1; scope of 0, if the query also had scope of 0, do not answer this 2; to everyone, but only for scope 0 queries. Otherwise can answer cached. 3 4server: 5 target-fetch-policy: "0 0 0 0 0" 6 send-client-subnet: 1.2.3.4 7 module-config: "subnetcache validator iterator" 8 verbosity: 4 9 qname-minimisation: no 10 11stub-zone: 12 name: "." 13 stub-addr: 193.0.14.129 14 15stub-zone: 16 name: "example.com" 17 stub-addr: 1.2.3.4 18CONFIG_END 19 20SCENARIO_BEGIN Test subnet cache with scope zero queries and responses. 21 22; the upstream server. 23RANGE_BEGIN 0 100 24 ADDRESS 193.0.14.129 25 26ENTRY_BEGIN 27MATCH opcode qtype qname ednsdata 28ADJUST copy_id 29REPLY QR NOERROR 30SECTION QUESTION 31. IN NS 32SECTION ANSWER 33. IN NS K.ROOT-SERVERS.NET. 34SECTION ADDITIONAL 35HEX_EDNSDATA_BEGIN 36 ;; we expect to receive empty 37HEX_EDNSDATA_END 38K.ROOT-SERVERS.NET. IN A 193.0.14.129 39ENTRY_END 40RANGE_END 41 42RANGE_BEGIN 0 11 43 ADDRESS 1.2.3.4 44ENTRY_BEGIN 45MATCH opcode qtype qname 46ADJUST copy_id 47;copy_ednsdata_assume_clientsubnet 48REPLY QR NOERROR 49SECTION QUESTION 50www.example.com. IN A 51SECTION ANSWER 52www.example.com. IN A 10.20.30.40 53SECTION AUTHORITY 54SECTION ADDITIONAL 55HEX_EDNSDATA_BEGIN 56 ; client is 127.0.0.1 57 00 08 ; OPC 58 00 07 ; option length 59 00 01 ; Family 60 18 11 ; source mask, scopemask 61 7f 00 00 ; address 62HEX_EDNSDATA_END 63ENTRY_END 64RANGE_END 65 66RANGE_BEGIN 20 31 67 ADDRESS 1.2.3.4 68ENTRY_BEGIN 69MATCH opcode qtype qname 70ADJUST copy_id 71;copy_ednsdata_assume_clientsubnet 72REPLY QR NOERROR 73SECTION QUESTION 74www.example.com. IN A 75SECTION ANSWER 76www.example.com. IN A 10.20.30.41 77SECTION AUTHORITY 78SECTION ADDITIONAL 79HEX_EDNSDATA_BEGIN 80 ; client is 127.0.0.1 81 00 08 ; OPC 82 00 07 ; option length 83 00 01 ; Family 84 18 11 ; source mask, scopemask 85 7f 01 00 ; address 86HEX_EDNSDATA_END 87ENTRY_END 88RANGE_END 89 90RANGE_BEGIN 40 51 91 ADDRESS 1.2.3.4 92ENTRY_BEGIN 93MATCH opcode qtype qname 94ADJUST copy_id 95;copy_ednsdata_assume_clientsubnet 96REPLY QR NOERROR 97SECTION QUESTION 98www.example.com. IN A 99SECTION ANSWER 100www.example.com. IN A 10.20.30.42 101SECTION AUTHORITY 102SECTION ADDITIONAL 103HEX_EDNSDATA_BEGIN 104 00 08 ; OPC 105 00 04 ; option length 106 00 01 ; Family 107 00 00 ; source mask, scopemask 108 ; address 0.0.0.0/0 scope 0 109HEX_EDNSDATA_END 110ENTRY_END 111RANGE_END 112 113RANGE_BEGIN 120 131 114 ADDRESS 1.2.3.4 115ENTRY_BEGIN 116MATCH opcode qtype qname 117ADJUST copy_id 118;copy_ednsdata_assume_clientsubnet 119REPLY QR NOERROR 120SECTION QUESTION 121www.example.com. IN A 122SECTION ANSWER 123www.example.com. IN A 10.20.30.43 124SECTION AUTHORITY 125SECTION ADDITIONAL 126HEX_EDNSDATA_BEGIN 127 00 08 ; OPC 128 00 07 ; option length 129 00 01 ; Family 130 18 00 ; source mask, scopemask 131 7f 02 00 ; address 127.2.0.0/24 scope 0 132HEX_EDNSDATA_END 133ENTRY_END 134RANGE_END 135 136; query for 127.0.0.0/24 137STEP 1 QUERY 138ENTRY_BEGIN 139HEX_ANSWER_BEGIN 140 00 00 01 00 00 01 00 00 ;ID 0 141 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) 142 07 65 78 61 6d 70 6c 65 143 03 63 6f 6d 00 00 01 00 144 01 00 00 29 10 00 00 00 145 80 00 00 0b 146 147 00 08 00 07 ; OPC, optlen 148 00 01 18 00 ; ip4, scope 24, source 0 149 7f 00 00 ;127.0.0.0/24 150HEX_ANSWER_END 151ENTRY_END 152 153; answer is 10.20.30.40 for 127.0.0.0/24 scope 17 154STEP 10 CHECK_ANSWER 155ENTRY_BEGIN 156MATCH all ednsdata 157REPLY QR RD RA NOERROR 158SECTION QUESTION 159www.example.com. IN A 160SECTION ANSWER 161www.example.com. IN A 10.20.30.40 162SECTION AUTHORITY 163SECTION ADDITIONAL 164HEX_EDNSDATA_BEGIN 165 ; client is 127.0.0.1 166 00 08 ; OPC 167 00 07 ; option length 168 00 01 ; Family 169 18 11 ; source mask, scopemask 170 7f 00 00 ; address 171HEX_EDNSDATA_END 172ENTRY_END 173 174; query for 127.1.0.0/24 175STEP 20 QUERY 176ENTRY_BEGIN 177HEX_ANSWER_BEGIN 178 00 00 01 00 00 01 00 00 ;ID 0 179 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) 180 07 65 78 61 6d 70 6c 65 181 03 63 6f 6d 00 00 01 00 182 01 00 00 29 10 00 00 00 183 80 00 00 0b 184 185 00 08 00 07 ; OPC, optlen 186 00 01 18 00 ; ip4, scope 24, source 0 187 7f 01 00 ;127.1.0.0/24 188HEX_ANSWER_END 189ENTRY_END 190 191; answer is 10.20.30.41 for 127.1.0.0/24 scope 17 192STEP 30 CHECK_ANSWER 193ENTRY_BEGIN 194MATCH all ednsdata 195REPLY QR RD RA NOERROR 196SECTION QUESTION 197www.example.com. IN A 198SECTION ANSWER 199www.example.com. IN A 10.20.30.41 200SECTION AUTHORITY 201SECTION ADDITIONAL 202HEX_EDNSDATA_BEGIN 203 ; client is 127.1.0.1 204 00 08 ; OPC 205 00 07 ; option length 206 00 01 ; Family 207 18 11 ; source mask, scopemask 208 7f 01 00 ; address 209HEX_EDNSDATA_END 210ENTRY_END 211 212; query for 0.0.0.0/0 213STEP 40 QUERY 214ENTRY_BEGIN 215HEX_ANSWER_BEGIN 216 00 00 01 00 00 01 00 00 ;ID 0 217 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) 218 07 65 78 61 6d 70 6c 65 219 03 63 6f 6d 00 00 01 00 220 01 00 00 29 10 00 00 00 221 80 00 00 08 222 223 00 08 00 04 ; OPC, optlen 224 00 01 00 00 ; ip4, scope 0, source 0 225 ;0.0.0.0/0 226HEX_ANSWER_END 227ENTRY_END 228 229; answer is 10.20.30.42 for 0.0.0.0/0 scope 0 230STEP 50 CHECK_ANSWER 231ENTRY_BEGIN 232MATCH all ednsdata 233REPLY QR RD RA NOERROR 234SECTION QUESTION 235www.example.com. IN A 236SECTION ANSWER 237www.example.com. IN A 10.20.30.42 238SECTION AUTHORITY 239SECTION ADDITIONAL 240HEX_EDNSDATA_BEGIN 241 00 08 ; OPC 242 00 04 ; option length 243 00 01 ; Family 244 00 00 ; source mask, scopemask 245 ; address 246HEX_EDNSDATA_END 247ENTRY_END 248 249; query for 127.0.0.0/24, again, it should be in cache. 250; and not from the scope 0 answer. 251STEP 60 QUERY 252ENTRY_BEGIN 253HEX_ANSWER_BEGIN 254 00 00 01 00 00 01 00 00 ;ID 0 255 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) 256 07 65 78 61 6d 70 6c 65 257 03 63 6f 6d 00 00 01 00 258 01 00 00 29 10 00 00 00 259 80 00 00 0b 260 261 00 08 00 07 ; OPC, optlen 262 00 01 18 00 ; ip4, scope 24, source 0 263 7f 00 00 ;127.0.0.0/24 264HEX_ANSWER_END 265ENTRY_END 266 267; answer should be 10.20.30.40 for 127.0.0.0/24 scope 17 268STEP 70 CHECK_ANSWER 269ENTRY_BEGIN 270MATCH all ednsdata 271REPLY QR RD RA NOERROR 272SECTION QUESTION 273www.example.com. IN A 274SECTION ANSWER 275www.example.com. IN A 10.20.30.40 276SECTION AUTHORITY 277SECTION ADDITIONAL 278HEX_EDNSDATA_BEGIN 279 ; client is 127.0.0.1 280 00 08 ; OPC 281 00 07 ; option length 282 00 01 ; Family 283 18 11 ; source mask, scopemask 284 7f 00 00 ; address 285HEX_EDNSDATA_END 286ENTRY_END 287 288; query for 127.1.0.0/24, again, it should be in cache. 289STEP 80 QUERY 290ENTRY_BEGIN 291HEX_ANSWER_BEGIN 292 00 00 01 00 00 01 00 00 ;ID 0 293 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) 294 07 65 78 61 6d 70 6c 65 295 03 63 6f 6d 00 00 01 00 296 01 00 00 29 10 00 00 00 297 80 00 00 0b 298 299 00 08 00 07 ; OPC, optlen 300 00 01 18 00 ; ip4, scope 24, source 0 301 7f 01 00 ;127.1.0.0/24 302HEX_ANSWER_END 303ENTRY_END 304 305; answer should be 10.20.30.41 for 127.1.0.0/24 scope 17 306STEP 90 CHECK_ANSWER 307ENTRY_BEGIN 308MATCH all ednsdata 309REPLY QR RD RA NOERROR 310SECTION QUESTION 311www.example.com. IN A 312SECTION ANSWER 313www.example.com. IN A 10.20.30.41 314SECTION AUTHORITY 315SECTION ADDITIONAL 316HEX_EDNSDATA_BEGIN 317 ; client is 127.1.0.1 318 00 08 ; OPC 319 00 07 ; option length 320 00 01 ; Family 321 18 11 ; source mask, scopemask 322 7f 01 00 ; address 323HEX_EDNSDATA_END 324ENTRY_END 325 326; query for 0.0.0.0/0, again. 327STEP 100 QUERY 328ENTRY_BEGIN 329HEX_ANSWER_BEGIN 330 00 00 01 00 00 01 00 00 ;ID 0 331 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) 332 07 65 78 61 6d 70 6c 65 333 03 63 6f 6d 00 00 01 00 334 01 00 00 29 10 00 00 00 335 80 00 00 08 336 337 00 08 00 04 ; OPC, optlen 338 00 01 00 00 ; ip4, scope 0, source 0 339 ;0.0.0.0/0 340HEX_ANSWER_END 341ENTRY_END 342 343; answer should be 10.20.30.42 for 0.0.0.0/0 scope 0 344STEP 110 CHECK_ANSWER 345ENTRY_BEGIN 346MATCH all ednsdata 347REPLY QR RD RA NOERROR 348SECTION QUESTION 349www.example.com. IN A 350SECTION ANSWER 351www.example.com. IN A 10.20.30.42 352SECTION AUTHORITY 353SECTION ADDITIONAL 354HEX_EDNSDATA_BEGIN 355 00 08 ; OPC 356 00 04 ; option length 357 00 01 ; Family 358 00 00 ; source mask, scopemask 359 ; address 360HEX_EDNSDATA_END 361ENTRY_END 362 363; now a query for a /24 that gets an answer for a /0. 364STEP 120 QUERY 365ENTRY_BEGIN 366HEX_ANSWER_BEGIN 367 00 00 01 00 00 01 00 00 ;ID 0 368 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) 369 07 65 78 61 6d 70 6c 65 370 03 63 6f 6d 00 00 01 00 371 01 00 00 29 10 00 00 00 372 80 00 00 0b 373 374 00 08 00 07 ; OPC, optlen 375 00 01 18 00 ; ip4, scope 24, source 0 376 7f 02 00 ;127.2.0.0/24 377HEX_ANSWER_END 378ENTRY_END 379 380; answer should be 10.20.30.43 for 127.2.0.0/24 scope 0 381STEP 130 CHECK_ANSWER 382ENTRY_BEGIN 383MATCH all ednsdata 384REPLY QR RD RA NOERROR 385SECTION QUESTION 386www.example.com. IN A 387SECTION ANSWER 388www.example.com. IN A 10.20.30.43 389SECTION AUTHORITY 390SECTION ADDITIONAL 391HEX_EDNSDATA_BEGIN 392 ; client is 127.2.0.1 393 00 08 ; OPC 394 00 07 ; option length 395 00 01 ; Family 396 18 00 ; source mask, scopemask 397 7f 02 00 ; address 398HEX_EDNSDATA_END 399ENTRY_END 400 401; the scope 0 answer is now used to answer queries from 402; query for 127.0.0.0/24 403STEP 140 QUERY 404ENTRY_BEGIN 405HEX_ANSWER_BEGIN 406 00 00 01 00 00 01 00 00 ;ID 0 407 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) 408 07 65 78 61 6d 70 6c 65 409 03 63 6f 6d 00 00 01 00 410 01 00 00 29 10 00 00 00 411 80 00 00 0b 412 413 00 08 00 07 ; OPC, optlen 414 00 01 18 00 ; ip4, scope 24, source 0 415 7f 00 00 ;127.0.0.0/24 416HEX_ANSWER_END 417ENTRY_END 418 419STEP 150 CHECK_ANSWER 420ENTRY_BEGIN 421MATCH all ednsdata 422REPLY QR RD RA NOERROR 423SECTION QUESTION 424www.example.com. IN A 425SECTION ANSWER 426www.example.com. IN A 10.20.30.43 427SECTION AUTHORITY 428SECTION ADDITIONAL 429HEX_EDNSDATA_BEGIN 430 ; client is 127.0.0.1 431 00 08 ; OPC 432 00 07 ; option length 433 00 01 ; Family 434 18 00 ; source mask, scopemask 435 7f 00 00 ; address 436HEX_EDNSDATA_END 437ENTRY_END 438 439SCENARIO_END 440