diff options
Diffstat (limited to 'tests/integration/deckard/sets/resolver/iter_dname_insec.rpl')
-rw-r--r-- | tests/integration/deckard/sets/resolver/iter_dname_insec.rpl | 1138 |
1 files changed, 1138 insertions, 0 deletions
diff --git a/tests/integration/deckard/sets/resolver/iter_dname_insec.rpl b/tests/integration/deckard/sets/resolver/iter_dname_insec.rpl new file mode 100644 index 0000000..b011008 --- /dev/null +++ b/tests/integration/deckard/sets/resolver/iter_dname_insec.rpl @@ -0,0 +1,1138 @@ +do-ip6: no + +stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test scrub of insecure DNAME in answer section + +; root infrastucture +RANGE_BEGIN 0 10000000 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +shortloop. IN TXT +SECTION ANSWER +shortloop. IN TXT "shortloop end" +ENTRY_END + +; this is an invalid entry: +; RFC 6672 section 2.4 defines DNAME as sigleton type +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +test.twodnames. IN DNAME +SECTION ANSWER +twodnames. IN DNAME . +twodnames. IN DNAME com. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN A +SECTION ANSWER +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +x. IN A +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END +; end of root infrastucture + +; a.gtld-servers.net. (com. net. x.) +RANGE_BEGIN 0 10000000 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns1.example.net. +SECTION ADDITIONAL +ns1.example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN NS +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN DNAME +SECTION AUTHORITY +x. IN DNAME . +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +; QNAME minimization +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.x. IN NS +SECTION AUTHORITY +x. IN DNAME . +x.x. IN CNAME x. +x. IN NS a.gtld-servers.net. +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x.x. IN CNAME shortloop.x. +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +; DNAME at zone apex, allowed by RFC 6672 section 2.3 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +long. IN DNAME +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +; empty non-terminal, because of QNAME minimization +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A +SECTION ANSWER +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR AA YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END +RANGE_END +; end of a.gtld-servers.net. + +; RFC 6672 section 2.2. The DNAME Substitution table tests +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;1 com. example.com. example.net. <no match> +;2 example.com. example.com. example.net. [0] +;3 a.example.com. example.com. example.net. a.example.net. +;4 a.b.example.com. example.com. example.net. a.b.example.net. +;5 ab.example.com. b.example.com. example.net. <no match> +;6 foo.example.com. example.com. example.net. foo.example.net. +;7 a.x.example.com. x.example.com. example.net. a.example.net. +;8 a.example.com. example.com. y.example.net. a.y.example.net. +;9 cyc.example.com. example.com. example.com. cyc.example.com. +;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +;11 shortloop.x.x. x. . shortloop.x. +;12 shortloop.x. x. . shortloop. +; +; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then +; the result is "example.com.", else "<no match>". +; +; Table 1. DNAME Substitution Examples + +; line no. 1 is mostly for authoritative server +; line no. 2 QTYPE != DNAME +; covers RFC 6672 section 2.3 as well +STEP 220201 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.com. IN NS +ENTRY_END + +STEP 220202 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode flags question answer +REPLY QR RD RA DO +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +ENTRY_END + +; line no. 2 QTYPE == DNAME +STEP 220203 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.com. IN DNAME +ENTRY_END + +STEP 220204 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode flags question answer +REPLY QR RD RA DO +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME example.net. +ENTRY_END + + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;3 a.example.com. example.com. example.net. a.example.net. + +STEP 220301 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.example.com. IN A +ENTRY_END + +STEP 220302 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +SECTION QUESTION +a.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.example.com. IN CNAME a.example.net. +a.example.net. IN A 10.0.0.97 +ENTRY_END + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;4 a.b.example.com. example.com. example.net. a.b.example.net. + +STEP 220401 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.b.example.com. IN A +ENTRY_END + +STEP 220402 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +SECTION QUESTION +a.b.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.b.example.com. IN CNAME a.b.example.net. +a.b.example.net. IN A 10.0.97.98 +ENTRY_END + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;5 ab.example.com. b.example.com. example.net. <no match> +;6 foo.example.com. example.com. example.net. foo.example.net. + +; line no. 5 is mostly for authoritative server +; line no. 6 is basically the same as line no. 3 + +; ns1.example.com. +RANGE_BEGIN 220000 220699 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 2 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME example.net. +ENTRY_END + +; line 3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.example.com. IN CNAME a.example.net. +ENTRY_END + +; line 4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.b.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.b.example.com. IN CNAME a.b.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + + +STEP 220700 TIME_PASSES ELAPSE 4000 ; need to expire example.com. DNAME +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;7 a.x.example.com. x.example.com. example.net. a.example.net. + +STEP 220701 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.x.example.com. IN A +ENTRY_END + +STEP 220702 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +SECTION QUESTION +a.x.example.com. IN A +SECTION ANSWER +x.example.com. IN DNAME example.net. +a.x.example.com. IN CNAME a.example.net. +a.example.net. IN A 10.0.0.97 +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 220700 220799 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 7 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.example.com. IN DNAME +SECTION ANSWER +x.example.com. IN DNAME example.net. +ENTRY_END + +; no other types than DNAME, because of QNAME minimization +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +x.example.com. IN NS +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.x.example.com. IN A +SECTION ANSWER +x.example.com. IN DNAME example.net. +a.x.example.com. IN CNAME a.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;8 a.example.com. example.com. y.example.net. a.y.example.net. +; +; a.example.com. was renamed to a2.example.com. to avoid cache clashes +; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) + +STEP 220801 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a2.example.com. IN A +ENTRY_END + +STEP 220802 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +SECTION QUESTION +a2.example.com. IN A +SECTION ANSWER +example.com. IN DNAME y.example.net. +a2.example.com. IN CNAME a2.y.example.net. +a2.y.example.net. IN A 10.97.50.121 +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 220800 220899 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 8 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME y.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a2.example.com. IN A +SECTION ANSWER +example.com. IN DNAME y.example.net. +a2.example.com. IN CNAME a2.y.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + + +STEP 220900 TIME_PASSES ELAPSE 4000 ; need to expire example.com. DNAME +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;9 cyc.example.com. example.com. example.com. cyc.example.com. + +STEP 220901 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cyc.example.com. IN A +ENTRY_END + +; Expected result is defined by RFC 1034 section 3.6.2: +; CNAME chains should be followed and CNAME loops signalled as an error +STEP 220902 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +REPLY SERVFAIL +SECTION QUESTION +cyc.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.com. +cyc.example.com. IN CNAME cyc.example.com. +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 220900 220999 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 9 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.com. +cyc.example.com. IN CNAME cyc.example.com. +ENTRY_END +RANGE_END +; end of ns1.example.com. + +STEP 221000 TIME_PASSES ELAPSE 4000 ; need to expire example.com. DNAME + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +; RFC original +;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +; +; our version +; cyc2.example.com. example.com. cyc2.example.net. +; +; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes +; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) +; target c.example.com. was renamed to cyc2.example.net. +; to limit number of pre-canned answers required for the test + +STEP 221001 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cyc2.example.com. IN A +ENTRY_END + +; Expected result is defined by RFC 1034 section 3.6.2: +; CNAME chains should be followed and CNAME loops signalled as an error +STEP 221002 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +REPLY SERVFAIL +SECTION QUESTION +cyc2.example.com. IN A +SECTION ANSWER +example.com. IN DNAME cyc2.example.net. +cyc2.example.com. IN CNAME cyc2.cyc2.example.net. +cyc2.example.net. IN DNAME example.com. +cyc2.cyc2.example.net. IN CNAME cyc2.example.com. +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 221000 221099 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 10 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME cyc2.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +cyc2.example.com. IN A +SECTION ANSWER +example.com. IN DNAME cyc2.example.net. +cyc2.example.com. IN CNAME cyc2.cyc2.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;11 shortloop.x.x. x. . shortloop.x. + +STEP 221101 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +shortloop.x.x. TXT +ENTRY_END + +STEP 221102 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +SECTION QUESTION +shortloop.x.x. IN TXT +SECTION ANSWER +x. IN DNAME . +shortloop.x.x. IN CNAME shortloop.x. +shortloop.x. IN CNAME shortloop. +shortloop. IN TXT "shortloop end" +ENTRY_END + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;12 shortloop.x. x. . shortloop. + +; expire potentically cached CNAMEs for shortloop.x. from cache +STEP 221200 TIME_PASSES ELAPSE 10000 + +STEP 221201 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +shortloop.x. TXT +ENTRY_END + +STEP 221202 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +SECTION QUESTION +shortloop.x. IN TXT +SECTION ANSWER +x. IN DNAME . +shortloop.x. IN CNAME shortloop. +shortloop. IN TXT "shortloop end" +ENTRY_END + + +; ns1.example.net. (data shared by whole 22xxxx range) +RANGE_BEGIN 220000 229999 + ADDRESS 168.192.3.3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns1.example.net. +SECTION ADDITIONAL +example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.net. IN A +SECTION ANSWER +ns1.example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.net. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.example.net. IN A +SECTION ANSWER +a.example.net. IN A 10.0.0.97 +ENTRY_END + +; line 4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.b.example.net. IN A +SECTION ANSWER +a.b.example.net. IN A 10.0.97.98 +ENTRY_END + +; empty non-terminal for QNAME minimization +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +y.example.net. IN NS +SECTION ANSWER +ENTRY_END + +; empty non-terminal for QNAME minimization +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +b.example.net. IN NS +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a2.y.example.net. IN A +SECTION ANSWER +a2.y.example.net. IN A 10.97.50.121 +ENTRY_END + +; line 10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc2.example.net. IN DNAME +SECTION ANSWER +cyc2.example.net. IN DNAME example.com. +ENTRY_END + +; no other types, for QNAME minimization +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +cyc2.example.net. IN NS +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc2.cyc2.example.net. IN A +SECTION ANSWER +cyc2.example.net. IN DNAME example.com. +cyc2.cyc2.example.net. IN CNAME cyc2.example.com. +ENTRY_END +RANGE_END +; end of ns1.example.net. + + +; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution +; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. +STEP 229001 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +x.long. IN A +ENTRY_END + +; query returning maximal permissible length - should work +STEP 229002 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +SECTION QUESTION +x.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +; result of substitution has too long name +; YXDOMAIN should be propagated to the client +STEP 229003 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +too.long. IN A +ENTRY_END + +STEP 229004 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +REPLY YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + +; YXDOMAIN should work even if the cache is empty +STEP 229005 TIME_PASSES ELAPSE 4000 + +STEP 229006 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +too.long. IN A +ENTRY_END + +STEP 229007 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +REPLY YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + +; TODO: two DNAMEs at the same owner = invalid data? +;STEP 240021 QUERY +;ENTRY_BEGIN +;REPLY RD DO +;SECTION QUESTION +;test.twodnames. IN A +;ENTRY_END +; +;STEP 240022 CHECK_ANSWER +;ENTRY_BEGIN +;MATCH rcode question answer +;REPLY QR SERVFAIL +;SECTION QUESTION +;test.twodnames. IN A +;ENTRY_END + +SCENARIO_END |