head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC5:1.1.1.1.2.2 netbsd-11:1.1.1.1.0.2 unbound-1-25-1:1.1.1.1 NLNETLABS:1.1.1; locks; strict; comment @# @; 1.1 date 2026.05.21.16.11.47; author christos; state Exp; branches 1.1.1.1; next ; commitid KUtmCKdRNks7oHGG; 1.1.1.1 date 2026.05.21.16.11.47; author christos; state Exp; branches 1.1.1.1.2.1; next ; commitid KUtmCKdRNks7oHGG; 1.1.1.1.2.1 date 2026.05.21.16.11.47; author martin; state dead; branches; next 1.1.1.1.2.2; commitid f6njiPn3ohMHtVJG; 1.1.1.1.2.2 date 2026.06.15.18.50.48; author martin; state Exp; branches; next ; commitid f6njiPn3ohMHtVJG; desc @@ 1.1 log @Initial revision @ text @; config options ; Test DNAME TTL=0 grace period: synthesis from cache within 1 second ; Island of trust at example.com, DNSSEC signed DNAME with TTL=0 (RFC 2308) server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END SCENARIO_BEGIN Test DNAME TTL=0: signed DNAME with TTL=0 and RRSIG Original TTL=0. ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS K.ROOT-SERVERS.NET. SECTION ADDITIONAL K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION net. IN A SECTION AUTHORITY net. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END RANGE_END ; a.gtld-servers.net. RANGE_BEGIN 0 100 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION ANSWER com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION net. IN NS SECTION ANSWER net. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.net. IN A SECTION AUTHORITY example.net. IN NS ns.example.net. SECTION ADDITIONAL ns.example.net. IN A 1.2.3.5 ENTRY_END RANGE_END ; ns.example.com. - DNAME with TTL=0 (RRSIG Original TTL=0) RANGE_BEGIN 0 100 ADDRESS 1.2.3.4 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION ANSWER example.com. IN NS ns.example.com. example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN DNSKEY SECTION ANSWER example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} SECTION AUTHORITY example.com. IN NS ns.example.com. example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} ENTRY_END ; DNAME with TTL=0, RRSIG Original TTL=0 (signed with ldns-signzone) ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION foo.test-dname.example.com. IN A SECTION ANSWER test-dname.example.com. 0 IN DNAME example.net. test-dname.example.com. 0 IN RRSIG DNAME 3 3 0 20070926135752 20070829135752 2854 example.com. ADRb2Jl5SCTF2a9/5QFOCfwFzh4Cpt90pJptwrKc+vBHnlivGyPShrU= foo.test-dname.example.com. 0 IN CNAME foo.example.net. ENTRY_END RANGE_END ; ns.example.net. RANGE_BEGIN 0 100 ADDRESS 1.2.3.5 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.net. IN NS SECTION ANSWER example.net. IN NS ns.example.net. example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} SECTION ADDITIONAL ns.example.net. IN A 1.2.3.5 ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.net. IN DNSKEY SECTION ANSWER example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} SECTION AUTHORITY example.net. IN NS ns.example.net. example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} SECTION ADDITIONAL ns.example.net. IN A 1.2.3.5 ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION foo.example.net. IN A SECTION ANSWER foo.example.net. IN A 11.12.13.15 foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA== SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION foo2.example.net. IN A SECTION ANSWER foo2.example.net. IN A 11.12.13.16 foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ== SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END RANGE_END STEP 1 TIME_PASSES ELAPSE 10 ; First query: get DNAME TTL=0 into cache STEP 10 QUERY ENTRY_BEGIN REPLY RD DO SECTION QUESTION foo.test-dname.example.com. IN A ENTRY_END STEP 20 CHECK_ANSWER ENTRY_BEGIN MATCH all ttl REPLY QR RD RA AD DO NOERROR SECTION QUESTION foo.test-dname.example.com. IN A SECTION ANSWER test-dname.example.com. 0 IN DNAME example.net. test-dname.example.com. 0 IN RRSIG DNAME 3 3 0 20070926135752 20070829135752 2854 example.com. ADRb2Jl5SCTF2a9/5QFOCfwFzh4Cpt90pJptwrKc+vBHnlivGyPShrU= foo.test-dname.example.com. 0 IN CNAME foo.example.net. foo.example.net. IN A 11.12.13.15 foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA== ENTRY_END STEP 29 TIME_PASSES ELAPSE 1 ; Second query: within grace period (TIME_PASSES 1 above) ; With cache grace: synthesis from cached TTL=0 DNAME STEP 30 QUERY ENTRY_BEGIN REPLY RD DO SECTION QUESTION foo2.test-dname.example.com. IN A ENTRY_END ; foo2.test-dname.example.com is not answered upstream ; so this reply is synthesized by the cached (1 second grace period) DNAME STEP 40 CHECK_ANSWER ENTRY_BEGIN MATCH all ttl REPLY QR RD RA AD DO NOERROR SECTION QUESTION foo2.test-dname.example.com. IN A SECTION ANSWER test-dname.example.com. 0 IN DNAME example.net. test-dname.example.com. 0 IN RRSIG DNAME 3 3 0 20070926135752 20070829135752 2854 example.com. ADRb2Jl5SCTF2a9/5QFOCfwFzh4Cpt90pJptwrKc+vBHnlivGyPShrU= foo2.test-dname.example.com. 0 IN CNAME foo2.example.net. foo2.example.net. 3600 IN A 11.12.13.16 foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ== ENTRY_END SCENARIO_END @ 1.1.1.1 log @Import unbound 1.25.1 (previous was 1.24.2) Bug Fixes Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report. Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report. Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42960, Possible cache poisoning attack while following delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun Chen, Tsinghua University, for the report. Fix CVE-2026-44390, Unbounded name compression in certain cases causes degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan Zhang, Palo Alto Networks, for the report. For changes to older versions see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-25-1 @ text @@ 1.1.1.1.2.1 log @file iter_dname_ttl0.rpl was added on branch netbsd-11 on 2026-06-15 18:50:48 +0000 @ text @d1 272 @ 1.1.1.1.2.2 log @Pull up the following revisions, requested by christos in ticket #309: external/bsd/unbound/dist/contrib/gost12.patch up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/127.0.0.1/example.com.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/auth_https_origin.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/auth_https_origin.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/auth_https_origin.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/auth_https_origin.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/auth_https_origin.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/petal.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/petal.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_cached_servfail_timeout.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_notify_lookup.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/dname_unsigned_cname.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/ds_wildcard_cname.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_scrub_rrsig.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_dname_ttl0.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_nat64_donotq.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_priv_svcb.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_scrub_dname_out_of_zone.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_svcb_malformed.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/long_qname.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/respip_dns64_lookup.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_scopezero_bogus.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_scopezero_global_nocache.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/ttl_zero_cacherep.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.conf2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_client_timeout_no_prefetch.rpl delete external/bsd/unbound/dist/README.md up to 1.1.1.5 external/bsd/unbound/dist/aclocal.m4 up to 1.1.1.7 external/bsd/unbound/dist/acx_nlnetlabs.m4 up to 1.1.1.7 external/bsd/unbound/dist/config.h.in up to 1.1.1.11 external/bsd/unbound/dist/configure up to 1.1.1.11 external/bsd/unbound/dist/configure.ac up to 1.1.1.11 external/bsd/unbound/dist/cachedb/cachedb.c up to 1.1.1.10 external/bsd/unbound/dist/cachedb/redis.c up to 1.1.1.6 external/bsd/unbound/dist/compat/arc4random.c up to 1.1.1.6 external/bsd/unbound/dist/compat/chacha_private.h up to 1.1.1.2 external/bsd/unbound/dist/compat/getentropy_linux.c up to 1.1.1.4 external/bsd/unbound/dist/compat/gmtime_r.c up to 1.1.1.2 external/bsd/unbound/dist/contrib/README up to 1.1.1.8 external/bsd/unbound/dist/contrib/unbound.service.in up to 1.1.1.9 external/bsd/unbound/dist/contrib/unbound_portable.service.in up to 1.1.1.3 external/bsd/unbound/dist/contrib/ios/install_openssl.sh up to 1.1.1.2 external/bsd/unbound/dist/contrib/ios/setenv_ios.sh up to 1.1.1.2 external/bsd/unbound/dist/daemon/daemon.c up to 1.1.1.10 external/bsd/unbound/dist/daemon/daemon.h up to 1.1.1.7 external/bsd/unbound/dist/daemon/remote.c up to 1.1.1.11 external/bsd/unbound/dist/daemon/remote.h up to 1.1.1.6 external/bsd/unbound/dist/daemon/stats.c up to 1.1.1.11 external/bsd/unbound/dist/daemon/unbound.c up to 1.1.1.10 external/bsd/unbound/dist/daemon/worker.c up to 1.1.1.11 external/bsd/unbound/dist/dns64/dns64.c up to 1.1.1.10 external/bsd/unbound/dist/dnscrypt/dnscrypt.c up to 1.1.1.6 external/bsd/unbound/dist/dnstap/dtstream.c up to 1.1.1.6 external/bsd/unbound/dist/dnstap/dtstream.h up to 1.1.1.2 external/bsd/unbound/dist/dnstap/unbound-dnstap-socket.c up to 1.1.1.5 external/bsd/unbound/dist/doc/Changelog up to 1.1.1.11 external/bsd/unbound/dist/doc/README up to 1.1.1.11 external/bsd/unbound/dist/doc/README.DNS64 up to 1.1.1.3 external/bsd/unbound/dist/doc/README.man up to 1.1.1.2 external/bsd/unbound/dist/doc/example.conf.in up to 1.1.1.11 external/bsd/unbound/dist/doc/libunbound.3.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound-anchor.8.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound-anchor.rst up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound-checkconf.8.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound-control.8.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound-control.rst up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound-host.1.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound.8.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound.conf.5.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound.conf.rst up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound.rst up to 1.1.1.2 external/bsd/unbound/dist/edns-subnet/subnetmod.c up to 1.1.1.10 external/bsd/unbound/dist/edns-subnet/subnetmod.h up to 1.1.1.8 external/bsd/unbound/dist/ipsecmod/ipsecmod.c up to 1.1.1.6 external/bsd/unbound/dist/iterator/iter_fwd.c up to 1.1.1.8 external/bsd/unbound/dist/iterator/iter_hints.c up to 1.1.1.8 external/bsd/unbound/dist/iterator/iter_priv.c up to 1.1.1.3 external/bsd/unbound/dist/iterator/iter_scrub.c up to 1.1.1.11 external/bsd/unbound/dist/iterator/iter_utils.c up to 1.1.1.10 external/bsd/unbound/dist/iterator/iter_utils.h up to 1.1.1.9 external/bsd/unbound/dist/iterator/iterator.c up to 1.1.1.11 external/bsd/unbound/dist/libunbound/unbound.h up to 1.8 external/bsd/unbound/dist/libunbound/python/libunbound.i up to 1.1.1.6 external/bsd/unbound/dist/pythonmod/interface.i up to 1.1.1.10 external/bsd/unbound/dist/pythonmod/pythonmod.c up to 1.1.1.8 external/bsd/unbound/dist/respip/respip.c up to 1.1.1.8 external/bsd/unbound/dist/services/authzone.c up to 1.6 external/bsd/unbound/dist/services/listen_dnsport.c up to 1.1.1.11 external/bsd/unbound/dist/services/localzone.c up to 1.1.1.10 external/bsd/unbound/dist/services/localzone.h up to 1.1.1.9 external/bsd/unbound/dist/services/mesh.c up to 1.1.1.11 external/bsd/unbound/dist/services/mesh.h up to 1.1.1.9 external/bsd/unbound/dist/services/modstack.c up to 1.1.1.10 external/bsd/unbound/dist/services/outside_network.c up to 1.1.1.11 external/bsd/unbound/dist/services/outside_network.h up to 1.1.1.10 external/bsd/unbound/dist/services/rpz.c up to 1.1.1.6 external/bsd/unbound/dist/services/cache/dns.c up to 1.1.1.10 external/bsd/unbound/dist/services/cache/dns.h up to 1.1.1.9 external/bsd/unbound/dist/services/cache/infra.c up to 1.1.1.9 external/bsd/unbound/dist/services/cache/rrset.c up to 1.1.1.8 external/bsd/unbound/dist/sldns/rrdef.h up to 1.1.1.8 external/bsd/unbound/dist/sldns/wire2str.c up to 1.1.1.9 external/bsd/unbound/dist/smallapp/unbound-anchor.c up to 1.1.1.10 external/bsd/unbound/dist/smallapp/unbound-checkconf.c up to 1.1.1.11 external/bsd/unbound/dist/smallapp/unbound-control.c up to 1.1.1.11 external/bsd/unbound/dist/smallapp/unbound-host.c up to 1.1.1.9 external/bsd/unbound/dist/testcode/asynclook.c up to 1.1.1.7 external/bsd/unbound/dist/testcode/checklocks.h up to 1.1.1.4 external/bsd/unbound/dist/testcode/dohclient.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/doqclient.c up to 1.1.1.3 external/bsd/unbound/dist/testcode/mini_tdir.sh up to 1.1.1.6 external/bsd/unbound/dist/testcode/petal.c up to 1.1.1.9 external/bsd/unbound/dist/testcode/pktview.c up to 1.1.1.2 external/bsd/unbound/dist/testcode/replay.h up to 1.1.1.8 external/bsd/unbound/dist/testcode/streamtcp.c up to 1.1.1.10 external/bsd/unbound/dist/testcode/testpkts.c up to 1.1.1.11 external/bsd/unbound/dist/testcode/testpkts.h up to 1.1.1.6 external/bsd/unbound/dist/testcode/unitldns.c up to 1.1.1.6 external/bsd/unbound/dist/testcode/unitmain.c up to 1.1.1.11 external/bsd/unbound/dist/testcode/unitmsgparse.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/unitverify.c up to 1.1.1.9 external/bsd/unbound/dist/testcode/unitzonemd.c up to 1.1.1.4 external/bsd/unbound/dist/testdata/cachedb_expired.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/cachedb_expired_client_timeout.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/cachedb_expired_reply_ttl.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/cachedb_subnet_change.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/cachedb_val_expired.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_0ttlservfail.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_scrub_promiscuous.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/refuse_xfr.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/rrset_use_cached.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/serve_expired.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/serve_expired_0ttl_nodata.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/serve_expired_0ttl_nxdomain.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/serve_expired_0ttl_servfail.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/serve_expired_client_timeout.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/serve_expired_client_timeout_servfail.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/serve_expired_reply_ttl.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/serve_expired_ttl_client_timeout.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/serve_expired_ttl_reset.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/serve_expired_zerottl.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/subnet_global_prefetch_always_forward.crpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/subnet_global_prefetch_expired.crpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/test_ldnsrr.5 up to 1.1.1.5 external/bsd/unbound/dist/testdata/test_sigs.revoked up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ds_cname.rpl up to 1.1.1.6 external/bsd/unbound/dist/testdata/val_nsec3_iter_high.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nx_nsec3_collision.rpl up to 1.1.1.6 external/bsd/unbound/dist/testdata/val_nx_nsec3_params.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/04-checkconf.tdir/good.all up to 1.1.1.3 external/bsd/unbound/dist/testdata/04-checkconf.tdir/good.ifport up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.test up to 1.1.1.3 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.test up to 1.1.1.6 external/bsd/unbound/dist/util/alloc.c up to 1.1.1.6 external/bsd/unbound/dist/util/config_file.c up to 1.1.1.11 external/bsd/unbound/dist/util/config_file.h up to 1.1.1.11 external/bsd/unbound/dist/util/configlexer.c up to 1.1.1.11 external/bsd/unbound/dist/util/configlexer.lex up to 1.1.1.11 external/bsd/unbound/dist/util/configparser.c up to 1.1.1.11 external/bsd/unbound/dist/util/configparser.h up to 1.1.1.11 external/bsd/unbound/dist/util/configparser.y up to 1.1.1.11 external/bsd/unbound/dist/util/fptr_wlist.c up to 1.1.1.10 external/bsd/unbound/dist/util/fptr_wlist.h up to 1.1.1.7 external/bsd/unbound/dist/util/iana_ports.inc up to 1.1.1.11 external/bsd/unbound/dist/util/locks.h up to 1.1.1.4 external/bsd/unbound/dist/util/log.c up to 1.1.1.9 external/bsd/unbound/dist/util/module.h up to 1.1.1.9 external/bsd/unbound/dist/util/net_help.c up to 1.1.1.11 external/bsd/unbound/dist/util/net_help.h up to 1.1.1.10 external/bsd/unbound/dist/util/netevent.c up to 1.9 external/bsd/unbound/dist/util/timehist.h up to 1.1.1.3 external/bsd/unbound/dist/util/data/msgencode.c up to 1.1.1.10 external/bsd/unbound/dist/util/data/msgencode.h up to 1.1.1.5 external/bsd/unbound/dist/util/data/msgparse.c up to 1.1.1.9 external/bsd/unbound/dist/util/data/msgparse.h up to 1.1.1.9 external/bsd/unbound/dist/util/data/msgreply.c up to 1.1.1.11 external/bsd/unbound/dist/util/data/msgreply.h up to 1.1.1.11 external/bsd/unbound/dist/util/data/packed_rrset.c up to 1.1.1.6 external/bsd/unbound/dist/util/data/packed_rrset.h up to 1.1.1.7 external/bsd/unbound/dist/util/shm_side/shm_main.c up to 1.1.1.6 external/bsd/unbound/dist/util/shm_side/shm_main.h up to 1.1.1.2 external/bsd/unbound/dist/validator/val_neg.c up to 1.1.1.8 external/bsd/unbound/dist/validator/val_nsec3.c up to 1.1.1.7 external/bsd/unbound/dist/validator/val_nsec3.h up to 1.1.1.6 external/bsd/unbound/dist/validator/val_sigcrypt.c up to 1.1.1.10 external/bsd/unbound/dist/validator/val_sigcrypt.h up to 1.1.1.6 external/bsd/unbound/dist/validator/val_utils.c up to 1.1.1.7 external/bsd/unbound/dist/validator/val_utils.h up to 1.1.1.7 external/bsd/unbound/dist/validator/validator.c up to 1.1.1.11 external/bsd/unbound/dist/winrc/win_svc.c up to 1.1.1.6 doc/3RDPARTY (manually edited) Import unbound 1.25.1 @ text @a0 272 ; config options ; Test DNAME TTL=0 grace period: synthesis from cache within 1 second ; Island of trust at example.com, DNSSEC signed DNAME with TTL=0 (RFC 2308) server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END SCENARIO_BEGIN Test DNAME TTL=0: signed DNAME with TTL=0 and RRSIG Original TTL=0. ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS K.ROOT-SERVERS.NET. SECTION ADDITIONAL K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION net. IN A SECTION AUTHORITY net. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END RANGE_END ; a.gtld-servers.net. RANGE_BEGIN 0 100 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION ANSWER com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION net. IN NS SECTION ANSWER net. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.net. IN A SECTION AUTHORITY example.net. IN NS ns.example.net. SECTION ADDITIONAL ns.example.net. IN A 1.2.3.5 ENTRY_END RANGE_END ; ns.example.com. - DNAME with TTL=0 (RRSIG Original TTL=0) RANGE_BEGIN 0 100 ADDRESS 1.2.3.4 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION ANSWER example.com. IN NS ns.example.com. example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN DNSKEY SECTION ANSWER example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} SECTION AUTHORITY example.com. IN NS ns.example.com. example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} ENTRY_END ; DNAME with TTL=0, RRSIG Original TTL=0 (signed with ldns-signzone) ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION foo.test-dname.example.com. IN A SECTION ANSWER test-dname.example.com. 0 IN DNAME example.net. test-dname.example.com. 0 IN RRSIG DNAME 3 3 0 20070926135752 20070829135752 2854 example.com. ADRb2Jl5SCTF2a9/5QFOCfwFzh4Cpt90pJptwrKc+vBHnlivGyPShrU= foo.test-dname.example.com. 0 IN CNAME foo.example.net. ENTRY_END RANGE_END ; ns.example.net. RANGE_BEGIN 0 100 ADDRESS 1.2.3.5 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.net. IN NS SECTION ANSWER example.net. IN NS ns.example.net. example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} SECTION ADDITIONAL ns.example.net. IN A 1.2.3.5 ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.net. IN DNSKEY SECTION ANSWER example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} SECTION AUTHORITY example.net. IN NS ns.example.net. example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} SECTION ADDITIONAL ns.example.net. IN A 1.2.3.5 ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION foo.example.net. IN A SECTION ANSWER foo.example.net. IN A 11.12.13.15 foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA== SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION foo2.example.net. IN A SECTION ANSWER foo2.example.net. IN A 11.12.13.16 foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ== SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END RANGE_END STEP 1 TIME_PASSES ELAPSE 10 ; First query: get DNAME TTL=0 into cache STEP 10 QUERY ENTRY_BEGIN REPLY RD DO SECTION QUESTION foo.test-dname.example.com. IN A ENTRY_END STEP 20 CHECK_ANSWER ENTRY_BEGIN MATCH all ttl REPLY QR RD RA AD DO NOERROR SECTION QUESTION foo.test-dname.example.com. IN A SECTION ANSWER test-dname.example.com. 0 IN DNAME example.net. test-dname.example.com. 0 IN RRSIG DNAME 3 3 0 20070926135752 20070829135752 2854 example.com. ADRb2Jl5SCTF2a9/5QFOCfwFzh4Cpt90pJptwrKc+vBHnlivGyPShrU= foo.test-dname.example.com. 0 IN CNAME foo.example.net. foo.example.net. IN A 11.12.13.15 foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA== ENTRY_END STEP 29 TIME_PASSES ELAPSE 1 ; Second query: within grace period (TIME_PASSES 1 above) ; With cache grace: synthesis from cached TTL=0 DNAME STEP 30 QUERY ENTRY_BEGIN REPLY RD DO SECTION QUESTION foo2.test-dname.example.com. IN A ENTRY_END ; foo2.test-dname.example.com is not answered upstream ; so this reply is synthesized by the cached (1 second grace period) DNAME STEP 40 CHECK_ANSWER ENTRY_BEGIN MATCH all ttl REPLY QR RD RA AD DO NOERROR SECTION QUESTION foo2.test-dname.example.com. IN A SECTION ANSWER test-dname.example.com. 0 IN DNAME example.net. test-dname.example.com. 0 IN RRSIG DNAME 3 3 0 20070926135752 20070829135752 2854 example.com. ADRb2Jl5SCTF2a9/5QFOCfwFzh4Cpt90pJptwrKc+vBHnlivGyPShrU= foo2.test-dname.example.com. 0 IN CNAME foo2.example.net. foo2.example.net. 3600 IN A 11.12.13.16 foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ== ENTRY_END SCENARIO_END @