]> git.saurik.com Git - apple/network_cmds.git/blob - unbound/testdata/iter_scrub_dname_insec.rpl
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-596.100.2.tar.gz
[apple/network_cmds.git] / unbound / testdata / iter_scrub_dname_insec.rpl
1 ; config options
2 server:
3 harden-referral-path: no
4 target-fetch-policy: "0 0 0 0 0"
5
6 stub-zone:
7 name: "."
8 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
9 CONFIG_END
10
11 SCENARIO_BEGIN Test scrub of insecure DNAME in answer section
12
13 STEP 10 QUERY
14 ENTRY_BEGIN
15 REPLY RD
16 SECTION QUESTION
17 x.y.example.com. IN A
18 ENTRY_END
19
20 ; root prime is sent
21 STEP 20 CHECK_OUT_QUERY
22 ENTRY_BEGIN
23 MATCH qname qtype opcode
24 SECTION QUESTION
25 . IN NS
26 ENTRY_END
27 STEP 30 REPLY
28 ENTRY_BEGIN
29 MATCH opcode qtype qname
30 ADJUST copy_id
31 REPLY QR AA NOERROR
32 SECTION QUESTION
33 . IN NS
34 SECTION ANSWER
35 . IN NS K.ROOT-SERVERS.NET.
36 SECTION ADDITIONAL
37 K.ROOT-SERVERS.NET. IN A 193.0.14.129
38 ENTRY_END
39
40 ; query sent to root server
41 STEP 40 CHECK_OUT_QUERY
42 ENTRY_BEGIN
43 MATCH qname qtype opcode
44 SECTION QUESTION
45 x.y.example.com. IN A
46 ENTRY_END
47 STEP 50 REPLY
48 ENTRY_BEGIN
49 MATCH opcode qtype qname
50 ADJUST copy_id
51 REPLY QR NOERROR
52 SECTION QUESTION
53 x.y.example.com. IN A
54 SECTION AUTHORITY
55 com. IN NS a.gtld-servers.net.
56 SECTION ADDITIONAL
57 a.gtld-servers.net. IN A 192.5.6.30
58 ENTRY_END
59
60 ; query sent to .com server
61 STEP 60 CHECK_OUT_QUERY
62 ENTRY_BEGIN
63 MATCH qname qtype opcode
64 SECTION QUESTION
65 x.y.example.com. IN A
66 ENTRY_END
67
68 ; STEP 62 CHECK_OUT_QUERY
69 ; ENTRY_BEGIN
70 ; MATCH qname qtype opcode
71 ; SECTION QUESTION
72 ; com. IN NS
73 ; ENTRY_END
74 ; STEP 63 REPLY
75 ; ENTRY_BEGIN
76 ; MATCH opcode qtype qname
77 ; ADJUST copy_id
78 ; REPLY QR NOERROR
79 ; SECTION QUESTION
80 ; com. IN NS
81 ; SECTION ANSWER
82 ; com. IN NS a.gtld-servers.net.
83 ; SECTION ADDITIONAL
84 ; a.gtld-servers.net. IN A 192.5.6.30
85 ; ENTRY_END
86
87 STEP 70 REPLY
88 ENTRY_BEGIN
89 MATCH opcode qtype qname
90 ADJUST copy_id
91 REPLY QR NOERROR
92 SECTION QUESTION
93 x.y.example.com. IN A
94 SECTION AUTHORITY
95 example.com. IN NS ns1.example.com.
96 SECTION ADDITIONAL
97 ns1.example.com. IN A 168.192.2.2
98 ENTRY_END
99
100 STEP 80 CHECK_OUT_QUERY
101 ENTRY_BEGIN
102 MATCH qname qtype opcode
103 SECTION QUESTION
104 x.y.example.com. IN A
105 ENTRY_END
106
107 ; STEP 82 CHECK_OUT_QUERY
108 ; ENTRY_BEGIN
109 ; MATCH qname qtype opcode
110 ; SECTION QUESTION
111 ; example.com. IN NS
112 ; ENTRY_END
113 ; STEP 83 REPLY
114 ; ENTRY_BEGIN
115 ; MATCH opcode qtype qname
116 ; ADJUST copy_id
117 ; REPLY QR NOERROR
118 ; SECTION QUESTION
119 ; example.com. IN NS
120 ; SECTION ANSWER
121 ; example.com. IN NS ns1.example.com.
122 ; SECTION ADDITIONAL
123 ; ns1.example.com. IN A 168.192.2.2
124 ; ENTRY_END
125
126 STEP 90 REPLY
127 ENTRY_BEGIN
128 MATCH opcode qtype qname
129 ADJUST copy_id
130 REPLY QR AA NOERROR
131 SECTION QUESTION
132 x.y.example.com. IN A
133 SECTION ANSWER
134 y.example.com. DNAME z.example.com.
135 x.y.example.com. IN CNAME x.z.example.com.
136 x.z.example.com. IN A 10.20.30.0
137 SECTION AUTHORITY
138 example.com. IN NS ns1.example.com.
139 SECTION ADDITIONAL
140 ns1.example.com. IN A 168.192.2.2
141 ENTRY_END
142
143 STEP 100 CHECK_OUT_QUERY
144 ENTRY_BEGIN
145 MATCH qname qtype opcode
146 SECTION QUESTION
147 x.z.example.com. IN A
148 ENTRY_END
149 STEP 110 REPLY
150 ENTRY_BEGIN
151 MATCH opcode qtype qname
152 ADJUST copy_id
153 REPLY QR AA NOERROR
154 SECTION QUESTION
155 x.z.example.com. IN A
156 SECTION ANSWER
157 x.z.example.com. IN A 10.20.30.40
158 SECTION AUTHORITY
159 example.com. IN NS ns1.example.com.
160 SECTION ADDITIONAL
161 ns1.example.com. IN A 168.192.2.2
162 ENTRY_END
163
164 ; answer to first query (simply puts DNAME in cache)
165 STEP 120 CHECK_ANSWER
166 ENTRY_BEGIN
167 MATCH all
168 REPLY QR RD RA
169 SECTION QUESTION
170 x.y.example.com. IN A
171 SECTION ANSWER
172 y.example.com. DNAME z.example.com.
173 x.y.example.com. IN CNAME x.z.example.com.
174 x.z.example.com. IN A 10.20.30.40
175 SECTION AUTHORITY
176 example.com. IN NS ns1.example.com.
177 SECTION ADDITIONAL
178 ns1.example.com. IN A 168.192.2.2
179 ENTRY_END
180
181 ; now, DNAME insecure from cache should not be used.
182 ; new query
183 STEP 200 QUERY
184 ENTRY_BEGIN
185 REPLY RD
186 SECTION QUESTION
187 other.y.example.com. IN A
188 ENTRY_END
189
190 STEP 210 CHECK_OUT_QUERY
191 ENTRY_BEGIN
192 MATCH qname qtype opcode
193 SECTION QUESTION
194 other.y.example.com. IN A
195 ENTRY_END
196 STEP 220 REPLY
197 ENTRY_BEGIN
198 MATCH opcode qtype qname
199 ADJUST copy_id
200 REPLY QR AA NOERROR
201 SECTION QUESTION
202 other.y.example.com. IN A
203 SECTION ANSWER
204 y.example.com. DNAME z.example.com.
205 other.y.example.com. IN CNAME other.z.example.com.
206 other.z.example.com. IN A 50.60.70.0
207 SECTION AUTHORITY
208 example.com. IN NS ns1.example.com.
209 SECTION ADDITIONAL
210 ns1.example.com. IN A 168.192.2.2
211 ENTRY_END
212
213 STEP 230 CHECK_OUT_QUERY
214 ENTRY_BEGIN
215 MATCH qname qtype opcode
216 SECTION QUESTION
217 other.z.example.com. IN A
218 ENTRY_END
219 STEP 240 REPLY
220 ENTRY_BEGIN
221 MATCH opcode qtype qname
222 ADJUST copy_id
223 REPLY QR AA NOERROR
224 SECTION QUESTION
225 other.z.example.com. IN A
226 SECTION ANSWER
227 other.z.example.com. IN A 50.60.70.80
228 SECTION AUTHORITY
229 example.com. IN NS ns1.example.com.
230 SECTION ADDITIONAL
231 ns1.example.com. IN A 168.192.2.2
232 ENTRY_END
233
234 STEP 250 CHECK_ANSWER
235 ENTRY_BEGIN
236 MATCH all
237 REPLY QR RD RA
238 SECTION QUESTION
239 other.y.example.com. IN A
240 SECTION ANSWER
241 y.example.com. DNAME z.example.com.
242 other.y.example.com. IN CNAME other.z.example.com.
243 other.z.example.com. IN A 50.60.70.80
244 SECTION AUTHORITY
245 example.com. IN NS ns1.example.com.
246 SECTION ADDITIONAL
247 ns1.example.com. IN A 168.192.2.2
248 ENTRY_END
249
250 SCENARIO_END
mirror of network_cmds