unbound/testdata/iter_nxns_fallback.rpl

; Check if fallback to the parent side works when MAX_TARGET_NX is reached.

server:
	module-config: "iterator"
	trust-anchor-signaling: no
	target-fetch-policy: "0 0 0 0 0"
	verbosity: 3
	access-control: 127.0.0.1 allow_snoop
	qname-minimisation: no
	minimal-responses: no
	rrset-roundrobin: no

stub-zone:
	name: "."
	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test the NXNS fallback

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129
	ENTRY_BEGIN
		MATCH opcode qtype qname
		ADJUST copy_id
		REPLY QR NOERROR
		SECTION QUESTION
			. IN NS
		SECTION ANSWER
			. IN NS	K.ROOT-SERVERS.NET.
		SECTION ADDITIONAL
			K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode qtype subdomain
		ADJUST copy_id copy_query
		REPLY QR NOERROR
		SECTION QUESTION
			example.com. IN A
		SECTION AUTHORITY
			com.	IN NS	a.gtld-servers.net.
		SECTION ADDITIONAL
			a.gtld-servers.net.	IN 	A	192.5.6.30
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode subdomain
		ADJUST copy_id copy_query
		REPLY QR NOERROR
		SECTION QUESTION
			nonexistent.com. IN A
		SECTION AUTHORITY
			com.	IN NS	a.gtld-servers.net.
		SECTION ADDITIONAL
			a.gtld-servers.net.	IN 	A	192.5.6.30
	ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 100
	ADDRESS 192.5.6.30
	ENTRY_BEGIN
		MATCH opcode qtype qname
		ADJUST copy_id
		REPLY QR NOERROR
		SECTION QUESTION
			com. IN NS
		SECTION ANSWER
			com.    IN NS   a.gtld-servers.net.
		SECTION ADDITIONAL
			a.gtld-servers.net.     IN      A       192.5.6.30
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode qtype subdomain
		ADJUST copy_id copy_query
		REPLY QR NOERROR
		SECTION QUESTION
			example.com. IN A
		SECTION AUTHORITY
			example.com.	IN NS	ns.example.com.
		SECTION ADDITIONAL
			ns.example.com.	10 IN A		1.2.3.4
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode subdomain
		ADJUST copy_id copy_query
		REPLY QR NOERROR
		SECTION QUESTION
			nonexistent.com. IN A
		SECTION AUTHORITY
			nonexistent.com. IN NS	ns.example.com.
		SECTION ADDITIONAL
			ns.example.com.	 10 IN A	1.2.3.4
	ENTRY_END
RANGE_END

; ns.example.com.
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.4
	ENTRY_BEGIN
		MATCH opcode qtype qname
		ADJUST copy_id
		REPLY QR NOERROR
		SECTION QUESTION
			example.com. IN NS
		SECTION ANSWER
			example.com.    IN NS   ns1.nonexistent.com.
			example.com.    IN NS   ns2.nonexistent.com.
			example.com.    IN NS   ns3.nonexistent.com.
			example.com.    IN NS   ns4.nonexistent.com.
			example.com.    IN NS   ns5.nonexistent.com.
			example.com.    IN NS   ns6.nonexistent.com.
			example.com.    IN NS   ns7.nonexistent.com.
			example.com.    IN NS   ns8.nonexistent.com.
			example.com.    IN NS   ns9.nonexistent.com.
			example.com.    IN NS   ns10.nonexistent.com.
			example.com.    IN NS   ns11.nonexistent.com.
			example.com.    IN NS   ns12.nonexistent.com.
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode qtype qname
		ADJUST copy_id
		REPLY QR NOERROR
		SECTION QUESTION
			ns.example.com. IN A
		SECTION ANSWER
			ns.example.com. 10 IN A 1.2.3.4
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode qtype qname
		ADJUST copy_id
		REPLY QR NOERROR
		SECTION QUESTION
			ns.example.com. IN AAAA
		SECTION AUTHORITY
			example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode subdomain
		ADJUST copy_id copy_query
		REPLY QR NXDOMAIN
		SECTION QUESTION
			nonexistent.com. IN A
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode qtype qname
		ADJUST copy_id
		REPLY QR NOERROR
		SECTION QUESTION
			a.example.com. IN A
		SECTION ANSWER
			a.example.com. IN A	10.20.30.40
		SECTION AUTHORITY
			example.com.    IN NS   ns1.nonexistent.com.
			example.com.    IN NS   ns2.nonexistent.com.
			example.com.    IN NS   ns3.nonexistent.com.
			example.com.    IN NS   ns4.nonexistent.com.
			example.com.    IN NS   ns5.nonexistent.com.
			example.com.    IN NS   ns6.nonexistent.com.
			example.com.    IN NS   ns7.nonexistent.com.
			example.com.    IN NS   ns8.nonexistent.com.
			example.com.    IN NS   ns9.nonexistent.com.
			example.com.    IN NS   ns10.nonexistent.com.
			example.com.    IN NS   ns11.nonexistent.com.
			example.com.    IN NS   ns12.nonexistent.com.
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode qtype qname
		ADJUST copy_id
		REPLY QR NOERROR
		SECTION QUESTION
			b.example.com. IN A
		SECTION ANSWER
			b.example.com. IN A	10.20.30.40
		SECTION AUTHORITY
			example.com.    IN NS   ns1.nonexistent.com.
			example.com.    IN NS   ns2.nonexistent.com.
			example.com.    IN NS   ns3.nonexistent.com.
			example.com.    IN NS   ns4.nonexistent.com.
			example.com.    IN NS   ns5.nonexistent.com.
			example.com.    IN NS   ns6.nonexistent.com.
			example.com.    IN NS   ns7.nonexistent.com.
			example.com.    IN NS   ns8.nonexistent.com.
			example.com.    IN NS   ns9.nonexistent.com.
			example.com.    IN NS   ns10.nonexistent.com.
			example.com.    IN NS   ns11.nonexistent.com.
			example.com.    IN NS   ns12.nonexistent.com.
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode qtype qname
		ADJUST copy_id
		REPLY QR NOERROR
		SECTION QUESTION
			c.example.com. IN A
		SECTION ANSWER
			c.example.com. IN A	10.20.30.40
		SECTION AUTHORITY
			example.com.    IN NS   ns1.nonexistent.com.
			example.com.    IN NS   ns2.nonexistent.com.
			example.com.    IN NS   ns3.nonexistent.com.
			example.com.    IN NS   ns4.nonexistent.com.
			example.com.    IN NS   ns5.nonexistent.com.
			example.com.    IN NS   ns6.nonexistent.com.
			example.com.    IN NS   ns7.nonexistent.com.
			example.com.    IN NS   ns8.nonexistent.com.
			example.com.    IN NS   ns9.nonexistent.com.
			example.com.    IN NS   ns10.nonexistent.com.
			example.com.    IN NS   ns11.nonexistent.com.
			example.com.    IN NS   ns12.nonexistent.com.
	ENTRY_END

	ENTRY_BEGIN
		MATCH opcode qtype qname
		ADJUST copy_id
		REPLY QR NOERROR
		SECTION QUESTION
			d.example.com. IN A
		SECTION ANSWER
			d.example.com. IN A	10.20.30.40
		SECTION AUTHORITY
			example.com.    IN NS   ns1.nonexistent.com.
			example.com.    IN NS   ns2.nonexistent.com.
			example.com.    IN NS   ns3.nonexistent.com.
			example.com.    IN NS   ns4.nonexistent.com.
			example.com.    IN NS   ns5.nonexistent.com.
			example.com.    IN NS   ns6.nonexistent.com.
			example.com.    IN NS   ns7.nonexistent.com.
			example.com.    IN NS   ns8.nonexistent.com.
			example.com.    IN NS   ns9.nonexistent.com.
			example.com.    IN NS   ns10.nonexistent.com.
			example.com.    IN NS   ns11.nonexistent.com.
			example.com.    IN NS   ns12.nonexistent.com.
	ENTRY_END
RANGE_END

STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.example.com. IN A
ENTRY_END

; This was resolved by asking the parent side nameservers
STEP 2 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
a.example.com.	IN A
SECTION ANSWER
a.example.com.	IN A	10.20.30.40
SECTION AUTHORITY
example.com.    IN NS   ns1.nonexistent.com.
example.com.    IN NS   ns2.nonexistent.com.
example.com.    IN NS   ns3.nonexistent.com.
example.com.    IN NS   ns4.nonexistent.com.
example.com.    IN NS   ns5.nonexistent.com.
example.com.    IN NS   ns6.nonexistent.com.
example.com.    IN NS   ns7.nonexistent.com.
example.com.    IN NS   ns8.nonexistent.com.
example.com.    IN NS   ns9.nonexistent.com.
example.com.    IN NS   ns10.nonexistent.com.
example.com.    IN NS   ns11.nonexistent.com.
example.com.    IN NS   ns12.nonexistent.com.
ENTRY_END

; The child side nameservers are now known to Unbound

; Query again, the child server nameservers will be asked now
STEP 3 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
b.example.com. IN A
ENTRY_END

; This was resolved by falling back to the parent side nameservers
STEP 4 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
b.example.com.	IN A
SECTION ANSWER
b.example.com.	IN A	10.20.30.40
SECTION AUTHORITY
example.com.    IN NS   ns1.nonexistent.com.
example.com.    IN NS   ns2.nonexistent.com.
example.com.    IN NS   ns3.nonexistent.com.
example.com.    IN NS   ns4.nonexistent.com.
example.com.    IN NS   ns5.nonexistent.com.
example.com.    IN NS   ns6.nonexistent.com.
example.com.    IN NS   ns7.nonexistent.com.
example.com.    IN NS   ns8.nonexistent.com.
example.com.    IN NS   ns9.nonexistent.com.
example.com.    IN NS   ns10.nonexistent.com.
example.com.    IN NS   ns11.nonexistent.com.
example.com.    IN NS   ns12.nonexistent.com.
ENTRY_END

; Query a third time, this will get the cached NXDOMAINs (no NX counter for
; those) and will go to the parent as a last resort. This query will test that
; we will not have resolution for the lame(parent side) addresses that could
; raise the NX counter because of no address addition to the delegation point
; (the same addresses are already there).
STEP 5 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
c.example.com. IN A
ENTRY_END

; This was resolved by going back to the parent side nameservers (child side
; was exhausted from cache and queries < MAX_TARGET_NX).
STEP 6 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
c.example.com.	IN A
SECTION ANSWER
c.example.com.	IN A	10.20.30.40
SECTION AUTHORITY
example.com.    IN NS   ns1.nonexistent.com.
example.com.    IN NS   ns2.nonexistent.com.
example.com.    IN NS   ns3.nonexistent.com.
example.com.    IN NS   ns4.nonexistent.com.
example.com.    IN NS   ns5.nonexistent.com.
example.com.    IN NS   ns6.nonexistent.com.
example.com.    IN NS   ns7.nonexistent.com.
example.com.    IN NS   ns8.nonexistent.com.
example.com.    IN NS   ns9.nonexistent.com.
example.com.    IN NS   ns10.nonexistent.com.
example.com.    IN NS   ns11.nonexistent.com.
example.com.    IN NS   ns12.nonexistent.com.
ENTRY_END

; Allow for the nameserver glue to expire
STEP 10 TIME_PASSES ELAPSE 11

; Query again for the parent side fallback
STEP 11 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.example.com. IN A
ENTRY_END

; This was resolved by falling back to the parent side nameservers
STEP 12 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
d.example.com.	IN A
SECTION ANSWER
d.example.com.	IN A	10.20.30.40
SECTION AUTHORITY
example.com.    IN NS   ns1.nonexistent.com.
example.com.    IN NS   ns2.nonexistent.com.
example.com.    IN NS   ns3.nonexistent.com.
example.com.    IN NS   ns4.nonexistent.com.
example.com.    IN NS   ns5.nonexistent.com.
example.com.    IN NS   ns6.nonexistent.com.
example.com.    IN NS   ns7.nonexistent.com.
example.com.    IN NS   ns8.nonexistent.com.
example.com.    IN NS   ns9.nonexistent.com.
example.com.    IN NS   ns10.nonexistent.com.
example.com.    IN NS   ns11.nonexistent.com.
example.com.    IN NS   ns12.nonexistent.com.
ENTRY_END

SCENARIO_END
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`; Check if fallback to the parent side works when MAX_TARGET_NX is reached.`

			`server:`
			`module-config: "iterator"`
			`trust-anchor-signaling: no`
			`target-fetch-policy: "0 0 0 0 0"`
			`verbosity: 3`
			`access-control: 127.0.0.1 allow_snoop`
			`qname-minimisation: no`
			`minimal-responses: no`
			`rrset-roundrobin: no`

			`stub-zone:`
			`name: "."`
			`stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.`
			`CONFIG_END`

			`SCENARIO_BEGIN Test the NXNS fallback`

			`; K.ROOT-SERVERS.NET.`
			`RANGE_BEGIN 0 100`
			`ADDRESS 193.0.14.129`
			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`. IN NS`
			`SECTION ANSWER`
			`. IN NS K.ROOT-SERVERS.NET.`
			`SECTION ADDITIONAL`
			`K.ROOT-SERVERS.NET. IN A 193.0.14.129`
			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode qtype subdomain`
			`ADJUST copy_id copy_query`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`example.com. IN A`
			`SECTION AUTHORITY`
			`com. IN NS a.gtld-servers.net.`
			`SECTION ADDITIONAL`
			`a.gtld-servers.net. IN A 192.5.6.30`
			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode subdomain`
			`ADJUST copy_id copy_query`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`nonexistent.com. IN A`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`SECTION AUTHORITY`
			`com. IN NS a.gtld-servers.net.`
			`SECTION ADDITIONAL`
			`a.gtld-servers.net. IN A 192.5.6.30`
			`ENTRY_END`
			`RANGE_END`

			`; a.gtld-servers.net.`
			`RANGE_BEGIN 0 100`
			`ADDRESS 192.5.6.30`
			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`com. IN NS`
			`SECTION ANSWER`
			`com. IN NS a.gtld-servers.net.`
			`SECTION ADDITIONAL`
			`a.gtld-servers.net. IN A 192.5.6.30`
			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode qtype subdomain`
			`ADJUST copy_id copy_query`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`example.com. IN A`
			`SECTION AUTHORITY`
			`example.com. IN NS ns.example.com.`
			`SECTION ADDITIONAL`
			`ns.example.com. 10 IN A 1.2.3.4`
			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode subdomain`
			`ADJUST copy_id copy_query`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`nonexistent.com. IN A`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`SECTION AUTHORITY`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`nonexistent.com. IN NS ns.example.com.`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`SECTION ADDITIONAL`
			`ns.example.com. 10 IN A 1.2.3.4`
			`ENTRY_END`
			`RANGE_END`

			`; ns.example.com.`
			`RANGE_BEGIN 0 100`
			`ADDRESS 1.2.3.4`
			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`example.com. IN NS`
			`SECTION ANSWER`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`example.com. IN NS ns1.nonexistent.com.`
			`example.com. IN NS ns2.nonexistent.com.`
			`example.com. IN NS ns3.nonexistent.com.`
			`example.com. IN NS ns4.nonexistent.com.`
			`example.com. IN NS ns5.nonexistent.com.`
			`example.com. IN NS ns6.nonexistent.com.`
			`example.com. IN NS ns7.nonexistent.com.`
			`example.com. IN NS ns8.nonexistent.com.`
			`example.com. IN NS ns9.nonexistent.com.`
			`example.com. IN NS ns10.nonexistent.com.`
			`example.com. IN NS ns11.nonexistent.com.`
			`example.com. IN NS ns12.nonexistent.com.`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`ns.example.com. IN A`
			`SECTION ANSWER`
			`ns.example.com. 10 IN A 1.2.3.4`
			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`ns.example.com. IN AAAA`
- Fix to ignore entirely empty responses, and try at another authority. This turns completely empty responses, a type of noerror/nodata into a servfail, but they do not conform to RFC2308, and the retry can fetch improved content. 2023-02-09 03:56:40 -05:00			`SECTION AUTHORITY`
			`example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode subdomain`
			`ADJUST copy_id copy_query`
			`REPLY QR NXDOMAIN`
			`SECTION QUESTION`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`nonexistent.com. IN A`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`a.example.com. IN A`
			`SECTION ANSWER`
			`a.example.com. IN A 10.20.30.40`
			`SECTION AUTHORITY`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`example.com. IN NS ns1.nonexistent.com.`
			`example.com. IN NS ns2.nonexistent.com.`
			`example.com. IN NS ns3.nonexistent.com.`
			`example.com. IN NS ns4.nonexistent.com.`
			`example.com. IN NS ns5.nonexistent.com.`
			`example.com. IN NS ns6.nonexistent.com.`
			`example.com. IN NS ns7.nonexistent.com.`
			`example.com. IN NS ns8.nonexistent.com.`
			`example.com. IN NS ns9.nonexistent.com.`
			`example.com. IN NS ns10.nonexistent.com.`
			`example.com. IN NS ns11.nonexistent.com.`
			`example.com. IN NS ns12.nonexistent.com.`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`b.example.com. IN A`
			`SECTION ANSWER`
			`b.example.com. IN A 10.20.30.40`
			`SECTION AUTHORITY`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`example.com. IN NS ns1.nonexistent.com.`
			`example.com. IN NS ns2.nonexistent.com.`
			`example.com. IN NS ns3.nonexistent.com.`
			`example.com. IN NS ns4.nonexistent.com.`
			`example.com. IN NS ns5.nonexistent.com.`
			`example.com. IN NS ns6.nonexistent.com.`
			`example.com. IN NS ns7.nonexistent.com.`
			`example.com. IN NS ns8.nonexistent.com.`
			`example.com. IN NS ns9.nonexistent.com.`
			`example.com. IN NS ns10.nonexistent.com.`
			`example.com. IN NS ns11.nonexistent.com.`
			`example.com. IN NS ns12.nonexistent.com.`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`c.example.com. IN A`
			`SECTION ANSWER`
			`c.example.com. IN A 10.20.30.40`
			`SECTION AUTHORITY`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`example.com. IN NS ns1.nonexistent.com.`
			`example.com. IN NS ns2.nonexistent.com.`
			`example.com. IN NS ns3.nonexistent.com.`
			`example.com. IN NS ns4.nonexistent.com.`
			`example.com. IN NS ns5.nonexistent.com.`
			`example.com. IN NS ns6.nonexistent.com.`
			`example.com. IN NS ns7.nonexistent.com.`
			`example.com. IN NS ns8.nonexistent.com.`
			`example.com. IN NS ns9.nonexistent.com.`
			`example.com. IN NS ns10.nonexistent.com.`
			`example.com. IN NS ns11.nonexistent.com.`
			`example.com. IN NS ns12.nonexistent.com.`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`d.example.com. IN A`
			`SECTION ANSWER`
			`d.example.com. IN A 10.20.30.40`
			`SECTION AUTHORITY`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`example.com. IN NS ns1.nonexistent.com.`
			`example.com. IN NS ns2.nonexistent.com.`
			`example.com. IN NS ns3.nonexistent.com.`
			`example.com. IN NS ns4.nonexistent.com.`
			`example.com. IN NS ns5.nonexistent.com.`
			`example.com. IN NS ns6.nonexistent.com.`
			`example.com. IN NS ns7.nonexistent.com.`
			`example.com. IN NS ns8.nonexistent.com.`
			`example.com. IN NS ns9.nonexistent.com.`
			`example.com. IN NS ns10.nonexistent.com.`
			`example.com. IN NS ns11.nonexistent.com.`
			`example.com. IN NS ns12.nonexistent.com.`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`
			`RANGE_END`

			`STEP 1 QUERY`
			`ENTRY_BEGIN`
			`REPLY RD`
			`SECTION QUESTION`
			`a.example.com. IN A`
			`ENTRY_END`

			`; This was resolved by asking the parent side nameservers`
			`STEP 2 CHECK_ANSWER`
			`ENTRY_BEGIN`
			`MATCH all`
			`REPLY QR RD RA NOERROR`
			`SECTION QUESTION`
			`a.example.com. IN A`
			`SECTION ANSWER`
			`a.example.com. IN A 10.20.30.40`
			`SECTION AUTHORITY`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`example.com. IN NS ns1.nonexistent.com.`
			`example.com. IN NS ns2.nonexistent.com.`
			`example.com. IN NS ns3.nonexistent.com.`
			`example.com. IN NS ns4.nonexistent.com.`
			`example.com. IN NS ns5.nonexistent.com.`
			`example.com. IN NS ns6.nonexistent.com.`
			`example.com. IN NS ns7.nonexistent.com.`
			`example.com. IN NS ns8.nonexistent.com.`
			`example.com. IN NS ns9.nonexistent.com.`
			`example.com. IN NS ns10.nonexistent.com.`
			`example.com. IN NS ns11.nonexistent.com.`
			`example.com. IN NS ns12.nonexistent.com.`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`

			`; The child side nameservers are now known to Unbound`

			`; Query again, the child server nameservers will be asked now`
			`STEP 3 QUERY`
			`ENTRY_BEGIN`
			`REPLY RD`
			`SECTION QUESTION`
			`b.example.com. IN A`
			`ENTRY_END`

			`; This was resolved by falling back to the parent side nameservers`
			`STEP 4 CHECK_ANSWER`
			`ENTRY_BEGIN`
			`MATCH all`
			`REPLY QR RD RA NOERROR`
			`SECTION QUESTION`
			`b.example.com. IN A`
			`SECTION ANSWER`
			`b.example.com. IN A 10.20.30.40`
			`SECTION AUTHORITY`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`example.com. IN NS ns1.nonexistent.com.`
			`example.com. IN NS ns2.nonexistent.com.`
			`example.com. IN NS ns3.nonexistent.com.`
			`example.com. IN NS ns4.nonexistent.com.`
			`example.com. IN NS ns5.nonexistent.com.`
			`example.com. IN NS ns6.nonexistent.com.`
			`example.com. IN NS ns7.nonexistent.com.`
			`example.com. IN NS ns8.nonexistent.com.`
			`example.com. IN NS ns9.nonexistent.com.`
			`example.com. IN NS ns10.nonexistent.com.`
			`example.com. IN NS ns11.nonexistent.com.`
			`example.com. IN NS ns12.nonexistent.com.`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`

			`; Query a third time, this will get the cached NXDOMAINs (no NX counter for`
			`; those) and will go to the parent as a last resort. This query will test that`
			`; we will not have resolution for the lame(parent side) addresses that could`
			`; raise the NX counter because of no address addition to the delegation point`
			`; (the same addresses are already there).`
			`STEP 5 QUERY`
			`ENTRY_BEGIN`
			`REPLY RD`
			`SECTION QUESTION`
			`c.example.com. IN A`
			`ENTRY_END`

			`; This was resolved by going back to the parent side nameservers (child side`
			`; was exhausted from cache and queries < MAX_TARGET_NX).`
			`STEP 6 CHECK_ANSWER`
			`ENTRY_BEGIN`
			`MATCH all`
			`REPLY QR RD RA NOERROR`
			`SECTION QUESTION`
			`c.example.com. IN A`
			`SECTION ANSWER`
			`c.example.com. IN A 10.20.30.40`
			`SECTION AUTHORITY`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`example.com. IN NS ns1.nonexistent.com.`
			`example.com. IN NS ns2.nonexistent.com.`
			`example.com. IN NS ns3.nonexistent.com.`
			`example.com. IN NS ns4.nonexistent.com.`
			`example.com. IN NS ns5.nonexistent.com.`
			`example.com. IN NS ns6.nonexistent.com.`
			`example.com. IN NS ns7.nonexistent.com.`
			`example.com. IN NS ns8.nonexistent.com.`
			`example.com. IN NS ns9.nonexistent.com.`
			`example.com. IN NS ns10.nonexistent.com.`
			`example.com. IN NS ns11.nonexistent.com.`
			`example.com. IN NS ns12.nonexistent.com.`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`

			`; Allow for the nameserver glue to expire`
			`STEP 10 TIME_PASSES ELAPSE 11`

			`; Query again for the parent side fallback`
			`STEP 11 QUERY`
			`ENTRY_BEGIN`
			`REPLY RD`
			`SECTION QUESTION`
			`d.example.com. IN A`
			`ENTRY_END`

			`; This was resolved by falling back to the parent side nameservers`
			`STEP 12 CHECK_ANSWER`
			`ENTRY_BEGIN`
			`MATCH all`
			`REPLY QR RD RA NOERROR`
			`SECTION QUESTION`
			`d.example.com. IN A`
			`SECTION ANSWER`
			`d.example.com. IN A 10.20.30.40`
			`SECTION AUTHORITY`
Fix typos (#1299) 2025-07-02 04:50:49 -04:00			`example.com. IN NS ns1.nonexistent.com.`
			`example.com. IN NS ns2.nonexistent.com.`
			`example.com. IN NS ns3.nonexistent.com.`
			`example.com. IN NS ns4.nonexistent.com.`
			`example.com. IN NS ns5.nonexistent.com.`
			`example.com. IN NS ns6.nonexistent.com.`
			`example.com. IN NS ns7.nonexistent.com.`
			`example.com. IN NS ns8.nonexistent.com.`
			`example.com. IN NS ns9.nonexistent.com.`
			`example.com. IN NS ns10.nonexistent.com.`
			`example.com. IN NS ns11.nonexistent.com.`
			`example.com. IN NS ns12.nonexistent.com.`
- Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. 2022-06-29 11:31:23 -04:00			`ENTRY_END`

			`SCENARIO_END`