mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-22 10:48:02 +00:00
335c7cda12
Release notes at https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ Security: The DNSBomb vulnerability CVE-2024-33655 Merge commit 'c2a80056864d6eda0398fd127dc0ae515b39752b' into main
780 lines
14 KiB
Plaintext
780 lines
14 KiB
Plaintext
; config options
|
|
server:
|
|
module-config: "respip validator iterator"
|
|
target-fetch-policy: "0 0 0 0 0"
|
|
qname-minimisation: no
|
|
access-control: 192.0.0.0/8 allow
|
|
|
|
rpz:
|
|
name: "rpz.example.com."
|
|
rpz-log: yes
|
|
rpz-log-name: "rpz.example.com"
|
|
zonefile:
|
|
TEMPFILE_NAME rpz.example.com
|
|
TEMPFILE_CONTENTS rpz.example.com
|
|
$ORIGIN example.com.
|
|
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
|
|
1379078166 28800 7200 604800 7200 )
|
|
3600 IN NS ns1.rpz.example.com.
|
|
3600 IN NS ns2.rpz.example.com.
|
|
$ORIGIN rpz.example.com.
|
|
www.gotham.a A 1.2.3.61
|
|
www.gotham2.a CNAME g2.target.a.
|
|
g2.target.a A 1.2.3.62
|
|
www.gotham3.a CNAME g3.target.a.
|
|
g3.target.a CNAME g3b.target.a.
|
|
g3b.target.a A 1.2.3.63
|
|
www.gotham4.a CNAME g4.target.a.
|
|
g4.target.a CNAME g4b.target.a.
|
|
g4b.target.a CNAME g4c.target.a.
|
|
g4c.target.a A 1.2.3.64
|
|
w2.gotham5.a A 1.2.3.65
|
|
w2.gotham6.a CNAME g6.target.a.
|
|
g6.target.a A 1.2.3.66
|
|
w2.gotham7.a CNAME g7.target.a.
|
|
g7.target.a CNAME g7b.target.a.
|
|
g7b.target.a A 1.2.3.66
|
|
; ns1.gotham8.a
|
|
32.48.30.20.10.rpz-nsip A 1.2.3.68
|
|
; ns1.gotham9.a
|
|
32.49.30.20.10.rpz-nsip CNAME g9.target.a.
|
|
g9.target.a A 1.2.3.69
|
|
; ns1.gotham10.a
|
|
32.50.30.20.10.rpz-nsip CNAME g10.target.a.
|
|
g10.target.a CNAME g10b.target.a.
|
|
g10b.target.a A 1.2.3.70
|
|
www.gotham11.a CNAME g11.target.a.
|
|
www.gotham12.a CNAME g12.target.a.
|
|
g12.target.a CNAME g12b.target.a.
|
|
www.gotham13.a CNAME g13.target.a.
|
|
g13.target.a CNAME g13b.target.a.
|
|
g13b.target.a CNAME g13c.target.a.
|
|
w2.gotham14.a CNAME g14.target.a.
|
|
w2.gotham15.a CNAME g15.target.a.
|
|
g15.target.a CNAME g15b.target.a.
|
|
; ns1.gotham16.a
|
|
32.56.30.20.10.rpz-nsip CNAME g16.target.a.
|
|
; ns1.gotham17.a
|
|
32.57.30.20.10.rpz-nsip CNAME g17.target.a.
|
|
g17.target.a CNAME g17b.target.a.
|
|
TEMPFILE_END
|
|
|
|
stub-zone:
|
|
name: "a."
|
|
stub-addr: 10.20.30.40
|
|
CONFIG_END
|
|
|
|
SCENARIO_BEGIN Test RPZ handling of CNAMEs.
|
|
|
|
; a.
|
|
RANGE_BEGIN 0 1000
|
|
ADDRESS 10.20.30.40
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
gotham5.a. IN NS
|
|
SECTION AUTHORITY
|
|
gotham5.a. NS ns1.gotham5.a.
|
|
SECTION ADDITIONAL
|
|
ns1.gotham5.a. A 10.20.30.45
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
gotham6.a. IN NS
|
|
SECTION AUTHORITY
|
|
gotham6.a. NS ns1.gotham6.a.
|
|
SECTION ADDITIONAL
|
|
ns1.gotham6.a. A 10.20.30.46
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
gotham7.a. IN NS
|
|
SECTION AUTHORITY
|
|
gotham7.a. NS ns1.gotham7.a.
|
|
SECTION ADDITIONAL
|
|
ns1.gotham7.a. A 10.20.30.47
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
gotham8.a. IN NS
|
|
SECTION AUTHORITY
|
|
gotham8.a. NS ns1.gotham8.a.
|
|
SECTION ADDITIONAL
|
|
ns1.gotham8.a. A 10.20.30.48
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
gotham9.a. IN NS
|
|
SECTION AUTHORITY
|
|
gotham9.a. NS ns1.gotham9.a.
|
|
SECTION ADDITIONAL
|
|
ns1.gotham9.a. A 10.20.30.49
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
gotham10.a. IN NS
|
|
SECTION AUTHORITY
|
|
gotham10.a. NS ns1.gotham10.a.
|
|
SECTION ADDITIONAL
|
|
ns1.gotham10.a. A 10.20.30.50
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
gotham14.a. IN NS
|
|
SECTION AUTHORITY
|
|
gotham14.a. NS ns1.gotham14.a.
|
|
SECTION ADDITIONAL
|
|
ns1.gotham14.a. A 10.20.30.54
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
gotham15.a. IN NS
|
|
SECTION AUTHORITY
|
|
gotham15.a. NS ns1.gotham15.a.
|
|
SECTION ADDITIONAL
|
|
ns1.gotham15.a. A 10.20.30.55
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
gotham16.a. IN NS
|
|
SECTION AUTHORITY
|
|
gotham16.a. NS ns1.gotham16.a.
|
|
SECTION ADDITIONAL
|
|
ns1.gotham16.a. A 10.20.30.56
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
gotham17.a. IN NS
|
|
SECTION AUTHORITY
|
|
gotham17.a. NS ns1.gotham17.a.
|
|
SECTION ADDITIONAL
|
|
ns1.gotham17.a. A 10.20.30.57
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
target.a. IN A
|
|
SECTION ANSWER
|
|
target.a. IN A 1.2.3.6
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
g11.target.a. IN A
|
|
SECTION ANSWER
|
|
g11.target.a. IN A 1.2.3.11
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
g12b.target.a. IN A
|
|
SECTION ANSWER
|
|
g12b.target.a. A 1.2.3.12
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
g13c.target.a. IN A
|
|
SECTION ANSWER
|
|
g13c.target.a. A 1.2.3.13
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
g14.target.a. IN A
|
|
SECTION ANSWER
|
|
g14.target.a. A 1.2.3.14
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
g15b.target.a. IN A
|
|
SECTION ANSWER
|
|
g15b.target.a. A 1.2.3.15
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
g16.target.a. IN A
|
|
SECTION ANSWER
|
|
g16.target.a. A 1.2.3.16
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
g17b.target.a. IN A
|
|
SECTION ANSWER
|
|
g17b.target.a. A 1.2.3.17
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; gotham5.a.
|
|
RANGE_BEGIN 0 1000
|
|
ADDRESS 10.20.30.45
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham5.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham5.a. CNAME w2.gotham5.a.
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; gotham6.a.
|
|
RANGE_BEGIN 0 1000
|
|
ADDRESS 10.20.30.46
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
www.gotham6.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham6.a. CNAME w2.gotham6.a.
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; gotham7.a.
|
|
RANGE_BEGIN 0 1000
|
|
ADDRESS 10.20.30.47
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham7.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham7.a. CNAME w2.gotham7.a.
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; gotham14.a.
|
|
RANGE_BEGIN 0 1000
|
|
ADDRESS 10.20.30.54
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham14.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham14.a. CNAME w2.gotham14.a.
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; gotham15.a.
|
|
RANGE_BEGIN 0 1000
|
|
ADDRESS 10.20.30.55
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham15.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham15.a. CNAME w2.gotham15.a.
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; Test with zero rpz CNAMEs, rpz answer.
|
|
STEP 10 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 11 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham.a. A 1.2.3.61
|
|
ENTRY_END
|
|
|
|
; Test with one rpz CNAME, rpz answer.
|
|
STEP 20 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham2.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 21 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham2.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham2.a. CNAME g2.target.a.
|
|
g2.target.a. A 1.2.3.62
|
|
ENTRY_END
|
|
|
|
; Test with two rpz CNAMEs, rpz answer.
|
|
STEP 30 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham3.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 31 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham3.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham3.a. CNAME g3.target.a.
|
|
g3.target.a. CNAME g3b.target.a.
|
|
g3b.target.a. A 1.2.3.63
|
|
ENTRY_END
|
|
|
|
; Test with three rpz CNAMEs, rpz answer.
|
|
STEP 40 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham4.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 41 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham4.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham4.a. CNAME g4.target.a.
|
|
g4.target.a. CNAME g4b.target.a.
|
|
g4b.target.a. CNAME g4c.target.a.
|
|
g4c.target.a. A 1.2.3.64
|
|
ENTRY_END
|
|
|
|
; Test with a CNAME from upstream, zero rpz CNAMEs, rpz answer.
|
|
STEP 50 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham5.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 51 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham5.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham5.a. CNAME w2.gotham5.a.
|
|
w2.gotham5.a. A 1.2.3.65
|
|
ENTRY_END
|
|
|
|
; Test with a CNAME from upstream, one rpz CNAME, rpz answer.
|
|
STEP 60 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham6.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 61 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham6.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham6.a. CNAME w2.gotham6.a.
|
|
w2.gotham6.a. CNAME g6.target.a.
|
|
g6.target.a. A 1.2.3.66
|
|
ENTRY_END
|
|
|
|
; Test with a CNAME from upstream, two rpz CNAMEs, rpz answer.
|
|
STEP 70 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham7.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 71 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham7.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham7.a. CNAME w2.gotham7.a.
|
|
w2.gotham7.a. CNAME g7.target.a.
|
|
g7.target.a. CNAME g7b.target.a.
|
|
g7b.target.a. A 1.2.3.66
|
|
ENTRY_END
|
|
|
|
; Test with a CNAME from cache, zero rpz CNAMEs, rpz answer.
|
|
STEP 80 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham5.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 81 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham5.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham5.a. CNAME w2.gotham5.a.
|
|
w2.gotham5.a. A 1.2.3.65
|
|
ENTRY_END
|
|
|
|
; Test with a CNAME from cache, one rpz CNAME, rpz answer.
|
|
STEP 90 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham6.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 91 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham6.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham6.a. CNAME w2.gotham6.a.
|
|
w2.gotham6.a. CNAME g6.target.a.
|
|
g6.target.a. A 1.2.3.66
|
|
ENTRY_END
|
|
|
|
; Test with a CNAME from cache, two rpz CNAMEs, rpz answer.
|
|
STEP 100 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham7.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 101 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham7.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham7.a. CNAME w2.gotham7.a.
|
|
w2.gotham7.a. CNAME g7.target.a.
|
|
g7.target.a. CNAME g7b.target.a.
|
|
g7b.target.a. A 1.2.3.66
|
|
ENTRY_END
|
|
|
|
; Test with lookup from nameserver, zero rpz CNAMEs, rpz nsip answer.
|
|
STEP 110 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham8.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 111 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham8.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham8.a. A 1.2.3.68
|
|
ENTRY_END
|
|
|
|
; Test with lookup from nameserver, one rpz CNAME, rpz nsip answer.
|
|
STEP 120 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham9.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 121 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham9.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham9.a. CNAME g9.target.a.
|
|
g9.target.a. A 1.2.3.69
|
|
ENTRY_END
|
|
|
|
; Test with lookup from nameserver, two rpz CNAMEs, rpz nsip answer.
|
|
STEP 130 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham10.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 131 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham10.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham10.a. CNAME g10.target.a.
|
|
g10.target.a. CNAME g10b.target.a.
|
|
g10b.target.a. A 1.2.3.70
|
|
ENTRY_END
|
|
|
|
; Test with one rpz CNAME, upstream answer.
|
|
STEP 140 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham11.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 141 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham11.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham11.a. CNAME g11.target.a.
|
|
g11.target.a. A 1.2.3.11
|
|
ENTRY_END
|
|
|
|
; Test with two rpz CNAMEs, upstream answer.
|
|
STEP 150 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham12.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 151 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham12.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham12.a. CNAME g12.target.a.
|
|
g12.target.a. CNAME g12b.target.a.
|
|
g12b.target.a. A 1.2.3.12
|
|
ENTRY_END
|
|
|
|
; Test with three rpz CNAMEs, upstream answer.
|
|
STEP 160 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham13.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 161 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham13.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham13.a. CNAME g13.target.a.
|
|
g13.target.a. CNAME g13b.target.a.
|
|
g13b.target.a. CNAME g13c.target.a.
|
|
g13c.target.a. A 1.2.3.13
|
|
ENTRY_END
|
|
|
|
; Test with a CNAME from upstream, one rpz CNAME, upstream answer.
|
|
STEP 170 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham14.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 171 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham14.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham14.a. CNAME w2.gotham14.a.
|
|
w2.gotham14.a. CNAME g14.target.a.
|
|
g14.target.a. A 1.2.3.14
|
|
ENTRY_END
|
|
|
|
; Test with a CNAME from upstream, two rpz CNAMEs, upstream answer.
|
|
STEP 180 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham15.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 181 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham15.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham15.a. CNAME w2.gotham15.a.
|
|
w2.gotham15.a. CNAME g15.target.a.
|
|
g15.target.a. CNAME g15b.target.a.
|
|
g15b.target.a. A 1.2.3.15
|
|
ENTRY_END
|
|
|
|
; Test with a CNAME from cache, one rpz CNAME, upstream answer.
|
|
STEP 190 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham14.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 191 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham14.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham14.a. CNAME w2.gotham14.a.
|
|
w2.gotham14.a. CNAME g14.target.a.
|
|
g14.target.a. A 1.2.3.14
|
|
ENTRY_END
|
|
|
|
; Test with a CNAME from cache, two rpz CNAMEs, upstream answer.
|
|
STEP 200 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham15.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 201 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham15.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham15.a. CNAME w2.gotham15.a.
|
|
w2.gotham15.a. CNAME g15.target.a.
|
|
g15.target.a. CNAME g15b.target.a.
|
|
g15b.target.a. A 1.2.3.15
|
|
ENTRY_END
|
|
|
|
; Test with lookup from nameserver, one rpz nsip CNAME, upstream answer.
|
|
STEP 210 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham16.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 211 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham16.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham16.a. CNAME g16.target.a.
|
|
g16.target.a. A 1.2.3.16
|
|
ENTRY_END
|
|
|
|
; Test with lookup from nameserver, two rpz nsip CNAMEs, upstream answer.
|
|
STEP 220 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.gotham17.a. IN A
|
|
ENTRY_END
|
|
|
|
STEP 221 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
www.gotham17.a. IN A
|
|
SECTION ANSWER
|
|
www.gotham17.a. CNAME g17.target.a.
|
|
g17.target.a. CNAME g17b.target.a.
|
|
g17b.target.a. A 1.2.3.17
|
|
ENTRY_END
|
|
|
|
SCENARIO_END
|