
- Merge #1010: Mention REFUSED has the TC bit set with unmatched
allow_cookie acl in the manpage. It also fixes the code to match the
documentation about clients with a valid cookie that bypass the
ratelimit regardless of the allow_cookie acl.
13 February 2024: Wouter
- Fix CVE-2023-50387, DNSSEC verification complexity can be exploited
to exhaust CPU resources and stall DNS resolvers.
- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
- These fixes are part of the 1.19.1 release, that is a security
point release on 1.19.0, the code repository continues with these
fixes, with version number 1.19.2.
8 February 2024: Wouter
- Fix documentation for access-control in the unbound.conf man page.
7 February 2024: Yorgos
- Fix #1006: Can't find protobuf-c package since #999.
30 January 2024: Wouter
- Merge #999: Search for protobuf-c with pkg-config.
23 January 2024: Yorgos
- Update message TTL when using cached RRSETs. It could result in
non-expired messages with expired RRSETs (non-usable messages by
Unbound).
22 January 2024: Yorgos
- Update error printout for duplicate trust anchors to include the
trust anchor name (relates to #920).
22 January 2024: Wouter
- Fix for #997: Print details for SSL certificate failure.
17 January 2024: Wouter
- Update workflow for ports to use newer openssl on windows compile.
- Fix warning for windres on resource files due to redefinition.
16 January 2024: Wouter
- Fix to link with libssp for libcrypto and getaddrinfo check for
only header. Also update crosscompile to remove ssp for 32bit.
- Merge #993: Update b.root-servers.net also in example config file.
15 January 2024: Wouter
- Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows.
9 January 2024: Wouter
- Merge #988: Fix NLnetLabs#981: dump_cache truncates large records.
5 January 2024: Wouter
- Merge #987: skip edns frag retry if advertised udp payload size is
not smaller.
- Fix unit test for #987 change in udp1xxx retry packet send.
4 January 2024: Wouter
- Remove unneeded newlines and improve indentation in remote control
code.
3 January 2024: Wouter
- Merge #980: DoH: reject non-h2 early. To fix #979: Improve errors
for non-HTTP/2 DoH clients.
- Merge #985: Add DoH and DoT to dnstap message.
- Fix #983: Sha1 runtime insecure change was incomplete.
22 December 2023: Yorgos
- Update example.conf with cookie options.
8 December 2023: Yorgos
- Merge PR #973: Use the origin (DNAME) TTL for synthesized CNAMEs as
per RFC 6672.
8 December 2023: Wouter
- Fix root_zonemd unit test, it checks that the root ZONEMD verifies,
now that the root has a valid ZONEMD.
7 December 2023: Wouter
- Fix #974: doc: default number of outgoing ports without libevent.
- Merge #975: Fixed some syntax errors in rpl files.
6 December 2023: Wouter
- Fix to sync the tests script file common.sh.
- iana portlist update.
- Updated IPv4 and IPv6 address for b.root-servers.net in root hints.
- Update test script file common.sh.
- Fix tests to use new common.sh functions, wait_logfile and
kill_from_pidfile.
5 December 2023: Wouter
- Merge #971: fix 'WARNING: Message has 41 extra bytes at end'.
- Fix #969: [FR] distinguish Do53, DoT and DoH in the logs.
- Fix dnstap that assertion failed on logging other than UDP and TCP
traffic. It lists it as TCP traffic.
27 November 2023: Yorgos
- Merge #968: Replace the obsolescent fgrep with grep -F in tests.
27 November 2023: Wouter
- Fix #964: config.h.in~ backup file in release tar balls.
24 November 2023: Yorgos
- Use 127.0.0.1 explicitly in tests to avoid delays and errors on
newer systems.
9 November 2023: Wouter
- Fix unit test parse of origin syntax.
2 November 2023: Wouter
- Set version number to 1.19.0.
- Tag for 1.19.0rc1 release.
- Tag for 1.19.0rc1 release. It became 1.19.0 release on 8 nov 2023.
The repository continues with 1.19.1.
1 November 2023: George
- Mention flex and bison in README.md when building from repository

11
doc/README
View file

@ -1,4 +1,4 @@
README for Unbound 1.19.1
README for Unbound 1.19.3
Copyright 2007 NLnet Labs
http://unbound.net
@ -19,11 +19,10 @@ The DNSTAP code has BSD license in dnstap/dnstap.c.
* Make and install: ./configure; make; make install
* --with-libevent=/path/to/libevent
Can be set to either the system install or the build directory.
--with-libevent=no (default) gives a builtin alternative
implementation. libevent is useful when having many (thousands)
of outgoing ports. This improves randomization and spoof
resistance. For the default of 16 ports the builtin alternative
works well and is a little faster.
--with-libevent=no gives a builtin alternative implementation.
Libevent is enabled by default, it is useful when having many
(thousands) of outgoing ports. This improves randomization and spoof
resistance. It also allows a higher number of outgoing queries.
* --with-libexpat=/path/to/libexpat
Can be set to the install directory of libexpat.
* --without-pthreads

25
doc/example.conf.in
View file

@ -1,7 +1,7 @@
#
# Example configuration file.
#
# See unbound.conf(5) man page, version 1.19.1.
# See unbound.conf(5) man page, version 1.19.3.
#
# this is a comment.
@ -303,6 +303,7 @@ server:
# Choose deny (drop message), refuse (polite error reply),
# allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on),
# allow_snoop (recursive and nonrecursive ok)
# allow_cookie (allow UDP with valid cookie or stateful transport)
# deny_non_local (drop queries unless can be answered from local-data)
# refuse_non_local (like deny_non_local but polite error reply).
# access-control: 127.0.0.0/8 allow
@ -441,6 +442,9 @@ server:
# filtering log-queries and log-replies from the log.
# log-tag-queryreply: no
# log with destination address, port and type for log-replies.
# log-destaddr: no
# log the local-zone actions, like local-zone type inform is enabled
# also for the other local zone types.
# log-local-actions: no
@ -983,6 +987,13 @@ server:
# if 0(default) it is disabled, otherwise states qps allowed per ip address
# ip-ratelimit: 0
# global query ratelimit for all ip addresses with a valid DNS Cookie.
# feature is experimental.
# if 0(default) it is disabled, otherwise states qps allowed per ip address
# useful in combination with 'allow_cookie'.
# If used, suggested to be higher than ip-ratelimit, tenfold.
# ip-ratelimit-cookie: 0
# ip ratelimits are tracked in a cache, size in bytes of cache (or k,m).
# ip-ratelimit-size: 4m
# ip ratelimit cache slabs, reduces lock contention if equal to cpucount.
@ -1004,6 +1015,14 @@ server:
# the number of servers that will be used in the fast server selection.
# fast-server-num: 3
# reply to requests containing DNS Cookies as specified in RFC 7873 and RFC 9018.
# answer-cookie: no
# secret for DNS Cookie generation.
# useful for anycast deployments.
# example value "000102030405060708090a0b0c0d0e0f".
# cookie-secret: <128 bit random hex string>
# Enable to attach Extended DNS Error codes (RFC8914) to responses.
# ede: no
@ -1150,7 +1169,7 @@ remote-control:
# sources of notifies.
# auth-zone:
# name: "."
# primary: 199.9.14.201 # b.root-servers.net
# primary: 170.247.170.2 # b.root-servers.net
# primary: 192.33.4.12 # c.root-servers.net
# primary: 199.7.91.13 # d.root-servers.net
# primary: 192.5.5.241 # f.root-servers.net
@ -1158,7 +1177,7 @@ remote-control:
# primary: 193.0.14.129 # k.root-servers.net
# primary: 192.0.47.132 # xfr.cjr.dns.icann.org
# primary: 192.0.32.132 # xfr.lax.dns.icann.org
# primary: 2001:500:200::b # b.root-servers.net
# primary: 2801:1b8:10::b # b.root-servers.net
# primary: 2001:500:2::c # c.root-servers.net
# primary: 2001:500:2d::d # d.root-servers.net
# primary: 2001:500:2f::f # f.root-servers.net

4
doc/libunbound.3.in
View file

@ -1,4 +1,4 @@
.TH "libunbound" "3" "Feb 13, 2024" "NLnet Labs" "unbound 1.19.1"
.TH "libunbound" "3" "Mar 14, 2024" "NLnet Labs" "unbound 1.19.3"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@ -44,7 +44,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
\- Unbound DNS validating resolver 1.19.1 functions.
\- Unbound DNS validating resolver 1.19.3 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP

2
doc/unbound-anchor.8.in
View file

@ -1,4 +1,4 @@
.TH "unbound-anchor" "8" "Feb 13, 2024" "NLnet Labs" "unbound 1.19.1"
.TH "unbound-anchor" "8" "Mar 14, 2024" "NLnet Labs" "unbound 1.19.3"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"

2
doc/unbound-checkconf.8.in
View file

@ -1,4 +1,4 @@
.TH "unbound-checkconf" "8" "Feb 13, 2024" "NLnet Labs" "unbound 1.19.1"
.TH "unbound-checkconf" "8" "Mar 14, 2024" "NLnet Labs" "unbound 1.19.3"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"

2
doc/unbound-control.8.in
View file

@ -1,4 +1,4 @@
.TH "unbound-control" "8" "Feb 13, 2024" "NLnet Labs" "unbound 1.19.1"
.TH "unbound-control" "8" "Mar 14, 2024" "NLnet Labs" "unbound 1.19.3"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"

2
doc/unbound-host.1.in
View file

@ -1,4 +1,4 @@
.TH "unbound\-host" "1" "Feb 13, 2024" "NLnet Labs" "unbound 1.19.1"
.TH "unbound\-host" "1" "Mar 14, 2024" "NLnet Labs" "unbound 1.19.3"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"

4
doc/unbound.8.in
View file

@ -1,4 +1,4 @@
.TH "unbound" "8" "Feb 13, 2024" "NLnet Labs" "unbound 1.19.1"
.TH "unbound" "8" "Mar 14, 2024" "NLnet Labs" "unbound 1.19.3"
.\"
.\" unbound.8 -- unbound manual
.\"
@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
\- Unbound DNS validating resolver 1.19.1.
\- Unbound DNS validating resolver 1.19.3.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]

24
doc/unbound.conf.5.in
View file

@ -1,4 +1,4 @@
.TH "unbound.conf" "5" "Feb 13, 2024" "NLnet Labs" "unbound 1.19.1"
.TH "unbound.conf" "5" "Mar 14, 2024" "NLnet Labs" "unbound 1.19.3"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@ -699,6 +699,12 @@ When at the limit, further connections are accepted but closed immediately.
This option is experimental at this time.
.TP
.B access\-control: \fI<IP netblock> <action>
Specify treatment of incoming queries from their originating IP address.
Queries can be allowed to have access to this server that gives DNS
answers, or refused, with other actions possible. The IP address range
can be specified as a netblock, it is possible to give the statement
several times in order to specify the treatment of different netblocks.
.IP
The netblock is given as an IP4 or IP6 address with /size appended for a
classless network block. The action can be \fIdeny\fR, \fIrefuse\fR,
\fIallow\fR, \fIallow_setrd\fR, \fIallow_snoop\fR, \fIallow_cookie\fR,
@ -738,7 +744,7 @@ the cache contents (for malicious acts). However, nonrecursive queries can
also be a valuable debugging tool (when you want to examine the cache
contents). In that case use \fIallow_snoop\fR for your administration host.
.IP
The \fIallow_cookie\fR action allows access to UDP queries that contain a
The \fIallow_cookie\fR action allows access only to UDP queries that contain a
valid DNS Cookie as specified in RFC 7873 and RFC 9018, when the
\fBanswer\-cookie\fR option is enabled.
UDP queries containing only a DNS Client Cookie and no Server Cookie, or an
@ -747,10 +753,8 @@ generated DNS Cookie, allowing clients to retry with that DNS Cookie.
The \fIallow_cookie\fR action will also accept requests over stateful
transports, regardless of the presence of an DNS Cookie and regardless of the
\fBanswer\-cookie\fR setting.
If \fBip\-ratelimit\fR is used, clients with a valid DNS Cookie will bypass the
ratelimit.
If a ratelimit for such clients is still needed, \fBip\-ratelimit\-cookie\fR
can be used instead.
UDP queries without a DNS Cookie receive REFUSED responses with the TC flag set,
that may trigger fall back to TCP for those clients.
.IP
By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd.
The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS
@ -913,6 +917,11 @@ Prints the word 'query' and 'reply' with log\-queries and log\-replies.
This makes filtering logs easier. The default is off (for backwards
compatibility).
.TP
.B log\-destaddr: \fI<yes or no>
Prints the destination address, port and type in the log\-replies output.
This disambiguates what type of traffic, eg. udp or tcp, and to what local
port the traffic was sent to.
.TP
.B log\-local\-actions: \fI<yes or no>
Print log lines to inform about local zone actions. These lines are like the
local\-zone type inform prints out, but they are also printed for the other
@ -1839,6 +1848,9 @@ The ratelimit is in queries per second that are allowed. More queries are
completely dropped and will not receive a reply, SERVFAIL or otherwise.
IP ratelimiting happens before looking in the cache. This may be useful for
mitigating amplification attacks.
Clients with a valid DNS Cookie will bypass the ratelimit.
If a ratelimit for such clients is still needed, \fBip\-ratelimit\-cookie\fR
can be used instead.
Default is 0 (disabled).
.TP 5
.B ip\-ratelimit\-cookie: \fI<number or 0>

1
iterator/iter_fwd.c
View file

@ -523,4 +523,3 @@ forwards_delete_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm)
fwd_zone_free(z);
fwd_init_parents(fwd);
}

5
iterator/iter_hints.c
View file

@ -129,7 +129,7 @@ compile_time_root_prime(int do_ip4, int do_ip6)
dp->has_parent_side_NS = 1;
if(do_ip4) {
if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4")) goto failed;
if(!ah(dp, "B.ROOT-SERVERS.NET.", "199.9.14.201")) goto failed;
if(!ah(dp, "B.ROOT-SERVERS.NET.", "170.247.170.2")) goto failed;
if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) goto failed;
if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) goto failed;
if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) goto failed;
@ -144,7 +144,7 @@ compile_time_root_prime(int do_ip4, int do_ip6)
}
if(do_ip6) {
if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed;
if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:200::b")) goto failed;
if(!ah(dp, "B.ROOT-SERVERS.NET.", "2801:1b8:10::b")) goto failed;
if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed;
if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed;
if(!ah(dp, "E.ROOT-SERVERS.NET.", "2001:500:a8::e")) goto failed;
@ -560,4 +560,3 @@ hints_delete_stub(struct iter_hints* hints, uint16_t c, uint8_t* nm)
hints_stub_free(z);
name_tree_init_parents(&hints->tree);
}

3
iterator/iter_scrub.c
View file

@ -283,7 +283,8 @@ synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias,
sizeof(uint32_t)+sizeof(uint16_t)+aliaslen);
if(!cn->rr_first->ttl_data)
return NULL;
sldns_write_uint32(cn->rr_first->ttl_data, 0); /* TTL = 0 */
memmove(cn->rr_first->ttl_data, rrset->rr_first->ttl_data,
sizeof(uint32_t)); /* RFC6672: synth CNAME TTL == DNAME TTL */
sldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen);
memmove(cn->rr_first->ttl_data+6, alias, aliaslen);
cn->rr_first->size = sizeof(uint16_t)+aliaslen;

8
iterator/iterator.c
View file

@ -4151,10 +4151,10 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq,
/* like packet got dropped */
goto handle_it;
}
if(!inplace_cb_edns_back_parsed_call(qstate->env, qstate)) {
log_err("unable to call edns_back_parsed callback");
goto handle_it;
}
}
if(!inplace_cb_edns_back_parsed_call(qstate->env, qstate)) {
log_err("unable to call edns_back_parsed callback");
goto handle_it;
}
/* remove CD-bit, we asked for in case we handle validation ourself */

2
services/authzone.c
View file

@ -2702,7 +2702,7 @@ create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region,
if(!d)
return 0; /* out of memory */
(*cname)->entry.data = d;
d->ttl = 0; /* 0 for synthesized CNAME TTL */
d->ttl = dname->data->ttl; /* RFC6672: synth CNAME TTL == DNAME TTL */
d->count = 1;
d->rrsig_count = 0;
d->trust = rrset_trust_ans_noAA;

12
services/cache/dns.c vendored
View file

@ -80,6 +80,7 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now,
struct regional* region, time_t qstarttime)
{
size_t i;
time_t ttl, min_ttl = rep->ttl;
/* see if rrset already exists in cache, if not insert it. */
for(i=0; i<rep->rrset_count; i++) {
rep->ref[i].key = rep->rrsets[i];
@ -112,6 +113,15 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now,
case 1: /* ref updated, item inserted */
rep->rrsets[i] = rep->ref[i].key;
}
/* if ref was updated make sure the message ttl is updated to
* the minimum of the current rrsets. */
ttl = ((struct packed_rrset_data*)rep->rrsets[i]->entry.data)->ttl;
if(ttl < min_ttl) min_ttl = ttl;
}
if(min_ttl < rep->ttl) {
rep->ttl = min_ttl;
rep->prefetch_ttl = PREFETCH_TTL_CALC(rep->ttl);
rep->serve_expired_ttl = rep->ttl + SERVE_EXPIRED_TTL;
}
}
@ -818,7 +828,7 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region,
if(!newd)
return NULL;
ck->entry.data = newd;
newd->ttl = 0; /* 0 for synthesized CNAME TTL */
newd->ttl = d->ttl - now; /* RFC6672: synth CNAME TTL == DNAME TTL */
newd->count = 1;
newd->rrsig_count = 0;
newd->trust = rrset_trust_ans_noAA;

6
services/localzone.c
View file

@ -1532,7 +1532,7 @@ local_data_answer(struct local_zone* z, struct module_env* env,
return 0; /* invalid cname */
if(dname_is_wild(ctarget)) {
/* synthesize cname target */
struct packed_rrset_data* d;
struct packed_rrset_data* d, *lr_d;
/* -3 for wildcard label and root label from qname */
size_t newtargetlen = qinfo->qname_len + ctargetlen - 3;
@ -1560,8 +1560,10 @@ local_data_answer(struct local_zone* z, struct module_env* env,
+ newtargetlen);
if(!d)
return 0; /* out of memory */
lr_d = (struct packed_rrset_data*)lr->rrset->entry.data;
qinfo->local_alias->rrset->entry.data = d;
d->ttl = 0; /* 0 for synthesized CNAME TTL */
d->ttl = lr_d->rr_ttl[0]; /* RFC6672-like behavior:
synth CNAME TTL uses original TTL*/
d->count = 1;
d->rrsig_count = 0;
d->trust = rrset_trust_ans_noAA;

10
services/mesh.c
View file

@ -69,6 +69,12 @@
#include "edns-subnet/subnetmod.h"
#include "edns-subnet/edns-subnet.h"
#endif
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
/**
* Compare two response-ip client info entries for the purpose of mesh state
@ -1429,7 +1435,9 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
if(m->s.env->cfg->log_replies) {
log_reply_info(NO_VERBOSE, &m->s.qinfo,
&r->query_reply.client_addr,
r->query_reply.client_addrlen, duration, 0, r_buffer);
r->query_reply.client_addrlen, duration, 0, r_buffer,
(m->s.env->cfg->log_destaddr?(void*)r->query_reply.c->socket->addr->ai_addr:NULL),
r->query_reply.c->type);
}
}

46
services/outside_network.c
View file

@ -1009,7 +1009,7 @@ use_free_buffer(struct outside_network* outnet)
sldns_buffer tmp;
sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len);
dt_msg_send_outside_query(outnet->dtenv, &w->sq->addr,
&pend_tcp->pi->addr, comm_tcp, w->sq->zone,
&pend_tcp->pi->addr, comm_tcp, NULL, w->sq->zone,
w->sq->zonelen, &tmp);
}
#endif
@ -2237,7 +2237,7 @@ randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout)
outnet->dtenv->log_forwarder_query_messages)) {
log_addr(VERB_ALGO, "from local addr", &pend->pc->pif->addr, pend->pc->pif->addrlen);
log_addr(VERB_ALGO, "request to upstream", &pend->addr, pend->addrlen);
dt_msg_send_outside_query(outnet->dtenv, &pend->addr, &pend->pc->pif->addr, comm_udp,
dt_msg_send_outside_query(outnet->dtenv, &pend->addr, &pend->pc->pif->addr, comm_udp, NULL,
pend->sq->zone, pend->sq->zonelen, packet);
}
#endif
@ -2517,7 +2517,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet,
sldns_buffer tmp;
sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len);
dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr,
&pend->pi->addr, comm_tcp, sq->zone,
&pend->pi->addr, comm_tcp, NULL, sq->zone,
sq->zonelen, &tmp);
}
#endif
@ -2820,6 +2820,25 @@ serviced_perturb_qname(struct ub_randstate* rnd, uint8_t* qbuf, size_t len)
}
}
static uint16_t
serviced_query_udp_size(struct serviced_query* sq, enum serviced_query_status status) {
uint16_t udp_size;
if(status == serviced_query_UDP_EDNS_FRAG) {
if(addr_is_ip6(&sq->addr, sq->addrlen)) {
if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE)
udp_size = EDNS_FRAG_SIZE_IP6;
else udp_size = EDNS_ADVERTISED_SIZE;
} else {
if(EDNS_FRAG_SIZE_IP4 < EDNS_ADVERTISED_SIZE)
udp_size = EDNS_FRAG_SIZE_IP4;
else udp_size = EDNS_ADVERTISED_SIZE;
}
} else {
udp_size = EDNS_ADVERTISED_SIZE;
}
return udp_size;
}
/** put serviced query into a buffer */
static void
serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns)
@ -2843,19 +2862,7 @@ serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns)
edns.opt_list_in = NULL;
edns.opt_list_out = sq->opt_list;
edns.opt_list_inplace_cb_out = NULL;
if(sq->status == serviced_query_UDP_EDNS_FRAG) {
if(addr_is_ip6(&sq->addr, sq->addrlen)) {
if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE)
edns.udp_size = EDNS_FRAG_SIZE_IP6;
else edns.udp_size = EDNS_ADVERTISED_SIZE;
} else {
if(EDNS_FRAG_SIZE_IP4 < EDNS_ADVERTISED_SIZE)
edns.udp_size = EDNS_FRAG_SIZE_IP4;
else edns.udp_size = EDNS_ADVERTISED_SIZE;
}
} else {
edns.udp_size = EDNS_ADVERTISED_SIZE;
}
edns.udp_size = serviced_query_udp_size(sq, sq->status);
edns.bits = 0;
if(sq->dnssec & EDNS_DO)
edns.bits = EDNS_DO;
@ -3083,7 +3090,7 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error,
log_addr(VERB_ALGO, "response from upstream", &sq->addr, sq->addrlen);
log_addr(VERB_ALGO, "to local addr", &pi->addr, pi->addrlen);
dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr,
&pi->addr, c->type, sq->zone, sq->zonelen, sq->qbuf,
&pi->addr, c->type, c->ssl, sq->zone, sq->zonelen, sq->qbuf,
sq->qbuflen, &sq->last_sent_time, sq->outnet->now_tv,
c->buffer);
}
@ -3252,7 +3259,8 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
sq->pending = NULL; /* removed after callback */
if(error == NETEVENT_TIMEOUT) {
if(sq->status == serviced_query_UDP_EDNS && sq->last_rtt < 5000) {
if(sq->status == serviced_query_UDP_EDNS && sq->last_rtt < 5000 &&
(serviced_query_udp_size(sq, serviced_query_UDP_EDNS_FRAG) < serviced_query_udp_size(sq, serviced_query_UDP_EDNS))) {
/* fallback to 1480/1280 */
sq->status = serviced_query_UDP_EDNS_FRAG;
log_name_addr(VERB_ALGO, "try edns1xx0", sq->qbuf+10,
@ -3296,7 +3304,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
log_addr(VERB_ALGO, "to local addr", &p->pc->pif->addr,
p->pc->pif->addrlen);
dt_msg_send_outside_response(outnet->dtenv, &sq->addr,
&p->pc->pif->addr, c->type, sq->zone, sq->zonelen,
&p->pc->pif->addr, c->type, c->ssl, sq->zone, sq->zonelen,
sq->qbuf, sq->qbuflen, &sq->last_sent_time,
sq->outnet->now_tv, c->buffer);
}

1
testcode/testpkts.c
View file

@ -470,6 +470,7 @@ get_origin(const char* name, struct sldns_file_parse_state* pstate, char* parse)
store = *end;
*end = 0;
verbose(3, "parsing '%s'\n", parse);
pstate->origin_len = sizeof(pstate->origin);
status = sldns_str2wire_dname_buf(parse, pstate->origin,
&pstate->origin_len);
*end = store;

16
testcode/unitauth.c
View file

@ -279,14 +279,14 @@ static struct q_ans example_com_queries[] = {
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir.example.com. 3600 IN DNAME redir.example.org.\n"
"abc.redir.example.com. 0 IN CNAME abc.redir.example.org.\n"
"abc.redir.example.com. 3600 IN CNAME abc.redir.example.org.\n"
},
{ "example.com", "foo.abc.redir.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir.example.com. 3600 IN DNAME redir.example.org.\n"
"foo.abc.redir.example.com. 0 IN CNAME foo.abc.redir.example.org.\n"
"foo.abc.redir.example.com. 3600 IN CNAME foo.abc.redir.example.org.\n"
},
{ "example.com", "redir2.example.com. DNAME", "",
@ -299,42 +299,42 @@ static struct q_ans example_com_queries[] = {
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"abc.redir2.example.com. 0 IN CNAME abc.redir2.example.org.\n"
"abc.redir2.example.com. 3600 IN CNAME abc.redir2.example.org.\n"
},
{ "example.com", "obscured.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"obscured.redir2.example.com. 0 IN CNAME obscured.redir2.example.org.\n"
"obscured.redir2.example.com. 3600 IN CNAME obscured.redir2.example.org.\n"
},
{ "example.com", "under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"under2.redir2.example.com. 0 IN CNAME under2.redir2.example.org.\n"
"under2.redir2.example.com. 3600 IN CNAME under2.redir2.example.org.\n"
},
{ "example.com", "doubleobscured.under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"doubleobscured.under2.redir2.example.com. 0 IN CNAME doubleobscured.under2.redir2.example.org.\n"
"doubleobscured.under2.redir2.example.com. 3600 IN CNAME doubleobscured.under2.redir2.example.org.\n"
},
{ "example.com", "foo.doubleobscured.under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"foo.doubleobscured.under2.redir2.example.com. 0 IN CNAME foo.doubleobscured.under2.redir2.example.org.\n"
"foo.doubleobscured.under2.redir2.example.com. 3600 IN CNAME foo.doubleobscured.under2.redir2.example.org.\n"
},
{ "example.com", "foo.under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"foo.under2.redir2.example.com. 0 IN CNAME foo.under2.redir2.example.org.\n"
"foo.under2.redir2.example.com. 3600 IN CNAME foo.under2.redir2.example.org.\n"
},
{ "example.com", "sub.example.com. NS", "",

26
testdata/01-doc.tdir/01-doc.test vendored
View file

@ -24,21 +24,21 @@ fi
(cd $PRE; find . -name "*.h" -print) >hlist
(cd $PRE; find . -name "*.c" -print) >>hlist
# filter out config.h
fgrep -v -e "config.h" hlist > ilist; mv ilist hlist
fgrep -v -e "util/configparser" hlist > ilist; mv ilist hlist
fgrep -v -e "util/configlexer" hlist > ilist; mv ilist hlist
fgrep -v -e "util/configyyrename" hlist > ilist; mv ilist hlist
fgrep -v -e "util/locks.h" hlist > ilist; mv ilist hlist
fgrep -v -e "util/storage/lookup3.c" hlist > ilist; mv ilist hlist
fgrep -v -e "ldns-src/" hlist > ilist; mv ilist hlist
fgrep -v -e "libunbound/python/libunbound_wrap.c" hlist > ilist; mv ilist hlist
fgrep -v -e "pythonmod/interface.h" hlist > ilist; mv ilist hlist
fgrep -v -e "dnstap" hlist > ilist; mv ilist hlist
fgrep -v -e "util/siphash.c" hlist > ilist; mv ilist hlist
grep -F -v -e "config.h" hlist > ilist; mv ilist hlist
grep -F -v -e "util/configparser" hlist > ilist; mv ilist hlist
grep -F -v -e "util/configlexer" hlist > ilist; mv ilist hlist
grep -F -v -e "util/configyyrename" hlist > ilist; mv ilist hlist
grep -F -v -e "util/locks.h" hlist > ilist; mv ilist hlist
grep -F -v -e "util/storage/lookup3.c" hlist > ilist; mv ilist hlist
grep -F -v -e "ldns-src/" hlist > ilist; mv ilist hlist
grep -F -v -e "libunbound/python/libunbound_wrap.c" hlist > ilist; mv ilist hlist
grep -F -v -e "pythonmod/interface.h" hlist > ilist; mv ilist hlist
grep -F -v -e "dnstap" hlist > ilist; mv ilist hlist
grep -F -v -e "util/siphash.c" hlist > ilist; mv ilist hlist
# filter out compat
fgrep -v -e "compat/" hlist > ilist; mv ilist hlist
grep -F -v -e "compat/" hlist > ilist; mv ilist hlist
for h in `cat hlist`; do
if fgrep "`basename $h`" $PRE/doc/html/files.html >/dev/null; then
if grep -F "`basename $h`" $PRE/doc/html/files.html >/dev/null; then
: # ok
else
echo "Warning: $h has no documentation."

14
testdata/auth_axfr.tdir/auth_axfr.test vendored
View file

@ -7,35 +7,35 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
if grep SERVFAIL outfile; then
echo "> try again"
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
echo "> cat logfiles"
cat fwd.log

14
testdata/auth_https.tdir/auth_https.test vendored
View file

@ -8,35 +8,35 @@ PRE="../.."
. ../common.sh
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
if grep SERVFAIL outfile; then
echo "> try again"
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
echo "> cat logfiles"
cat petal.log

14
testdata/blanks_cached_zone.tdir/blanks_cached_zone.test vendored
View file

@ -8,35 +8,35 @@ PRE="../.."
# do the test
TARGET=ns1.blanks.example.com.
echo "> dig $TARGET"
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
if grep SERVFAIL outfile; then
echo "> try again"
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
echo "> cat logfiles"
cat unbound.log

14
testdata/blanks_https.tdir/blanks_https.test vendored
View file

@ -8,35 +8,35 @@ PRE="../.."
# do the test
TARGET=ns1.blanks.example.com.
echo "> dig $TARGET"
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
if grep SERVFAIL outfile; then
echo "> try again"
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT $TARGET | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT $TARGET | tee outfile
fi
echo "> cat logfiles"
cat petal.log

2
testdata/cachedb_no_store.tdir/cachedb_no_store.post vendored
View file

@ -16,5 +16,5 @@ if test -f fwd4.log; then cat fwd4.log; else echo "no fwd4.log"; fi
cat unbound.log
if test -f unbound2.log; then cat unbound2.log; else echo "no unbound2.log"; fi
kill_pid $FWD_PID
kill_pid `cat unbound.pid`
kill_from_pidfile "unbound.pid"
rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID

14
testdata/cachedb_no_store.tdir/cachedb_no_store.test vendored
View file

@ -13,7 +13,7 @@ get_ldns_testns
# query for a text record that is stored by unbound's cache and cachedb
# in the testframe cache.
echo "> dig txt1.example.com."
dig @localhost -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "example text message" outfile; then
echo "OK"
else
@ -31,7 +31,7 @@ echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
wait_ldns_testns_up fwd2.log
echo "> dig txt1.example.com. from unbound cache"
dig @localhost -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "example text message" outfile; then
echo "OK"
else
@ -50,7 +50,7 @@ else
fi
echo "> dig txt1.example.com. from cachedb"
dig @localhost -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "example text message" outfile; then
echo "OK"
else
@ -69,7 +69,7 @@ wait_ldns_testns_up fwd3.log
# stop unbound to flush the cachedb cache
echo "> stop unbound"
kill_pid `cat unbound.pid`
kill_from_pidfile "unbound.pid"
echo ""
echo "> config unbound with cachedb-no-store: yes"
@ -84,7 +84,7 @@ wait_unbound_up unbound2.log
echo ""
echo "> dig txt1.example.com."
dig @localhost -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "example text message" outfile; then
echo "OK"
else
@ -102,7 +102,7 @@ echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
wait_ldns_testns_up fwd4.log
echo "> dig txt1.example.com. from unbound cache"
dig @localhost -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "example text message" outfile; then
echo "OK"
else
@ -121,7 +121,7 @@ else
fi
echo "> dig txt1.example.com. from cachedb, but that has no message stored"
dig @localhost -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT txt1.example.com. TXT | tee outfile
if grep "SERVFAIL" outfile; then
echo "OK"
else

128
testdata/common.sh vendored
View file

@ -1,7 +1,12 @@
# common.sh - an include file for commonly used functions for test code.
# BSD licensed (see LICENSE file).
#
# Version 3
# Version 6
# 2023-12-06: list wait_for_soa_serial in overview
# 2023-12-06: get_ldns_notify, skip_test and teststep, and previous changes
# also included are wait_logfile, cpu_count, process_cpu_list, and
# kill_from_pidfile, and use HOME variable for HOME/bin.
# 2011-04-06: tpk wait_logfile to wait (with timeout) for a logfile line to appear
# 2011-02-23: get_pcat for PCAT, PCAT_DIFF and PCAT_PRINT defines.
# 2011-02-18: ports check on BSD,Solaris. wait_nsd_up.
# 2011-02-11: first version.
@ -21,14 +26,19 @@
# set_doxygen_path : set doxygen path
# skip_if_in_list : set SKIP=1 if name in list and tool not available.
# get_random_port x : get RND_PORT a sequence of free random port numbers.
# wait_logfile : wait on logfile to see entry.
# wait_server_up : wait on logfile to see when server comes up.
# wait_ldns_testns_up : wait for ldns-testns to come up.
# wait_unbound_up : wait for unbound to come up.
# wait_petal_up : wait for petal to come up.
# wait_nsd_up : wait for nsd to come up.
# wait_server_up_or_fail: wait for server to come up or print a failure string
# wait_for_soa_serial : wait and dig at server for serial.
# skip_test x : print message and skip test (must be called in .pre)
# kill_pid : kill a server, make sure and wait for it to go down.
# cpu_count : get number of cpus in system
# process_cpu_list : get cpu affinity list for process
# kill_from_pidfile : kill the pid in the given pid file
# teststep : print the current test step in the output
@ -61,7 +71,7 @@ get_ldns_testns () {
if test -x "`which ldns-testns 2>&1`"; then
LDNS_TESTNS=ldns-testns
else
LDNS_TESTNS=/home/wouter/bin/ldns-testns
LDNS_TESTNS=$HOME/bin/ldns-testns
fi
}
@ -70,7 +80,7 @@ get_ldns_notify () {
if test -x "`which ldns-notify 2>&1`"; then
LDNS_NOTIFY=ldns-notify
else
LDNS_NOTIFY=/home/wouter/bin/ldns-notify
LDNS_NOTIFY=$HOME/bin/ldns-notify
fi
}
@ -160,16 +170,42 @@ get_random_port () {
done
}
# wait for a logfile line to appear, with a timeout.
# pass <logfilename> <string to watch> <timeout>
# $1 : logfilename
# $2 : string to watch for.
# $3 : timeout in seconds.
# exits with failure if it times out
wait_logfile () {
local WAIT_THRES=30
local MAX_UP_TRY=`expr $3 + $WAIT_THRES`
local try
for (( try=0 ; try <= $MAX_UP_TRY ; try++ )) ; do
if test -f $1 && grep -F "$2" $1 >/dev/null; then
#echo "done on try $try"
break;
fi
if test $try -eq $MAX_UP_TRY; then
echo "Logfile in $1 did not get $2!"
cat $1
exit 1;
fi
if test $try -ge $WAIT_THRES; then
sleep 1
fi
done
}
# wait for server to go up, pass <logfilename> <string to watch>
# $1 : logfilename
# $2 : string to watch for.
# exits with failure if it does not come up
wait_server_up () {
local MAX_UP_TRY=120
local WAIT_THRES=30
local MAX_UP_TRY=120
local try
for (( try=0 ; try <= $MAX_UP_TRY ; try++ )) ; do
if test -f $1 && fgrep "$2" $1 >/dev/null; then
if test -f $1 && grep -F "$2" $1 >/dev/null; then
#echo "done on try $try"
break;
fi
@ -220,11 +256,11 @@ wait_server_up_or_fail () {
local WAIT_THRES=30
local try
for (( try=0 ; try <= $MAX_UP_TRY ; try++ )) ; do
if test -f $1 && fgrep "$2" $1 >/dev/null; then
if test -f $1 && grep -F "$2" $1 >/dev/null; then
echo "done on try $try"
break;
fi
if test -f $1 && fgrep "$3" $1 >/dev/null; then
if test -f $1 && grep -F "$3" $1 >/dev/null; then
echo "failed on try $try"
break;
fi
@ -239,6 +275,33 @@ wait_server_up_or_fail () {
done
}
# $1: zone
# $2: serial to be expected
# $3: server to query
# $4: port
# $5: # times to try (# seconds dig is ran)
wait_for_soa_serial () {
TS_START=`date +%s`
for i in `seq 1 $5`
do
SERIAL=`dig -p $4 @$3 $1 SOA +short | awk '{ print $3 }'`
if test "$?" != "0"
then
echo "** \"dig -p $4 @$3 $1 SOA +short\" failed!"
return 1
fi
if test "$SERIAL" = "$2"
then
TS_END=`date +%s`
echo "*** Serial $2 was seen in $i tries (`expr $TS_END - $TS_START`) seconds"
return 0
fi
sleep 1
done
echo "** Serial $2 was not seen in $5 tries (did see: $SERIAL)"
return 1
}
# kill a pid, make sure and wait for it to go down.
# $1 : pid to kill
kill_pid () {
@ -268,11 +331,58 @@ kill_pid () {
# set doxygen path, so that make doc can find doxygen
set_doxygen_path () {
if test -x '/home/wouter/bin/doxygen'; then
export PATH="/home/wouter/bin:$PATH"
if test -x '$HOME/bin/doxygen'; then
export PATH="$HOME/bin:$PATH"
fi
}
# get number of cpus in system
cpu_count()
{
local sys=$(uname -s)
if [ "${sys}" = "Linux" ]; then
nproc
elif [ "${sys}" = "FreeBSD" ]; then
sysctl -n hw.ncpu
fi
}
# get cpu affinity list for process
# $1 : pid
process_cpu_list() {
local pid=${1}
local sys=$(uname -s)
if [ "${sys}" = "Linux" ]; then
local defl=$(taskset -pc ${pid} | sed -n -e 's/^.*: //p' | head -n 1)
elif [ "${sys}" = "FreeBSD" ]; then
local defl=$(cpuset -g -p ${pid} | sed -n -e 's/^.*: //p' | head -n 1)
fi
if [ -n "${defl}" ]; then
local infl
defl=$(echo "${defl}" | sed -e 's/,/ /g')
for i in ${defl}; do
rng=$(echo "${i}-${i}" | sed -e 's/^\([0-9]*\)-\([0-9]*\).*$/\1 \2/')
infl="${infl} $(seq -s ' ' ${rng})"
done
infl=$(echo ${infl} | sed -e 's/ */ /' -e 's/^ *//')
echo "${infl}"
fi
}
#
#
kill_from_pidfile() {
local pidfile="$1"
if test -f "$pidfile"; then
local pid=`head -n 1 "$pidfile"`
if test ! -z "$pid"; then
kill_pid "$pid"
fi
fi
}
# Print the current test step in the output
teststep () {
echo

4
testdata/fwd_ancil.tdir/fwd_ancil.post vendored
View file

@ -7,10 +7,10 @@
# do your teardown here
. ../common.sh
kill_pid $FWD_PID
if fgrep "service stopped" unbound.log; then
if grep -F "service stopped" unbound.log; then
exit 0
fi
if fgrep "disable interface-automatic" unbound.log; then
if grep -F "disable interface-automatic" unbound.log; then
echo "skip test"
exit 0
fi

2
testdata/fwd_ancil.tdir/fwd_ancil.pre vendored
View file

@ -36,7 +36,7 @@ wait_ldns_testns_up fwd.log
# wait for unbound to come up
# string 'Start of service' in log.
wait_server_up_or_fail unbound.log "start of service" "disable interface-automatic"
if fgrep "disable interface-automatic" unbound.log; then
if grep -F "disable interface-automatic" unbound.log; then
skip_test "skip test"
fi

2
testdata/fwd_ancil.tdir/fwd_ancil.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
. ../common.sh
if fgrep "disable interface-automatic" unbound.log; then
if grep -F "disable interface-automatic" unbound.log; then
echo "skip test"
exit 0
fi

2
testdata/fwd_bogus.tdir/fwd_bogus.test vendored
View file

@ -8,7 +8,7 @@ PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

2
testdata/fwd_capsid.tdir/fwd_capsid.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

2
testdata/fwd_capsid_fallback.tdir/fwd_capsid_fallback.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT wwwabcdefghijklmnopqrstuvwxyzwww.example.com | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT wwwabcdefghijklmnopqrstuvwxyzwww.example.com | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

2
testdata/fwd_capsid_strip.tdir/fwd_capsid_strip.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT wwwabcdefghijklmnopqrstuvwxyzwww.example.com | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT wwwabcdefghijklmnopqrstuvwxyzwww.example.com | tee outfile
echo "> cat logfiles"
cat fwd.log
cat fwd2.log

2
testdata/fwd_capsid_white.tdir/fwd_capsid_white.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT wwwabcdefghijklmnopqrstuvwxyzwww.example.com | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT wwwabcdefghijklmnopqrstuvwxyzwww.example.com | tee outfile
echo "> cat logfiles"
cat fwd.log
cat fwd2.log

4
testdata/fwd_edns_bksec.tdir/fwd_edns_bksec.test vendored
View file

@ -10,7 +10,7 @@ PRE="../.."
# First the nasty name.
# The server should not have performed EDNS fallback and cached it.
echo "> dig nasty.example.com."
dig @localhost -p $UNBOUND_PORT nasty.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT nasty.example.com. | tee outfile
# no answer possible for it.
echo "> check backed-off"
@ -27,7 +27,7 @@ fi
# Then the www name.
# See if we can still get the EDNS data.
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

4
testdata/fwd_edns_probe.tdir/fwd_edns_probe.test vendored
View file

@ -10,7 +10,7 @@ PRE="../.."
# First the nasty name.
# The server should not have performed EDNS fallback and cached it.
echo "> dig nasty.example.com."
dig @localhost -p $UNBOUND_PORT nasty.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT nasty.example.com. | tee outfile
# no answer possible for it.
echo "> check no-answer"
@ -27,7 +27,7 @@ fi
# Then the www name.
# See if we can still get the EDNS data.
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

2
testdata/fwd_malformed.tdir/fwd_malformed.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

2
testdata/fwd_no_edns.tdir/fwd_no_edns.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

2
testdata/fwd_oneport.tdir/fwd_oneport.post vendored
View file

@ -9,7 +9,7 @@
kill_pid $FWD_PID
# find all extra forked testns and kill them.
pidlist=`fgrep "forked pid:" fwd.log | sed -e 's/forked pid: //'`
pidlist=`grep -F "forked pid:" fwd.log | sed -e 's/forked pid: //'`
for p in $pidlist; do
kill_pid $p
done

14
testdata/fwd_oneport.tdir/fwd_oneport.test vendored
View file

@ -11,7 +11,7 @@ PRE="../.."
# so that all three queries get timeouts during the later test.
#
#echo "> dig www1.example.com."
#dig @localhost -p $UNBOUND_PORT www1.example.com. | tee outfile
#dig @127.0.0.1 -p $UNBOUND_PORT www1.example.com. | tee outfile
#echo "> cat logfiles"
#cat fwd.log
#cat unbound.log
@ -24,17 +24,17 @@ PRE="../.."
#fi
echo "> do queries"
dig @localhost -p $UNBOUND_PORT www1.example.com. >outfile1 &
dig @127.0.0.1 -p $UNBOUND_PORT www1.example.com. >outfile1 &
digpid1=$!
dig @localhost -p $UNBOUND_PORT www2.example.com. >outfile2 &
dig @127.0.0.1 -p $UNBOUND_PORT www2.example.com. >outfile2 &
digpid2=$!
dig @localhost -p $UNBOUND_PORT www3.example.com. >outfile3 &
dig @127.0.0.1 -p $UNBOUND_PORT www3.example.com. >outfile3 &
digpid3=$!
dig @localhost -p $UNBOUND_PORT www4.example.com. >outfile4 &
dig @127.0.0.1 -p $UNBOUND_PORT www4.example.com. >outfile4 &
digpid4=$!
dig @localhost -p $UNBOUND_PORT www5.example.com. >outfile5 &
dig @127.0.0.1 -p $UNBOUND_PORT www5.example.com. >outfile5 &
digpid5=$!
dig @localhost -p $UNBOUND_PORT www6.example.com. >outfile6 &
dig @127.0.0.1 -p $UNBOUND_PORT www6.example.com. >outfile6 &
digpid6=$!
sleep 12
kill -9 $digpid1

2
testdata/fwd_tcp.tdir/fwd_tcp.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost +vc -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 +vc -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

2
testdata/fwd_tcp_tc.tdir/fwd_tcp_tc.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

2
testdata/fwd_three.tdir/fwd_three.post vendored
View file

@ -11,7 +11,7 @@
kill_pid $FWD_PID
# find all extra forked testns and kill them.
pidlist=`fgrep "forked pid:" fwd.log | sed -e 's/forked pid: //'`
pidlist=`grep -F "forked pid:" fwd.log | sed -e 's/forked pid: //'`
for p in $pidlist; do
kill_pid $p
done

8
testdata/fwd_three.tdir/fwd_three.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www1.example.com."
dig @localhost -p $UNBOUND_PORT www1.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www1.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -20,11 +20,11 @@ else
fi
echo "> do three queries"
dig @localhost -p $UNBOUND_PORT +retry=10 +time=1 www1.example.com. >outfile1 &
dig @127.0.0.1 -p $UNBOUND_PORT +retry=10 +time=1 www1.example.com. >outfile1 &
digpid1=$!
dig @localhost -p $UNBOUND_PORT +retry=10 +time=1 www2.example.com. >outfile2 &
dig @127.0.0.1 -p $UNBOUND_PORT +retry=10 +time=1 www2.example.com. >outfile2 &
digpid2=$!
dig @localhost -p $UNBOUND_PORT +retry=10 +time=1 www3.example.com. >outfile3 &
dig @127.0.0.1 -p $UNBOUND_PORT +retry=10 +time=1 www3.example.com. >outfile3 &
digpid3=$!
sleep 5
kill -9 $digpid1

2
testdata/fwd_three_service.tdir/fwd_three_service.post vendored
View file

@ -11,7 +11,7 @@
kill_pid $FWD_PID
# find all extra forked testns and kill them.
pidlist=`fgrep "forked pid:" fwd.log | sed -e 's/forked pid: //'`
pidlist=`grep -F "forked pid:" fwd.log | sed -e 's/forked pid: //'`
for p in $pidlist; do
kill_pid $p
done

8
testdata/fwd_three_service.tdir/fwd_three_service.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www1.example.com."
dig @localhost -p $UNBOUND_PORT www1.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www1.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -20,11 +20,11 @@ else
fi
echo "> do three queries"
dig @localhost -p $UNBOUND_PORT www1.example.com. >outfile1 &
dig @127.0.0.1 -p $UNBOUND_PORT www1.example.com. >outfile1 &
digpid1=$!
dig @localhost -p $UNBOUND_PORT www2.example.com. >outfile2 &
dig @127.0.0.1 -p $UNBOUND_PORT www2.example.com. >outfile2 &
digpid2=$!
dig @localhost -p $UNBOUND_PORT www3.example.com. >outfile3 &
dig @127.0.0.1 -p $UNBOUND_PORT www3.example.com. >outfile3 &
digpid3=$!
sleep 5
kill -9 $digpid1

4
testdata/fwd_ttlexpire.tdir/fwd_ttlexpire.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> check answer"
if grep "10.20.30.40" outfile; then
echo "OK"
@ -20,7 +20,7 @@ sleep 4
# query again
rm outfile
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> check answer"
if grep "10.20.30.40" outfile; then
echo "OK"

2
testdata/fwd_udp.tdir/fwd_udp.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

4
testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig tcp.example.com."
dig @localhost -p $UNBOUND_PORT tcp.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT tcp.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -20,7 +20,7 @@ else
fi
echo "> dig udp.example.com."
dig @localhost -p $UNBOUND_PORT udp.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT udp.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

2
testdata/fwd_udptmout.tdir/fwd_udptmout.post vendored
View file

@ -10,7 +10,7 @@
kill_pid $FWD_PID
# find all extra forked testns and kill them.
pidlist=`fgrep "forked pid:" fwd.log | sed -e 's/forked pid: //'`
pidlist=`grep -F "forked pid:" fwd.log | sed -e 's/forked pid: //'`
for p in $pidlist; do
kill_pid $p
done

14
testdata/fwd_udptmout.tdir/fwd_udptmout.test vendored
View file

@ -11,7 +11,7 @@ PRE="../.."
# so that all three queries get timeouts during the later test.
#
#echo "> dig www1.example.com."
#dig @localhost -p $UNBOUND_PORT www1.example.com. | tee outfile
#dig @127.0.0.1 -p $UNBOUND_PORT www1.example.com. | tee outfile
#echo "> cat logfiles"
#cat fwd.log
#cat unbound.log
@ -24,17 +24,17 @@ PRE="../.."
#fi
echo "> do queries"
dig @localhost -p $UNBOUND_PORT www1.example.com. >outfile1 &
dig @127.0.0.1 -p $UNBOUND_PORT www1.example.com. >outfile1 &
digpid1=$!
dig @localhost -p $UNBOUND_PORT www2.example.com. >outfile2 &
dig @127.0.0.1 -p $UNBOUND_PORT www2.example.com. >outfile2 &
digpid2=$!
dig @localhost -p $UNBOUND_PORT www3.example.com. >outfile3 &
dig @127.0.0.1 -p $UNBOUND_PORT www3.example.com. >outfile3 &
digpid3=$!
dig @localhost -p $UNBOUND_PORT www4.example.com. >outfile4 &
dig @127.0.0.1 -p $UNBOUND_PORT www4.example.com. >outfile4 &
digpid4=$!
dig @localhost -p $UNBOUND_PORT www5.example.com. >outfile5 &
dig @127.0.0.1 -p $UNBOUND_PORT www5.example.com. >outfile5 &
digpid5=$!
dig @localhost -p $UNBOUND_PORT www6.example.com. >outfile6 &
dig @127.0.0.1 -p $UNBOUND_PORT www6.example.com. >outfile6 &
digpid6=$!
sleep 15

2
testdata/fwd_waitudp.tdir/fwd_waitudp.post vendored
View file

@ -11,7 +11,7 @@
kill_pid $FWD_PID
# find all extra forked testns and kill them.
pidlist=`fgrep "forked pid:" fwd.log | sed -e 's/forked pid: //'`
pidlist=`grep -F "forked pid:" fwd.log | sed -e 's/forked pid: //'`
for p in $pidlist; do
kill_pid $p
done

8
testdata/fwd_waitudp.tdir/fwd_waitudp.test vendored
View file

@ -11,7 +11,7 @@ PRE="../.."
# so that all three queries get timeouts during the later test.
#
#echo "> dig www1.example.com."
#dig @localhost -p $UNBOUND_PORT www1.example.com. | tee outfile
#dig @127.0.0.1 -p $UNBOUND_PORT www1.example.com. | tee outfile
#echo "> cat logfiles"
#cat fwd.log
#cat unbound.log
@ -24,11 +24,11 @@ PRE="../.."
#fi
echo "> do three queries"
dig @localhost -p $UNBOUND_PORT www1.example.com. >outfile1 &
dig @127.0.0.1 -p $UNBOUND_PORT www1.example.com. >outfile1 &
digpid1=$!
dig @localhost -p $UNBOUND_PORT www2.example.com. >outfile2 &
dig @127.0.0.1 -p $UNBOUND_PORT www2.example.com. >outfile2 &
digpid2=$!
dig @localhost -p $UNBOUND_PORT www3.example.com. >outfile3 &
dig @127.0.0.1 -p $UNBOUND_PORT www3.example.com. >outfile3 &
digpid3=$!
sleep 15
kill -9 $digpid1

2
testdata/fwd_zero.tdir/fwd_zero.test vendored
View file

@ -17,7 +17,7 @@ echo "b4380100000100000000000003777777076578616d706c6503636f6d00" | xxd -r -p |
# now test that server is still up
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

14
testdata/http_user_agent.tdir/http_user_agent.test vendored
View file

@ -9,35 +9,35 @@ PRE="../.."
# Query and check check that we get the correct answer from the auth_zone
query () {
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
if grep SERVFAIL outfile; then
echo "> try again"
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
fi
echo "> check answer"
if grep "1.2.3.4" outfile; then

1
testdata/iter_cname_minimise_nx.rpl vendored
View file

@ -241,6 +241,5 @@ v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 ex
example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY
example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco=
ENTRY_END
ENTRY_END
SCENARIO_END

20
testdata/iter_dname_insec.rpl vendored
View file

@ -397,7 +397,7 @@ ENTRY_END
STEP 220302 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a.example.com. IN A
@ -420,7 +420,7 @@ ENTRY_END
STEP 220402 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a.b.example.com. IN A
@ -523,7 +523,7 @@ ENTRY_END
STEP 220702 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a.x.example.com. IN A
@ -607,7 +607,7 @@ ENTRY_END
STEP 220802 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a2.example.com. IN A
@ -691,14 +691,14 @@ ENTRY_END
; CNAME chains should be followed and CNAME loops signalled as an error
STEP 220902 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
REPLY NOERROR
SECTION QUESTION
cyc.example.com. IN A
SECTION ANSWER
example.com. 0 IN DNAME example.com.
cyc.example.com. 0 IN CNAME cyc.example.com.
example.com. 3600 IN DNAME example.com.
cyc.example.com. 3600 IN CNAME cyc.example.com.
ENTRY_END
; ns1.example.com.
@ -857,7 +857,7 @@ ENTRY_END
STEP 221102 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
shortloop.x.x. IN TXT
@ -885,7 +885,7 @@ ENTRY_END
STEP 221202 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
shortloop.x. IN TXT
@ -999,7 +999,7 @@ ENTRY_END
; query returning maximal permissible length - should work
STEP 229002 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
x.long. IN A

310
testdata/iter_dname_ttl.rpl vendored Normal file
View file

@ -0,0 +1,310 @@
; config options
; The island of trust is at example.com
; validation is enabled because the pickup of DNAME from cache wants
; a DNSSEC signed DNAME.
server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
fake-sha1: yes
trust-anchor-signaling: no
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test iterator for TTL of synthesized CNAME of a DNAME from cache.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
net. IN A
SECTION AUTHORITY
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net. IN NS
SECTION ANSWER
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.net. IN A
SECTION AUTHORITY
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN CNAME
SECTION ANSWER
www.example.com. IN CNAME www.example.net.
www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. 3600 IN CNAME www.example.net.
www2.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. AGgh6pDCL7VF0uJablClW7cgvsPuNzpHZ+M7nZIwi61+0RPhFZLHcN4=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
foo.test-dname.example.com. IN A
SECTION ANSWER
test-dname.example.com. 3600 IN DNAME example.net.
test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0=
foo.test-dname.example.com. 3600 IN CNAME foo.example.net.
ENTRY_END
RANGE_END
; ns.example.net.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net. IN NS ns.example.net.
example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN DNSKEY
SECTION ANSWER
example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
SECTION AUTHORITY
example.net. IN NS ns.example.net.
example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END
; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.net. IN A
SECTION ANSWER
www.example.net. IN A 11.12.13.14
www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
foo.example.net. IN A
SECTION ANSWER
foo.example.net. IN A 11.12.13.15
foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA==
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
foo2.example.net. IN A
SECTION ANSWER
foo2.example.net. IN A 11.12.13.16
foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ==
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
RANGE_END
STEP 1 TIME_PASSES ELAPSE 10
; Get DNAME in cache and then pick it up again from cache.
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
foo.test-dname.example.com. IN A
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
foo.test-dname.example.com. IN A
SECTION ANSWER
test-dname.example.com. 3600 IN DNAME example.net.
test-dname.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0=
foo.test-dname.example.com. 3600 IN CNAME foo.example.net.
foo.example.net. IN A 11.12.13.15
foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA==
ENTRY_END
STEP 30 TIME_PASSES ELAPSE 10
; Use DNAME from cache
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
foo2.test-dname.example.com. IN A
ENTRY_END
; Test the TTL on the synthesized CNAME for the DNAME record from cache.
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
foo2.test-dname.example.com. IN A
SECTION ANSWER
test-dname.example.com. 3590 IN DNAME example.net.
test-dname.example.com. 3590 IN RRSIG DNAME 3 3 3600 20070926135752 20070829135752 2854 example.com. ACp31Evt1c6tKzmTh/smAuGFydZ1OO26Qkej/BW4Bw5RFBQiKaY22Z0=
foo2.test-dname.example.com. 3590 IN CNAME foo2.example.net.
foo2.example.net. 3600 IN A 11.12.13.16
foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ==
ENTRY_END
SCENARIO_END

699
testdata/iter_dname_yx.rpl vendored
View file

@ -2,6 +2,8 @@
server:
harden-referral-path: no
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: "no"
minimal-responses: no
stub-zone:
name: "."
@ -321,680 +323,6 @@ ENTRY_END
RANGE_END
; end of a.gtld-servers.net.
; RFC 6672 section 2.2. The DNAME Substitution table tests
;# QNAME owner DNAME target result
;-- ---------------- -------------- -------------- -----------------
;1 com. example.com. example.net. <no match>
;2 example.com. example.com. example.net. [0]
;3 a.example.com. example.com. example.net. a.example.net.
;4 a.b.example.com. example.com. example.net. a.b.example.net.
;5 ab.example.com. b.example.com. example.net. <no match>
;6 foo.example.com. example.com. example.net. foo.example.net.
;7 a.x.example.com. x.example.com. example.net. a.example.net.
;8 a.example.com. example.com. y.example.net. a.y.example.net.
;9 cyc.example.com. example.com. example.com. cyc.example.com.
;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com.
;11 shortloop.x.x. x. . shortloop.x.
;12 shortloop.x. x. . shortloop.
;
; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then
; the result is "example.com.", else "<no match>".
;
; Table 1. DNAME Substitution Examples
; ; line no. 1 is mostly for authoritative server
; ; line no. 2 QTYPE != DNAME
; STEP 220201 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; example.com. IN NS
; ENTRY_END
;
; STEP 220202 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode answer
; REPLY QR RD RA DO
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; ENTRY_END
;
; ; line no. 2 QTYPE == DNAME
; STEP 220203 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; example.com. IN DNAME
; ENTRY_END
;
; STEP 220204 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; REPLY QR RD RA DO
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; example.com. IN DNAME example.net.
; ENTRY_END
;
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;3 a.example.com. example.com. example.net. a.example.net.
;
; STEP 220301 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; a.example.com. IN A
; ENTRY_END
;
; STEP 220302 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; a.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME example.net.
; a.example.com. IN CNAME a.example.net.
; a.example.net. IN A 10.0.0.97
; ENTRY_END
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;4 a.b.example.com. example.com. example.net. a.b.example.net.
;
; STEP 220401 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; a.b.example.com. IN A
; ENTRY_END
;
; STEP 220402 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; a.b.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME example.net.
; a.b.example.com. IN CNAME a.b.example.net.
; a.b.example.net. IN A 10.0.97.98
; ENTRY_END
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;5 ab.example.com. b.example.com. example.net. <no match>
; ;6 foo.example.com. example.com. example.net. foo.example.net.
;
; ; line no. 5 is mostly for authoritative server
; ; line no. 6 is basically the same as line no. 3
;
; ; ns1.example.com.
; RANGE_BEGIN 220000 220699
; ADDRESS 168.192.2.2
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN A
; SECTION ANSWER
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 2 DNAME
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; example.com. IN DNAME example.net.
; ENTRY_END
;
; ; line 3
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME example.net.
; a.example.com. IN CNAME a.example.net.
; ENTRY_END
;
; ; line 4
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a.b.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME example.net.
; a.b.example.com. IN CNAME a.b.example.net.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.com.
;
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;7 a.x.example.com. x.example.com. example.net. a.example.net.
;
; STEP 220701 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; a.x.example.com. IN A
; ENTRY_END
;
; STEP 220702 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; a.x.example.com. IN A
; SECTION ANSWER
; x.example.com. IN DNAME example.net.
; a.x.example.com. IN CNAME a.example.net.
; a.example.net. IN A 10.0.0.97
; ENTRY_END
;
; ; ns1.example.com.
; RANGE_BEGIN 220700 220799
; ADDRESS 168.192.2.2
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN A
; SECTION ANSWER
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 7 DNAME
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; x.example.com. IN DNAME example.net.
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a.x.example.com. IN A
; SECTION ANSWER
; x.example.com. IN DNAME example.net.
; a.x.example.com. IN CNAME a.example.net.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.com.
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;8 a.example.com. example.com. y.example.net. a.y.example.net.
; ;
; ; a.example.com. was renamed to a2.example.com. to avoid cache clashes
; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4)
;
; STEP 220801 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; a2.example.com. IN A
; ENTRY_END
;
; STEP 220802 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; a2.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME y.example.net.
; a2.example.com. IN CNAME a2.y.example.net.
; a2.y.example.net. IN A 10.97.50.121
; ENTRY_END
;
; ; ns1.example.com.
; RANGE_BEGIN 220800 220899
; ADDRESS 168.192.2.2
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN A
; SECTION ANSWER
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 8 DNAME
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; example.com. IN DNAME y.example.net.
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a2.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME y.example.net.
; a2.example.com. IN CNAME a2.y.example.net.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.com.
;
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;9 cyc.example.com. example.com. example.com. cyc.example.com.
;
; STEP 220901 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; cyc.example.com. IN A
; ENTRY_END
;
; ; Expected result is defined by RFC 1034 section 3.6.2:
; ; CNAME chains should be followed and CNAME loops signalled as an error
; STEP 220902 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; REPLY SERVFAIL
; SECTION QUESTION
; cyc.example.com. IN A
; ENTRY_END
;
; ; ns1.example.com.
; RANGE_BEGIN 220900 220999
; ADDRESS 168.192.2.2
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN A
; SECTION ANSWER
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 9 DNAME
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; example.com. IN DNAME example.com.
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; cyc.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME example.com.
; cyc.example.com. IN CNAME cyc.example.com.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.com.
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com.
; ;
; ; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes
; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4)
; ;
; ; target c.example.com. was renamed to cyc2.example.net.
; ; to limit number of pre-canned answers required for the test
;
; STEP 221001 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; cyc2.example.com. IN A
; ENTRY_END
;
; ; Expected result is defined by RFC 1034 section 3.6.2:
; ; CNAME chains should be followed and CNAME loops signalled as an error
; STEP 221002 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; REPLY SERVFAIL
; SECTION QUESTION
; cyc2.example.com. IN A
; ENTRY_END
;
; ; ns1.example.com.
; RANGE_BEGIN 221000 221099
; ADDRESS 168.192.2.2
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN NS
; SECTION ANSWER
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN A
; SECTION ANSWER
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.com. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 10 DNAME
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.com. IN DNAME
; SECTION ANSWER
; example.com. IN DNAME cyc2.example.net.
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; cyc2.example.com. IN A
; SECTION ANSWER
; example.com. IN DNAME cyc2.example.net.
; cyc2.example.com. IN CNAME cyc2.cyc2.example.net.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.com.
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;11 shortloop.x.x. x. . shortloop.x.
;
; STEP 221101 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; shortloop.x.x. TXT
; ENTRY_END
;
; STEP 221102 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; shortloop.x.x. IN TXT
; SECTION ANSWER
; x. IN DNAME .
; ; unbound hack
; x. IN DNAME .
; shortloop.x.x. IN CNAME shortloop.x.
; shortloop.x. IN CNAME shortloop.
; shortloop. IN TXT "shortloop end"
; ENTRY_END
;
; ;# QNAME owner DNAME target result
; ;-- ---------------- -------------- -------------- -----------------
; ;12 shortloop.x. x. . shortloop.
;
; ; expire potentically cached CNAMEs for shortloop.x. from cache
; STEP 221200 TIME_PASSES ELAPSE 10000
;
; STEP 221201 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; shortloop.x. TXT
; ENTRY_END
;
; STEP 221202 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; shortloop.x. IN TXT
; SECTION ANSWER
; x. IN DNAME .
; shortloop.x. IN CNAME shortloop.
; shortloop. IN TXT "shortloop end"
; ENTRY_END
;
;
; ; ns1.example.net. (data shared by whole 22xxxx range)
; RANGE_BEGIN 220000 229999
; ADDRESS 168.192.3.3
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; example.net. IN NS
; SECTION ANSWER
; example.net. IN NS ns1.example.net.
; SECTION ADDITIONAL
; example.net. IN A 168.192.3.3
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.net. IN A
; SECTION ANSWER
; ns1.example.net. IN A 168.192.3.3
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; ns1.example.net. IN AAAA
; SECTION ANSWER
; ENTRY_END
;
; ; line 3
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a.example.net. IN A
; SECTION ANSWER
; a.example.net. IN A 10.0.0.97
; ENTRY_END
;
; ; line 4
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a.b.example.net. IN A
; SECTION ANSWER
; a.b.example.net. IN A 10.0.97.98
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; a2.y.example.net. IN A
; SECTION ANSWER
; a2.y.example.net. IN A 10.97.50.121
; ENTRY_END
;
; ; line 10
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; cyc2.example.net. IN DNAME
; SECTION ANSWER
; cyc2.example.net. IN DNAME example.com.
; ENTRY_END
;
; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR AA NOERROR
; SECTION QUESTION
; cyc2.cyc2.example.net. IN A
; SECTION ANSWER
; cyc2.example.net. IN DNAME example.com.
; cyc2.cyc2.example.com. IN CNAME cyc2.example.com.
; ENTRY_END
; RANGE_END
; ; end of ns1.example.net.
;
;
; ; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution
; ; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long.
; STEP 229001 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; x.long. IN A
; ENTRY_END
;
; ; query returning maximal permissible length - should work
; STEP 229002 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; SECTION QUESTION
; x.long. IN A
; SECTION ANSWER
; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
; x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
; x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1
; ENTRY_END
; result of substitution has too long name
; YXDOMAIN should be propagated to the client
; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html
@ -1015,27 +343,4 @@ SECTION ANSWER
long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
ENTRY_END
; ; YXDOMAIN should work even if the cache is empty
; STEP 229005 TIME_PASSES ELAPSE 4000
;
; STEP 229006 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; too.long. IN A
; ENTRY_END
;
; STEP 229007 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH rcode question answer
; REPLY QR YXDOMAIN
; SECTION QUESTION
; x.long. IN A
; SECTION ANSWER
; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
; ENTRY_END
SCENARIO_END

2
testdata/iter_ghost_sub.rpl vendored
View file

@ -19,7 +19,7 @@ MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. 86400 IN NS
. IN NS
SECTION ANSWER
. 86400 IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL

4
testdata/iter_scrub_dname_insec.rpl vendored
View file

@ -166,7 +166,7 @@ ENTRY_END
; answer to first query (simply puts DNAME in cache)
STEP 120 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA
SECTION QUESTION
x.y.example.com. IN A
@ -235,7 +235,7 @@ ENTRY_END
STEP 250 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA
SECTION QUESTION
other.y.example.com. IN A

36
testdata/local_cname.rpl vendored
View file

@ -52,6 +52,10 @@ server:
local-zone: example.net redirect
local-data: "example.net. IN CNAME cname.example.org."
# Test setup for synthesized CNAMEs
local-zone: synth.cname redirect
local-data: "synth.cname. IN CNAME *.from.resolution."
### template zone and tag intended to be used for tests with CNAME and
### other data.
##local-zone: ambiguous.example.com redirect
@ -133,6 +137,18 @@ SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.synth.cname.from.resolution. IN A
SECTION ANSWER
www.synth.cname.from.resolution. IN A 192.0.2.3
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
@ -396,6 +412,26 @@ SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
; Check CNAME synthesis
STEP 201 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.synth.cname. IN A
ENTRY_END
STEP 202 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.synth.cname. IN A
SECTION ANSWER
www.synth.cname. IN CNAME www.synth.cname.from.resolution.
www.synth.cname.from.resolution. IN A 192.0.2.3
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
; Relatively minor cases follow

6
testdata/local_nodefault.tdir/local_nodefault.test vendored
View file

@ -9,7 +9,7 @@ PRE="../.."
# this one should have NXDOMAIN builtin
#
echo "> dig 1.0.31.172.in-addr.arpa."
dig @localhost -p $UNBOUND_PORT 1.0.31.172.in-addr.arpa. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT 1.0.31.172.in-addr.arpa. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -23,7 +23,7 @@ fi
# this one should give our own data as the reply
echo "> dig 1.0.30.172.in-addr.arpa."
dig @localhost -p $UNBOUND_PORT 1.0.30.172.in-addr.arpa. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT 1.0.30.172.in-addr.arpa. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -38,7 +38,7 @@ fi
# this one should give our own data as the reply
# but different trailing dot in unbound.conf file
echo "> dig 1.0.29.172.in-addr.arpa."
dig @localhost -p $UNBOUND_PORT 1.0.29.172.in-addr.arpa. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT 1.0.29.172.in-addr.arpa. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

8
testdata/local_norec.tdir/local_norec.test vendored
View file

@ -11,7 +11,7 @@ PRE="../.."
# foo.example.com is available through local-data (and recursion...).
#
echo "> dig www.example.com. +RD"
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -24,7 +24,7 @@ else
fi
echo "> dig www.example.com. +norec"
dig @localhost +norec -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 +norec -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -37,7 +37,7 @@ else
fi
echo "> dig foo.example.com. +RD"
dig @localhost -p $UNBOUND_PORT foo.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT foo.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -50,7 +50,7 @@ else
fi
echo "> dig foo.example.com. +norec"
dig @localhost +norec -p $UNBOUND_PORT foo.example.com. | tee outfile
dig @127.0.0.1 +norec -p $UNBOUND_PORT foo.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

8
testdata/local_nosnoop.tdir/local_nosnoop.test vendored
View file

@ -14,7 +14,7 @@ PRE="../.."
# dig +norec for www does not work any more.
#
echo "> dig www.example.com. +RD"
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -27,7 +27,7 @@ else
fi
echo "> dig www.example.com. +norec"
dig @localhost +norec -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 +norec -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -47,7 +47,7 @@ else
fi
echo "> dig foo.example.com. +RD"
dig @localhost -p $UNBOUND_PORT foo.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT foo.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -60,7 +60,7 @@ else
fi
echo "> dig foo.example.com. +norec"
dig @localhost +norec -p $UNBOUND_PORT foo.example.com. | tee outfile
dig @127.0.0.1 +norec -p $UNBOUND_PORT foo.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

4
testdata/padding.tdir/padding.post vendored
View file

@ -9,13 +9,13 @@
PRE="../.."
kill_pid $DNSTAP_SOCKET_PID
kill_pid $FWD_PID
kill_pid `cat unbound2.pid`
kill_from_pidfile "unbound2.pid"
if test -f unbound2.log; then
echo ">>> upstream log"
cat unbound2.log
fi
#kill_pid $UNBOUND_PID
kill_pid `cat unbound.pid`
kill_from_pidfile "unbound.pid"
if test -f unbound.log; then
echo ">>> unbound log"
cat unbound.log

25
testdata/padding.tdir/padding.test vendored
View file

@ -25,17 +25,10 @@ else
exit 1
fi
echo "> wait for log to happen on timer"
sleep 3
echo "> wait for log to happen"
wait_logfile tap.log "www.example.com" 45
echo "> check tap.log for dnstap info"
# see if it logged the information in tap.log
# wait for a moment for filesystem to catch up.
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi
if grep "www.example.com" tap.log; then echo "yes it is in tap.log";
else
echo "information not in tap.log"
@ -67,12 +60,7 @@ fi
echo "> check tap.log for dnstap info"
# see if it logged the information in tap.log
# wait for a moment for filesystem to catch up.
if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 1; fi
if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 10; fi
wait_logfile tap.log "txt.example.com" 45
if grep "txt.example.com" tap.log; then echo "yes it is in tap.log";
else
echo "information not in tap.log"
@ -131,12 +119,7 @@ dig @127.0.0.1 -p $UNBOUND_PORT fin.example.com. TXT | tee outfile
echo "> check tap.log for dnstap info"
# see if it logged the information in tap.log
# wait for a moment for filesystem to catch up.
if grep "fini" tap.log >/dev/null; then :; else sleep 1; fi
if grep "fini" tap.log >/dev/null; then :; else sleep 1; fi
if grep "fini" tap.log >/dev/null; then :; else sleep 1; fi
if grep "fini" tap.log >/dev/null; then :; else sleep 1; fi
if grep "fini" tap.log >/dev/null; then :; else sleep 1; fi
if grep "fini" tap.log >/dev/null; then :; else sleep 10; fi
wait_logfile tap.log "fini" 45
if grep "fini" tap.log; then echo "yes it is in tap.log";
else
echo "information not in tap.log"

4
testdata/pymod.tdir/pymod.test vendored
View file

@ -22,7 +22,7 @@ fi
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log
@ -35,7 +35,7 @@ else
fi
echo "> dig www2.example.com."
dig @localhost -p $UNBOUND_PORT www2.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www2.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

20
testdata/pymod_thread.tdir/pymod_thread.test vendored
View file

@ -23,16 +23,16 @@ fi
# do the test
# generate some load.
echo "> dig www[1-10].example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile1 &
dig @localhost -p $UNBOUND_PORT www2.example.com. | tee outfile3 &
dig @localhost -p $UNBOUND_PORT www3.example.com. | tee outfile2 &
dig @localhost -p $UNBOUND_PORT www4.example.com. | tee outfile4 &
dig @localhost -p $UNBOUND_PORT www5.example.com. | tee outfile5 &
dig @localhost -p $UNBOUND_PORT www6.example.com. | tee outfile6 &
dig @localhost -p $UNBOUND_PORT www7.example.com. | tee outfile7 &
dig @localhost -p $UNBOUND_PORT www8.example.com. | tee outfile8 &
dig @localhost -p $UNBOUND_PORT www9.example.com. | tee outfile9 &
dig @localhost -p $UNBOUND_PORT www10.example.com. | tee outfile10 &
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile1 &
dig @127.0.0.1 -p $UNBOUND_PORT www2.example.com. | tee outfile3 &
dig @127.0.0.1 -p $UNBOUND_PORT www3.example.com. | tee outfile2 &
dig @127.0.0.1 -p $UNBOUND_PORT www4.example.com. | tee outfile4 &
dig @127.0.0.1 -p $UNBOUND_PORT www5.example.com. | tee outfile5 &
dig @127.0.0.1 -p $UNBOUND_PORT www6.example.com. | tee outfile6 &
dig @127.0.0.1 -p $UNBOUND_PORT www7.example.com. | tee outfile7 &
dig @127.0.0.1 -p $UNBOUND_PORT www8.example.com. | tee outfile8 &
dig @127.0.0.1 -p $UNBOUND_PORT www9.example.com. | tee outfile9 &
dig @127.0.0.1 -p $UNBOUND_PORT www10.example.com. | tee outfile10 &
wait # wait for all jobs to complete.

32
testdata/root_zonemd.tdir/root_zonemd.test vendored
View file

@ -6,8 +6,8 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT . SOA | tee outfile
echo "> dig . SOA"
dig @127.0.0.1 -p $UNBOUND_PORT . SOA | tee outfile
echo "> check answer"
if grep root-servers outfile | grep "nstld.verisign-grs.com"; then
echo "OK"
@ -26,7 +26,19 @@ else
fi
# This is the output when an unsupported algorithm is used.
if grep "auth zone . ZONEMD unsupported algorithm" unbound.log; then
if grep "auth zone . zonemd DNSSEC verification of SOA and ZONEMD RRsets secure" unbound.log; then
echo "OK"
else
echo "ZONEMD verification not OK"
exit 1
fi
if grep "auth-zone . ZONEMD hash is correct" unbound.log; then
echo "OK"
else
echo "ZONEMD verification not OK"
exit 1
fi
if grep "auth zone . ZONEMD verification successful" unbound.log; then
echo "OK"
else
echo "ZONEMD verification not OK"
@ -40,12 +52,12 @@ if test $? -ne 0; then
exit 1
fi
# The output of the reload can be checked.
#echo "> check unbound-control output"
#if grep "example.com: ZONEMD verification successful" outfile; then
#echo "OK"
#else
#echo "Not OK"
#exit 1
#fi
echo "> check unbound-control output"
if grep ".: ZONEMD verification successful" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
exit 0

151
testdata/rrset_use_cached.rpl vendored Normal file
View file

@ -0,0 +1,151 @@
server:
minimal-responses: no
serve-expired: yes
# The value does not matter, we will not simulate delay.
# We do not want only serve-expired because fetches from that
# apply a generous PREFETCH_LEEWAY.
serve-expired-client-timeout: 1000
# So that we can only have to give one SERVFAIL answer.
outbound-msg-retry: 0
forward-zone: name: "." forward-addr: 216.0.0.1
CONFIG_END
SCENARIO_BEGIN RRset from cache updates the message TTL.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; the query is sent to the forwarder - no cache yet.
STEP 2 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 3 REPLY
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
; authoritative answer
REPLY QR AA RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 5 IN A 10.20.30.40
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 10.20.30.50
ENTRY_END
STEP 4 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 5 IN A 10.20.30.40
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 10.20.30.50
ENTRY_END
; Wait for the A RRSET to expire.
STEP 5 TIME_PASSES ELAPSE 6
STEP 6 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; expired answer will not be served due to serve-expired-client-timeout.
STEP 7 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 8 REPLY
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
; authoritative answer
REPLY QR AA RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 5 IN A 10.20.30.40
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 10.20.30.50
ENTRY_END
; The cached NS related RRSETs will not be overwritten by the fresh answer.
; The message should have a TTL of 4 instead of 5 from above.
STEP 9 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 5 IN A 10.20.30.40
SECTION AUTHORITY
example.com. 4 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 4 IN A 10.20.30.50
ENTRY_END
; Wait for the NS RRSETs to expire.
STEP 10 TIME_PASSES ELAPSE 5
STEP 11 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; The message should be expired, again no expired answer at this point due to
; serve-expired-client-timeout.
STEP 12 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 13 REPLY
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; The SERVFAIL will trigger the serve-expired-client-timeout logic to try and
; replace the SERVFAIL with a possible cached (expired) answer.
; The A RRSET would be at 0TTL left (not expired) but the message should have
; been updated to use a TTL of 4 so expired by now.
; If the message TTL was not updated (bug), this message would be treated as
; non-expired and the now expired NS related RRSETs would fail sanity checks
; for non-expired messages. The result would be SERVFAIL here.
STEP 14 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 0 IN A 10.20.30.40
SECTION AUTHORITY
example.com. 30 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 30 IN A 10.20.30.50
ENTRY_END
SCENARIO_END

2
testdata/serve_expired_0ttl_nodata.rpl vendored
View file

@ -46,7 +46,7 @@ RANGE_BEGIN 30 100
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. 10 IN NS
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL

2
testdata/serve_expired_0ttl_nxdomain.rpl vendored
View file

@ -46,7 +46,7 @@ RANGE_BEGIN 30 100
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. 10 IN NS
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL

2
testdata/serve_expired_0ttl_servfail.rpl vendored
View file

@ -44,7 +44,7 @@ RANGE_BEGIN 30 100
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. 10 IN NS
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL

2
testdata/serve_expired_cached_servfail.rpl vendored
View file

@ -45,7 +45,7 @@ RANGE_BEGIN 30 100
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. 10 IN NS
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL

2
testdata/serve_expired_cached_servfail_refresh.rpl vendored
View file

@ -49,7 +49,7 @@ RANGE_BEGIN 60 100
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. 10 IN NS
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL

2
testdata/serve_expired_client_timeout_servfail.rpl vendored
View file

@ -32,7 +32,7 @@ RANGE_BEGIN 0 20
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. 10 IN NS
example.com. IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL

2
testdata/stat_timer.tdir/stat_timer.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# test if unbound is up
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> check answer"
if grep "10.20.30.40" outfile; then
echo "OK"

4
testdata/stat_values.tdir/stat_values.test vendored
View file

@ -272,7 +272,7 @@ if grep "192.0.2.1" outfile; then
else
end 1
fi
sleep 1 # make sure the outgoing UDP (and the edns1xx0 retry) are accounted for.
sleep 1 # make sure the outgoing UDP (and no edns1xx0 retry because not a smaller buffer size) are accounted for.
check_stats "\
total.num.queries=1
total.num.expired=1
@ -284,7 +284,7 @@ num.query.flags.AD=1
num.query.flags.RD=1
num.query.opcode.QUERY=1
num.query.type.A=1
num.query.udpout=2
num.query.udpout=1
total.num.cachemiss=1
msg.cache.count=2
rrset.cache.count=2

2
testdata/stub_auth_tc.tdir/stub_auth_tc.test vendored
View file

@ -7,7 +7,7 @@
PRE="../.."
# do the test
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> cat logfiles"
cat fwd.log
cat unbound.log

441
testdata/subnet_scopezero_noedns.crpl vendored Normal file
View file

@ -0,0 +1,441 @@
; scope of 0, if the query also had scope of 0, do not answer this
; to everyone, but only for scope 0 queries. Otherwise can answer cached.
server:
target-fetch-policy: "0 0 0 0 0"
send-client-subnet: 1.2.3.4
module-config: "subnetcache validator iterator"
verbosity: 4
qname-minimisation: no
stub-zone:
name: "."
stub-addr: 193.0.14.129
stub-zone:
name: "example.com"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test subnet cache with scope zero response without EDNS.
; the upstream server.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname ednsdata
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
;; we expect to receive empty
HEX_EDNSDATA_END
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
RANGE_END
RANGE_BEGIN 0 11
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
;copy_ednsdata_assume_clientsubnet
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
RANGE_BEGIN 20 31
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
;copy_ednsdata_assume_clientsubnet
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.41
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 01 00 ; address
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
RANGE_BEGIN 40 51
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
;copy_ednsdata_assume_clientsubnet
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.42
SECTION AUTHORITY
SECTION ADDITIONAL
;no EDNS in this answer. Tests if the back_parsed callback
;is called to process the lack of edns contents.
;HEX_EDNSDATA_BEGIN
;00 08 ; OPC
;00 04 ; option length
;00 01 ; Family
;00 00 ; source mask, scopemask
; ; address 0.0.0.0/0 scope 0
;HEX_EDNSDATA_END
ENTRY_END
RANGE_END
RANGE_BEGIN 120 131
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
;copy_ednsdata_assume_clientsubnet
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.43
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 00 ; source mask, scopemask
7f 02 00 ; address 127.2.0.0/24 scope 0
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
; query for 127.0.0.0/24
STEP 1 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 00 00 ;127.0.0.0/24
HEX_ANSWER_END
ENTRY_END
; answer is 10.20.30.40 for 127.0.0.0/24 scope 17
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
; query for 127.1.0.0/24
STEP 20 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 01 00 ;127.1.0.0/24
HEX_ANSWER_END
ENTRY_END
; answer is 10.20.30.41 for 127.1.0.0/24 scope 17
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.41
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.1.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 01 00 ; address
HEX_EDNSDATA_END
ENTRY_END
; query for 0.0.0.0/0
STEP 40 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 08
00 08 00 04 ; OPC, optlen
00 01 00 00 ; ip4, scope 0, source 0
;0.0.0.0/0
HEX_ANSWER_END
ENTRY_END
; answer is 10.20.30.42 for 0.0.0.0/0 scope 0
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.42
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 08 ; OPC
00 04 ; option length
00 01 ; Family
00 00 ; source mask, scopemask
; address
HEX_EDNSDATA_END
ENTRY_END
; query for 127.0.0.0/24, again, it should be in cache.
; and not from the scope 0 answer.
STEP 60 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 00 00 ;127.0.0.0/24
HEX_ANSWER_END
ENTRY_END
; answer should be 10.20.30.40 for 127.0.0.0/24 scope 17
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
; query for 127.1.0.0/24, again, it should be in cache.
STEP 80 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 01 00 ;127.1.0.0/24
HEX_ANSWER_END
ENTRY_END
; answer should be 10.20.30.41 for 127.1.0.0/24 scope 17
STEP 90 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.41
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.1.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 01 00 ; address
HEX_EDNSDATA_END
ENTRY_END
; query for 0.0.0.0/0, again.
STEP 100 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 08
00 08 00 04 ; OPC, optlen
00 01 00 00 ; ip4, scope 0, source 0
;0.0.0.0/0
HEX_ANSWER_END
ENTRY_END
; answer should be 10.20.30.42 for 0.0.0.0/0 scope 0
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.42
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 08 ; OPC
00 04 ; option length
00 01 ; Family
00 00 ; source mask, scopemask
; address
HEX_EDNSDATA_END
ENTRY_END
; now a query for a /24 that gets an answer for a /0.
STEP 120 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 02 00 ;127.2.0.0/24
HEX_ANSWER_END
ENTRY_END
; answer should be 10.20.30.43 for 127.2.0.0/24 scope 0
STEP 130 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.43
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.2.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 00 ; source mask, scopemask
7f 02 00 ; address
HEX_EDNSDATA_END
ENTRY_END
; the scope 0 answer is now used to answer queries from
; query for 127.0.0.0/24
STEP 140 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 00 00 ;127.0.0.0/24
HEX_ANSWER_END
ENTRY_END
STEP 150 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.43
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 00 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
SCENARIO_END

4
testdata/tcp_reuse.tdir/tcp_reuse.post vendored
View file

@ -6,13 +6,13 @@
#
# do your teardown here
. ../common.sh
kill_pid `cat unbound2.pid`
kill_from_pidfile "unbound2.pid"
if test -f unbound2.log; then
echo ">>> upstream log"
cat unbound2.log
fi
#kill_pid $UNBOUND_PID
kill_pid `cat unbound.pid`
kill_from_pidfile "unbound.pid"
if test -f unbound.log; then
echo ">>> unbound log"
cat unbound.log

4
testdata/tls_reuse.tdir/tls_reuse.post vendored
View file

@ -6,13 +6,13 @@
#
# do your teardown here
. ../common.sh
kill_pid `cat unbound2.pid`
kill_from_pidfile "unbound2.pid"
if test -f unbound2.log; then
echo ">>> upstream log"
cat unbound2.log
fi
#kill_pid $UNBOUND_PID
kill_pid `cat unbound.pid`
kill_from_pidfile "unbound.pid"
if test -f unbound.log; then
echo ">>> unbound log"
cat unbound.log

2
testdata/val_cnametocnamewctoposwc.rpl vendored
View file

@ -153,7 +153,7 @@ ns.example.com. 3600 IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126131826 20121029131826 64050 example.com. L/EsWsRNhM0Lt8877XYfm0FkVc+utuRPYlW/yxEi/Nzs/mTb9BMrOygsW0qfpYakYgfFvinR7S7ce9/naWidzGkWKYR85g2WFms3/TgchpmfjZHEsNyuT8zsiGrj3bQ3RxpT5cmt/IS2QlOak/RhdtawKfd9aqkMTVpP2idEQwY=
ENTRY_END
ENTRY_BEGING
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR

4
testdata/val_cnametodnametocnametopos.rpl vendored
View file

@ -400,7 +400,7 @@ ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
@ -409,7 +409,7 @@ www.example.com. 3600 IN CNAME www.sub.example.net.
www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFEv1gOb7KEskzkJNtFKKVBxY+Hb2AhUAqKJDIZJvNl+AdzqAt+JgdvnYAF0= ;{id = 2854}
sub.example.net. 3600 IN DNAME sub.example.com.
sub.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. G/UmcL1VmCF2mjB1O9IeNM2DnvayxEy6vOrvA+Ic/Gqcsgnq/f4VTCV9soQQIAWEir2v5Vt8hqPDP8rCRbMnyA== ;{id = 30899}
www.sub.example.net. 0 IN CNAME www.sub.example.com.
www.sub.example.net. 3600 IN CNAME www.sub.example.com.
www.sub.example.com. 3600 IN CNAME www.example.org.
www.sub.example.com. 3600 IN RRSIG CNAME 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. ZE6A4pkyeUpNCscu2oeBv/3JbbirdwUaAMgmQ/ighzacUJCC6Lh8vAL5aYDEyTk7oktb8uS7gmYan171aM9/tg== ;{id = 30899}
www.example.org. 3600 IN A 11.11.11.11

4
testdata/val_dnametopos.rpl vendored
View file

@ -220,14 +220,14 @@ ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
example.com. 3600 IN DNAME example.net.
example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
www.example.com. 0 IN CNAME www.example.net.
www.example.com. 3600 IN CNAME www.example.net.
www.example.net. 3600 IN A 11.12.13.14
www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
SECTION AUTHORITY

4
testdata/val_dnametoposwc.rpl vendored
View file

@ -222,14 +222,14 @@ ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
example.com. 3600 IN DNAME example.net.
example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
www.example.com. 0 IN CNAME www.example.net.
www.example.com. 3600 IN CNAME www.example.net.
www.example.net. 3600 IN A 11.12.13.14
www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899}
SECTION AUTHORITY

Some files were not shown because too many files have changed in this diff Show more