mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
Fixup lameness handling in server selection.
git-svn-id: file:///svn/unbound/trunk@1735 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
72aa0bad92
commit
894ba681f0
5 changed files with 477 additions and 6 deletions
|
|
@ -1,3 +1,7 @@
|
||||||
|
21 July 2009: Wouter
|
||||||
|
- Fix server selection, so that it waits for open target queries when
|
||||||
|
faced with lameness.
|
||||||
|
|
||||||
20 July 2009: Wouter
|
20 July 2009: Wouter
|
||||||
- Ignore transient sendto errors, no route to host, and host, net down.
|
- Ignore transient sendto errors, no route to host, and host, net down.
|
||||||
- contrib/update-anchor.sh has -r option for root-hints.
|
- contrib/update-anchor.sh has -r option for root-hints.
|
||||||
|
|
|
||||||
|
|
@ -233,7 +233,7 @@ iter_fill_rtt(struct iter_env* iter_env, struct module_env* env,
|
||||||
static int
|
static int
|
||||||
iter_filter_order(struct iter_env* iter_env, struct module_env* env,
|
iter_filter_order(struct iter_env* iter_env, struct module_env* env,
|
||||||
uint8_t* name, size_t namelen, uint16_t qtype, uint32_t now,
|
uint8_t* name, size_t namelen, uint16_t qtype, uint32_t now,
|
||||||
struct delegpt* dp, int* selected_rtt)
|
struct delegpt* dp, int* selected_rtt, int open_target)
|
||||||
{
|
{
|
||||||
int got_num = 0, low_rtt = 0, swap_to_front;
|
int got_num = 0, low_rtt = 0, swap_to_front;
|
||||||
struct delegpt_addr* a, *n, *prev=NULL;
|
struct delegpt_addr* a, *n, *prev=NULL;
|
||||||
|
|
@ -244,7 +244,7 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env,
|
||||||
if(got_num == 0)
|
if(got_num == 0)
|
||||||
return 0;
|
return 0;
|
||||||
if(low_rtt >= USEFUL_SERVER_TOP_TIMEOUT &&
|
if(low_rtt >= USEFUL_SERVER_TOP_TIMEOUT &&
|
||||||
delegpt_count_missing_targets(dp) > 0)
|
(delegpt_count_missing_targets(dp) > 0 || open_target > 0))
|
||||||
return 0; /* we want more choice. The best choice is a bad one.
|
return 0; /* we want more choice. The best choice is a bad one.
|
||||||
return 0 to force the caller to fetch more */
|
return 0 to force the caller to fetch more */
|
||||||
|
|
||||||
|
|
@ -286,13 +286,13 @@ struct delegpt_addr*
|
||||||
iter_server_selection(struct iter_env* iter_env,
|
iter_server_selection(struct iter_env* iter_env,
|
||||||
struct module_env* env, struct delegpt* dp,
|
struct module_env* env, struct delegpt* dp,
|
||||||
uint8_t* name, size_t namelen, uint16_t qtype, int* dnssec_expected,
|
uint8_t* name, size_t namelen, uint16_t qtype, int* dnssec_expected,
|
||||||
int* chase_to_rd)
|
int* chase_to_rd, int open_target)
|
||||||
{
|
{
|
||||||
int sel;
|
int sel;
|
||||||
int selrtt;
|
int selrtt;
|
||||||
struct delegpt_addr* a, *prev;
|
struct delegpt_addr* a, *prev;
|
||||||
int num = iter_filter_order(iter_env, env, name, namelen, qtype,
|
int num = iter_filter_order(iter_env, env, name, namelen, qtype,
|
||||||
*env->now, dp, &selrtt);
|
*env->now, dp, &selrtt, open_target);
|
||||||
|
|
||||||
if(num == 0)
|
if(num == 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
||||||
|
|
@ -79,13 +79,15 @@ int iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg);
|
||||||
* these are not preferred, but are used as a last resort.
|
* these are not preferred, but are used as a last resort.
|
||||||
* @param chase_to_rd: set to 1 if a known recursion lame server is selected
|
* @param chase_to_rd: set to 1 if a known recursion lame server is selected
|
||||||
* these are not preferred, but are used as a last resort.
|
* these are not preferred, but are used as a last resort.
|
||||||
|
* @param open_target: number of currently outstanding target queries.
|
||||||
|
* If we wait for these, perhaps more server addresses become available.
|
||||||
* @return best target or NULL if no target.
|
* @return best target or NULL if no target.
|
||||||
* if not null, that target is removed from the result list in the dp.
|
* if not null, that target is removed from the result list in the dp.
|
||||||
*/
|
*/
|
||||||
struct delegpt_addr* iter_server_selection(struct iter_env* iter_env,
|
struct delegpt_addr* iter_server_selection(struct iter_env* iter_env,
|
||||||
struct module_env* env, struct delegpt* dp, uint8_t* name,
|
struct module_env* env, struct delegpt* dp, uint8_t* name,
|
||||||
size_t namelen, uint16_t qtype, int* dnssec_expected,
|
size_t namelen, uint16_t qtype, int* dnssec_expected,
|
||||||
int* chase_to_rd);
|
int* chase_to_rd, int open_target);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Allocate dns_msg from parsed msg, in regional.
|
* Allocate dns_msg from parsed msg, in regional.
|
||||||
|
|
|
||||||
|
|
@ -1326,7 +1326,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
/* Select the next usable target, filtering out unsuitable targets. */
|
/* Select the next usable target, filtering out unsuitable targets. */
|
||||||
target = iter_server_selection(ie, qstate->env, iq->dp,
|
target = iter_server_selection(ie, qstate->env, iq->dp,
|
||||||
iq->dp->name, iq->dp->namelen, iq->qchase.qtype,
|
iq->dp->name, iq->dp->namelen, iq->qchase.qtype,
|
||||||
&iq->dnssec_expected, &iq->chase_to_rd);
|
&iq->dnssec_expected, &iq->chase_to_rd, iq->num_target_queries);
|
||||||
|
|
||||||
/* If no usable target was selected... */
|
/* If no usable target was selected... */
|
||||||
if(!target) {
|
if(!target) {
|
||||||
|
|
|
||||||
465
testdata/iter_dnsseclame_bug.rpl
vendored
Normal file
465
testdata/iter_dnsseclame_bug.rpl
vendored
Normal file
|
|
@ -0,0 +1,465 @@
|
||||||
|
; config options
|
||||||
|
server:
|
||||||
|
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
|
||||||
|
val-override-date: "20070916134226"
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||||
|
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Bug test dnssec-lame detection at ds point with target queries.
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
net. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
net. IN NS e.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
e.gtld-servers.net. IN A 192.12.94.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.net. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
net. IN NS e.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
e.gtld-servers.net. IN A 192.12.94.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.55
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; e.gtld-servers.net.
|
||||||
|
; Note this timing is so it will provide answers at the beginning.
|
||||||
|
RANGE_BEGIN 0 30
|
||||||
|
ADDRESS 192.12.94.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
net. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
net. IN NS e.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
e.gtld-servers.net. IN A 192.12.94.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
e.gtld-servers.net. IN AAAA
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
a.gtld-servers.net. IN AAAA
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; no example.net delegation answers yet.
|
||||||
|
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; e.gtld-servers.net.
|
||||||
|
; Note this timing is so it will not provide answers at the beginning,
|
||||||
|
; but only later on.
|
||||||
|
RANGE_BEGIN 30 100
|
||||||
|
ADDRESS 192.12.94.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
net. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
net. IN NS e.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
e.gtld-servers.net. IN A 192.12.94.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
e.gtld-servers.net. IN AAAA
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
a.gtld-servers.net. IN AAAA
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.net. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.net. IN NS ns.example.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.net. IN A 1.2.3.44
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.net. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.net. IN NS ns.example.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.net. IN A 1.2.3.44
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.net.
|
||||||
|
; Note this timing is so it will not provide answers at the beginning,
|
||||||
|
; but only later on.
|
||||||
|
RANGE_BEGIN 30 100
|
||||||
|
ADDRESS 1.2.3.44
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.net. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.net. IN NS ns.example.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.net. IN A 1.2.3.44
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.net. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
ns.example.net. IN A 1.2.3.44
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.net. IN NS ns.example.net.
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.net. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.net. IN NS ns.example.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.net. IN A 1.2.3.44
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to DNSKEY priming query
|
||||||
|
; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
sub.example.com. IN DNSKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
|
||||||
|
sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
|
||||||
|
SECTION AUTHORITY
|
||||||
|
; no NS set. not needed for this test.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.sub.example.com. IN A 1.2.3.6
|
||||||
|
ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
sub.example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
sub.example.com. IN NS ns.sub.example.com.
|
||||||
|
sub.example.com. IN NS ns.example.net.
|
||||||
|
sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.sub.example.com. IN A 1.2.3.6
|
||||||
|
ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to query of interest
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.sub.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.sub.example.com. IN A 11.11.11.11
|
||||||
|
www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
|
||||||
|
SECTION AUTHORITY
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.sub.example.com. IN AAAA
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 1.2.3.55
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.55
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
ns.example.com. IN A 1.2.3.55
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.com. IN AAAA
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; fine DNSKEY response.
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN DNSKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
|
||||||
|
example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
|
||||||
|
; correct delegation with DS
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
sub.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
SECTION AUTHORITY
|
||||||
|
sub.example.com. IN NS ns.sub.example.com.
|
||||||
|
sub.example.com. IN NS ns.example.net.
|
||||||
|
sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
|
||||||
|
sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.sub.example.com. IN A 1.2.3.6
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response for delegation to sub.example.com.
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
sub.example.com. IN DNSKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
SECTION AUTHORITY
|
||||||
|
sub.example.com. IN NS ns.sub.example.com.
|
||||||
|
sub.example.com. IN NS ns.example.net.
|
||||||
|
sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
|
||||||
|
sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.sub.example.com. IN A 1.2.3.6
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; This server is DNSSEC LAME!
|
||||||
|
; ns.sub.example.com.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 1.2.3.6
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
sub.example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
sub.example.com. IN NS ns.sub.example.com.
|
||||||
|
sub.example.com. IN NS ns.example.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.sub.example.com. IN A 1.2.3.6
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
|
||||||
|
; response to DNSKEY priming query
|
||||||
|
; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
sub.example.com. IN DNSKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
|
||||||
|
SECTION AUTHORITY
|
||||||
|
sub.example.com. IN NS ns.sub.example.com.
|
||||||
|
sub.example.com. IN NS ns.example.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.sub.example.com. IN A 1.2.3.6
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.sub.example.com. IN AAAA
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to query of interest
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.sub.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.sub.example.com. IN A 11.11.11.11
|
||||||
|
SECTION AUTHORITY
|
||||||
|
; dnssec-lameness detection depends on this information
|
||||||
|
sub.example.com. IN NS ns.sub.example.com.
|
||||||
|
sub.example.com. IN NS ns.example.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.sub.example.com. IN A 1.2.3.6
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD DO
|
||||||
|
SECTION QUESTION
|
||||||
|
www.sub.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 10 NOTHING
|
||||||
|
; recursion at time 10.
|
||||||
|
; first recursion with answers in 0-30 time
|
||||||
|
; with bug it now resolves to the bad version
|
||||||
|
; fixed, it stops waiting for more target queries.
|
||||||
|
|
||||||
|
STEP 40 NOTHING
|
||||||
|
; next recursion with more answers at time 40.
|
||||||
|
|
||||||
|
; recursion happens here.
|
||||||
|
STEP 50 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA AD DO NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.sub.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.sub.example.com. IN A 11.11.11.11
|
||||||
|
www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
|
||||||
|
ENTRY_END
|
||||||
|
SCENARIO_END
|
||||||
Loading…
Reference in a new issue