do-ip6: no ; config options ; target-fetch-policy: "0 0 0 0 0" ; name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END SCENARIO_BEGIN Test resolution with lame reply looks like nodata with noSOA ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS K.ROOT-SERVERS.NET. SECTION ADDITIONAL K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END ; com ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ; net ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION net. IN NS SECTION AUTHORITY net. IN NS e.gtld-servers.net. SECTION ADDITIONAL e.gtld-servers.net. IN A 192.12.94.30 ENTRY_END RANGE_END ; a.gtld-servers.net. - com RANGE_BEGIN 0 100 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION ANSWER com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION victim.com. IN NS SECTION AUTHORITY victim.com. IN NS ns.victim.com. SECTION ADDITIONAL ns.victim.com. IN A 1.2.3.55 ENTRY_END RANGE_END ; e.gtld-servers.net. - net RANGE_BEGIN 0 100 ADDRESS 192.12.94.30 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION net. IN NS SECTION ANSWER net. IN NS e.gtld-servers.net. SECTION ADDITIONAL e.gtld-servers.net. IN A 192.12.94.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION attacker.net. IN NS SECTION AUTHORITY attacker.net. IN NS ns.attacker.net. SECTION ADDITIONAL ns.attacker.net. IN A 1.2.3.44 ENTRY_END RANGE_END ; ns.attacker.net. RANGE_BEGIN 0 100 ADDRESS 1.2.3.44 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION attacker.net. IN NS SECTION ANSWER attacker.net. IN NS ns.attacker.net. SECTION ADDITIONAL ns.attacker.net. IN A 1.2.3.44 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ns.attacker.net. IN A SECTION ANSWER ns.attacker.net. IN A 1.2.3.44 SECTION AUTHORITY attacker.net. IN NS ns.attacker.net. ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ns.attacker.net. IN AAAA SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION sub.attacker.net. IN NS SECTION AUTHORITY sub.attacker.net. IN NS ns1.victim.com. sub.attacker.net. IN NS ns2.victim.com. sub.attacker.net. IN NS ns3.victim.com. sub.attacker.net. IN NS ns4.victim.com. sub.attacker.net. IN NS ns5.victim.com. sub.attacker.net. IN NS ns6.victim.com. sub.attacker.net. IN NS ns7.victim.com. sub.attacker.net. IN NS ns8.victim.com. sub.attacker.net. IN NS ns9.victim.com. ENTRY_END RANGE_END ; ns.victim.com. ; returns NXDOMAIN for all queries (attacker generated NS names are not present) RANGE_BEGIN 0 100 ADDRESS 1.2.3.55 ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NXDOMAIN SECTION QUESTION victim.com. IN NS SECTION AUTHORITY victim.com. 0 IN SOA . . 1 1 1 1 1 SECTION ADDITIONAL ENTRY_END RANGE_END STEP 10 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.sub.attacker.net. IN A ENTRY_END ; in any case we must get SERVFAIL, no deleation works STEP 11 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA SERVFAIL SECTION QUESTION www.sub.attacker.net. IN A SECTION ANSWER ENTRY_END ; recursion happens here STEP 20 QUERY ENTRY_BEGIN REPLY RD DO SECTION QUESTION glueless.trigger.check.max.number.of.upstream.queries. IN TXT ENTRY_END STEP 21 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR AA RD RA NOERROR SECTION QUESTION glueless.trigger.check.max.number.of.upstream.queries. IN TXT SECTION ANSWER glueless.trigger.check.max.number.of.upstream.queries. IN TXT "pass" SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END SCENARIO_END