; Check if fallback to the parent side works when MAX_TARGET_NX is reached. server: module-config: "iterator" trust-anchor-signaling: no target-fetch-policy: "0 0 0 0 0" verbosity: 3 access-control: 127.0.0.1 allow_snoop qname-minimisation: no minimal-responses: no rrset-roundrobin: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END SCENARIO_BEGIN Test the NXNS fallback ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS K.ROOT-SERVERS.NET. SECTION ADDITIONAL K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END ENTRY_BEGIN MATCH opcode qtype subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.com. IN A SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION nonexistant.com. IN A SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END RANGE_END ; a.gtld-servers.net. RANGE_BEGIN 0 100 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION ANSWER com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode qtype subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.com. IN A SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. 10 IN A 1.2.3.4 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION nonexistant.com. IN A SECTION AUTHORITY nonexistant.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. 10 IN A 1.2.3.4 ENTRY_END RANGE_END ; ns.example.com. RANGE_BEGIN 0 100 ADDRESS 1.2.3.4 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION ANSWER example.com. IN NS ns1.nonexistant.com. example.com. IN NS ns2.nonexistant.com. example.com. IN NS ns3.nonexistant.com. example.com. IN NS ns4.nonexistant.com. example.com. IN NS ns5.nonexistant.com. example.com. IN NS ns6.nonexistant.com. example.com. IN NS ns7.nonexistant.com. example.com. IN NS ns8.nonexistant.com. example.com. IN NS ns9.nonexistant.com. example.com. IN NS ns10.nonexistant.com. example.com. IN NS ns11.nonexistant.com. example.com. IN NS ns12.nonexistant.com. ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ns.example.com. IN A SECTION ANSWER ns.example.com. 10 IN A 1.2.3.4 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NXDOMAIN SECTION QUESTION nonexistant.com. IN A ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.example.com. IN A SECTION ANSWER a.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns1.nonexistant.com. example.com. IN NS ns2.nonexistant.com. example.com. IN NS ns3.nonexistant.com. example.com. IN NS ns4.nonexistant.com. example.com. IN NS ns5.nonexistant.com. example.com. IN NS ns6.nonexistant.com. example.com. IN NS ns7.nonexistant.com. example.com. IN NS ns8.nonexistant.com. example.com. IN NS ns9.nonexistant.com. example.com. IN NS ns10.nonexistant.com. example.com. IN NS ns11.nonexistant.com. example.com. IN NS ns12.nonexistant.com. ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION b.example.com. IN A SECTION ANSWER b.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns1.nonexistant.com. example.com. IN NS ns2.nonexistant.com. example.com. IN NS ns3.nonexistant.com. example.com. IN NS ns4.nonexistant.com. example.com. IN NS ns5.nonexistant.com. example.com. IN NS ns6.nonexistant.com. example.com. IN NS ns7.nonexistant.com. example.com. IN NS ns8.nonexistant.com. example.com. IN NS ns9.nonexistant.com. example.com. IN NS ns10.nonexistant.com. example.com. IN NS ns11.nonexistant.com. example.com. IN NS ns12.nonexistant.com. ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION c.example.com. IN A SECTION ANSWER c.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns1.nonexistant.com. example.com. IN NS ns2.nonexistant.com. example.com. IN NS ns3.nonexistant.com. example.com. IN NS ns4.nonexistant.com. example.com. IN NS ns5.nonexistant.com. example.com. IN NS ns6.nonexistant.com. example.com. IN NS ns7.nonexistant.com. example.com. IN NS ns8.nonexistant.com. example.com. IN NS ns9.nonexistant.com. example.com. IN NS ns10.nonexistant.com. example.com. IN NS ns11.nonexistant.com. example.com. IN NS ns12.nonexistant.com. ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION d.example.com. IN A SECTION ANSWER d.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns1.nonexistant.com. example.com. IN NS ns2.nonexistant.com. example.com. IN NS ns3.nonexistant.com. example.com. IN NS ns4.nonexistant.com. example.com. IN NS ns5.nonexistant.com. example.com. IN NS ns6.nonexistant.com. example.com. IN NS ns7.nonexistant.com. example.com. IN NS ns8.nonexistant.com. example.com. IN NS ns9.nonexistant.com. example.com. IN NS ns10.nonexistant.com. example.com. IN NS ns11.nonexistant.com. example.com. IN NS ns12.nonexistant.com. ENTRY_END RANGE_END STEP 1 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION a.example.com. IN A ENTRY_END ; This was resolved by asking the parent side nameservers STEP 2 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION a.example.com. IN A SECTION ANSWER a.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns1.nonexistant.com. example.com. IN NS ns2.nonexistant.com. example.com. IN NS ns3.nonexistant.com. example.com. IN NS ns4.nonexistant.com. example.com. IN NS ns5.nonexistant.com. example.com. IN NS ns6.nonexistant.com. example.com. IN NS ns7.nonexistant.com. example.com. IN NS ns8.nonexistant.com. example.com. IN NS ns9.nonexistant.com. example.com. IN NS ns10.nonexistant.com. example.com. IN NS ns11.nonexistant.com. example.com. IN NS ns12.nonexistant.com. ENTRY_END ; The child side nameservers are now known to Unbound ; Query again, the child server nameservers will be asked now STEP 3 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION b.example.com. IN A ENTRY_END ; This was resolved by falling back to the parent side nameservers STEP 4 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION b.example.com. IN A SECTION ANSWER b.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns1.nonexistant.com. example.com. IN NS ns2.nonexistant.com. example.com. IN NS ns3.nonexistant.com. example.com. IN NS ns4.nonexistant.com. example.com. IN NS ns5.nonexistant.com. example.com. IN NS ns6.nonexistant.com. example.com. IN NS ns7.nonexistant.com. example.com. IN NS ns8.nonexistant.com. example.com. IN NS ns9.nonexistant.com. example.com. IN NS ns10.nonexistant.com. example.com. IN NS ns11.nonexistant.com. example.com. IN NS ns12.nonexistant.com. ENTRY_END ; Query a third time, this will get the cached NXDOMAINs (no NX counter for ; those) and will go to the parent as a last resort. This query will test that ; we will not have resolution for the lame(parent side) addresses that could ; raise the NX counter because of no address addition to the delegation point ; (the same addresses are already there). STEP 5 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION c.example.com. IN A ENTRY_END ; This was resolved by going back to the parent side nameservers (child side ; was exhausted from cache and queries < MAX_TARGET_NX). STEP 6 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION c.example.com. IN A SECTION ANSWER c.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns1.nonexistant.com. example.com. IN NS ns2.nonexistant.com. example.com. IN NS ns3.nonexistant.com. example.com. IN NS ns4.nonexistant.com. example.com. IN NS ns5.nonexistant.com. example.com. IN NS ns6.nonexistant.com. example.com. IN NS ns7.nonexistant.com. example.com. IN NS ns8.nonexistant.com. example.com. IN NS ns9.nonexistant.com. example.com. IN NS ns10.nonexistant.com. example.com. IN NS ns11.nonexistant.com. example.com. IN NS ns12.nonexistant.com. ENTRY_END ; Allow for the nameserver glue to expire STEP 10 TIME_PASSES ELAPSE 11 ; Query again for the parent side fallback STEP 11 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION d.example.com. IN A ENTRY_END ; This was resolved by falling back to the parent side nameservers STEP 12 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION d.example.com. IN A SECTION ANSWER d.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns1.nonexistant.com. example.com. IN NS ns2.nonexistant.com. example.com. IN NS ns3.nonexistant.com. example.com. IN NS ns4.nonexistant.com. example.com. IN NS ns5.nonexistant.com. example.com. IN NS ns6.nonexistant.com. example.com. IN NS ns7.nonexistant.com. example.com. IN NS ns8.nonexistant.com. example.com. IN NS ns9.nonexistant.com. example.com. IN NS ns10.nonexistant.com. example.com. IN NS ns11.nonexistant.com. example.com. IN NS ns12.nonexistant.com. ENTRY_END SCENARIO_END