mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
73e408f1d0
- Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
169 lines
3.7 KiB
Text
169 lines
3.7 KiB
Text
; config options
|
|
server:
|
|
module-config: "validator iterator"
|
|
qname-minimisation: "no"
|
|
minimal-responses: no
|
|
serve-expired: yes
|
|
serve-expired-reply-ttl: 123
|
|
serve-expired-client-timeout: 0
|
|
ede: yes
|
|
ede-serve-expired: yes
|
|
|
|
stub-zone:
|
|
name: "example.com"
|
|
stub-addr: 1.2.3.4
|
|
CONFIG_END
|
|
|
|
SCENARIO_BEGIN Test serve-expired with reply-ttl
|
|
; Scenario overview:
|
|
; - query for example.com. IN A
|
|
; - check that we get an answer for example.com. IN A with the correct TTL
|
|
; - query for shorterttl.example.com. IN A
|
|
; - check that we get an answer for shorterttl.example.com. IN A with the correct TTL
|
|
; - query again right after the TTL expired
|
|
; - check that we get the expired cached answer for example.com. with the configured TTL
|
|
; - check that we get the expired cached answer for shorterttl.example.com. with its own original TTL since it is shorter than the configured one
|
|
|
|
; ns.example.com.
|
|
RANGE_BEGIN 0 100
|
|
ADDRESS 1.2.3.4
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN NS
|
|
SECTION ANSWER
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN A
|
|
SECTION ANSWER
|
|
example.com. 200 IN A 5.6.7.8
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
shorterttl.example.com. IN A
|
|
SECTION ANSWER
|
|
shorterttl.example.com. 121 IN A 5.6.7.8
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; Query with RD flag
|
|
STEP 1 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
example.com. IN A
|
|
ENTRY_END
|
|
|
|
; Check that we got the correct answer (should be cached)
|
|
STEP 10 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN A
|
|
SECTION ANSWER
|
|
example.com. 200 IN A 5.6.7.8
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
STEP 11 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
shorterttl.example.com. IN A
|
|
ENTRY_END
|
|
|
|
|
|
STEP 12 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
shorterttl.example.com. IN A
|
|
SECTION ANSWER
|
|
shorterttl.example.com. 121 IN A 5.6.7.8
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
; Wait for the TTL to expire (for all rrsets; default 3600)
|
|
STEP 20 TIME_PASSES ELAPSE 3600
|
|
|
|
; Query again
|
|
STEP 30 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD DO
|
|
SECTION QUESTION
|
|
example.com. IN A
|
|
ENTRY_END
|
|
|
|
; Check that we got a stale answer
|
|
STEP 40 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl ede=3
|
|
REPLY QR RD RA DO NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN A
|
|
SECTION ANSWER
|
|
example.com. 123 A 5.6.7.8
|
|
SECTION AUTHORITY
|
|
example.com. 123 NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. 123 A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
; Query again for shorter ttl
|
|
STEP 50 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD DO
|
|
SECTION QUESTION
|
|
shorterttl.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; Check that we got a stale answer
|
|
; Note: auth, additional rrsets are already updated from previous recursion.
|
|
STEP 60 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl ede=3
|
|
REPLY QR RD RA DO NOERROR
|
|
SECTION QUESTION
|
|
shorterttl.example.com. IN A
|
|
SECTION ANSWER
|
|
shorterttl.example.com. 121 A 5.6.7.8
|
|
SECTION AUTHORITY
|
|
example.com. 3600 NS ns.example.com.
|
|
SECTION ADDITIONAL
|
|
ns.example.com. 3600 A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
; Give time for the pending query to get answered
|
|
STEP 61 TRAFFIC
|
|
|
|
SCENARIO_END
|