1; config options 2server: 3 harden-referral-path: no 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: "no" 6 minimal-responses: no 7 8stub-zone: 9 name: "." 10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 11CONFIG_END 12 13SCENARIO_BEGIN Test scrub of insecure DNAME in answer section 14 15; root infrastucture 16RANGE_BEGIN 0 10000000 17 ADDRESS 193.0.14.129 18ENTRY_BEGIN 19MATCH qname qtype opcode 20ADJUST copy_id 21REPLY QR AA NOERROR 22SECTION QUESTION 23. IN NS 24SECTION ANSWER 25. IN NS K.ROOT-SERVERS.NET. 26SECTION ADDITIONAL 27K.ROOT-SERVERS.NET. IN A 193.0.14.129 28ENTRY_END 29 30ENTRY_BEGIN 31MATCH qname qtype opcode 32ADJUST copy_id 33REPLY QR AA NOERROR 34SECTION QUESTION 35shortloop. IN TXT 36SECTION ANSWER 37shortloop. IN TXT "shortloop end" 38ENTRY_END 39 40ENTRY_BEGIN 41MATCH qname qtype opcode 42ADJUST copy_id 43REPLY QR AA NOERROR 44SECTION QUESTION 45K.ROOT-SERVERS.NET. IN A 46SECTION ANSWER 47K.ROOT-SERVERS.NET. IN A 193.0.14.129 48ENTRY_END 49 50ENTRY_BEGIN 51MATCH qname qtype opcode 52ADJUST copy_id 53REPLY QR AA NOERROR 54SECTION QUESTION 55K.ROOT-SERVERS.NET. IN AAAA 56SECTION ANSWER 57ENTRY_END 58 59ENTRY_BEGIN 60MATCH subdomain opcode 61ADJUST copy_id copy_query 62REPLY QR NOERROR 63SECTION QUESTION 64com. IN A 65SECTION AUTHORITY 66com. IN NS a.gtld-servers.net. 67SECTION ADDITIONAL 68a.gtld-servers.net. IN A 192.5.6.30 69ENTRY_END 70 71ENTRY_BEGIN 72MATCH subdomain opcode 73ADJUST copy_id copy_query 74REPLY QR NOERROR 75SECTION QUESTION 76net. IN A 77SECTION AUTHORITY 78net. IN NS a.gtld-servers.net. 79SECTION ADDITIONAL 80a.gtld-servers.net. IN A 192.5.6.30 81ENTRY_END 82 83ENTRY_BEGIN 84MATCH subdomain opcode 85ADJUST copy_id copy_query 86REPLY QR NOERROR 87SECTION QUESTION 88x. IN A 89SECTION AUTHORITY 90x. IN NS a.gtld-servers.net. 91SECTION ADDITIONAL 92a.gtld-servers.net. IN A 192.5.6.30 93ENTRY_END 94 95ENTRY_BEGIN 96MATCH opcode subdomain 97ADJUST copy_id copy_query 98REPLY QR NOERROR 99SECTION QUESTION 100long. IN NS 101SECTION AUTHORITY 102long. IN NS a.gtld-servers.net. 103SECTION ADDITIONAL 104a.gtld-servers.net. IN A 192.5.6.30 105ENTRY_END 106 107ENTRY_BEGIN 108MATCH opcode subdomain 109ADJUST copy_id copy_query 110REPLY QR NOERROR 111SECTION QUESTION 11260o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS 113SECTION AUTHORITY 11460o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. 115SECTION ADDITIONAL 116a.gtld-servers.net. IN A 192.5.6.30 117ENTRY_END 118 119ENTRY_BEGIN 120MATCH qname qtype opcode 121ADJUST copy_id 122REPLY QR NOERROR 123SECTION QUESTION 124a.gtld-servers.net. IN A 125SECTION ANSWER 126a.gtld-servers.net. IN A 192.5.6.30 127ENTRY_END 128 129ENTRY_BEGIN 130MATCH qname qtype opcode 131ADJUST copy_id 132REPLY QR NOERROR 133SECTION QUESTION 134a.gtld-servers.net. IN AAAA 135SECTION ANSWER 136ENTRY_END 137RANGE_END 138; end of root infrastucture 139 140; a.gtld-servers.net. (com. net. x.) 141RANGE_BEGIN 0 10000000 142 ADDRESS 192.5.6.30 143ENTRY_BEGIN 144MATCH qname qtype opcode 145ADJUST copy_id 146REPLY QR NOERROR 147SECTION QUESTION 148a.gtld-servers.net. IN A 149SECTION ANSWER 150a.gtld-servers.net. IN A 192.5.6.30 151ENTRY_END 152 153ENTRY_BEGIN 154MATCH qname qtype opcode 155ADJUST copy_id 156REPLY QR NOERROR 157SECTION QUESTION 158a.gtld-servers.net. IN AAAA 159SECTION ANSWER 160ENTRY_END 161 162ENTRY_BEGIN 163MATCH qname qtype opcode 164ADJUST copy_id 165REPLY QR NOERROR 166SECTION QUESTION 167com. IN NS 168SECTION AUTHORITY 169com. IN NS a.gtld-servers.net. 170SECTION ADDITIONAL 171a.gtld-servers.net. IN A 192.5.6.30 172ENTRY_END 173 174ENTRY_BEGIN 175MATCH qname qtype opcode 176ADJUST copy_id 177REPLY QR NOERROR 178SECTION QUESTION 179net. IN NS 180SECTION AUTHORITY 181net. IN NS a.gtld-servers.net. 182SECTION ADDITIONAL 183a.gtld-servers.net. IN A 192.5.6.30 184ENTRY_END 185 186ENTRY_BEGIN 187MATCH opcode subdomain 188ADJUST copy_id copy_query 189REPLY QR NOERROR 190SECTION QUESTION 191example.com. IN A 192SECTION AUTHORITY 193example.com. IN NS ns1.example.com. 194SECTION ADDITIONAL 195ns1.example.com. IN A 168.192.2.2 196ENTRY_END 197 198ENTRY_BEGIN 199MATCH opcode subdomain 200ADJUST copy_id copy_query 201REPLY QR NOERROR 202SECTION QUESTION 203example.net. IN A 204SECTION AUTHORITY 205example.net. IN NS ns1.example.net. 206SECTION ADDITIONAL 207ns1.example.net. IN A 168.192.3.3 208ENTRY_END 209 210ENTRY_BEGIN 211MATCH qname qtype opcode 212ADJUST copy_id 213REPLY QR NOERROR 214SECTION QUESTION 215x. IN NS 216SECTION AUTHORITY 217x. IN NS a.gtld-servers.net. 218SECTION ADDITIONAL 219a.gtld-servers.net. IN A 192.5.6.30 220ENTRY_END 221 222ENTRY_BEGIN 223MATCH qname qtype opcode 224ADJUST copy_id 225REPLY QR NOERROR 226SECTION QUESTION 227x. IN DNAME 228SECTION AUTHORITY 229x. IN DNAME . 230SECTION ADDITIONAL 231a.gtld-servers.net. IN A 192.5.6.30 232ENTRY_END 233 234ENTRY_BEGIN 235MATCH qname opcode 236ADJUST copy_id copy_query 237REPLY QR NOERROR 238SECTION QUESTION 239shortloop.x.x. IN CNAME 240SECTION ANSWER 241x. DNAME . 242shortloop.x.x. IN CNAME shortloop.x. 243shortloop.x. IN CNAME shortloop. 244ENTRY_END 245 246ENTRY_BEGIN 247MATCH qname opcode 248ADJUST copy_id copy_query 249REPLY QR NOERROR 250SECTION QUESTION 251shortloop.x. IN CNAME 252SECTION ANSWER 253x. DNAME . 254shortloop.x. IN CNAME shortloop. 255ENTRY_END 256 257ENTRY_BEGIN 258MATCH qname qtype opcode 259ADJUST copy_id 260REPLY QR NOERROR 261SECTION QUESTION 26260o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS 263SECTION AUTHORITY 26460o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. 265SECTION ADDITIONAL 266a.gtld-servers.net. IN A 192.5.6.30 267ENTRY_END 268 269ENTRY_BEGIN 270MATCH qname qtype opcode 271ADJUST copy_id 272REPLY QR NOERROR 273SECTION QUESTION 274long. IN NS 275SECTION AUTHORITY 276long. IN NS a.gtld-servers.net. 277SECTION ADDITIONAL 278a.gtld-servers.net. IN A 192.5.6.30 279ENTRY_END 280 281; DNAME at zone apex, allowed by RFC 6672 section 2.3 282ENTRY_BEGIN 283MATCH qname qtype opcode 284ADJUST copy_id 285REPLY QR NOERROR 286SECTION QUESTION 287long. IN DNAME 288SECTION ANSWER 289long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 290ENTRY_END 291 292ENTRY_BEGIN 293MATCH qname qtype opcode 294ADJUST copy_id 295REPLY QR NOERROR 296SECTION QUESTION 297x.long. IN A 298SECTION ANSWER 299long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 300x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 301x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 302ENTRY_END 303 304ENTRY_BEGIN 305MATCH qname qtype opcode 306ADJUST copy_id 307REPLY QR NOERROR 308SECTION QUESTION 309x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A 310SECTION ANSWER 311x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 312ENTRY_END 313 314ENTRY_BEGIN 315MATCH qname opcode 316ADJUST copy_id copy_query 317REPLY QR YXDOMAIN 318SECTION QUESTION 319too.long. IN A 320SECTION ANSWER 321long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 322ENTRY_END 323RANGE_END 324; end of a.gtld-servers.net. 325 326; RFC 6672 section 2.2. The DNAME Substitution table tests 327;# QNAME owner DNAME target result 328;-- ---------------- -------------- -------------- ----------------- 329;1 com. example.com. example.net. <no match> 330;2 example.com. example.com. example.net. [0] 331;3 a.example.com. example.com. example.net. a.example.net. 332;4 a.b.example.com. example.com. example.net. a.b.example.net. 333;5 ab.example.com. b.example.com. example.net. <no match> 334;6 foo.example.com. example.com. example.net. foo.example.net. 335;7 a.x.example.com. x.example.com. example.net. a.example.net. 336;8 a.example.com. example.com. y.example.net. a.y.example.net. 337;9 cyc.example.com. example.com. example.com. cyc.example.com. 338;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. 339;11 shortloop.x.x. x. . shortloop.x. 340;12 shortloop.x. x. . shortloop. 341; 342; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then 343; the result is "example.com.", else "<no match>". 344; 345; Table 1. DNAME Substitution Examples 346 347; line no. 1 is mostly for authoritative server 348; line no. 2 QTYPE != DNAME 349STEP 220201 QUERY 350ENTRY_BEGIN 351REPLY RD DO 352SECTION QUESTION 353example.com. IN NS 354ENTRY_END 355 356STEP 220202 CHECK_ANSWER 357ENTRY_BEGIN 358MATCH all 359REPLY QR RD RA DO 360SECTION QUESTION 361example.com. IN NS 362SECTION ANSWER 363example.com. IN NS ns1.example.com. 364SECTION ADDITIONAL 365ns1.example.com. 0 IN A 168.192.2.2 366ENTRY_END 367 368; line no. 2 QTYPE == DNAME 369STEP 220203 QUERY 370ENTRY_BEGIN 371REPLY RD DO 372SECTION QUESTION 373example.com. IN DNAME 374ENTRY_END 375 376STEP 220204 CHECK_ANSWER 377ENTRY_BEGIN 378MATCH all 379REPLY QR RD RA DO 380SECTION QUESTION 381example.com. IN DNAME 382SECTION ANSWER 383example.com. IN DNAME example.net. 384ENTRY_END 385 386 387;# QNAME owner DNAME target result 388;-- ---------------- -------------- -------------- ----------------- 389;3 a.example.com. example.com. example.net. a.example.net. 390 391STEP 220301 QUERY 392ENTRY_BEGIN 393REPLY RD DO 394SECTION QUESTION 395a.example.com. IN A 396ENTRY_END 397 398STEP 220302 CHECK_ANSWER 399ENTRY_BEGIN 400MATCH all 401REPLY QR RD RA DO 402SECTION QUESTION 403a.example.com. IN A 404SECTION ANSWER 405example.com. IN DNAME example.net. 406a.example.com. IN CNAME a.example.net. 407a.example.net. IN A 10.0.0.97 408ENTRY_END 409 410;# QNAME owner DNAME target result 411;-- ---------------- -------------- -------------- ----------------- 412;4 a.b.example.com. example.com. example.net. a.b.example.net. 413 414STEP 220401 QUERY 415ENTRY_BEGIN 416REPLY RD DO 417SECTION QUESTION 418a.b.example.com. IN A 419ENTRY_END 420 421STEP 220402 CHECK_ANSWER 422ENTRY_BEGIN 423MATCH all 424REPLY QR RD RA DO 425SECTION QUESTION 426a.b.example.com. IN A 427SECTION ANSWER 428example.com. IN DNAME example.net. 429a.b.example.com. IN CNAME a.b.example.net. 430a.b.example.net. IN A 10.0.97.98 431ENTRY_END 432 433;# QNAME owner DNAME target result 434;-- ---------------- -------------- -------------- ----------------- 435;5 ab.example.com. b.example.com. example.net. <no match> 436;6 foo.example.com. example.com. example.net. foo.example.net. 437 438; line no. 5 is mostly for authoritative server 439; line no. 6 is basically the same as line no. 3 440 441; ns1.example.com. 442RANGE_BEGIN 220000 220699 443 ADDRESS 168.192.2.2 444ENTRY_BEGIN 445MATCH opcode qtype qname 446ADJUST copy_id 447REPLY QR AA NOERROR 448SECTION QUESTION 449example.com. IN NS 450SECTION ANSWER 451example.com. IN NS ns1.example.com. 452SECTION ADDITIONAL 453ns1.example.com. IN A 168.192.2.2 454ENTRY_END 455 456ENTRY_BEGIN 457MATCH opcode qtype qname 458ADJUST copy_id 459REPLY QR AA NOERROR 460SECTION QUESTION 461ns1.example.com. IN A 462SECTION ANSWER 463ns1.example.com. IN A 168.192.2.2 464ENTRY_END 465 466ENTRY_BEGIN 467MATCH opcode qtype qname 468ADJUST copy_id 469REPLY QR AA NOERROR 470SECTION QUESTION 471ns1.example.com. IN AAAA 472SECTION ANSWER 473ENTRY_END 474 475; line 2 DNAME 476ENTRY_BEGIN 477MATCH opcode qtype qname 478ADJUST copy_id 479REPLY QR AA NOERROR 480SECTION QUESTION 481example.com. IN DNAME 482SECTION ANSWER 483example.com. IN DNAME example.net. 484ENTRY_END 485 486; line 3 487ENTRY_BEGIN 488MATCH opcode qtype qname 489ADJUST copy_id 490REPLY QR AA NOERROR 491SECTION QUESTION 492a.example.com. IN A 493SECTION ANSWER 494example.com. IN DNAME example.net. 495a.example.com. IN CNAME a.example.net. 496ENTRY_END 497 498; line 4 499ENTRY_BEGIN 500MATCH opcode qtype qname 501ADJUST copy_id 502REPLY QR AA NOERROR 503SECTION QUESTION 504a.b.example.com. IN A 505SECTION ANSWER 506example.com. IN DNAME example.net. 507a.b.example.com. IN CNAME a.b.example.net. 508ENTRY_END 509RANGE_END 510; end of ns1.example.com. 511 512 513;# QNAME owner DNAME target result 514;-- ---------------- -------------- -------------- ----------------- 515;7 a.x.example.com. x.example.com. example.net. a.example.net. 516 517STEP 220701 QUERY 518ENTRY_BEGIN 519REPLY RD DO 520SECTION QUESTION 521a.x.example.com. IN A 522ENTRY_END 523 524STEP 220702 CHECK_ANSWER 525ENTRY_BEGIN 526MATCH all 527REPLY QR RD RA DO 528SECTION QUESTION 529a.x.example.com. IN A 530SECTION ANSWER 531x.example.com. IN DNAME example.net. 532a.x.example.com. IN CNAME a.example.net. 533a.example.net. IN A 10.0.0.97 534ENTRY_END 535 536; ns1.example.com. 537RANGE_BEGIN 220700 220799 538 ADDRESS 168.192.2.2 539ENTRY_BEGIN 540MATCH opcode qtype qname 541ADJUST copy_id 542REPLY QR AA NOERROR 543SECTION QUESTION 544example.com. IN NS 545SECTION ANSWER 546example.com. IN NS ns1.example.com. 547SECTION ADDITIONAL 548ns1.example.com. IN A 168.192.2.2 549ENTRY_END 550 551ENTRY_BEGIN 552MATCH opcode qtype qname 553ADJUST copy_id 554REPLY QR AA NOERROR 555SECTION QUESTION 556ns1.example.com. IN A 557SECTION ANSWER 558ns1.example.com. IN A 168.192.2.2 559ENTRY_END 560 561ENTRY_BEGIN 562MATCH opcode qtype qname 563ADJUST copy_id 564REPLY QR AA NOERROR 565SECTION QUESTION 566ns1.example.com. IN AAAA 567SECTION ANSWER 568ENTRY_END 569 570; line 7 DNAME 571ENTRY_BEGIN 572MATCH opcode qtype qname 573ADJUST copy_id 574REPLY QR AA NOERROR 575SECTION QUESTION 576example.com. IN DNAME 577SECTION ANSWER 578x.example.com. IN DNAME example.net. 579ENTRY_END 580 581ENTRY_BEGIN 582MATCH opcode qtype qname 583ADJUST copy_id 584REPLY QR AA NOERROR 585SECTION QUESTION 586a.x.example.com. IN A 587SECTION ANSWER 588x.example.com. IN DNAME example.net. 589a.x.example.com. IN CNAME a.example.net. 590ENTRY_END 591RANGE_END 592; end of ns1.example.com. 593 594;# QNAME owner DNAME target result 595;-- ---------------- -------------- -------------- ----------------- 596;8 a.example.com. example.com. y.example.net. a.y.example.net. 597; 598; a.example.com. was renamed to a2.example.com. to avoid cache clashes 599; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) 600 601STEP 220801 QUERY 602ENTRY_BEGIN 603REPLY RD DO 604SECTION QUESTION 605a2.example.com. IN A 606ENTRY_END 607 608STEP 220802 CHECK_ANSWER 609ENTRY_BEGIN 610MATCH all 611REPLY QR RD RA DO 612SECTION QUESTION 613a2.example.com. IN A 614SECTION ANSWER 615example.com. IN DNAME y.example.net. 616a2.example.com. IN CNAME a2.y.example.net. 617a2.y.example.net. IN A 10.97.50.121 618ENTRY_END 619 620; ns1.example.com. 621RANGE_BEGIN 220800 220899 622 ADDRESS 168.192.2.2 623ENTRY_BEGIN 624MATCH opcode qtype qname 625ADJUST copy_id 626REPLY QR AA NOERROR 627SECTION QUESTION 628example.com. IN NS 629SECTION ANSWER 630example.com. IN NS ns1.example.com. 631SECTION ADDITIONAL 632ns1.example.com. IN A 168.192.2.2 633ENTRY_END 634 635ENTRY_BEGIN 636MATCH opcode qtype qname 637ADJUST copy_id 638REPLY QR AA NOERROR 639SECTION QUESTION 640ns1.example.com. IN A 641SECTION ANSWER 642ns1.example.com. IN A 168.192.2.2 643ENTRY_END 644 645ENTRY_BEGIN 646MATCH opcode qtype qname 647ADJUST copy_id 648REPLY QR AA NOERROR 649SECTION QUESTION 650ns1.example.com. IN AAAA 651SECTION ANSWER 652ENTRY_END 653 654; line 8 DNAME 655ENTRY_BEGIN 656MATCH opcode qtype qname 657ADJUST copy_id 658REPLY QR AA NOERROR 659SECTION QUESTION 660example.com. IN DNAME 661SECTION ANSWER 662example.com. IN DNAME y.example.net. 663ENTRY_END 664 665ENTRY_BEGIN 666MATCH opcode qtype qname 667ADJUST copy_id 668REPLY QR AA NOERROR 669SECTION QUESTION 670a2.example.com. IN A 671SECTION ANSWER 672example.com. IN DNAME y.example.net. 673a2.example.com. IN CNAME a2.y.example.net. 674ENTRY_END 675RANGE_END 676; end of ns1.example.com. 677 678 679;# QNAME owner DNAME target result 680;-- ---------------- -------------- -------------- ----------------- 681;9 cyc.example.com. example.com. example.com. cyc.example.com. 682 683STEP 220901 QUERY 684ENTRY_BEGIN 685REPLY RD DO 686SECTION QUESTION 687cyc.example.com. IN A 688ENTRY_END 689 690; Expected result is defined by RFC 1034 section 3.6.2: 691; CNAME chains should be followed and CNAME loops signalled as an error 692STEP 220902 CHECK_ANSWER 693ENTRY_BEGIN 694MATCH all 695REPLY QR RD RA DO 696REPLY NOERROR 697SECTION QUESTION 698cyc.example.com. IN A 699SECTION ANSWER 700example.com. 0 IN DNAME example.com. 701cyc.example.com. 0 IN CNAME cyc.example.com. 702ENTRY_END 703 704; ns1.example.com. 705RANGE_BEGIN 220900 220999 706 ADDRESS 168.192.2.2 707ENTRY_BEGIN 708MATCH opcode qtype qname 709ADJUST copy_id 710REPLY QR AA NOERROR 711SECTION QUESTION 712example.com. IN NS 713SECTION ANSWER 714example.com. IN NS ns1.example.com. 715SECTION ADDITIONAL 716ns1.example.com. IN A 168.192.2.2 717ENTRY_END 718 719ENTRY_BEGIN 720MATCH opcode qtype qname 721ADJUST copy_id 722REPLY QR AA NOERROR 723SECTION QUESTION 724ns1.example.com. IN A 725SECTION ANSWER 726ns1.example.com. IN A 168.192.2.2 727ENTRY_END 728 729ENTRY_BEGIN 730MATCH opcode qtype qname 731ADJUST copy_id 732REPLY QR AA NOERROR 733SECTION QUESTION 734ns1.example.com. IN AAAA 735SECTION ANSWER 736ENTRY_END 737 738; line 9 DNAME 739ENTRY_BEGIN 740MATCH opcode qtype qname 741ADJUST copy_id 742REPLY QR AA NOERROR 743SECTION QUESTION 744example.com. IN DNAME 745SECTION ANSWER 746example.com. IN DNAME example.com. 747ENTRY_END 748 749ENTRY_BEGIN 750MATCH opcode qtype qname 751ADJUST copy_id 752REPLY QR AA NOERROR 753SECTION QUESTION 754cyc.example.com. IN A 755SECTION ANSWER 756example.com. IN DNAME example.com. 757cyc.example.com. IN CNAME cyc.example.com. 758ENTRY_END 759RANGE_END 760; end of ns1.example.com. 761 762;# QNAME owner DNAME target result 763;-- ---------------- -------------- -------------- ----------------- 764;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. 765; 766; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes 767; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) 768; 769; target c.example.com. was renamed to cyc2.example.net. 770; to limit number of pre-canned answers required for the test 771 772STEP 221001 QUERY 773ENTRY_BEGIN 774REPLY RD DO 775SECTION QUESTION 776cyc2.example.com. IN A 777ENTRY_END 778 779; Expected result is defined by RFC 1034 section 3.6.2: 780; CNAME chains should be followed and CNAME loops signalled as an error 781STEP 221002 CHECK_ANSWER 782ENTRY_BEGIN 783MATCH all 784REPLY QR RD RA DO SERVFAIL 785SECTION QUESTION 786cyc2.example.com. IN A 787ENTRY_END 788 789; ns1.example.com. 790RANGE_BEGIN 221000 221099 791 ADDRESS 168.192.2.2 792ENTRY_BEGIN 793MATCH opcode qtype qname 794ADJUST copy_id 795REPLY QR AA NOERROR 796SECTION QUESTION 797example.com. IN NS 798SECTION ANSWER 799example.com. IN NS ns1.example.com. 800SECTION ADDITIONAL 801ns1.example.com. IN A 168.192.2.2 802ENTRY_END 803 804ENTRY_BEGIN 805MATCH opcode qtype qname 806ADJUST copy_id 807REPLY QR AA NOERROR 808SECTION QUESTION 809ns1.example.com. IN A 810SECTION ANSWER 811ns1.example.com. IN A 168.192.2.2 812ENTRY_END 813 814ENTRY_BEGIN 815MATCH opcode qtype qname 816ADJUST copy_id 817REPLY QR AA NOERROR 818SECTION QUESTION 819ns1.example.com. IN AAAA 820SECTION ANSWER 821ENTRY_END 822 823; line 10 DNAME 824ENTRY_BEGIN 825MATCH opcode qtype qname 826ADJUST copy_id 827REPLY QR AA NOERROR 828SECTION QUESTION 829example.com. IN DNAME 830SECTION ANSWER 831example.com. IN DNAME cyc2.example.net. 832ENTRY_END 833 834ENTRY_BEGIN 835MATCH opcode qtype qname 836ADJUST copy_id 837REPLY QR AA NOERROR 838SECTION QUESTION 839cyc2.example.com. IN A 840SECTION ANSWER 841example.com. IN DNAME cyc2.example.net. 842cyc2.example.com. IN CNAME cyc2.cyc2.example.net. 843ENTRY_END 844RANGE_END 845; end of ns1.example.com. 846 847;# QNAME owner DNAME target result 848;-- ---------------- -------------- -------------- ----------------- 849;11 shortloop.x.x. x. . shortloop.x. 850 851STEP 221101 QUERY 852ENTRY_BEGIN 853REPLY RD DO 854SECTION QUESTION 855shortloop.x.x. TXT 856ENTRY_END 857 858STEP 221102 CHECK_ANSWER 859ENTRY_BEGIN 860MATCH all 861REPLY QR RD RA DO 862SECTION QUESTION 863shortloop.x.x. IN TXT 864SECTION ANSWER 865x. IN DNAME . 866shortloop.x.x. IN CNAME shortloop.x. 867;;x. IN DNAME . 868shortloop.x. IN CNAME shortloop. 869shortloop. IN TXT "shortloop end" 870ENTRY_END 871 872;# QNAME owner DNAME target result 873;-- ---------------- -------------- -------------- ----------------- 874;12 shortloop.x. x. . shortloop. 875 876; expire potentically cached CNAMEs for shortloop.x. from cache 877STEP 221200 TIME_PASSES ELAPSE 10000 878 879STEP 221201 QUERY 880ENTRY_BEGIN 881REPLY RD DO 882SECTION QUESTION 883shortloop.x. TXT 884ENTRY_END 885 886STEP 221202 CHECK_ANSWER 887ENTRY_BEGIN 888MATCH all 889REPLY QR RD RA DO 890SECTION QUESTION 891shortloop.x. IN TXT 892SECTION ANSWER 893x. IN DNAME . 894shortloop.x. IN CNAME shortloop. 895shortloop. IN TXT "shortloop end" 896ENTRY_END 897 898 899; ns1.example.net. (data shared by whole 22xxxx range) 900RANGE_BEGIN 220000 229999 901 ADDRESS 168.192.3.3 902ENTRY_BEGIN 903MATCH opcode qtype qname 904ADJUST copy_id 905REPLY QR AA NOERROR 906SECTION QUESTION 907example.net. IN NS 908SECTION ANSWER 909example.net. IN NS ns1.example.net. 910SECTION ADDITIONAL 911example.net. IN A 168.192.3.3 912ENTRY_END 913 914ENTRY_BEGIN 915MATCH opcode qtype qname 916ADJUST copy_id 917REPLY QR AA NOERROR 918SECTION QUESTION 919ns1.example.net. IN A 920SECTION ANSWER 921ns1.example.net. IN A 168.192.3.3 922ENTRY_END 923 924ENTRY_BEGIN 925MATCH opcode qtype qname 926ADJUST copy_id 927REPLY QR AA NOERROR 928SECTION QUESTION 929ns1.example.net. IN AAAA 930SECTION ANSWER 931ENTRY_END 932 933; line 3 934ENTRY_BEGIN 935MATCH opcode qtype qname 936ADJUST copy_id 937REPLY QR AA NOERROR 938SECTION QUESTION 939a.example.net. IN A 940SECTION ANSWER 941a.example.net. IN A 10.0.0.97 942ENTRY_END 943 944; line 4 945ENTRY_BEGIN 946MATCH opcode qtype qname 947ADJUST copy_id 948REPLY QR AA NOERROR 949SECTION QUESTION 950a.b.example.net. IN A 951SECTION ANSWER 952a.b.example.net. IN A 10.0.97.98 953ENTRY_END 954 955ENTRY_BEGIN 956MATCH opcode qtype qname 957ADJUST copy_id 958REPLY QR AA NOERROR 959SECTION QUESTION 960a2.y.example.net. IN A 961SECTION ANSWER 962a2.y.example.net. IN A 10.97.50.121 963ENTRY_END 964 965; line 10 966ENTRY_BEGIN 967MATCH opcode qtype qname 968ADJUST copy_id 969REPLY QR AA NOERROR 970SECTION QUESTION 971cyc2.example.net. IN DNAME 972SECTION ANSWER 973cyc2.example.net. IN DNAME example.com. 974ENTRY_END 975 976ENTRY_BEGIN 977MATCH opcode qtype qname 978ADJUST copy_id 979REPLY QR AA NOERROR 980SECTION QUESTION 981cyc2.cyc2.example.net. IN A 982SECTION ANSWER 983cyc2.example.net. IN DNAME example.com. 984cyc2.cyc2.example.com. IN CNAME cyc2.example.com. 985ENTRY_END 986RANGE_END 987; end of ns1.example.net. 988 989 990; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution 991; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. 992STEP 229001 QUERY 993ENTRY_BEGIN 994REPLY RD DO 995SECTION QUESTION 996x.long. IN A 997ENTRY_END 998 999; query returning maximal permissible length - should work 1000STEP 229002 CHECK_ANSWER 1001ENTRY_BEGIN 1002MATCH all 1003REPLY QR RD RA DO 1004SECTION QUESTION 1005x.long. IN A 1006SECTION ANSWER 1007long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 1008x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 1009x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 1010ENTRY_END 1011 1012; result of substitution has too long name 1013; YXDOMAIN should be propagated to the client 1014; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html 1015;TODO 1016; STEP 229003 QUERY 1017; ENTRY_BEGIN 1018; REPLY RD DO 1019; SECTION QUESTION 1020; too.long. IN A 1021; ENTRY_END 1022; 1023; STEP 229004 CHECK_ANSWER 1024; ENTRY_BEGIN 1025; MATCH all 1026; REPLY QR YXDOMAIN 1027; SECTION QUESTION 1028; x.long. IN A 1029; SECTION ANSWER 1030; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 1031; ENTRY_END 1032 1033; YXDOMAIN should work even if the cache is empty 1034STEP 229005 TIME_PASSES ELAPSE 4000 1035 1036; STEP 229006 QUERY 1037; ENTRY_BEGIN 1038; REPLY RD DO 1039; SECTION QUESTION 1040; too.long. IN A 1041; ENTRY_END 1042; 1043; STEP 229007 CHECK_ANSWER 1044; ENTRY_BEGIN 1045; MATCH all 1046; REPLY QR YXDOMAIN 1047; SECTION QUESTION 1048; x.long. IN A 1049; SECTION ANSWER 1050; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 1051; ENTRY_END 1052 1053 1054 1055 1056SCENARIO_END 1057