1; config options 2server: 3 harden-referral-path: no 4 target-fetch-policy: "0 0 0 0 0" 5 6stub-zone: 7 name: "." 8 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 9CONFIG_END 10 11SCENARIO_BEGIN Test scrub of insecure DNAME in answer section 12 13; root infrastucture 14RANGE_BEGIN 0 10000000 15 ADDRESS 193.0.14.129 16ENTRY_BEGIN 17MATCH qname qtype opcode 18ADJUST copy_id 19REPLY QR AA NOERROR 20SECTION QUESTION 21. IN NS 22SECTION ANSWER 23. IN NS K.ROOT-SERVERS.NET. 24SECTION ADDITIONAL 25K.ROOT-SERVERS.NET. IN A 193.0.14.129 26ENTRY_END 27 28ENTRY_BEGIN 29MATCH qname qtype opcode 30ADJUST copy_id 31REPLY QR AA NOERROR 32SECTION QUESTION 33shortloop. IN TXT 34SECTION ANSWER 35shortloop. IN TXT "shortloop end" 36ENTRY_END 37 38ENTRY_BEGIN 39MATCH qname qtype opcode 40ADJUST copy_id 41REPLY QR AA NOERROR 42SECTION QUESTION 43K.ROOT-SERVERS.NET. IN A 44SECTION ANSWER 45K.ROOT-SERVERS.NET. IN A 193.0.14.129 46ENTRY_END 47 48ENTRY_BEGIN 49MATCH qname qtype opcode 50ADJUST copy_id 51REPLY QR AA NOERROR 52SECTION QUESTION 53K.ROOT-SERVERS.NET. IN AAAA 54SECTION ANSWER 55ENTRY_END 56 57ENTRY_BEGIN 58MATCH subdomain opcode 59ADJUST copy_id copy_query 60REPLY QR NOERROR 61SECTION QUESTION 62com. IN A 63SECTION AUTHORITY 64com. IN NS a.gtld-servers.net. 65SECTION ADDITIONAL 66a.gtld-servers.net. IN A 192.5.6.30 67ENTRY_END 68 69ENTRY_BEGIN 70MATCH subdomain opcode 71ADJUST copy_id copy_query 72REPLY QR NOERROR 73SECTION QUESTION 74net. IN A 75SECTION AUTHORITY 76net. IN NS a.gtld-servers.net. 77SECTION ADDITIONAL 78a.gtld-servers.net. IN A 192.5.6.30 79ENTRY_END 80 81ENTRY_BEGIN 82MATCH subdomain opcode 83ADJUST copy_id copy_query 84REPLY QR NOERROR 85SECTION QUESTION 86x. IN A 87SECTION AUTHORITY 88x. IN NS a.gtld-servers.net. 89SECTION ADDITIONAL 90a.gtld-servers.net. IN A 192.5.6.30 91ENTRY_END 92 93ENTRY_BEGIN 94MATCH opcode subdomain 95ADJUST copy_id copy_query 96REPLY QR NOERROR 97SECTION QUESTION 98long. IN NS 99SECTION AUTHORITY 100long. IN NS a.gtld-servers.net. 101SECTION ADDITIONAL 102a.gtld-servers.net. IN A 192.5.6.30 103ENTRY_END 104 105ENTRY_BEGIN 106MATCH opcode subdomain 107ADJUST copy_id copy_query 108REPLY QR NOERROR 109SECTION QUESTION 11060o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS 111SECTION AUTHORITY 11260o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. 113SECTION ADDITIONAL 114a.gtld-servers.net. IN A 192.5.6.30 115ENTRY_END 116 117ENTRY_BEGIN 118MATCH qname qtype opcode 119ADJUST copy_id 120REPLY QR NOERROR 121SECTION QUESTION 122a.gtld-servers.net. IN A 123SECTION ANSWER 124a.gtld-servers.net. IN A 192.5.6.30 125ENTRY_END 126 127ENTRY_BEGIN 128MATCH qname qtype opcode 129ADJUST copy_id 130REPLY QR NOERROR 131SECTION QUESTION 132a.gtld-servers.net. IN AAAA 133SECTION ANSWER 134ENTRY_END 135RANGE_END 136; end of root infrastucture 137 138; a.gtld-servers.net. (com. net. x.) 139RANGE_BEGIN 0 10000000 140 ADDRESS 192.5.6.30 141ENTRY_BEGIN 142MATCH qname qtype opcode 143ADJUST copy_id 144REPLY QR NOERROR 145SECTION QUESTION 146a.gtld-servers.net. IN A 147SECTION ANSWER 148a.gtld-servers.net. IN A 192.5.6.30 149ENTRY_END 150 151ENTRY_BEGIN 152MATCH qname qtype opcode 153ADJUST copy_id 154REPLY QR NOERROR 155SECTION QUESTION 156a.gtld-servers.net. IN AAAA 157SECTION ANSWER 158ENTRY_END 159 160ENTRY_BEGIN 161MATCH qname qtype opcode 162ADJUST copy_id 163REPLY QR NOERROR 164SECTION QUESTION 165com. IN NS 166SECTION AUTHORITY 167com. IN NS a.gtld-servers.net. 168SECTION ADDITIONAL 169a.gtld-servers.net. IN A 192.5.6.30 170ENTRY_END 171 172ENTRY_BEGIN 173MATCH qname qtype opcode 174ADJUST copy_id 175REPLY QR NOERROR 176SECTION QUESTION 177net. IN NS 178SECTION AUTHORITY 179net. IN NS a.gtld-servers.net. 180SECTION ADDITIONAL 181a.gtld-servers.net. IN A 192.5.6.30 182ENTRY_END 183 184ENTRY_BEGIN 185MATCH opcode subdomain 186ADJUST copy_id copy_query 187REPLY QR NOERROR 188SECTION QUESTION 189example.com. IN A 190SECTION AUTHORITY 191example.com. IN NS ns1.example.com. 192SECTION ADDITIONAL 193ns1.example.com. IN A 168.192.2.2 194ENTRY_END 195 196ENTRY_BEGIN 197MATCH opcode subdomain 198ADJUST copy_id copy_query 199REPLY QR NOERROR 200SECTION QUESTION 201example.net. IN A 202SECTION AUTHORITY 203example.net. IN NS ns1.example.net. 204SECTION ADDITIONAL 205ns1.example.net. IN A 168.192.3.3 206ENTRY_END 207 208ENTRY_BEGIN 209MATCH qname qtype opcode 210ADJUST copy_id 211REPLY QR NOERROR 212SECTION QUESTION 213x. IN NS 214SECTION AUTHORITY 215x. IN NS a.gtld-servers.net. 216SECTION ADDITIONAL 217a.gtld-servers.net. IN A 192.5.6.30 218ENTRY_END 219 220ENTRY_BEGIN 221MATCH qname qtype opcode 222ADJUST copy_id 223REPLY QR NOERROR 224SECTION QUESTION 225x. IN DNAME 226SECTION AUTHORITY 227x. IN DNAME . 228SECTION ADDITIONAL 229a.gtld-servers.net. IN A 192.5.6.30 230ENTRY_END 231 232ENTRY_BEGIN 233MATCH qname opcode 234ADJUST copy_id copy_query 235REPLY QR NOERROR 236SECTION QUESTION 237shortloop.x.x. IN CNAME 238SECTION ANSWER 239x. DNAME . 240shortloop.x.x. IN CNAME shortloop.x. 241shortloop.x. IN CNAME shortloop. 242ENTRY_END 243 244ENTRY_BEGIN 245MATCH qname opcode 246ADJUST copy_id copy_query 247REPLY QR NOERROR 248SECTION QUESTION 249shortloop.x. IN CNAME 250SECTION ANSWER 251x. DNAME . 252shortloop.x. IN CNAME shortloop. 253ENTRY_END 254 255ENTRY_BEGIN 256MATCH qname qtype opcode 257ADJUST copy_id 258REPLY QR NOERROR 259SECTION QUESTION 26060o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS 261SECTION AUTHORITY 26260o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. 263SECTION ADDITIONAL 264a.gtld-servers.net. IN A 192.5.6.30 265ENTRY_END 266 267ENTRY_BEGIN 268MATCH qname qtype opcode 269ADJUST copy_id 270REPLY QR NOERROR 271SECTION QUESTION 272long. IN NS 273SECTION AUTHORITY 274long. IN NS a.gtld-servers.net. 275SECTION ADDITIONAL 276a.gtld-servers.net. IN A 192.5.6.30 277ENTRY_END 278 279; DNAME at zone apex, allowed by RFC 6672 section 2.3 280ENTRY_BEGIN 281MATCH qname qtype opcode 282ADJUST copy_id 283REPLY QR AA NOERROR 284SECTION QUESTION 285long. IN DNAME 286SECTION ANSWER 287long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 288ENTRY_END 289 290ENTRY_BEGIN 291MATCH qname qtype opcode 292ADJUST copy_id 293REPLY QR AA NOERROR 294SECTION QUESTION 295x.long. IN A 296SECTION ANSWER 297long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 298x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 299x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 300ENTRY_END 301 302ENTRY_BEGIN 303MATCH qname qtype opcode 304ADJUST copy_id 305REPLY QR AA NOERROR 306SECTION QUESTION 307x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A 308SECTION ANSWER 309x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 310ENTRY_END 311 312ENTRY_BEGIN 313MATCH qname opcode 314ADJUST copy_id copy_query 315REPLY QR AA YXDOMAIN 316SECTION QUESTION 317too.long. IN A 318SECTION ANSWER 319long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 320ENTRY_END 321RANGE_END 322; end of a.gtld-servers.net. 323 324; RFC 6672 section 2.2. The DNAME Substitution table tests 325;# QNAME owner DNAME target result 326;-- ---------------- -------------- -------------- ----------------- 327;1 com. example.com. example.net. <no match> 328;2 example.com. example.com. example.net. [0] 329;3 a.example.com. example.com. example.net. a.example.net. 330;4 a.b.example.com. example.com. example.net. a.b.example.net. 331;5 ab.example.com. b.example.com. example.net. <no match> 332;6 foo.example.com. example.com. example.net. foo.example.net. 333;7 a.x.example.com. x.example.com. example.net. a.example.net. 334;8 a.example.com. example.com. y.example.net. a.y.example.net. 335;9 cyc.example.com. example.com. example.com. cyc.example.com. 336;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. 337;11 shortloop.x.x. x. . shortloop.x. 338;12 shortloop.x. x. . shortloop. 339; 340; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then 341; the result is "example.com.", else "<no match>". 342; 343; Table 1. DNAME Substitution Examples 344 345; ; line no. 1 is mostly for authoritative server 346; ; line no. 2 QTYPE != DNAME 347; STEP 220201 QUERY 348; ENTRY_BEGIN 349; REPLY RD DO 350; SECTION QUESTION 351; example.com. IN NS 352; ENTRY_END 353; 354; STEP 220202 CHECK_ANSWER 355; ENTRY_BEGIN 356; MATCH rcode answer 357; REPLY QR RD RA DO 358; SECTION QUESTION 359; example.com. IN NS 360; SECTION ANSWER 361; example.com. IN NS ns1.example.com. 362; ENTRY_END 363; 364; ; line no. 2 QTYPE == DNAME 365; STEP 220203 QUERY 366; ENTRY_BEGIN 367; REPLY RD DO 368; SECTION QUESTION 369; example.com. IN DNAME 370; ENTRY_END 371; 372; STEP 220204 CHECK_ANSWER 373; ENTRY_BEGIN 374; MATCH rcode question answer 375; REPLY QR RD RA DO 376; SECTION QUESTION 377; example.com. IN DNAME 378; SECTION ANSWER 379; example.com. IN DNAME example.net. 380; ENTRY_END 381; 382; 383; ;# QNAME owner DNAME target result 384; ;-- ---------------- -------------- -------------- ----------------- 385; ;3 a.example.com. example.com. example.net. a.example.net. 386; 387; STEP 220301 QUERY 388; ENTRY_BEGIN 389; REPLY RD DO 390; SECTION QUESTION 391; a.example.com. IN A 392; ENTRY_END 393; 394; STEP 220302 CHECK_ANSWER 395; ENTRY_BEGIN 396; MATCH rcode question answer 397; SECTION QUESTION 398; a.example.com. IN A 399; SECTION ANSWER 400; example.com. IN DNAME example.net. 401; a.example.com. IN CNAME a.example.net. 402; a.example.net. IN A 10.0.0.97 403; ENTRY_END 404; 405; ;# QNAME owner DNAME target result 406; ;-- ---------------- -------------- -------------- ----------------- 407; ;4 a.b.example.com. example.com. example.net. a.b.example.net. 408; 409; STEP 220401 QUERY 410; ENTRY_BEGIN 411; REPLY RD DO 412; SECTION QUESTION 413; a.b.example.com. IN A 414; ENTRY_END 415; 416; STEP 220402 CHECK_ANSWER 417; ENTRY_BEGIN 418; MATCH rcode question answer 419; SECTION QUESTION 420; a.b.example.com. IN A 421; SECTION ANSWER 422; example.com. IN DNAME example.net. 423; a.b.example.com. IN CNAME a.b.example.net. 424; a.b.example.net. IN A 10.0.97.98 425; ENTRY_END 426; 427; ;# QNAME owner DNAME target result 428; ;-- ---------------- -------------- -------------- ----------------- 429; ;5 ab.example.com. b.example.com. example.net. <no match> 430; ;6 foo.example.com. example.com. example.net. foo.example.net. 431; 432; ; line no. 5 is mostly for authoritative server 433; ; line no. 6 is basically the same as line no. 3 434; 435; ; ns1.example.com. 436; RANGE_BEGIN 220000 220699 437; ADDRESS 168.192.2.2 438; ENTRY_BEGIN 439; MATCH opcode qtype qname 440; ADJUST copy_id 441; REPLY QR AA NOERROR 442; SECTION QUESTION 443; example.com. IN NS 444; SECTION ANSWER 445; example.com. IN NS ns1.example.com. 446; SECTION ADDITIONAL 447; ns1.example.com. IN A 168.192.2.2 448; ENTRY_END 449; 450; ENTRY_BEGIN 451; MATCH opcode qtype qname 452; ADJUST copy_id 453; REPLY QR AA NOERROR 454; SECTION QUESTION 455; ns1.example.com. IN A 456; SECTION ANSWER 457; ns1.example.com. IN A 168.192.2.2 458; ENTRY_END 459; 460; ENTRY_BEGIN 461; MATCH opcode qtype qname 462; ADJUST copy_id 463; REPLY QR AA NOERROR 464; SECTION QUESTION 465; ns1.example.com. IN AAAA 466; SECTION ANSWER 467; ENTRY_END 468; 469; ; line 2 DNAME 470; ENTRY_BEGIN 471; MATCH opcode qtype qname 472; ADJUST copy_id 473; REPLY QR AA NOERROR 474; SECTION QUESTION 475; example.com. IN DNAME 476; SECTION ANSWER 477; example.com. IN DNAME example.net. 478; ENTRY_END 479; 480; ; line 3 481; ENTRY_BEGIN 482; MATCH opcode qtype qname 483; ADJUST copy_id 484; REPLY QR AA NOERROR 485; SECTION QUESTION 486; a.example.com. IN A 487; SECTION ANSWER 488; example.com. IN DNAME example.net. 489; a.example.com. IN CNAME a.example.net. 490; ENTRY_END 491; 492; ; line 4 493; ENTRY_BEGIN 494; MATCH opcode qtype qname 495; ADJUST copy_id 496; REPLY QR AA NOERROR 497; SECTION QUESTION 498; a.b.example.com. IN A 499; SECTION ANSWER 500; example.com. IN DNAME example.net. 501; a.b.example.com. IN CNAME a.b.example.net. 502; ENTRY_END 503; RANGE_END 504; ; end of ns1.example.com. 505; 506; 507; ;# QNAME owner DNAME target result 508; ;-- ---------------- -------------- -------------- ----------------- 509; ;7 a.x.example.com. x.example.com. example.net. a.example.net. 510; 511; STEP 220701 QUERY 512; ENTRY_BEGIN 513; REPLY RD DO 514; SECTION QUESTION 515; a.x.example.com. IN A 516; ENTRY_END 517; 518; STEP 220702 CHECK_ANSWER 519; ENTRY_BEGIN 520; MATCH rcode question answer 521; SECTION QUESTION 522; a.x.example.com. IN A 523; SECTION ANSWER 524; x.example.com. IN DNAME example.net. 525; a.x.example.com. IN CNAME a.example.net. 526; a.example.net. IN A 10.0.0.97 527; ENTRY_END 528; 529; ; ns1.example.com. 530; RANGE_BEGIN 220700 220799 531; ADDRESS 168.192.2.2 532; ENTRY_BEGIN 533; MATCH opcode qtype qname 534; ADJUST copy_id 535; REPLY QR AA NOERROR 536; SECTION QUESTION 537; example.com. IN NS 538; SECTION ANSWER 539; example.com. IN NS ns1.example.com. 540; SECTION ADDITIONAL 541; ns1.example.com. IN A 168.192.2.2 542; ENTRY_END 543; 544; ENTRY_BEGIN 545; MATCH opcode qtype qname 546; ADJUST copy_id 547; REPLY QR AA NOERROR 548; SECTION QUESTION 549; ns1.example.com. IN A 550; SECTION ANSWER 551; ns1.example.com. IN A 168.192.2.2 552; ENTRY_END 553; 554; ENTRY_BEGIN 555; MATCH opcode qtype qname 556; ADJUST copy_id 557; REPLY QR AA NOERROR 558; SECTION QUESTION 559; ns1.example.com. IN AAAA 560; SECTION ANSWER 561; ENTRY_END 562; 563; ; line 7 DNAME 564; ENTRY_BEGIN 565; MATCH opcode qtype qname 566; ADJUST copy_id 567; REPLY QR AA NOERROR 568; SECTION QUESTION 569; example.com. IN DNAME 570; SECTION ANSWER 571; x.example.com. IN DNAME example.net. 572; ENTRY_END 573; 574; ENTRY_BEGIN 575; MATCH opcode qtype qname 576; ADJUST copy_id 577; REPLY QR AA NOERROR 578; SECTION QUESTION 579; a.x.example.com. IN A 580; SECTION ANSWER 581; x.example.com. IN DNAME example.net. 582; a.x.example.com. IN CNAME a.example.net. 583; ENTRY_END 584; RANGE_END 585; ; end of ns1.example.com. 586; 587; ;# QNAME owner DNAME target result 588; ;-- ---------------- -------------- -------------- ----------------- 589; ;8 a.example.com. example.com. y.example.net. a.y.example.net. 590; ; 591; ; a.example.com. was renamed to a2.example.com. to avoid cache clashes 592; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) 593; 594; STEP 220801 QUERY 595; ENTRY_BEGIN 596; REPLY RD DO 597; SECTION QUESTION 598; a2.example.com. IN A 599; ENTRY_END 600; 601; STEP 220802 CHECK_ANSWER 602; ENTRY_BEGIN 603; MATCH rcode question answer 604; SECTION QUESTION 605; a2.example.com. IN A 606; SECTION ANSWER 607; example.com. IN DNAME y.example.net. 608; a2.example.com. IN CNAME a2.y.example.net. 609; a2.y.example.net. IN A 10.97.50.121 610; ENTRY_END 611; 612; ; ns1.example.com. 613; RANGE_BEGIN 220800 220899 614; ADDRESS 168.192.2.2 615; ENTRY_BEGIN 616; MATCH opcode qtype qname 617; ADJUST copy_id 618; REPLY QR AA NOERROR 619; SECTION QUESTION 620; example.com. IN NS 621; SECTION ANSWER 622; example.com. IN NS ns1.example.com. 623; SECTION ADDITIONAL 624; ns1.example.com. IN A 168.192.2.2 625; ENTRY_END 626; 627; ENTRY_BEGIN 628; MATCH opcode qtype qname 629; ADJUST copy_id 630; REPLY QR AA NOERROR 631; SECTION QUESTION 632; ns1.example.com. IN A 633; SECTION ANSWER 634; ns1.example.com. IN A 168.192.2.2 635; ENTRY_END 636; 637; ENTRY_BEGIN 638; MATCH opcode qtype qname 639; ADJUST copy_id 640; REPLY QR AA NOERROR 641; SECTION QUESTION 642; ns1.example.com. IN AAAA 643; SECTION ANSWER 644; ENTRY_END 645; 646; ; line 8 DNAME 647; ENTRY_BEGIN 648; MATCH opcode qtype qname 649; ADJUST copy_id 650; REPLY QR AA NOERROR 651; SECTION QUESTION 652; example.com. IN DNAME 653; SECTION ANSWER 654; example.com. IN DNAME y.example.net. 655; ENTRY_END 656; 657; ENTRY_BEGIN 658; MATCH opcode qtype qname 659; ADJUST copy_id 660; REPLY QR AA NOERROR 661; SECTION QUESTION 662; a2.example.com. IN A 663; SECTION ANSWER 664; example.com. IN DNAME y.example.net. 665; a2.example.com. IN CNAME a2.y.example.net. 666; ENTRY_END 667; RANGE_END 668; ; end of ns1.example.com. 669; 670; 671; ;# QNAME owner DNAME target result 672; ;-- ---------------- -------------- -------------- ----------------- 673; ;9 cyc.example.com. example.com. example.com. cyc.example.com. 674; 675; STEP 220901 QUERY 676; ENTRY_BEGIN 677; REPLY RD DO 678; SECTION QUESTION 679; cyc.example.com. IN A 680; ENTRY_END 681; 682; ; Expected result is defined by RFC 1034 section 3.6.2: 683; ; CNAME chains should be followed and CNAME loops signalled as an error 684; STEP 220902 CHECK_ANSWER 685; ENTRY_BEGIN 686; MATCH rcode question answer 687; REPLY SERVFAIL 688; SECTION QUESTION 689; cyc.example.com. IN A 690; ENTRY_END 691; 692; ; ns1.example.com. 693; RANGE_BEGIN 220900 220999 694; ADDRESS 168.192.2.2 695; ENTRY_BEGIN 696; MATCH opcode qtype qname 697; ADJUST copy_id 698; REPLY QR AA NOERROR 699; SECTION QUESTION 700; example.com. IN NS 701; SECTION ANSWER 702; example.com. IN NS ns1.example.com. 703; SECTION ADDITIONAL 704; ns1.example.com. IN A 168.192.2.2 705; ENTRY_END 706; 707; ENTRY_BEGIN 708; MATCH opcode qtype qname 709; ADJUST copy_id 710; REPLY QR AA NOERROR 711; SECTION QUESTION 712; ns1.example.com. IN A 713; SECTION ANSWER 714; ns1.example.com. IN A 168.192.2.2 715; ENTRY_END 716; 717; ENTRY_BEGIN 718; MATCH opcode qtype qname 719; ADJUST copy_id 720; REPLY QR AA NOERROR 721; SECTION QUESTION 722; ns1.example.com. IN AAAA 723; SECTION ANSWER 724; ENTRY_END 725; 726; ; line 9 DNAME 727; ENTRY_BEGIN 728; MATCH opcode qtype qname 729; ADJUST copy_id 730; REPLY QR AA NOERROR 731; SECTION QUESTION 732; example.com. IN DNAME 733; SECTION ANSWER 734; example.com. IN DNAME example.com. 735; ENTRY_END 736; 737; ENTRY_BEGIN 738; MATCH opcode qtype qname 739; ADJUST copy_id 740; REPLY QR AA NOERROR 741; SECTION QUESTION 742; cyc.example.com. IN A 743; SECTION ANSWER 744; example.com. IN DNAME example.com. 745; cyc.example.com. IN CNAME cyc.example.com. 746; ENTRY_END 747; RANGE_END 748; ; end of ns1.example.com. 749; 750; ;# QNAME owner DNAME target result 751; ;-- ---------------- -------------- -------------- ----------------- 752; ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. 753; ; 754; ; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes 755; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) 756; ; 757; ; target c.example.com. was renamed to cyc2.example.net. 758; ; to limit number of pre-canned answers required for the test 759; 760; STEP 221001 QUERY 761; ENTRY_BEGIN 762; REPLY RD DO 763; SECTION QUESTION 764; cyc2.example.com. IN A 765; ENTRY_END 766; 767; ; Expected result is defined by RFC 1034 section 3.6.2: 768; ; CNAME chains should be followed and CNAME loops signalled as an error 769; STEP 221002 CHECK_ANSWER 770; ENTRY_BEGIN 771; MATCH rcode question answer 772; REPLY SERVFAIL 773; SECTION QUESTION 774; cyc2.example.com. IN A 775; ENTRY_END 776; 777; ; ns1.example.com. 778; RANGE_BEGIN 221000 221099 779; ADDRESS 168.192.2.2 780; ENTRY_BEGIN 781; MATCH opcode qtype qname 782; ADJUST copy_id 783; REPLY QR AA NOERROR 784; SECTION QUESTION 785; example.com. IN NS 786; SECTION ANSWER 787; example.com. IN NS ns1.example.com. 788; SECTION ADDITIONAL 789; ns1.example.com. IN A 168.192.2.2 790; ENTRY_END 791; 792; ENTRY_BEGIN 793; MATCH opcode qtype qname 794; ADJUST copy_id 795; REPLY QR AA NOERROR 796; SECTION QUESTION 797; ns1.example.com. IN A 798; SECTION ANSWER 799; ns1.example.com. IN A 168.192.2.2 800; ENTRY_END 801; 802; ENTRY_BEGIN 803; MATCH opcode qtype qname 804; ADJUST copy_id 805; REPLY QR AA NOERROR 806; SECTION QUESTION 807; ns1.example.com. IN AAAA 808; SECTION ANSWER 809; ENTRY_END 810; 811; ; line 10 DNAME 812; ENTRY_BEGIN 813; MATCH opcode qtype qname 814; ADJUST copy_id 815; REPLY QR AA NOERROR 816; SECTION QUESTION 817; example.com. IN DNAME 818; SECTION ANSWER 819; example.com. IN DNAME cyc2.example.net. 820; ENTRY_END 821; 822; ENTRY_BEGIN 823; MATCH opcode qtype qname 824; ADJUST copy_id 825; REPLY QR AA NOERROR 826; SECTION QUESTION 827; cyc2.example.com. IN A 828; SECTION ANSWER 829; example.com. IN DNAME cyc2.example.net. 830; cyc2.example.com. IN CNAME cyc2.cyc2.example.net. 831; ENTRY_END 832; RANGE_END 833; ; end of ns1.example.com. 834; 835; ;# QNAME owner DNAME target result 836; ;-- ---------------- -------------- -------------- ----------------- 837; ;11 shortloop.x.x. x. . shortloop.x. 838; 839; STEP 221101 QUERY 840; ENTRY_BEGIN 841; REPLY RD DO 842; SECTION QUESTION 843; shortloop.x.x. TXT 844; ENTRY_END 845; 846; STEP 221102 CHECK_ANSWER 847; ENTRY_BEGIN 848; MATCH rcode question answer 849; SECTION QUESTION 850; shortloop.x.x. IN TXT 851; SECTION ANSWER 852; x. IN DNAME . 853; ; unbound hack 854; x. IN DNAME . 855; shortloop.x.x. IN CNAME shortloop.x. 856; shortloop.x. IN CNAME shortloop. 857; shortloop. IN TXT "shortloop end" 858; ENTRY_END 859; 860; ;# QNAME owner DNAME target result 861; ;-- ---------------- -------------- -------------- ----------------- 862; ;12 shortloop.x. x. . shortloop. 863; 864; ; expire potentically cached CNAMEs for shortloop.x. from cache 865; STEP 221200 TIME_PASSES ELAPSE 10000 866; 867; STEP 221201 QUERY 868; ENTRY_BEGIN 869; REPLY RD DO 870; SECTION QUESTION 871; shortloop.x. TXT 872; ENTRY_END 873; 874; STEP 221202 CHECK_ANSWER 875; ENTRY_BEGIN 876; MATCH rcode question answer 877; SECTION QUESTION 878; shortloop.x. IN TXT 879; SECTION ANSWER 880; x. IN DNAME . 881; shortloop.x. IN CNAME shortloop. 882; shortloop. IN TXT "shortloop end" 883; ENTRY_END 884; 885; 886; ; ns1.example.net. (data shared by whole 22xxxx range) 887; RANGE_BEGIN 220000 229999 888; ADDRESS 168.192.3.3 889; ENTRY_BEGIN 890; MATCH opcode qtype qname 891; ADJUST copy_id 892; REPLY QR AA NOERROR 893; SECTION QUESTION 894; example.net. IN NS 895; SECTION ANSWER 896; example.net. IN NS ns1.example.net. 897; SECTION ADDITIONAL 898; example.net. IN A 168.192.3.3 899; ENTRY_END 900; 901; ENTRY_BEGIN 902; MATCH opcode qtype qname 903; ADJUST copy_id 904; REPLY QR AA NOERROR 905; SECTION QUESTION 906; ns1.example.net. IN A 907; SECTION ANSWER 908; ns1.example.net. IN A 168.192.3.3 909; ENTRY_END 910; 911; ENTRY_BEGIN 912; MATCH opcode qtype qname 913; ADJUST copy_id 914; REPLY QR AA NOERROR 915; SECTION QUESTION 916; ns1.example.net. IN AAAA 917; SECTION ANSWER 918; ENTRY_END 919; 920; ; line 3 921; ENTRY_BEGIN 922; MATCH opcode qtype qname 923; ADJUST copy_id 924; REPLY QR AA NOERROR 925; SECTION QUESTION 926; a.example.net. IN A 927; SECTION ANSWER 928; a.example.net. IN A 10.0.0.97 929; ENTRY_END 930; 931; ; line 4 932; ENTRY_BEGIN 933; MATCH opcode qtype qname 934; ADJUST copy_id 935; REPLY QR AA NOERROR 936; SECTION QUESTION 937; a.b.example.net. IN A 938; SECTION ANSWER 939; a.b.example.net. IN A 10.0.97.98 940; ENTRY_END 941; 942; ENTRY_BEGIN 943; MATCH opcode qtype qname 944; ADJUST copy_id 945; REPLY QR AA NOERROR 946; SECTION QUESTION 947; a2.y.example.net. IN A 948; SECTION ANSWER 949; a2.y.example.net. IN A 10.97.50.121 950; ENTRY_END 951; 952; ; line 10 953; ENTRY_BEGIN 954; MATCH opcode qtype qname 955; ADJUST copy_id 956; REPLY QR AA NOERROR 957; SECTION QUESTION 958; cyc2.example.net. IN DNAME 959; SECTION ANSWER 960; cyc2.example.net. IN DNAME example.com. 961; ENTRY_END 962; 963; ENTRY_BEGIN 964; MATCH opcode qtype qname 965; ADJUST copy_id 966; REPLY QR AA NOERROR 967; SECTION QUESTION 968; cyc2.cyc2.example.net. IN A 969; SECTION ANSWER 970; cyc2.example.net. IN DNAME example.com. 971; cyc2.cyc2.example.com. IN CNAME cyc2.example.com. 972; ENTRY_END 973; RANGE_END 974; ; end of ns1.example.net. 975; 976; 977; ; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution 978; ; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. 979; STEP 229001 QUERY 980; ENTRY_BEGIN 981; REPLY RD DO 982; SECTION QUESTION 983; x.long. IN A 984; ENTRY_END 985; 986; ; query returning maximal permissible length - should work 987; STEP 229002 CHECK_ANSWER 988; ENTRY_BEGIN 989; MATCH rcode question answer 990; SECTION QUESTION 991; x.long. IN A 992; SECTION ANSWER 993; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 994; x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 995; x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 996; ENTRY_END 997 998; result of substitution has too long name 999; YXDOMAIN should be propagated to the client 1000; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html 1001STEP 229003 QUERY 1002ENTRY_BEGIN 1003REPLY RD DO 1004SECTION QUESTION 1005too.long. IN A 1006ENTRY_END 1007 1008STEP 229004 CHECK_ANSWER 1009ENTRY_BEGIN 1010MATCH rcode question answer 1011REPLY QR YXDOMAIN 1012SECTION QUESTION 1013too.long. IN A 1014SECTION ANSWER 1015long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 1016ENTRY_END 1017 1018 ; ; YXDOMAIN should work even if the cache is empty 1019 ; STEP 229005 TIME_PASSES ELAPSE 4000 1020 ; 1021 ; STEP 229006 QUERY 1022 ; ENTRY_BEGIN 1023 ; REPLY RD DO 1024 ; SECTION QUESTION 1025 ; too.long. IN A 1026 ; ENTRY_END 1027 ; 1028 ; STEP 229007 CHECK_ANSWER 1029 ; ENTRY_BEGIN 1030 ; MATCH rcode question answer 1031 ; REPLY QR YXDOMAIN 1032 ; SECTION QUESTION 1033 ; x.long. IN A 1034 ; SECTION ANSWER 1035 ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 1036 ; ENTRY_END 1037 1038 1039 1040 1041SCENARIO_END 1042