diff --git a/doc/example.conf.in b/doc/example.conf.in index b9b1c0525..9db622a47 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -598,6 +598,13 @@ server: # A recommended value is 1800. # serve-expired-client-timeout: 0 + # Return the original TTL as received from the upstream name server rather + # than the decrementing TTL as stored in the cache. Enabling this feature + # does not impact cache expiry, it only changes the TTL unbound embeds in + # responses to queries. Note that enabling this feature implicitly disables + # enforcement of the configured minimum and maximum TTL. + # serve-original-ttl: no + # Have the validator log failed validations for your diagnosis. # 0: off. 1: A line per failed user query. 2: With reason and bad IP. # val-log-level: 0 diff --git a/testdata/serve_original_ttl.rpl b/testdata/serve_original_ttl.rpl new file mode 100644 index 000000000..630fb39a4 --- /dev/null +++ b/testdata/serve_original_ttl.rpl @@ -0,0 +1,136 @@ +; config options +server: + access-control: 127.0.0.1 allow_snoop + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-original-ttl: yes + cache-max-ttl: 1000 + cache-min-ttl: 20 + serve-expired: yes + serve-expired-reply-ttl: 123 + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-original-ttl +; Scenario overview: +; - query for example.com. IN A +; - check that we get an answer for example.com. IN A with the correct TTL +; - query again after a couple seconds and check that we get the original TTL +; (next steps are combination with serve-expired) +; - query again after the TTL expired +; - check that we get the expired cached answer with the original TTL + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 1 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got the correct answer (should be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Wait a couple of seconds (< 10) +STEP 11 TIME_PASSES ELAPSE 5 + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got the cached answer with the original TTL +; (Passively checks that minimum and maximum TTLs are ignored) +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RA NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 A 5.6.7.8 + SECTION AUTHORITY + example.com. 3600 NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 3600 A 1.2.3.4 +ENTRY_END + +; Wait for the TTL to expire +STEP 31 TIME_PASSES ELAPSE 3601 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got a stale answer with the original TTL +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RA NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 A 5.6.7.8 + SECTION AUTHORITY + example.com. NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. A 1.2.3.4 +ENTRY_END + +; Give time for the pending query to get answered +STEP 51 TRAFFIC + +SCENARIO_END