From 830407e88f9d40d954356c3754f2647f91d5c06a Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:26:00 +0200 Subject: Adding upstream version 5.6.0. Signed-off-by: Daniel Baumann --- .../testdata_notimpl/iter_scrub_dname_insec.rpl | 250 +++++++++++++++++++++ 1 file changed, 250 insertions(+) create mode 100644 tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl (limited to 'tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl') diff --git a/tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl b/tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl new file mode 100644 index 0000000..921ef12 --- /dev/null +++ b/tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl @@ -0,0 +1,250 @@ +; config options +server: + harden-referral-path: no + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test scrub of insecure DNAME in answer section + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +x.y.example.com. IN A +ENTRY_END + +; root prime is sent +STEP 20 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +. IN NS +ENTRY_END +STEP 30 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +; query sent to root server +STEP 40 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +x.y.example.com. IN A +ENTRY_END +STEP 50 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.y.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +; query sent to .com server +STEP 60 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +x.y.example.com. IN A +ENTRY_END + +; STEP 62 CHECK_OUT_QUERY +; ENTRY_BEGIN +; MATCH qname qtype opcode +; SECTION QUESTION +; com. IN NS +; ENTRY_END +; STEP 63 REPLY +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR NOERROR +; SECTION QUESTION +; com. IN NS +; SECTION ANSWER +; com. IN NS a.gtld-servers.net. +; SECTION ADDITIONAL +; a.gtld-servers.net. IN A 192.5.6.30 +; ENTRY_END + +STEP 70 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.y.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +STEP 80 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +x.y.example.com. IN A +ENTRY_END + +; STEP 82 CHECK_OUT_QUERY +; ENTRY_BEGIN +; MATCH qname qtype opcode +; SECTION QUESTION +; example.com. IN NS +; ENTRY_END +; STEP 83 REPLY +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END + +STEP 90 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +x.y.example.com. IN CNAME x.z.example.com. +x.z.example.com. IN A 10.20.30.0 +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +STEP 100 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +x.z.example.com. IN A +ENTRY_END +STEP 110 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.z.example.com. IN A +SECTION ANSWER +x.z.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +; answer to first query (simply puts DNAME in cache) +STEP 120 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA +SECTION QUESTION +x.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +x.y.example.com. IN CNAME x.z.example.com. +x.z.example.com. IN A 10.20.30.40 +;SECTION AUTHORITY +;example.com. IN NS ns1.example.com. +;SECTION ADDITIONAL +;ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +; now, DNAME insecure from cache should not be used. +; new query +STEP 200 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +other.y.example.com. IN A +ENTRY_END + +STEP 210 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +other.y.example.com. IN A +ENTRY_END +STEP 220 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +other.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +other.y.example.com. IN CNAME other.z.example.com. +other.z.example.com. IN A 50.60.70.0 +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +STEP 230 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +other.z.example.com. IN A +ENTRY_END +STEP 240 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +other.z.example.com. IN A +SECTION ANSWER +other.z.example.com. IN A 50.60.70.80 +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +STEP 250 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA +SECTION QUESTION +other.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +other.y.example.com. IN CNAME other.z.example.com. +other.z.example.com. IN A 50.60.70.80 +;SECTION AUTHORITY +;example.com. IN NS ns1.example.com. +;SECTION ADDITIONAL +;ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +SCENARIO_END -- cgit v1.2.3