; config options server: target-fetch-policy: "0 0 0 0 0" zonemd-permissive-mode: yes auth-zone: name: "example.com." ## zonefile (or none). ## zonefile: "example.com.zone" ## master by IP address or hostname ## can list multiple masters, each on one line. ## master: ## url for http fetch ## url: ## queries from downstream clients get authoritative answers. ## for-downstream: yes for-downstream: no ## queries are used to fetch authoritative answers from this zone, ## instead of unbound itself sending queries there. ## for-upstream: yes for-upstream: yes ## on failures with for-upstream, fallback to sending queries to ## the authority servers ## fallback-enabled: no zonemd-check: yes ## this line generates zonefile: \n"/tmp/xxx.example.com"\n zonefile: TEMPFILE_NAME example.com ## this is the inline file /tmp/xxx.example.com ## the tempfiles are deleted when the testrun is over. TEMPFILE_CONTENTS example.com example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 example.com. IN NS ns.example.com. ; good zonemd ;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 ; wrong zonemd example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA www.example.com. IN A 127.0.0.1 ns.example.com. IN A 127.0.0.1 bar.example.com. IN A 1.2.3.4 ding.example.com. IN A 1.2.3.4 foo.example.com. IN A 1.2.3.4 TEMPFILE_END stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END SCENARIO_BEGIN Test zonemd permissive mode ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS K.ROOT-SERVERS.NET. SECTION ADDITIONAL K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END RANGE_END ; a.gtld-servers.net. RANGE_BEGIN 0 100 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION ANSWER com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.44 ENTRY_END RANGE_END ; ns.example.net. RANGE_BEGIN 0 100 ADDRESS 1.2.3.44 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.net. IN NS SECTION ANSWER example.net. IN NS ns.example.net. SECTION ADDITIONAL ns.example.net. IN A 1.2.3.44 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ns.example.net. IN A SECTION ANSWER ns.example.net. IN A 1.2.3.44 SECTION AUTHORITY example.net. IN NS ns.example.net. ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION AUTHORITY example.net. IN NS ns.example.net. SECTION ADDITIONAL www.example.net. IN A 1.2.3.44 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION ANSWER example.com. IN NS ns.example.net. ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 ENTRY_END RANGE_END STEP 1 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.example.com. IN A ENTRY_END ; recursion happens here. STEP 20 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER www.example.com. IN A 127.0.0.1 ENTRY_END SCENARIO_END