31e253e294
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4154 be551aaa-1e26-0410-a405-d3ace91eadb9
221 lines
3.9 KiB
Plaintext
221 lines
3.9 KiB
Plaintext
; config options
|
|
server:
|
|
target-fetch-policy: "0 0 0 0 0"
|
|
|
|
stub-zone:
|
|
name: "."
|
|
stub-addr: 193.0.14.129
|
|
stub-zone:
|
|
name: "example.com"
|
|
stub-addr: 10.0.1.1
|
|
stub-zone:
|
|
name: "example.net"
|
|
stub-addr: 10.0.5.1
|
|
CONFIG_END
|
|
|
|
SCENARIO_BEGIN Test stub zone leaking to the internet on last resort fallback
|
|
|
|
; root server
|
|
RANGE_BEGIN 0 100
|
|
ADDRESS 193.0.14.129
|
|
|
|
; root prime
|
|
ENTRY_BEGIN
|
|
MATCH qname qtype
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
. IN NS
|
|
SECTION ANSWER
|
|
. IN NS k.root-servers.net.
|
|
SECTION ADDITIONAL
|
|
k.root-servers.net. IN A 193.0.14.129
|
|
ENTRY_END
|
|
|
|
RANGE_END
|
|
|
|
; stub server for example.com
|
|
RANGE_BEGIN 0 100
|
|
ADDRESS 10.0.1.1
|
|
|
|
; subzone is delegated
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
subzone.example.com. IN A
|
|
SECTION AUTHORITY
|
|
subzone.example.com. IN NS sub-ns1.example.com.
|
|
subzone.example.com. IN NS sub-ns2.example.com.
|
|
subzone.example.com. IN NS example.net.
|
|
SECTION ADDITIONAL
|
|
sub-ns1.example.com. IN A 10.0.2.3
|
|
sub-ns2.example.com. IN A 10.0.2.4
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode question
|
|
ADJUST copy_id copy_query
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
sub-ns1.example.com. IN A
|
|
SECTION ANSWER
|
|
sub-ns1.example.com. IN A 10.0.2.3
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode question
|
|
ADJUST copy_id copy_query
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
sub-ns2.example.com. IN A
|
|
SECTION ANSWER
|
|
sub-ns2.example.com. IN A 10.0.2.4
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode question
|
|
ADJUST copy_id copy_query
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
sub-ns1.example.com. IN AAAA
|
|
SECTION AUTHORITY
|
|
example.com. 300 SOA master.example.com etc 1 2 3 4 300
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode question
|
|
ADJUST copy_id copy_query
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
sub-ns2.example.com. IN AAAA
|
|
SECTION AUTHORITY
|
|
example.com. 300 SOA master.example.com etc 1 2 3 4 300
|
|
ENTRY_END
|
|
|
|
RANGE_END
|
|
|
|
; stub server for example.net
|
|
RANGE_BEGIN 0 100
|
|
ADDRESS 10.0.5.1
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode question
|
|
ADJUST copy_id copy_query
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
example.net. IN NS
|
|
SECTION ANSWER
|
|
example.net. IN NS ns.example.net.
|
|
SECTION ADDITIONAL
|
|
ns.example.net. IN A 10.0.5.1
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode question
|
|
ADJUST copy_id copy_query
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
example.net. IN A
|
|
SECTION ANSWER
|
|
example.net. IN A 10.0.5.4
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode question
|
|
ADJUST copy_id copy_query
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
example.net. IN AAAA
|
|
SECTION AUTHORITY
|
|
example.net. 300 SOA master.example.net etc 1 2 3 4 300
|
|
ENTRY_END
|
|
|
|
RANGE_END
|
|
|
|
; stub server for subzone.example.com
|
|
RANGE_BEGIN 0 100
|
|
ADDRESS 10.0.2.3
|
|
; match anything, servfail
|
|
ENTRY_BEGIN
|
|
MATCH opcode
|
|
ADJUST copy_id copy_query
|
|
REPLY QR SERVFAIL
|
|
SECTION QUESTION
|
|
subzone.example.com. IN A
|
|
SECTION ANSWER
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; stub server for subzone.example.com
|
|
RANGE_BEGIN 0 100
|
|
ADDRESS 10.0.2.4
|
|
; match anything, servfail
|
|
ENTRY_BEGIN
|
|
MATCH opcode
|
|
ADJUST copy_id copy_query
|
|
REPLY QR SERVFAIL
|
|
SECTION QUESTION
|
|
subzone.example.com. IN A
|
|
SECTION ANSWER
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; stub server for subzone.example.com
|
|
RANGE_BEGIN 0 100
|
|
ADDRESS 10.0.5.4
|
|
; match anything, servfail
|
|
ENTRY_BEGIN
|
|
MATCH opcode
|
|
ADJUST copy_id copy_query
|
|
REPLY QR SERVFAIL
|
|
SECTION QUESTION
|
|
subzone.example.com. IN A
|
|
SECTION ANSWER
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
|
|
; fetch the delegation point for example.net in cache.
|
|
STEP 1 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
example.net. IN NS
|
|
ENTRY_END
|
|
|
|
; recursion happens here.
|
|
STEP 10 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
example.net. IN NS
|
|
SECTION ANSWER
|
|
example.net. IN NS ns.example.net.
|
|
SECTION ADDITIONAL
|
|
ns.example.net. IN A 10.0.5.1
|
|
ENTRY_END
|
|
|
|
STEP 20 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
whatever.subzone.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; recursion happens here.
|
|
; the query should not leak subzone ns queries to the internet
|
|
STEP 30 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA SERVFAIL
|
|
SECTION QUESTION
|
|
whatever.subzone.example.com. IN A
|
|
SECTION ANSWER
|
|
SECTION AUTHORITY
|
|
ENTRY_END
|
|
|
|
SCENARIO_END
|