- Update example.con.in and add a testcase for PR NLnetLabs#275.

labuwx · Jan 25, 2021 · b7acaaa · b7acaaa
1 parent f5b7169
commit b7acaaa
Show file tree

Hide file tree

Showing 2 changed files with 143 additions and 0 deletions.
diff --git a/doc/example.conf.in b/doc/example.conf.in
@@ -598,6 +598,13 @@ server:
 	# A recommended value is 1800.
 	# serve-expired-client-timeout: 0
 
+	# Return the original TTL as received from the upstream name server rather
+	# than the decrementing TTL as stored in the cache.  Enabling this feature
+	# does not impact cache expiry, it only changes the TTL unbound embeds in
+	# responses to queries. Note that enabling this feature implicitly disables
+	# enforcement of the configured minimum and maximum TTL.
+	# serve-original-ttl: no
+
 	# Have the validator log failed validations for your diagnosis.
 	# 0: off. 1: A line per failed user query. 2: With reason and bad IP.
 	# val-log-level: 0

diff --git a/testdata/serve_original_ttl.rpl b/testdata/serve_original_ttl.rpl
@@ -0,0 +1,136 @@
+; config options
+server:
+	access-control: 127.0.0.1 allow_snoop
+	module-config: "validator iterator"
+	qname-minimisation: "no"
+	minimal-responses: no
+	serve-original-ttl: yes
+	cache-max-ttl: 1000
+	cache-min-ttl: 20
+	serve-expired: yes
+	serve-expired-reply-ttl: 123
+
+stub-zone:
+	name: "example.com"
+	stub-addr: 1.2.3.4
+CONFIG_END
+
+SCENARIO_BEGIN Test serve-original-ttl
+; Scenario overview:
+; - query for example.com. IN A
+; - check that we get an answer for example.com. IN A with the correct TTL
+; - query again after a couple seconds and check that we get the original TTL
+; (next steps are combination with serve-expired)
+; - query again after the TTL expired
+; - check that we get the expired cached answer with the original TTL
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+	ENTRY_BEGIN
+		MATCH opcode qtype qname
+		ADJUST copy_id
+		REPLY QR NOERROR
+		SECTION QUESTION
+			example.com. IN NS
+		SECTION ANSWER
+			example.com. IN NS ns.example.com.
+		SECTION ADDITIONAL
+			ns.example.com. IN A 1.2.3.4
+	ENTRY_END
+
+	ENTRY_BEGIN
+		MATCH opcode qtype qname
+		ADJUST copy_id
+		REPLY QR NOERROR
+		SECTION QUESTION
+			example.com. IN A
+		SECTION ANSWER
+			example.com. 10 IN A 5.6.7.8
+		SECTION AUTHORITY
+			example.com. IN NS ns.example.com.
+		SECTION ADDITIONAL
+			ns.example.com. IN A 1.2.3.4
+	ENTRY_END
+RANGE_END
+
+; Query with RD flag
+STEP 1 QUERY
+ENTRY_BEGIN
+	REPLY RD
+	SECTION QUESTION
+		example.com. IN A
+ENTRY_END
+
+; Check that we got the correct answer (should be cached)
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+	MATCH all ttl
+	REPLY QR RD RA NOERROR
+	SECTION QUESTION
+		example.com. IN A
+	SECTION ANSWER
+		example.com. 10 IN A 5.6.7.8
+	SECTION AUTHORITY
+		example.com. IN NS ns.example.com.
+	SECTION ADDITIONAL
+		ns.example.com. IN A 1.2.3.4
+ENTRY_END
+
+; Wait a couple of seconds (< 10)
+STEP 11 TIME_PASSES ELAPSE 5
+
+; Query again
+STEP 20 QUERY
+ENTRY_BEGIN
+	REPLY
+	SECTION QUESTION
+		example.com. IN A
+ENTRY_END
+
+; Check that we got the cached answer with the original TTL
+; (Passively checks that minimum and maximum TTLs are ignored)
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+	MATCH all ttl
+	REPLY QR RA NOERROR
+	SECTION QUESTION
+		example.com. IN A
+	SECTION ANSWER
+		example.com.  10 A 5.6.7.8
+	SECTION AUTHORITY
+		example.com. 3600 NS ns.example.com.
+	SECTION ADDITIONAL
+		ns.example.com. 3600 A 1.2.3.4
+ENTRY_END
+
+; Wait for the TTL to expire
+STEP 31 TIME_PASSES ELAPSE 3601
+
+; Query again
+STEP 40 QUERY
+ENTRY_BEGIN
+	REPLY
+	SECTION QUESTION
+		example.com. IN A
+ENTRY_END
+
+; Check that we got a stale answer with the original TTL
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+	MATCH all ttl
+	REPLY QR RA NOERROR
+	SECTION QUESTION
+		example.com. IN A
+	SECTION ANSWER
+		example.com.  10 A 5.6.7.8
+	SECTION AUTHORITY
+		example.com. NS ns.example.com.
+	SECTION ADDITIONAL
+		ns.example.com. A 1.2.3.4
+ENTRY_END
+
+; Give time for the pending query to get answered
+STEP 51 TRAFFIC
+
+SCENARIO_END