summaryrefslogtreecommitdiffstats
path: root/tests/deckard/doc/scenario_example.rst
blob: 7fb6f3e8f42bbc39ada2329bf32ca2ae14eb12c3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
Scenario example
=================
iter_ns_badaa.rpl
::

  ; config options
  	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
  CONFIG_END

  SCENARIO_BEGIN Test iterator with NS falsely declaring referral answer as authoritative.

  ; K.ROOT-SERVERS.NET.
  RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129 
  ENTRY_BEGIN
  MATCH opcode qtype qname
  ADJUST copy_id
  REPLY QR NOERROR
  SECTION QUESTION
  . IN NS
  SECTION ANSWER
  . IN NS	K.ROOT-SERVERS.NET.
  SECTION ADDITIONAL
  K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
  ENTRY_END

  ENTRY_BEGIN
  MATCH opcode subdomain
  ADJUST copy_id copy_query
  ; False declaration here
  REPLY QR AA NOERROR
  SECTION QUESTION
  MORECOWBELL. IN A
  SECTION AUTHORITY
  MORECOWBELL.	IN NS	a.gtld-servers.net.
  SECTION ADDITIONAL
  a.gtld-servers.net. IN A 192.5.6.30
  ENTRY_END

  ENTRY_BEGIN
  MATCH opcode qtype qname
  ADJUST copy_id copy_query
  REPLY QR NOERROR
  SECTION QUESTION
  a.gtld-servers.net.	IN	A
  SECTION ANSWER
  a.gtld-servers.net.	IN 	A	192.5.6.30
  ENTRY_END

  ENTRY_BEGIN
  MATCH opcode qtype qname
  ADJUST copy_id copy_query
  REPLY QR NOERROR
  SECTION QUESTION
  a.gtld-servers.net.	IN	AAAA
  SECTION AUTHORITY
  . SOA bla bla 1 2 3 4 5
 ENTRY_END

  RANGE_END

  ; a.gtld-servers.net.
  RANGE_BEGIN 0 100
	ADDRESS 192.5.6.30

  ENTRY_BEGIN
  MATCH opcode qtype qname
  ADJUST copy_id copy_query
  REPLY QR AA NOERROR
  SECTION QUESTION
  CATALYST.MORECOWBELL. IN A
  SECTION ANSWER
  CATALYST.MORECOWBELL. IN A	10.20.30.40
  SECTION AUTHORITY
  CATALYST.MORECOWBELL.	IN NS	a.gtld-servers.net.
  ENTRY_END

  RANGE_END

  STEP 1 QUERY
  ENTRY_BEGIN
  REPLY RD
  SECTION QUESTION
  catalyst.morecowbell. IN A
  ENTRY_END

  ; recursion happens here.
  STEP 10 CHECK_ANSWER
  ENTRY_BEGIN
  MATCH all
  REPLY QR RD RA NOERROR
  SECTION QUESTION
  catalyst.morecowbell. IN A
  SECTION ANSWER
  catalyst.morecowbell. IN A 10.20.30.40
  ENTRY_END

  SCENARIO_END

Execution flow :

First, STEP 1 QUERY will be performed. 

Python sends query to Resolver
::

    id 31296
    opcode QUERY
    rcode NOERROR
    flags RD
    edns 1
    eflags 
    payload 1280
    ;QUESTION
    catalyst.morecowbell. IN A
    ;ANSWER
    ;AUTHORITY
    ;ADDITIONAL

At this scenario stub-addr is set to 193.0.14.129, thus Resolver have been configured to use address 
193.0.14.129 as a root server. So it sends query to Python fake server which listen at address 193.0.14.129

::

    > [plan] plan 'catalyst.morecowbell.' type 'A'
    [resl]   => using root hints
    [resl]   => querying: '193.0.14.129' score: 10 zone cut: '.' m12n: 'CaTALYSt.MoReCoWBEll.' type: 'A'


::

    id 7367
    opcode QUERY
    rcode NOERROR
    flags 
    edns 0
    payload 1452
    ;QUESTION
    CaTALYSt.MoReCoWBEll. IN A
    ;ANSWER
    ;AUTHORITY
    ;ADDITIONAL

Python fake server starts range analyzing to make answer.
Let's look at first range
::

    RANGE_BEGIN 0 100
	    ADDRESS 193.0.14.129 

STEP ID is equal 1, so it matches the condition n1 <= step id <= n2
Next, ADDRESS field is equal to 193.0.14.129. Since query was directed 
specifically to 193.0.14.129, this range will be used.

Next, Python walks through list of entries to choose eligible entry.
First entry at this range requires comparison of "opcode qtype qname" field list.
Since opcode is QUERY, first comparison is true.
Next, qtype field at question section is equal NS.
But qtype field at question section of incoming query is A.
So this comparison failed and this entry will be rejected.

Next entry requires comparison of opcode and subdomain fields.
As we seen, opcode matches.
Let's look at domain names.
ENTRY datablock:
::

    SECTION QUESTION
    MORECOWBELL. IN A

Incoming query :
::

    ;QUESTION
    CaTALYSt.MoReCoWBEll. IN A

So, subdomain matches and second entry of first range used as answer pattern.
Python fake server sends answer to Resolver :
::

    id 7367
    opcode QUERY
    rcode NOERROR
    flags QR AA
    edns 0
    payload 1280
    ;QUESTION
    CaTALYSt.MoReCoWBEll. IN A
    ;ANSWER
    ;AUTHORITY
    MORECOWBELL. 3600 IN NS a.gtld-servers.net.
    ;ADDITIONAL
    a.gtld-servers.net. 3600 IN A 192.5.6.30

Note that additional section contains IP address. Because new address is found, 
Python fake server immediately starts listening on this address.
Resolver sends next query to 192.5.6.30:

::

    [iter]   <= referral response, follow
    [ pc ]   => answer cached for TTL=900
    [resl]   => querying: '192.5.6.30' score: 10 zone cut: 'morecowbell.' m12n: 'catalyst.mOREcoWBEll.' type: 'A'


::

    id 58167
    opcode QUERY
    rcode NOERROR
    flags 
    edns 0
    payload 1452
    ;QUESTION
    catalyst.mOREcoWBEll. IN A
    ;ANSWER
    ;AUTHORITY
    ;ADDITIONAL

Since query is directed to 192.5.6.30, 
this range will be analyzed :
:: 

    ; a.gtld-servers.net.
    RANGE_BEGIN 0 100
	    ADDRESS 192.5.6.30

It has a single entry, which requires "opcode qtype qname" field list to be compared.
Opcode and qtype fields are the same as fields in incoming query.
Let's compare qname.
ENTRY datablock :
::

  SECTION QUESTION
  CATALYST.MORECOWBELL. IN A

Incoming query :
::

  ;QUESTION
  catalyst.mOREcoWBEll. IN A

So, qname also the same. All fields matches and Python server sends answer 
derived from this entry :
::

    id 58167
    opcode QUERY
    rcode NOERROR
    flags QR AA
    edns 0
    payload 1280
    ;QUESTION
    cAtaLyst.MoRECowBEll. IN A
    ;ANSWER
    CATALYST.MORECOWBELL. 3600 IN A 10.20.30.40
    ;AUTHORITY
    CATALYST.MORECOWBELL. 3600 IN NS a.gtld-servers.net.
    ;ADDITIONAL

Here Python found new address 10.20.30.40 and starts listening.
Next queries and answers :

::

    [iter]   <= referral response, follow
    [plan]   plan 'a.gtld-servers.net.' type 'AAAA'
    [resl]     => using root hints
    [resl]     => querying: '193.0.14.129' score: 54 zone cut: '.' m12n: 'A.Gtld-sERverS.nEt.' type: 'AAAA'


query; Resolver ---> Python (193.0.14.129)
::

    id 13810
    opcode QUERY
    rcode NOERROR
    flags 
    edns 0
    payload 1452
    ;QUESTION
    A.Gtld-sERverS.nEt. IN AAAA
    ;ANSWER
    ;AUTHORITY
    ;ADDITIONAL

answer; Python ---> Resolver
::

    id 13810
    opcode QUERY
    rcode NOERROR
    flags QR
    edns 0
    payload 1280
    ;QUESTION
    A.gTld-serveRS.NET. IN AAAA
    ;ANSWER
    ;AUTHORITY
    . 3600 IN SOA bla. bla. 1 2 3 4 5
    ;ADDITIONAL


at this point Resolver returns answer to query from STEP 1 QUERY.

::

    [iter]     <= rcode: NOERROR
    [ pc ]     => answer cached for TTL=900
    [ rc ]   => satisfied from cache
    [iter]   <= rcode: NOERROR
    [resl] finished: 4, queries: 2, mempool: 16400 B


::

    opcode QUERY
    rcode NOERROR
    flags QR RD RA
    edns 0
    payload 4096
    ;QUESTION
    catalyst.morecowbell. IN A
    ;ANSWER
    catalyst.morecowbell. 3600 IN A 10.20.30.40
    ;AUTHORITY
    ;ADDITIONAL

Now STEP 10 will be performed. Is has a single entry which contains 
**MATCH all** clause. **MATCH all** means set of dns flags must be equal and 
all sections presented in ENTRY must be equal to ones in answer. 
Incoming answer has next flags were set: **QR RD AA**. ENTRY datablock contains 
**REPLY QR RD RA NOERROR** clause. As we see, flags set is equal. Also, we can 
see equality of question and answer sections of both dns messages.

So, Python got expected answer and test is passed.