head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC5:1.1.1.1.2.2 netbsd-11:1.1.1.1.0.2 unbound-1-25-1:1.1.1.1 NLNETLABS:1.1.1; locks; strict; comment @# @; 1.1 date 2026.05.21.16.11.44; author christos; state Exp; branches 1.1.1.1; next ; commitid KUtmCKdRNks7oHGG; 1.1.1.1 date 2026.05.21.16.11.44; author christos; state Exp; branches 1.1.1.1.2.1; next ; commitid KUtmCKdRNks7oHGG; 1.1.1.1.2.1 date 2026.05.21.16.11.44; author martin; state dead; branches; next 1.1.1.1.2.2; commitid f6njiPn3ohMHtVJG; 1.1.1.1.2.2 date 2026.06.15.18.50.48; author martin; state Exp; branches; next ; commitid f6njiPn3ohMHtVJG; desc @@ 1.1 log @Initial revision @ text @; config options server: do-nat64: yes nat64-prefix: 2001:db8:1234::/96 target-fetch-policy: "0 0 0 0 0" ; This is like a machine that is part of a cluster of hosts that ; is IPv6-only, and uses NAT64. The cluster has no internet access. do-not-query-address: ::0/0 qname-minimisation: no stub-zone: name: "." ; Pick an address in the NAT64 prefix, so it is allowed. ; other addresses would not be allowed. Or without the bugfix, ; allowed depending on state machine activation sequence. stub-addr: 2001:db8:1234::1 CONFIG_END SCENARIO_BEGIN Test NAT64 transport for v4-only with do-not-query-addresses. RANGE_BEGIN 0 100 ADDRESS 2001:db8:1234::1 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS FAKE.ROOT. SECTION ADDITIONAL FAKE.ROOT. IN AAAA 2001:db8:1234::1 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION v4only. IN NS SECTION AUTHORITY v4only. IN NS ns.v4only. SECTION ADDITIONAL ns.v4only. IN A 192.0.2.1 ENTRY_END RANGE_END ; replies from NS over "NAT64" RANGE_BEGIN 0 20 ADDRESS 2001:db8:1234::c000:0201 ; A over NAT64 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION ns.v4only. IN A SECTION ANSWER ns.v4only. IN A 192.0.2.1 SECTION AUTHORITY v4only. IN NS ns.v4only. ENTRY_END ; no AAAA ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION ns.v4only. IN AAAA SECTION AUTHORITY v4only. IN SOA ns.v4only. host. 1 3600 300 48000 3600 v4only. IN NS ns.v4only. SECTION ADDITIONAL ns.v4only. IN A 192.0.2.1 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION v4only. IN NS SECTION ANSWER v4only. IN NS ns.v4only. SECTION ADDITIONAL ns.v4only. IN A 192.0.2.1 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION test.v4only. IN A SECTION ANSWER test.v4only. IN A 192.0.2.2 SECTION AUTHORITY v4only. IN NS ns.v4only. SECTION ADDITIONAL ns.v4only. IN A 192.0.2.1 ENTRY_END RANGE_END RANGE_BEGIN 50 100 ADDRESS 2001:db8:1234::c000:0201 ; no AAAA ; The last resort lookup of the AAAA is blocked here, ; the last resort processing is not desired, it should resolve test2 ; straight away. ;ENTRY_BEGIN ;MATCH opcode qtype qname ;ADJUST copy_id ;REPLY AA QR NOERROR ;SECTION QUESTION ;ns.v4only. IN AAAA ;SECTION AUTHORITY ;v4only. IN SOA ns.v4only. host. 1 3600 300 48000 3600 ;v4only. IN NS ns.v4only. ;SECTION ADDITIONAL ;ns.v4only. IN A 192.0.2.1 ;ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION ns.v4only. IN A SECTION ANSWER ns.v4only. IN A 192.0.2.1 SECTION AUTHORITY v4only. IN NS ns.v4only. ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION test2.v4only. IN A SECTION ANSWER test2.v4only. IN A 192.0.2.3 ENTRY_END RANGE_END STEP 1 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION test.v4only. IN A ENTRY_END STEP 20 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION test.v4only. IN A SECTION ANSWER test.v4only. IN A 192.0.2.2 ENTRY_END ; for a query where the upstream nameserver has a timeout. STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION test2.v4only. IN A ENTRY_END ; Only the test2 query is there, and it has a timeout. ; The address is already NAT64 translated, so now that it is ; attempted again, it is looked up in dotnotq as the ipv6 address. STEP 40 TIMEOUT STEP 50 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION test2.v4only. IN A SECTION ANSWER test2.v4only. IN A 192.0.2.3 ENTRY_END SCENARIO_END @ 1.1.1.1 log @Import unbound 1.25.1 (previous was 1.24.2) Bug Fixes Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report. Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report. Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42960, Possible cache poisoning attack while following delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun Chen, Tsinghua University, for the report. Fix CVE-2026-44390, Unbounded name compression in certain cases causes degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan Zhang, Palo Alto Networks, for the report. For changes to older versions see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-25-1 @ text @@ 1.1.1.1.2.1 log @file iter_nat64_donotq.rpl was added on branch netbsd-11 on 2026-06-15 18:50:48 +0000 @ text @d1 192 @ 1.1.1.1.2.2 log @Pull up the following revisions, requested by christos in ticket #309: external/bsd/unbound/dist/contrib/gost12.patch up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/127.0.0.1/example.com.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/auth_https_origin.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/auth_https_origin.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/auth_https_origin.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/auth_https_origin.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/auth_https_origin.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/petal.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_https_origin.tdir/petal.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_cached_servfail_timeout.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_notify_lookup.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/dname_unsigned_cname.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/ds_wildcard_cname.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_scrub_rrsig.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_dname_ttl0.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_nat64_donotq.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_priv_svcb.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_scrub_dname_out_of_zone.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_svcb_malformed.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/long_qname.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/respip_dns64_lookup.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_scopezero_bogus.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_scopezero_global_nocache.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/ttl_zero_cacherep.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.conf2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/tls_reuse_auth.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse_auth.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_client_timeout_no_prefetch.rpl delete external/bsd/unbound/dist/README.md up to 1.1.1.5 external/bsd/unbound/dist/aclocal.m4 up to 1.1.1.7 external/bsd/unbound/dist/acx_nlnetlabs.m4 up to 1.1.1.7 external/bsd/unbound/dist/config.h.in up to 1.1.1.11 external/bsd/unbound/dist/configure up to 1.1.1.11 external/bsd/unbound/dist/configure.ac up to 1.1.1.11 external/bsd/unbound/dist/cachedb/cachedb.c up to 1.1.1.10 external/bsd/unbound/dist/cachedb/redis.c up to 1.1.1.6 external/bsd/unbound/dist/compat/arc4random.c up to 1.1.1.6 external/bsd/unbound/dist/compat/chacha_private.h up to 1.1.1.2 external/bsd/unbound/dist/compat/getentropy_linux.c up to 1.1.1.4 external/bsd/unbound/dist/compat/gmtime_r.c up to 1.1.1.2 external/bsd/unbound/dist/contrib/README up to 1.1.1.8 external/bsd/unbound/dist/contrib/unbound.service.in up to 1.1.1.9 external/bsd/unbound/dist/contrib/unbound_portable.service.in up to 1.1.1.3 external/bsd/unbound/dist/contrib/ios/install_openssl.sh up to 1.1.1.2 external/bsd/unbound/dist/contrib/ios/setenv_ios.sh up to 1.1.1.2 external/bsd/unbound/dist/daemon/daemon.c up to 1.1.1.10 external/bsd/unbound/dist/daemon/daemon.h up to 1.1.1.7 external/bsd/unbound/dist/daemon/remote.c up to 1.1.1.11 external/bsd/unbound/dist/daemon/remote.h up to 1.1.1.6 external/bsd/unbound/dist/daemon/stats.c up to 1.1.1.11 external/bsd/unbound/dist/daemon/unbound.c up to 1.1.1.10 external/bsd/unbound/dist/daemon/worker.c up to 1.1.1.11 external/bsd/unbound/dist/dns64/dns64.c up to 1.1.1.10 external/bsd/unbound/dist/dnscrypt/dnscrypt.c up to 1.1.1.6 external/bsd/unbound/dist/dnstap/dtstream.c up to 1.1.1.6 external/bsd/unbound/dist/dnstap/dtstream.h up to 1.1.1.2 external/bsd/unbound/dist/dnstap/unbound-dnstap-socket.c up to 1.1.1.5 external/bsd/unbound/dist/doc/Changelog up to 1.1.1.11 external/bsd/unbound/dist/doc/README up to 1.1.1.11 external/bsd/unbound/dist/doc/README.DNS64 up to 1.1.1.3 external/bsd/unbound/dist/doc/README.man up to 1.1.1.2 external/bsd/unbound/dist/doc/example.conf.in up to 1.1.1.11 external/bsd/unbound/dist/doc/libunbound.3.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound-anchor.8.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound-anchor.rst up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound-checkconf.8.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound-control.8.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound-control.rst up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound-host.1.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound.8.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound.conf.5.in up to 1.1.1.11 external/bsd/unbound/dist/doc/unbound.conf.rst up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound.rst up to 1.1.1.2 external/bsd/unbound/dist/edns-subnet/subnetmod.c up to 1.1.1.10 external/bsd/unbound/dist/edns-subnet/subnetmod.h up to 1.1.1.8 external/bsd/unbound/dist/ipsecmod/ipsecmod.c up to 1.1.1.6 external/bsd/unbound/dist/iterator/iter_fwd.c up to 1.1.1.8 external/bsd/unbound/dist/iterator/iter_hints.c up to 1.1.1.8 external/bsd/unbound/dist/iterator/iter_priv.c up to 1.1.1.3 external/bsd/unbound/dist/iterator/iter_scrub.c up to 1.1.1.11 external/bsd/unbound/dist/iterator/iter_utils.c up to 1.1.1.10 external/bsd/unbound/dist/iterator/iter_utils.h up to 1.1.1.9 external/bsd/unbound/dist/iterator/iterator.c up to 1.1.1.11 external/bsd/unbound/dist/libunbound/unbound.h up to 1.8 external/bsd/unbound/dist/libunbound/python/libunbound.i up to 1.1.1.6 external/bsd/unbound/dist/pythonmod/interface.i up to 1.1.1.10 external/bsd/unbound/dist/pythonmod/pythonmod.c up to 1.1.1.8 external/bsd/unbound/dist/respip/respip.c up to 1.1.1.8 external/bsd/unbound/dist/services/authzone.c up to 1.6 external/bsd/unbound/dist/services/listen_dnsport.c up to 1.1.1.11 external/bsd/unbound/dist/services/localzone.c up to 1.1.1.10 external/bsd/unbound/dist/services/localzone.h up to 1.1.1.9 external/bsd/unbound/dist/services/mesh.c up to 1.1.1.11 external/bsd/unbound/dist/services/mesh.h up to 1.1.1.9 external/bsd/unbound/dist/services/modstack.c up to 1.1.1.10 external/bsd/unbound/dist/services/outside_network.c up to 1.1.1.11 external/bsd/unbound/dist/services/outside_network.h up to 1.1.1.10 external/bsd/unbound/dist/services/rpz.c up to 1.1.1.6 external/bsd/unbound/dist/services/cache/dns.c up to 1.1.1.10 external/bsd/unbound/dist/services/cache/dns.h up to 1.1.1.9 external/bsd/unbound/dist/services/cache/infra.c up to 1.1.1.9 external/bsd/unbound/dist/services/cache/rrset.c up to 1.1.1.8 external/bsd/unbound/dist/sldns/rrdef.h up to 1.1.1.8 external/bsd/unbound/dist/sldns/wire2str.c up to 1.1.1.9 external/bsd/unbound/dist/smallapp/unbound-anchor.c up to 1.1.1.10 external/bsd/unbound/dist/smallapp/unbound-checkconf.c up to 1.1.1.11 external/bsd/unbound/dist/smallapp/unbound-control.c up to 1.1.1.11 external/bsd/unbound/dist/smallapp/unbound-host.c up to 1.1.1.9 external/bsd/unbound/dist/testcode/asynclook.c up to 1.1.1.7 external/bsd/unbound/dist/testcode/checklocks.h up to 1.1.1.4 external/bsd/unbound/dist/testcode/dohclient.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/doqclient.c up to 1.1.1.3 external/bsd/unbound/dist/testcode/mini_tdir.sh up to 1.1.1.6 external/bsd/unbound/dist/testcode/petal.c up to 1.1.1.9 external/bsd/unbound/dist/testcode/pktview.c up to 1.1.1.2 external/bsd/unbound/dist/testcode/replay.h up to 1.1.1.8 external/bsd/unbound/dist/testcode/streamtcp.c up to 1.1.1.10 external/bsd/unbound/dist/testcode/testpkts.c up to 1.1.1.11 external/bsd/unbound/dist/testcode/testpkts.h up to 1.1.1.6 external/bsd/unbound/dist/testcode/unitldns.c up to 1.1.1.6 external/bsd/unbound/dist/testcode/unitmain.c up to 1.1.1.11 external/bsd/unbound/dist/testcode/unitmsgparse.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/unitverify.c up to 1.1.1.9 external/bsd/unbound/dist/testcode/unitzonemd.c up to 1.1.1.4 external/bsd/unbound/dist/testdata/cachedb_expired.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/cachedb_expired_client_timeout.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/cachedb_expired_reply_ttl.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/cachedb_subnet_change.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/cachedb_val_expired.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_0ttlservfail.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_scrub_promiscuous.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/refuse_xfr.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/rrset_use_cached.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/serve_expired.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/serve_expired_0ttl_nodata.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/serve_expired_0ttl_nxdomain.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/serve_expired_0ttl_servfail.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/serve_expired_client_timeout.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/serve_expired_client_timeout_servfail.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/serve_expired_reply_ttl.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/serve_expired_ttl_client_timeout.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/serve_expired_ttl_reset.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/serve_expired_zerottl.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/subnet_global_prefetch_always_forward.crpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/subnet_global_prefetch_expired.crpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/test_ldnsrr.5 up to 1.1.1.5 external/bsd/unbound/dist/testdata/test_sigs.revoked up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ds_cname.rpl up to 1.1.1.6 external/bsd/unbound/dist/testdata/val_nsec3_iter_high.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nx_nsec3_collision.rpl up to 1.1.1.6 external/bsd/unbound/dist/testdata/val_nx_nsec3_params.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/04-checkconf.tdir/good.all up to 1.1.1.3 external/bsd/unbound/dist/testdata/04-checkconf.tdir/good.ifport up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.test up to 1.1.1.3 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.test up to 1.1.1.6 external/bsd/unbound/dist/util/alloc.c up to 1.1.1.6 external/bsd/unbound/dist/util/config_file.c up to 1.1.1.11 external/bsd/unbound/dist/util/config_file.h up to 1.1.1.11 external/bsd/unbound/dist/util/configlexer.c up to 1.1.1.11 external/bsd/unbound/dist/util/configlexer.lex up to 1.1.1.11 external/bsd/unbound/dist/util/configparser.c up to 1.1.1.11 external/bsd/unbound/dist/util/configparser.h up to 1.1.1.11 external/bsd/unbound/dist/util/configparser.y up to 1.1.1.11 external/bsd/unbound/dist/util/fptr_wlist.c up to 1.1.1.10 external/bsd/unbound/dist/util/fptr_wlist.h up to 1.1.1.7 external/bsd/unbound/dist/util/iana_ports.inc up to 1.1.1.11 external/bsd/unbound/dist/util/locks.h up to 1.1.1.4 external/bsd/unbound/dist/util/log.c up to 1.1.1.9 external/bsd/unbound/dist/util/module.h up to 1.1.1.9 external/bsd/unbound/dist/util/net_help.c up to 1.1.1.11 external/bsd/unbound/dist/util/net_help.h up to 1.1.1.10 external/bsd/unbound/dist/util/netevent.c up to 1.9 external/bsd/unbound/dist/util/timehist.h up to 1.1.1.3 external/bsd/unbound/dist/util/data/msgencode.c up to 1.1.1.10 external/bsd/unbound/dist/util/data/msgencode.h up to 1.1.1.5 external/bsd/unbound/dist/util/data/msgparse.c up to 1.1.1.9 external/bsd/unbound/dist/util/data/msgparse.h up to 1.1.1.9 external/bsd/unbound/dist/util/data/msgreply.c up to 1.1.1.11 external/bsd/unbound/dist/util/data/msgreply.h up to 1.1.1.11 external/bsd/unbound/dist/util/data/packed_rrset.c up to 1.1.1.6 external/bsd/unbound/dist/util/data/packed_rrset.h up to 1.1.1.7 external/bsd/unbound/dist/util/shm_side/shm_main.c up to 1.1.1.6 external/bsd/unbound/dist/util/shm_side/shm_main.h up to 1.1.1.2 external/bsd/unbound/dist/validator/val_neg.c up to 1.1.1.8 external/bsd/unbound/dist/validator/val_nsec3.c up to 1.1.1.7 external/bsd/unbound/dist/validator/val_nsec3.h up to 1.1.1.6 external/bsd/unbound/dist/validator/val_sigcrypt.c up to 1.1.1.10 external/bsd/unbound/dist/validator/val_sigcrypt.h up to 1.1.1.6 external/bsd/unbound/dist/validator/val_utils.c up to 1.1.1.7 external/bsd/unbound/dist/validator/val_utils.h up to 1.1.1.7 external/bsd/unbound/dist/validator/validator.c up to 1.1.1.11 external/bsd/unbound/dist/winrc/win_svc.c up to 1.1.1.6 doc/3RDPARTY (manually edited) Import unbound 1.25.1 @ text @a0 192 ; config options server: do-nat64: yes nat64-prefix: 2001:db8:1234::/96 target-fetch-policy: "0 0 0 0 0" ; This is like a machine that is part of a cluster of hosts that ; is IPv6-only, and uses NAT64. The cluster has no internet access. do-not-query-address: ::0/0 qname-minimisation: no stub-zone: name: "." ; Pick an address in the NAT64 prefix, so it is allowed. ; other addresses would not be allowed. Or without the bugfix, ; allowed depending on state machine activation sequence. stub-addr: 2001:db8:1234::1 CONFIG_END SCENARIO_BEGIN Test NAT64 transport for v4-only with do-not-query-addresses. RANGE_BEGIN 0 100 ADDRESS 2001:db8:1234::1 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS FAKE.ROOT. SECTION ADDITIONAL FAKE.ROOT. IN AAAA 2001:db8:1234::1 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION v4only. IN NS SECTION AUTHORITY v4only. IN NS ns.v4only. SECTION ADDITIONAL ns.v4only. IN A 192.0.2.1 ENTRY_END RANGE_END ; replies from NS over "NAT64" RANGE_BEGIN 0 20 ADDRESS 2001:db8:1234::c000:0201 ; A over NAT64 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION ns.v4only. IN A SECTION ANSWER ns.v4only. IN A 192.0.2.1 SECTION AUTHORITY v4only. IN NS ns.v4only. ENTRY_END ; no AAAA ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION ns.v4only. IN AAAA SECTION AUTHORITY v4only. IN SOA ns.v4only. host. 1 3600 300 48000 3600 v4only. IN NS ns.v4only. SECTION ADDITIONAL ns.v4only. IN A 192.0.2.1 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION v4only. IN NS SECTION ANSWER v4only. IN NS ns.v4only. SECTION ADDITIONAL ns.v4only. IN A 192.0.2.1 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION test.v4only. IN A SECTION ANSWER test.v4only. IN A 192.0.2.2 SECTION AUTHORITY v4only. IN NS ns.v4only. SECTION ADDITIONAL ns.v4only. IN A 192.0.2.1 ENTRY_END RANGE_END RANGE_BEGIN 50 100 ADDRESS 2001:db8:1234::c000:0201 ; no AAAA ; The last resort lookup of the AAAA is blocked here, ; the last resort processing is not desired, it should resolve test2 ; straight away. ;ENTRY_BEGIN ;MATCH opcode qtype qname ;ADJUST copy_id ;REPLY AA QR NOERROR ;SECTION QUESTION ;ns.v4only. IN AAAA ;SECTION AUTHORITY ;v4only. IN SOA ns.v4only. host. 1 3600 300 48000 3600 ;v4only. IN NS ns.v4only. ;SECTION ADDITIONAL ;ns.v4only. IN A 192.0.2.1 ;ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION ns.v4only. IN A SECTION ANSWER ns.v4only. IN A 192.0.2.1 SECTION AUTHORITY v4only. IN NS ns.v4only. ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION test2.v4only. IN A SECTION ANSWER test2.v4only. IN A 192.0.2.3 ENTRY_END RANGE_END STEP 1 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION test.v4only. IN A ENTRY_END STEP 20 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION test.v4only. IN A SECTION ANSWER test.v4only. IN A 192.0.2.2 ENTRY_END ; for a query where the upstream nameserver has a timeout. STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION test2.v4only. IN A ENTRY_END ; Only the test2 query is there, and it has a timeout. ; The address is already NAT64 translated, so now that it is ; attempted again, it is looked up in dotnotq as the ipv6 address. STEP 40 TIMEOUT STEP 50 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION test2.v4only. IN A SECTION ANSWER test2.v4only. IN A 192.0.2.3 ENTRY_END SCENARIO_END @