unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.conf

# Try to define values for options that don't have "default" options that would
# trigger fast-reload functionality.
server:
	verbosity: 4
	num-threads: 4
	interface: 127.0.0.1
	interface: lo
	port: @PORT@
	interface-action: lo allow
	use-syslog: no
	directory: ""
	pidfile: "unbound.pid"
	chroot: ""
	username: ""
	do-not-query-localhost: no

	module-config: "respip validator iterator"

	outgoing-interface: 127.0.0.1
	outgoing-port-avoid: "3200-3208"

	define-tag: "tag1 tag2 tag3"

	do-nat64: yes
	nat64-prefix: 64:ff9b::0/96
	dns64-prefix: 64:ff9b::0/96
	dns64-ignore-aaaa: "ignore-aaaa.nlnetlabs.nl"

	edns-tcp-keepalive: yes

	response-ip: 192.0.2.0 always_refuse
	access-control: 127.0.0.0/8 allow
	access-control: ::1 allow
	access-control-tag: 192.0.2.0/24 "tag2 tag3"
	interface-tag: lo "tag2 tag3"
	access-control-tag-action: 192.0.2.0/24 tag3 always_refuse
	interface-tag-action: lo tag3 always_refuse
	access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1"
	interface-tag-data: lo tag2 "A 127.0.0.1"
	access-control-view: 192.0.2.0/24 viewname
	interface-view: lo viewname

	nsid: "ascii_something"

	http-user-agent: "httpuseragent"

	caps-exempt: "nlnetlabs.nl"

	private-address: 10.0.0.0/8
	private-address: 172.16.0.0/12
	private-address: 192.168.0.0/16
	private-address: 169.254.0.0/16
	private-address: fd00::/8
	private-address: fe80::/10
	private-address: ::ffff:0:0/96

	private-domain: "nlnetlabs.nl"

	unwanted-reply-threshold: 10000000

	do-not-query-address: 1.1.1.1
	do-not-query-address: 8.8.8.8
	do-not-query-address: 9.9.9.9

	do-not-query-localhost: no

	trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A"

	domain-insecure: "nlnetlabs.nl"

	serve-expired: yes
	serve-expired-client-timeout: 1800

	val-log-level: 2

	local-zone: refuse.nlnetlabs.nl. refuse
	local-zone: override.nlnetlabs.nl. deny
	local-zone: tag.nlnetlabs.nl. transparent
	local-data: "data.nlnetlabs.nl. TXT localdata"
	local-data-ptr: "192.0.2.3 reverse.nlnetlabs.nl."
	local-zone-tag: "tag.nlnetlabs.nl" "tag2 tag3"
	local-zone-override: "override.nlnetlabs.nl" 192.0.2.0/24 refuse


	ratelimit: 100
	ratelimit-below-domain: ratelimit.nlnetlabs.nl 1000
	ip-ratelimit: 100

	tcp-connection-limit: 192.0.2.0/24 12

	answer-cookie: yes
	cookie-secret:  "000102030405060708090a0b0c0d0e0f"

	ede: yes
	ede-serve-expired: yes

remote-control:
	control-enable: yes
	control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
	control-use-cert: no

stub-zone:
	name: "stub.nlnetlabs.nl"
	stub-addr: 192.0.2.68
	stub-prime: no
	stub-first: no
	stub-tcp-upstream: no
	stub-tls-upstream: no
	stub-no-cache: no

forward-zone:
	name: "forward.nlnetlabs.nl"
	forward-addr: 192.0.2.68
	forward-first: no
	forward-tcp-upstream: no
	forward-tls-upstream: no
	forward-no-cache: no

auth-zone:
	name: "auth.nlnetlabs.nl"
	for-downstream: yes
	for-upstream: yes
	zonemd-check: no
	zonemd-reject-absence: no
	zonefile: "auth.nlnetlabs.nl.zone"

view:
	name: "viewname"
	local-zone: "view.nlnetlabs.nl" redirect
	local-data: "view.nlnetlabs.nl A 192.0.2.3"
	local-data-ptr: "192.0.2.3 view.nlnetlabs.nl"
	view-first: no

rpz:
	name: "rpz.nlnetlabs.nl"
	zonefile: "rpz.nlnetlabs.nl.zone"
	rpz-action-override: cname
	rpz-cname-override: www.example.org
	rpz-log: yes
	rpz-log-name: "example policy"
	rpz-signal-nxdomain-ra: no
	for-downstream: no
	tags: "tag3"
Fast Reload Option (#1042) * - fast-reload, add unbound-control fast_reload * - fast-reload, make a thread to service the unbound-control command. * - fast-reload, communication sockets for information transfer. * - fast-reload, fix compile for unbound-dnstap-socket. * - fast-reload, set nonblocking communication to keep the server thread responding to DNS requests. * - fast-reload, poll routine to test for readiness, timeout fails connection. * - fast-reload, detect loop in sock_poll_timeout routine. * - fast-reload, send done and exited notification. * - fast-reload, defines for constants in ipc. * - fast-reload, ipc socket recv and send resists partial reads and writes and can continue byte by byte. Also it can continue after an interrupt. * - fast-reload, send exit command to thread when done. * - fast-reload, output strings for client on string list. * - fast-reload, add newline to terminal output. * - fast-reload, send client string to remote client. * - fast-reload, better debug output. * - fast-reload, print queue structure, for output to the remote client. * - fast-reload, move print items to print queue from fast_reload_thread struct. * - fast-reload, keep list of pending print queue items in daemon struct. * - fast-reload, comment explains in_list for printq to print remainder. * - fast-reload, unit test testdata/fast_reload_thread.tdir that tests the thread output. * - fast-reload, fix test link for fast_reload_printq_list_delete function. * - fast-reload, reread config file from disk. * - fast-reload, unshare forwards, making the structure locked, with an rwlock. * - fast-reload, for nonthreaded, the unbound-control commands forward, forward_add and forward_delete should be distributed to other processes, but when threaded, they should not be distributed to other threads because the structure is not thread specific any more. * - fast-reload, unshared stub hints, making the structure locked, with an rwlock. * - fast-reload, helpful comments for hints lookup function return value. * - fast-reload, fix bug in fast reload printout, the strlist appendlist routine, and printout time statistics after the reload is done. * - fast-reload, keep track of reloadtime and deletestime and print them. * - fast-reload, keep track of constructtime and print it. * - fast-reload, construct new items. * - fast-reload, better comment. * - fast-reload, reload the config and swap trees for forwards and stub hints. * - fast-reload, in forwards_swap_tree set protection of trees with locks. * - fast-reload, in hints_swap_tree also swap the node count of the trees. * - fast-reload, reload ipc to stop and start threads. * - fast-reload, unused forward declarations removed. * - fast-reload, unit test that fast reload works with forwards and stubs. * - fast-reload, fix clang analyzer warnings. * - fast-reload, small documentation entry in unbound-control -h output. * - fast-reload, printout memory use by fast reload, in bytes. * - fast-reload, compile without threads. * - fast-reload, document fast_reload in man page. * - fast-reload, print ok when done successfully. * - fast-reload, option for fast-reload commandline, +v verbosity option, with timing and memory use output. * - fast-reload, option for fast-reload commandline, +p does not pause threads. * - fast-reload, option for fast-reload commandline, +d drops mesh queries. * - fast-reload, fix to poll every thread with nopause to make certain that resources are not held by the threads and can be deleted. * - fast-reload, fix to use atomic store for config variables with nopause. * - fast-reload, reload views. * - fast-reload, when tag defines are different, it drops the queries. * - fast-reload, fix tag define check. * - fast-reload, document that tag change causes drop of queries. * - fast-reload, fix space in documentation man page. * - fast-reload, copy respip client information to query state, put views tree in module env for lookup. * - fast-reload, nicer respip view comparison. * - fast-reload, respip global set is in module env. * - fast-reload, document that respip_client_info acl info is copied. * - fast-reload, reload the respip_set. * - fast-reload, document no pause and pick up of use_response_ip boolean. * - fast-reload, fix test compile. * - fast-reload, reload local zones. * Update locking management for iter_fwd and iter_hints methods. (#1054) fast reload, move most of the locking management to iter_fwd and iter_hints methods. The caller still has the ability to handle its own locking, if desired, for atomic operations on sets of different structs. Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com> * - fast-reload, reload access-control. * - fast-reload, reload access control interface, such as interface-action. * - fast-reload, reload tcp-connection-limit. * - fast-reload, improve comments on acl_list and tcl_list swap tree. * - fast-reload, fixup references to old tcp connection limits in open tcp connections. * - fast-reload, fixup to clean tcp connection also for different linked order. * - fast-reload, if no tcp connection limits existed, no need to remove references for that. * - fast-reload, document more options that work and do not work. * - fast-reload, reload auth_zone and rpz data. * - fast-reload, fix auth_zones_get_mem. * - fast-reload, fix compilation of testbound for the new comm_timer_get_mem reference in remote control. * - fast-reload, change use_rpz with reload. * - fast-reload, list changes in auth zones and stop zonemd callbacks for deleted auth zones. * - fast-reload, note xtree is not swapped, and why it is not swapped. * - fast-reload, for added auth zones, pick up zone transfer and zonemd tasks. * - fast-reload, unlock xfr when done with transfer pick up. * - fast-reload, unlock z when picking up the xfr for it during transfer task pick up. * - fast-reload, pick up task changes for added, deleted and modified auth zones. * - fast-reload, remove xfr of auth zone deletion without tasks. * - fast-reload, pick up zone transfer config. * - fast-reload, the main worker thread picks up the transfer tasks and also performs setup of the xfer struct. * - fast-reload, keep writelock on newzone when auth zone changes. * - fast-reload, change cachedb_enabled setting. * - fast-reload, pick up edns-strings config. * - fast-reload, note that settings are not updated. * - fast-reload, pick up dnstap config. * - fast-reload, dnstap options that need to be loaded without +p. * - fast-reload, fix auth zone reload * - fast-reload, remove debug for auth zone test. * - fast-reload, fix auth zone reload with zone transfer. * - fast-reload, fix auth zone reload lock order. * - fast-reload, remove debug from fast reload test. * - fast-reload, remove unused function. * - fast-reload, fix the worker trust anchor probe timer lock acquisition in the probe answer callback routine for trust anchor probes. * - fast-reload, reload trust anchors. * - fast-reload, fix trust anchor reload lock on autr global data and test for trust anchor reload. * - fast-reload, adjust cache sizes. * - fast-reload, reload cache sizes when changed. * - fast-reload, reload validator env changes. * - fast-reload, reload mesh changes. * - fast-reload, check for incompatible changes. * - fast-reload, improve error text for incompatible change. * - fast-reload, fix check config option compatibility. * - fast-reload, improve error text for nopause change. * - fast-reload, fix spelling of incompatible options. * - fast-reload, reload target-fetch-policy, outbound-msg-retry, max-sent-count and max-query-restarts. * - fast-reload, check nopause config change for target-fetch-policy. * - fast-reload, reload do-not-query-address, private-address and capt-exempt. * - fast-reload, check nopause config change for do-not-query-address, private-address and capt-exempt. * - fast-reload, check fast reload not possible due to interface and outgoing-interface changes. * - fast-reload, reload nat64 settings. * - fast-reload, reload settings stored in the infra structure. * - fast-reload, fix modstack lookup and remove outgoing-range check. * - fast-reload, more explanation for config parse failure. * - fast-reload, reload worker outside network changes. * - fast-reload, detect incompatible changes in network settings. * fast-reload, commit test files. * - fast-reload, fix warnings for call types in windows compile. * - fast-reload, fix warnings and comm_point_internal for tcp wouldblock calls. * - fast-reload, extend lock checks for repeat thread ids. * - fast-reload, additional test cases, cache change and tag changes. * - fast-reload, fix documentation for auth_zone_verify_zonemd_with_key. * - fast-reload, fix copy_cfg type casts and memory leak on config parse failure. * - fast-reload, fix use of WSAPoll. * Review comments for the fast reload feature (#1259) * - fast-reload review, respip set can be null from a view. * - fast-reload review, typos. * - fast-reload review, keep clang static analyzer happy. * - fast-reload review, don't forget to copy tag_actions. * - fast-reload review, less indentation. * - fast-reload review, don't leak respip_actions when reloading. * - fast-reload review, protect NULL pointer dereference in get_mem functions. * - fast-reload review, add fast_reload_most_options.tdir to test most options with high verbosity when fast reloading. * - fast-reload review, don't skip new line on long error printouts. * - fast-reload review, typo. * - fast-reload review, use new_z for consistency. * - fast-reload review, nit for unlock ordering to make eye comparison with the lock counterpart easier. * - fast-reload review, in case of error the sockets are already closed. * - fast-reload review, identation. * - fast-reload review, add static keywords. * - fast-reload review, update unbound-control usage text. * - fast-reload review, updates to the man page. * - fast-reload, the fast-reload command is experimental. * - fast-reload, fix compile of doqclient for fast reload functions. * Changelog comment for #1042 - Merge #1042: Fast Reload. The unbound-control fast_reload is added. It reads changed config in a thread, then only briefly pauses the service threads, that keep running. DNS service is only interrupted briefly, less than a second. --------- Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl> 2025-03-31 09:25:24 -04:00			`# Try to define values for options that don't have "default" options that would`
			`# trigger fast-reload functionality.`
			`server:`
			`verbosity: 4`
			`num-threads: 4`
			`interface: 127.0.0.1`
			`interface: lo`
			`port: @PORT@`
			`interface-action: lo allow`
			`use-syslog: no`
			`directory: ""`
			`pidfile: "unbound.pid"`
			`chroot: ""`
			`username: ""`
			`do-not-query-localhost: no`

			`module-config: "respip validator iterator"`

			`outgoing-interface: 127.0.0.1`
			`outgoing-port-avoid: "3200-3208"`

			`define-tag: "tag1 tag2 tag3"`

			`do-nat64: yes`
			`nat64-prefix: 64:ff9b::0/96`
			`dns64-prefix: 64:ff9b::0/96`
			`dns64-ignore-aaaa: "ignore-aaaa.nlnetlabs.nl"`

			`edns-tcp-keepalive: yes`

			`response-ip: 192.0.2.0 always_refuse`
			`access-control: 127.0.0.0/8 allow`
			`access-control: ::1 allow`
			`access-control-tag: 192.0.2.0/24 "tag2 tag3"`
			`interface-tag: lo "tag2 tag3"`
			`access-control-tag-action: 192.0.2.0/24 tag3 always_refuse`
			`interface-tag-action: lo tag3 always_refuse`
			`access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1"`
			`interface-tag-data: lo tag2 "A 127.0.0.1"`
			`access-control-view: 192.0.2.0/24 viewname`
			`interface-view: lo viewname`

			`nsid: "ascii_something"`

			`http-user-agent: "httpuseragent"`

			`caps-exempt: "nlnetlabs.nl"`

			`private-address: 10.0.0.0/8`
			`private-address: 172.16.0.0/12`
			`private-address: 192.168.0.0/16`
			`private-address: 169.254.0.0/16`
			`private-address: fd00::/8`
			`private-address: fe80::/10`
			`private-address: ::ffff:0:0/96`

			`private-domain: "nlnetlabs.nl"`

			`unwanted-reply-threshold: 10000000`

			`do-not-query-address: 1.1.1.1`
			`do-not-query-address: 8.8.8.8`
			`do-not-query-address: 9.9.9.9`

			`do-not-query-localhost: no`

			`trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A"`

			`domain-insecure: "nlnetlabs.nl"`

			`serve-expired: yes`
			`serve-expired-client-timeout: 1800`

			`val-log-level: 2`

			`local-zone: refuse.nlnetlabs.nl. refuse`
			`local-zone: override.nlnetlabs.nl. deny`
			`local-zone: tag.nlnetlabs.nl. transparent`
			`local-data: "data.nlnetlabs.nl. TXT localdata"`
			`local-data-ptr: "192.0.2.3 reverse.nlnetlabs.nl."`
			`local-zone-tag: "tag.nlnetlabs.nl" "tag2 tag3"`
			`local-zone-override: "override.nlnetlabs.nl" 192.0.2.0/24 refuse`


			`ratelimit: 100`
			`ratelimit-below-domain: ratelimit.nlnetlabs.nl 1000`
			`ip-ratelimit: 100`

			`tcp-connection-limit: 192.0.2.0/24 12`

			`answer-cookie: yes`
			`cookie-secret: "000102030405060708090a0b0c0d0e0f"`

			`ede: yes`
			`ede-serve-expired: yes`

			`remote-control:`
			`control-enable: yes`
			`control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@`
			`control-use-cert: no`

			`stub-zone:`
			`name: "stub.nlnetlabs.nl"`
			`stub-addr: 192.0.2.68`
			`stub-prime: no`
			`stub-first: no`
			`stub-tcp-upstream: no`
			`stub-tls-upstream: no`
			`stub-no-cache: no`

			`forward-zone:`
			`name: "forward.nlnetlabs.nl"`
			`forward-addr: 192.0.2.68`
			`forward-first: no`
			`forward-tcp-upstream: no`
			`forward-tls-upstream: no`
			`forward-no-cache: no`

			`auth-zone:`
			`name: "auth.nlnetlabs.nl"`
			`for-downstream: yes`
			`for-upstream: yes`
			`zonemd-check: no`
			`zonemd-reject-absence: no`
			`zonefile: "auth.nlnetlabs.nl.zone"`

			`view:`
			`name: "viewname"`
			`local-zone: "view.nlnetlabs.nl" redirect`
			`local-data: "view.nlnetlabs.nl A 192.0.2.3"`
			`local-data-ptr: "192.0.2.3 view.nlnetlabs.nl"`
			`view-first: no`

			`rpz:`
			`name: "rpz.nlnetlabs.nl"`
			`zonefile: "rpz.nlnetlabs.nl.zone"`
			`rpz-action-override: cname`
			`rpz-cname-override: www.example.org`
			`rpz-log: yes`
			`rpz-log-name: "example policy"`
			`rpz-signal-nxdomain-ra: no`
			`for-downstream: no`
			`tags: "tag3"`