upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
unbound/testdata/respip_dns64_lookup.rpl

523 lines
9.4 KiB
Text
Raw Normal View History

- Fix for #1344: Fix that respip and dns64 can be enabled at the same time, the client info is copied for attach_sub and add_sub calls. That makes respip work on dns64 synthesized answers, and also makes RPZ work with DNS64. The order for the modules is module-config: "respip dns64 validator iterator".
2025-09-30 05:28:15 -04:00
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: yes
; respip is before dns64 in the module list.
module-config: "respip dns64 validator iterator"
dns64-prefix: 64:ff9b::0/96
response-ip: 10.20.30.42/32 always_refuse
response-ip: 10.20.30.43/32 redirect
response-ip-data: 10.20.30.43/32 "A 4.5.6.3"
response-ip: 5.6.7.9/32 redirect
response-ip-data: 5.6.7.9/32 "A 4.5.6.7"
response-ip: 5.6.7.10/32 always_nxdomain
response-ip: 64:ff9b::506:70B/128 redirect
response-ip-data: 64:ff9b::506:70B/128 "AAAA 2001:db8::4"
rpz:
name: "rpz.example.com."
rpz-log: yes
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
32.44.30.20.10.rpz-ip CNAME .
32.12.7.6.5.rpz-ip CNAME .
32.13.7.6.5.rpz-ip A 4.5.6.13
32.14.7.6.5.rpz-ip CNAME alias.example.com.
TEMPFILE_END
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test respip and dns64 lookup.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 1000
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 1000
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 1000
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. IN A 10.20.30.42
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www3.example.com. IN A
SECTION ANSWER
www3.example.com. IN A 10.20.30.43
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www4.example.com. IN A
SECTION ANSWER
www4.example.com. IN A 10.20.30.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4.example.com. IN A
SECTION ANSWER
ip4.example.com. IN A 5.6.7.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-2.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-2.example.com. IN A
SECTION ANSWER
ip4-2.example.com. IN A 5.6.7.9
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-3.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-3.example.com. IN A
SECTION ANSWER
ip4-3.example.com. IN A 5.6.7.10
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-4.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-4.example.com. IN A
SECTION ANSWER
ip4-4.example.com. IN A 5.6.7.11
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-5.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-5.example.com. IN A
SECTION ANSWER
ip4-5.example.com. IN A 5.6.7.12
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-6.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-6.example.com. IN A
SECTION ANSWER
ip4-6.example.com. IN A 5.6.7.13
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-7.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-7.example.com. IN A
SECTION ANSWER
ip4-7.example.com. IN A 5.6.7.14
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
alias.example.com. IN A
SECTION ANSWER
alias.example.com. IN A 4.5.6.14
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; The query is unaltered.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END
; The query is altered by respip, A query refused.
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA REFUSED
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
ENTRY_END
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www3.example.com. IN A
ENTRY_END
; The query is altered by respip, with redirect.
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www3.example.com. IN A
SECTION ANSWER
www3.example.com. IN A 4.5.6.3
ENTRY_END
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4.example.com. IN AAAA
ENTRY_END
; synthesize from A record 5.6.7.8 with DNS64.
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4.example.com. IN AAAA
SECTION ANSWER
ip4.example.com. IN AAAA 64:ff9b::506:708
ENTRY_END
STEP 80 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-2.example.com. IN AAAA
ENTRY_END
; The dns64 subquery is altered by respip, with redirect.
; and the respip result is dns64 synthesized.
STEP 90 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-2.example.com. IN AAAA
SECTION ANSWER
ip4-2.example.com. IN AAAA 64:ff9b::405:607
ENTRY_END
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-3.example.com. IN AAAA
ENTRY_END
; The dns64 subquery is altered by respip, with nxdomain.
; and the respip result is dns64 synthesized.
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-3.example.com. IN AAAA
SECTION ANSWER
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END
STEP 120 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-4.example.com. IN AAAA
ENTRY_END
; The dns64 subquery is synthesized, respip operates on the
; synthesized AAAA result, and makes a redirect.
STEP 130 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-4.example.com. IN AAAA
SECTION ANSWER
ip4-4.example.com. IN AAAA 2001:db8::4
ENTRY_END
STEP 140 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www4.example.com. IN A
ENTRY_END
; The query is blocked by rpz.
STEP 150 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NXDOMAIN
SECTION QUESTION
www4.example.com. IN A
SECTION ANSWER
ENTRY_END
STEP 160 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-5.example.com. IN AAAA
ENTRY_END
; The dns64 subquery is blocked by RPZ.
STEP 170 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-5.example.com. IN AAAA
SECTION ANSWER
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END
STEP 180 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-6.example.com. IN AAAA
ENTRY_END
; The dns64 subquery is redirected by RPZ.
STEP 190 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-6.example.com. IN AAAA
SECTION ANSWER
ip4-6.example.com. AAAA 64:ff9b::405:60d
ENTRY_END
STEP 200 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-7.example.com. IN AAAA
ENTRY_END
; The dns64 subquery is a CNAME by RPZ.
; that CNAME resolves to an A record, dns64 synthesizes that A record.
STEP 210 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-7.example.com. IN AAAA
SECTION ANSWER
ip4-7.example.com. CNAME alias.example.com.
alias.example.com. AAAA 64:ff9b::405:60e
ENTRY_END
SCENARIO_END
Reference in a new issue Copy permalink