xref: /netbsd-src/external/bsd/unbound/dist/testdata/subnet_max_source.crpl (revision f42d8de7d1744f0ae38eedac13b4320e5351d1d6) 
1; When the triggering query includes ECS option, source prefix-length should
2; be set to the shorter of the incoming query or server maximum cacheable prefix
3; length
4
5server:
6	val-override-date: "20070916134226"
7	target-fetch-policy: "0 0 0 0 0"
8	send-client-subnet: 1.2.3.4
9	max-client-subnet-ipv4: 17
10	module-config: "subnetcache validator iterator"
11	verbosity: 3
12	qname-minimisation: "no"
13	minimal-responses: no
14
15stub-zone:
16	name: "."
17	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
18CONFIG_END
19
20SCENARIO_BEGIN Test shortest source prefix-length
21
22; K.ROOT-SERVERS.NET.
23RANGE_BEGIN 0 100
24	ADDRESS 193.0.14.129
25	ENTRY_BEGIN
26		MATCH opcode qtype qname ednsdata
27		ADJUST copy_id
28		REPLY QR NOERROR
29		SECTION QUESTION
30			. IN NS
31		SECTION ANSWER
32			. IN NS	K.ROOT-SERVERS.NET.
33		SECTION ADDITIONAL
34			HEX_EDNSDATA_BEGIN
35				;; we expect to receive empty
36			HEX_EDNSDATA_END
37			K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
38	ENTRY_END
39
40	ENTRY_BEGIN
41		MATCH opcode qtype qname
42		ADJUST copy_id
43		REPLY QR NOERROR
44		SECTION QUESTION
45			www.example.com. IN A
46		SECTION AUTHORITY
47			com.	IN NS	a.gtld-servers.net.
48		SECTION ADDITIONAL
49			a.gtld-servers.net.	IN 	A	192.5.6.30
50	ENTRY_END
51RANGE_END
52
53; a.gtld-servers.net.
54RANGE_BEGIN 0 100
55	ADDRESS 192.5.6.30
56	ENTRY_BEGIN
57		MATCH opcode qtype qname ednsdata
58		ADJUST copy_id
59		REPLY QR NOERROR
60		SECTION QUESTION
61			com. IN NS
62		SECTION ANSWER
63			com.    IN NS   a.gtld-servers.net.
64		SECTION ADDITIONAL
65			HEX_EDNSDATA_BEGIN
66				;; we expect to receive empty
67			HEX_EDNSDATA_END
68			a.gtld-servers.net.     IN      A       192.5.6.30
69	ENTRY_END
70
71	ENTRY_BEGIN
72		MATCH opcode qtype qname
73		ADJUST copy_id
74		REPLY QR NOERROR
75		SECTION QUESTION
76			www.example.com. IN A
77		SECTION AUTHORITY
78			example.com.	IN NS	ns.example.com.
79		SECTION ADDITIONAL
80			ns.example.com.		IN 	A	1.2.3.4
81	ENTRY_END
82RANGE_END
83
84; ns.example.com.
85RANGE_BEGIN 0 100
86	ADDRESS 1.2.3.4
87	ENTRY_BEGIN
88		MATCH opcode qtype qname ednsdata
89		ADJUST copy_id copy_ednsdata_assume_clientsubnet
90		REPLY QR NOERROR
91		SECTION QUESTION
92			example.com. IN NS
93		SECTION ANSWER
94			example.com.    IN NS   ns.example.com.
95		SECTION ADDITIONAL
96			HEX_EDNSDATA_BEGIN
97				;; we expect to receive empty
98			HEX_EDNSDATA_END
99			ns.example.com.         IN      A       1.2.3.4
100	ENTRY_END
101
102	; response to query of interest
103	ENTRY_BEGIN
104		MATCH opcode qtype qname ednsdata
105		ADJUST copy_id copy_ednsdata_assume_clientsubnet
106		REPLY QR NOERROR
107		SECTION QUESTION
108			www.example.com. IN A
109		SECTION ANSWER
110			www.example.com. IN A	10.20.30.40
111		SECTION AUTHORITY
112			example.com.	IN NS	ns.example.com.
113		SECTION ADDITIONAL
114			HEX_EDNSDATA_BEGIN
115							; client is 127.0.0.1
116				00 08 		; OPC
117				00 06 		; option length
118				00 01 		; Family
119				10 00 		; source mask, scopemask
120				7f 00    	; address
121			HEX_EDNSDATA_END
122			ns.example.com.		IN 	A	1.2.3.4
123	ENTRY_END
124
125	; client send /18, we expect /17
126	ENTRY_BEGIN
127		MATCH opcode qtype qname ednsdata
128		ADJUST copy_id copy_ednsdata_assume_clientsubnet
129		REPLY QR NOERROR
130		SECTION QUESTION
131			www.example.com. IN A
132		SECTION ANSWER
133			www.example.com. IN A	10.20.30.50
134		SECTION AUTHORITY
135			example.com.	IN NS	ns.example.com.
136		SECTION ADDITIONAL
137			HEX_EDNSDATA_BEGIN
138							; client is 127.1.0.1
139				00 08 		; OPC
140				00 07 		; option length
141				00 01 		; Family
142				11 00 		; source mask, scopemask
143				7f 01 00   	; address
144			HEX_EDNSDATA_END
145			ns.example.com.		IN 	A	1.2.3.4
146	ENTRY_END
147
148	; client send /17, we return /18
149	ENTRY_BEGIN
150		MATCH opcode qtype qname ednsdata
151		ADJUST copy_id copy_ednsdata_assume_clientsubnet increment_ecs_scope
152		REPLY QR NOERROR
153		SECTION QUESTION
154			www.example.com. IN TXT
155		SECTION ANSWER
156			www.example.com. IN TXT "longer scope"
157		SECTION AUTHORITY
158			example.com.	IN NS	ns.example.com.
159		SECTION ADDITIONAL
160			HEX_EDNSDATA_BEGIN
161							; client is 127.1.0.1
162				00 08 		; OPC
163				00 07 		; option length
164				00 01 		; Family
165				11 00 		; source mask, scopemask
166				7f 01 00   	; address
167			HEX_EDNSDATA_END
168			ns.example.com.		IN 	A	1.2.3.4
169	ENTRY_END
170
171RANGE_END
172
173STEP 1 QUERY
174ENTRY_BEGIN
175	HEX_ANSWER_BEGIN;
176		00 00 01 00 00 01 00 00		;ID 0
177		00 00 00 01 03 77 77 77		; www.example.com A? (DO)
178		07 65 78 61 6d 70 6c 65
179		03 63 6f 6d 00 00 01 00
180		01 00 00 29 10 00 00 00
181		80 00 00 0a
182
183		00 08 00 06			; OPC, optlen
184		00 01 10 00			; ip4, scope 16, source 0
185		7f 00   			;127.0.0.0/16
186	HEX_ANSWER_END
187ENTRY_END
188
189
190
191; recursion happens here.
192STEP 10 CHECK_ANSWER
193ENTRY_BEGIN
194	MATCH all ednsdata
195	REPLY QR RD RA NOERROR
196	SECTION QUESTION
197		www.example.com. IN A
198	SECTION ANSWER
199		www.example.com. IN A	10.20.30.40
200	SECTION AUTHORITY
201		example.com.	IN NS	ns.example.com.
202	SECTION ADDITIONAL
203		HEX_EDNSDATA_BEGIN
204						; client is 127.0.0.1
205			00 08 		; OPC
206			00 06 		; option length
207			00 01 		; Family
208			10 10 		; source mask, scopemask
209			7f 00 	; address
210		HEX_EDNSDATA_END
211		ns.example.com.		IN 	A	1.2.3.4
212ENTRY_END
213
214STEP 11 QUERY
215ENTRY_BEGIN
216	HEX_ANSWER_BEGIN;
217		00 00 01 00 00 01 00 00		;ID 0
218		00 00 00 01 03 77 77 77		; www.example.com A? (DO)
219		07 65 78 61 6d 70 6c 65
220		03 63 6f 6d 00 00 01 00
221		01 00 00 29 10 00 00 00
222		80 00 00 0b
223
224		00 08 00 07			; OPC, optlen
225		00 01 12 00			; ip4, scope 18, source 0
226		7f 01 00  			;127.1.0.0/18
227	HEX_ANSWER_END
228ENTRY_END
229
230
231
232; recursion happens here.
233STEP 20 CHECK_ANSWER
234ENTRY_BEGIN
235	MATCH all ednsdata
236	REPLY QR RD RA NOERROR
237	SECTION QUESTION
238		www.example.com. IN A
239	SECTION ANSWER
240		www.example.com. IN A	10.20.30.50
241	SECTION AUTHORITY
242		example.com.	IN NS	ns.example.com.
243	SECTION ADDITIONAL
244		HEX_EDNSDATA_BEGIN
245						; client is 127.1.0.1
246			00 08 		; OPC
247			00 07 		; option length
248			00 01 		; Family
249			12 11 		; source mask, scopemask
250			7f 01 00 	; address
251		HEX_EDNSDATA_END
252		ns.example.com.		IN 	A	1.2.3.4
253ENTRY_END
254
255STEP 21 QUERY
256ENTRY_BEGIN
257	HEX_ANSWER_BEGIN;
258		00 00 01 00 00 01 00 00		;ID 0
259		00 00 00 01 03 77 77 77		; www.example.com TXT? (DO)
260		07 65 78 61 6d 70 6c 65
261		03 63 6f 6d 00 00 10 00
262		01 00 00 29 10 00 00 00
263		80 00 00 0b
264
265		00 08 00 07			; OPC, optlen
266		00 01 11 00			; ip4, scope 17, source 0
267		7f 01 00  			;127.1.0.0/17
268	HEX_ANSWER_END
269ENTRY_END
270
271
272
273; server returns /18, since we cache the result to max-client-subnet-ipv4 (/17),
274; the initial answer returned to the client should also be capped to /17.
275STEP 30 CHECK_ANSWER
276ENTRY_BEGIN
277	MATCH all ednsdata
278	REPLY QR RD RA NOERROR
279	SECTION QUESTION
280		www.example.com. IN TXT
281	SECTION ANSWER
282		www.example.com. IN TXT "longer scope"
283	SECTION AUTHORITY
284		example.com.	IN NS	ns.example.com.
285	SECTION ADDITIONAL
286		HEX_EDNSDATA_BEGIN
287						; client is 127.1.0.1
288			00 08 		; OPC
289			00 07 		; option length
290			00 01 		; Family
291			11 11 		; source mask, scopemask
292			7f 01 00 	; address
293		HEX_EDNSDATA_END
294		ns.example.com.		IN 	A	1.2.3.4
295ENTRY_END
296
297SCENARIO_END
298