diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:26:00 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:26:00 +0000 |
| commit | 830407e88f9d40d954356c3754f2647f91d5c06a (patch) | |
| tree | d6a0ece6feea91f3c656166dbaa884ef8a29740e /tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl | |
| parent | Initial commit. (diff) | |
| download | knot-resolver-upstream/5.6.0.tar.xz knot-resolver-upstream/5.6.0.zip | |
Adding upstream version 5.6.0.upstream/5.6.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl')
| -rw-r--r-- | tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl | 250 |
1 files changed, 250 insertions, 0 deletions
diff --git a/tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl b/tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl new file mode 100644 index 0000000..921ef12 --- /dev/null +++ b/tests/integration/testdata_notimpl/iter_scrub_dname_insec.rpl @@ -0,0 +1,250 @@ +; config options +server: + harden-referral-path: no + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test scrub of insecure DNAME in answer section + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +x.y.example.com. IN A +ENTRY_END + +; root prime is sent +STEP 20 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +. IN NS +ENTRY_END +STEP 30 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +; query sent to root server +STEP 40 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +x.y.example.com. IN A +ENTRY_END +STEP 50 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.y.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +; query sent to .com server +STEP 60 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +x.y.example.com. IN A +ENTRY_END + +; STEP 62 CHECK_OUT_QUERY +; ENTRY_BEGIN +; MATCH qname qtype opcode +; SECTION QUESTION +; com. IN NS +; ENTRY_END +; STEP 63 REPLY +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR NOERROR +; SECTION QUESTION +; com. IN NS +; SECTION ANSWER +; com. IN NS a.gtld-servers.net. +; SECTION ADDITIONAL +; a.gtld-servers.net. IN A 192.5.6.30 +; ENTRY_END + +STEP 70 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.y.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +STEP 80 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +x.y.example.com. IN A +ENTRY_END + +; STEP 82 CHECK_OUT_QUERY +; ENTRY_BEGIN +; MATCH qname qtype opcode +; SECTION QUESTION +; example.com. IN NS +; ENTRY_END +; STEP 83 REPLY +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END + +STEP 90 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +x.y.example.com. IN CNAME x.z.example.com. +x.z.example.com. IN A 10.20.30.0 +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +STEP 100 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +x.z.example.com. IN A +ENTRY_END +STEP 110 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.z.example.com. IN A +SECTION ANSWER +x.z.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +; answer to first query (simply puts DNAME in cache) +STEP 120 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA +SECTION QUESTION +x.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +x.y.example.com. IN CNAME x.z.example.com. +x.z.example.com. IN A 10.20.30.40 +;SECTION AUTHORITY +;example.com. IN NS ns1.example.com. +;SECTION ADDITIONAL +;ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +; now, DNAME insecure from cache should not be used. +; new query +STEP 200 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +other.y.example.com. IN A +ENTRY_END + +STEP 210 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +other.y.example.com. IN A +ENTRY_END +STEP 220 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +other.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +other.y.example.com. IN CNAME other.z.example.com. +other.z.example.com. IN A 50.60.70.0 +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +STEP 230 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +other.z.example.com. IN A +ENTRY_END +STEP 240 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +other.z.example.com. IN A +SECTION ANSWER +other.z.example.com. IN A 50.60.70.80 +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +STEP 250 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA +SECTION QUESTION +other.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +other.y.example.com. IN CNAME other.z.example.com. +other.z.example.com. IN A 50.60.70.80 +;SECTION AUTHORITY +;example.com. IN NS ns1.example.com. +;SECTION ADDITIONAL +;ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +SCENARIO_END |