1; config options 2server: 3 target-fetch-policy: "0 0 0 0 0" 4 qname-minimisation: "no" 5 minimal-responses: no 6 7 private-address: 10.0.0.0/8 8 private-address: 172.16.0.0/12 9 private-address: 192.168.0.0/16 10 private-address: 169.254.0.0/16 11 private-address: fd00::/8 12 private-address: fe80::/10 13 14 private-domain: "example.net" 15 16stub-zone: 17 name: "." 18 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 19 20CONFIG_END 21 22SCENARIO_BEGIN Test iterator scrubber with private addresses. 23 24; K.ROOT-SERVERS.NET. 25RANGE_BEGIN 0 100 26 ADDRESS 193.0.14.129 27ENTRY_BEGIN 28MATCH opcode qtype qname 29ADJUST copy_id 30REPLY QR NOERROR 31SECTION QUESTION 32. IN NS 33SECTION ANSWER 34. IN NS K.ROOT-SERVERS.NET. 35SECTION ADDITIONAL 36K.ROOT-SERVERS.NET. IN A 193.0.14.129 37ENTRY_END 38 39ENTRY_BEGIN 40MATCH opcode subdomain 41ADJUST copy_id copy_query 42REPLY QR NOERROR 43SECTION QUESTION 44com. IN A 45SECTION AUTHORITY 46com. IN NS a.gtld-servers.net. 47SECTION ADDITIONAL 48a.gtld-servers.net. IN A 192.5.6.30 49ENTRY_END 50 51; root server authoritative for example.net too. 52ENTRY_BEGIN 53MATCH opcode qtype qname 54ADJUST copy_id 55REPLY QR NOERROR 56SECTION QUESTION 57mail.example.net. IN A 58SECTION ANSWER 59mail.example.net. IN A 10.20.30.40 60ENTRY_END 61RANGE_END 62 63; a.gtld-servers.net. 64RANGE_BEGIN 0 100 65 ADDRESS 192.5.6.30 66ENTRY_BEGIN 67MATCH opcode qtype qname 68ADJUST copy_id 69REPLY QR NOERROR 70SECTION QUESTION 71com. IN NS 72SECTION ANSWER 73com. IN NS a.gtld-servers.net. 74SECTION ADDITIONAL 75a.gtld-servers.net. IN A 192.5.6.30 76ENTRY_END 77 78ENTRY_BEGIN 79MATCH opcode subdomain 80ADJUST copy_id copy_query 81REPLY QR NOERROR 82SECTION QUESTION 83example.com. IN A 84SECTION AUTHORITY 85example.com. IN NS ns.example.com. 86SECTION ADDITIONAL 87ns.example.com. IN A 1.2.3.4 88ENTRY_END 89RANGE_END 90 91; ns.example.com. 92RANGE_BEGIN 0 100 93 ADDRESS 1.2.3.4 94ENTRY_BEGIN 95MATCH opcode qtype qname 96ADJUST copy_id 97REPLY QR NOERROR 98SECTION QUESTION 99example.com. IN NS 100SECTION ANSWER 101example.com. IN NS ns.example.com. 102SECTION ADDITIONAL 103ns.example.com. IN A 1.2.3.4 104ENTRY_END 105 106ENTRY_BEGIN 107MATCH opcode qtype qname 108ADJUST copy_id 109REPLY QR NOERROR 110SECTION QUESTION 111ns.example.com. IN A 112SECTION ANSWER 113ns.example.com. IN A 1.2.3.4 114SECTION AUTHORITY 115example.com. IN NS ns.example.com. 116ENTRY_END 117 118ENTRY_BEGIN 119MATCH opcode qtype qname 120ADJUST copy_id 121REPLY QR NOERROR 122SECTION QUESTION 123ns.example.com. IN AAAA 124SECTION ANSWER 125SECTION AUTHORITY 126example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 127ENTRY_END 128 129ENTRY_BEGIN 130MATCH opcode qtype qname 131ADJUST copy_id 132REPLY QR NOERROR 133SECTION QUESTION 134www.example.com. IN A 135SECTION ANSWER 136www.example.com. IN A 192.20.30.40 137SECTION AUTHORITY 138example.com. IN NS ns.example.com. 139SECTION ADDITIONAL 140ns.example.com. IN A 1.2.3.4 141ENTRY_END 142 143ENTRY_BEGIN 144MATCH opcode qtype qname 145ADJUST copy_id 146REPLY QR NOERROR 147SECTION QUESTION 148mail.example.com. IN AAAA 149SECTION ANSWER 150mail.example.com. IN AAAA fe80::15 151SECTION AUTHORITY 152example.com. IN NS ns.example.com. 153SECTION ADDITIONAL 154ns.example.com. IN A 1.2.3.4 155ENTRY_END 156 157ENTRY_BEGIN 158MATCH opcode qtype qname 159ADJUST copy_id 160REPLY QR NOERROR 161SECTION QUESTION 162foo.example.com. IN A 163SECTION ANSWER 164foo.example.com. IN A 10.20.30.40 165SECTION AUTHORITY 166example.com. IN NS ns.example.com. 167SECTION ADDITIONAL 168ns.example.com. IN A 1.2.3.4 169ENTRY_END 170 171ENTRY_BEGIN 172MATCH opcode qtype qname 173ADJUST copy_id 174REPLY QR NOERROR 175SECTION QUESTION 176toss.example.com. IN A 177SECTION ANSWER 178toss.example.com. IN A 10.20.30.40 179toss.example.com. IN A 1.2.3.4 180toss.example.com. IN A 10.20.30.41 181SECTION AUTHORITY 182example.com. IN NS ns.example.com. 183SECTION ADDITIONAL 184ns.example.com. IN A 1.2.3.4 185ENTRY_END 186RANGE_END 187 188; public address is not scrubbed 189STEP 1 QUERY 190ENTRY_BEGIN 191REPLY RD 192SECTION QUESTION 193www.example.com. IN A 194ENTRY_END 195 196; recursion happens here. 197STEP 2 CHECK_ANSWER 198ENTRY_BEGIN 199MATCH all 200REPLY QR RD RA NOERROR 201SECTION QUESTION 202www.example.com. IN A 203SECTION ANSWER 204www.example.com. IN A 192.20.30.40 205SECTION AUTHORITY 206example.com. IN NS ns.example.com. 207SECTION ADDITIONAL 208ns.example.com. IN A 1.2.3.4 209ENTRY_END 210 211; IPv4 address is scrubbed 212STEP 3 QUERY 213ENTRY_BEGIN 214REPLY RD 215SECTION QUESTION 216foo.example.com. IN A 217ENTRY_END 218 219; recursion happens here. 220STEP 10 CHECK_ANSWER 221ENTRY_BEGIN 222MATCH all 223REPLY QR RD RA SERVFAIL 224SECTION QUESTION 225foo.example.com. IN A 226SECTION ANSWER 227; scrubbed away 228;foo.example.com. IN A 10.20.30.40 229ENTRY_END 230 231; IPv6 address is scrubbed 232STEP 20 QUERY 233ENTRY_BEGIN 234REPLY RD 235SECTION QUESTION 236mail.example.com. IN AAAA 237ENTRY_END 238 239STEP 30 CHECK_ANSWER 240ENTRY_BEGIN 241MATCH all 242REPLY QR RD RA SERVFAIL 243SECTION QUESTION 244mail.example.com. IN AAAA 245SECTION ANSWER 246ENTRY_END 247 248; allowed domain is not scrubbed. 249STEP 40 QUERY 250ENTRY_BEGIN 251REPLY RD 252SECTION QUESTION 253mail.example.net. IN A 254ENTRY_END 255 256STEP 50 CHECK_ANSWER 257ENTRY_BEGIN 258MATCH all 259REPLY QR RD RA NOERROR 260SECTION QUESTION 261mail.example.net. IN A 262SECTION ANSWER 263mail.example.net. IN A 10.20.30.40 264ENTRY_END 265 266; rest of RRset intact, only 10/8 tossed away. 267STEP 60 QUERY 268ENTRY_BEGIN 269REPLY RD 270SECTION QUESTION 271toss.example.com. IN A 272ENTRY_END 273 274STEP 70 CHECK_ANSWER 275ENTRY_BEGIN 276MATCH all 277REPLY QR RD RA NOERROR 278SECTION QUESTION 279toss.example.com. IN A 280SECTION ANSWER 281; toss.example.com. IN A 10.20.30.40 282toss.example.com. IN A 1.2.3.4 283SECTION AUTHORITY 284example.com. IN NS ns.example.com. 285SECTION ADDITIONAL 286ns.example.com. IN A 1.2.3.4 287ENTRY_END 288 289SCENARIO_END 290