; config options server: harden-referral-path: no target-fetch-policy: "0 0 0 0 0" stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END SCENARIO_BEGIN Test scrub of insecure DNAME in answer section ; root infrastucture RANGE_BEGIN 0 10000000 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS K.ROOT-SERVERS.NET. SECTION ADDITIONAL K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION shortloop. IN TXT SECTION ANSWER shortloop. IN TXT "shortloop end" ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION K.ROOT-SERVERS.NET. IN A SECTION ANSWER K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION K.ROOT-SERVERS.NET. IN AAAA SECTION ANSWER ENTRY_END ENTRY_BEGIN MATCH subdomain opcode ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION com. IN A SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH subdomain opcode ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION net. IN A SECTION AUTHORITY net. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH subdomain opcode ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION x. IN A SECTION AUTHORITY x. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION long. IN NS SECTION AUTHORITY long. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS SECTION AUTHORITY 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN A SECTION ANSWER a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER ENTRY_END RANGE_END ; end of root infrastucture ; a.gtld-servers.net. (com. net. x.) RANGE_BEGIN 0 10000000 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN A SECTION ANSWER a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR NOERROR SECTION QUESTION net. IN NS SECTION AUTHORITY net. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.com. IN A SECTION AUTHORITY example.com. IN NS ns1.example.com. SECTION ADDITIONAL ns1.example.com. IN A 168.192.2.2 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.net. IN A SECTION AUTHORITY example.net. IN NS ns1.example.net. SECTION ADDITIONAL ns1.example.net. IN A 168.192.3.3 ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR NOERROR SECTION QUESTION x. IN NS SECTION AUTHORITY x. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR NOERROR SECTION QUESTION x. IN DNAME SECTION AUTHORITY x. IN DNAME . SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH qname opcode ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION shortloop.x.x. IN CNAME SECTION ANSWER x. DNAME . shortloop.x.x. IN CNAME shortloop.x. shortloop.x. IN CNAME shortloop. ENTRY_END ENTRY_BEGIN MATCH qname opcode ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION shortloop.x. IN CNAME SECTION ANSWER x. DNAME . shortloop.x. IN CNAME shortloop. ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR NOERROR SECTION QUESTION 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS SECTION AUTHORITY 60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR NOERROR SECTION QUESTION long. IN NS SECTION AUTHORITY long. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ; DNAME at zone apex, allowed by RFC 6672 section 2.3 ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION long. IN DNAME SECTION ANSWER long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION x.long. IN A SECTION ANSWER long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 ENTRY_END ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A SECTION ANSWER x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 ENTRY_END ENTRY_BEGIN MATCH qname opcode ADJUST copy_id copy_query REPLY QR AA YXDOMAIN SECTION QUESTION too.long. IN A SECTION ANSWER long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. ENTRY_END RANGE_END ; end of a.gtld-servers.net. ; RFC 6672 section 2.2. The DNAME Substitution table tests ;# QNAME owner DNAME target result ;-- ---------------- -------------- -------------- ----------------- ;1 com. example.com. example.net. ;2 example.com. example.com. example.net. [0] ;3 a.example.com. example.com. example.net. a.example.net. ;4 a.b.example.com. example.com. example.net. a.b.example.net. ;5 ab.example.com. b.example.com. example.net. ;6 foo.example.com. example.com. example.net. foo.example.net. ;7 a.x.example.com. x.example.com. example.net. a.example.net. ;8 a.example.com. example.com. y.example.net. a.y.example.net. ;9 cyc.example.com. example.com. example.com. cyc.example.com. ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. ;11 shortloop.x.x. x. . shortloop.x. ;12 shortloop.x. x. . shortloop. ; ; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then ; the result is "example.com.", else "". ; ; Table 1. DNAME Substitution Examples ; ; line no. 1 is mostly for authoritative server ; ; line no. 2 QTYPE != DNAME ; STEP 220201 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; example.com. IN NS ; ENTRY_END ; ; STEP 220202 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode answer ; REPLY QR RD RA DO ; SECTION QUESTION ; example.com. IN NS ; SECTION ANSWER ; example.com. IN NS ns1.example.com. ; ENTRY_END ; ; ; line no. 2 QTYPE == DNAME ; STEP 220203 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; example.com. IN DNAME ; ENTRY_END ; ; STEP 220204 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; REPLY QR RD RA DO ; SECTION QUESTION ; example.com. IN DNAME ; SECTION ANSWER ; example.com. IN DNAME example.net. ; ENTRY_END ; ; ; ;# QNAME owner DNAME target result ; ;-- ---------------- -------------- -------------- ----------------- ; ;3 a.example.com. example.com. example.net. a.example.net. ; ; STEP 220301 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; a.example.com. IN A ; ENTRY_END ; ; STEP 220302 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; SECTION QUESTION ; a.example.com. IN A ; SECTION ANSWER ; example.com. IN DNAME example.net. ; a.example.com. IN CNAME a.example.net. ; a.example.net. IN A 10.0.0.97 ; ENTRY_END ; ; ;# QNAME owner DNAME target result ; ;-- ---------------- -------------- -------------- ----------------- ; ;4 a.b.example.com. example.com. example.net. a.b.example.net. ; ; STEP 220401 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; a.b.example.com. IN A ; ENTRY_END ; ; STEP 220402 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; SECTION QUESTION ; a.b.example.com. IN A ; SECTION ANSWER ; example.com. IN DNAME example.net. ; a.b.example.com. IN CNAME a.b.example.net. ; a.b.example.net. IN A 10.0.97.98 ; ENTRY_END ; ; ;# QNAME owner DNAME target result ; ;-- ---------------- -------------- -------------- ----------------- ; ;5 ab.example.com. b.example.com. example.net. ; ;6 foo.example.com. example.com. example.net. foo.example.net. ; ; ; line no. 5 is mostly for authoritative server ; ; line no. 6 is basically the same as line no. 3 ; ; ; ns1.example.com. ; RANGE_BEGIN 220000 220699 ; ADDRESS 168.192.2.2 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.com. IN NS ; SECTION ANSWER ; example.com. IN NS ns1.example.com. ; SECTION ADDITIONAL ; ns1.example.com. IN A 168.192.2.2 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.com. IN A ; SECTION ANSWER ; ns1.example.com. IN A 168.192.2.2 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.com. IN AAAA ; SECTION ANSWER ; ENTRY_END ; ; ; line 2 DNAME ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.com. IN DNAME ; SECTION ANSWER ; example.com. IN DNAME example.net. ; ENTRY_END ; ; ; line 3 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; a.example.com. IN A ; SECTION ANSWER ; example.com. IN DNAME example.net. ; a.example.com. IN CNAME a.example.net. ; ENTRY_END ; ; ; line 4 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; a.b.example.com. IN A ; SECTION ANSWER ; example.com. IN DNAME example.net. ; a.b.example.com. IN CNAME a.b.example.net. ; ENTRY_END ; RANGE_END ; ; end of ns1.example.com. ; ; ; ;# QNAME owner DNAME target result ; ;-- ---------------- -------------- -------------- ----------------- ; ;7 a.x.example.com. x.example.com. example.net. a.example.net. ; ; STEP 220701 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; a.x.example.com. IN A ; ENTRY_END ; ; STEP 220702 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; SECTION QUESTION ; a.x.example.com. IN A ; SECTION ANSWER ; x.example.com. IN DNAME example.net. ; a.x.example.com. IN CNAME a.example.net. ; a.example.net. IN A 10.0.0.97 ; ENTRY_END ; ; ; ns1.example.com. ; RANGE_BEGIN 220700 220799 ; ADDRESS 168.192.2.2 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.com. IN NS ; SECTION ANSWER ; example.com. IN NS ns1.example.com. ; SECTION ADDITIONAL ; ns1.example.com. IN A 168.192.2.2 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.com. IN A ; SECTION ANSWER ; ns1.example.com. IN A 168.192.2.2 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.com. IN AAAA ; SECTION ANSWER ; ENTRY_END ; ; ; line 7 DNAME ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.com. IN DNAME ; SECTION ANSWER ; x.example.com. IN DNAME example.net. ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; a.x.example.com. IN A ; SECTION ANSWER ; x.example.com. IN DNAME example.net. ; a.x.example.com. IN CNAME a.example.net. ; ENTRY_END ; RANGE_END ; ; end of ns1.example.com. ; ; ;# QNAME owner DNAME target result ; ;-- ---------------- -------------- -------------- ----------------- ; ;8 a.example.com. example.com. y.example.net. a.y.example.net. ; ; ; ; a.example.com. was renamed to a2.example.com. to avoid cache clashes ; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) ; ; STEP 220801 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; a2.example.com. IN A ; ENTRY_END ; ; STEP 220802 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; SECTION QUESTION ; a2.example.com. IN A ; SECTION ANSWER ; example.com. IN DNAME y.example.net. ; a2.example.com. IN CNAME a2.y.example.net. ; a2.y.example.net. IN A 10.97.50.121 ; ENTRY_END ; ; ; ns1.example.com. ; RANGE_BEGIN 220800 220899 ; ADDRESS 168.192.2.2 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.com. IN NS ; SECTION ANSWER ; example.com. IN NS ns1.example.com. ; SECTION ADDITIONAL ; ns1.example.com. IN A 168.192.2.2 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.com. IN A ; SECTION ANSWER ; ns1.example.com. IN A 168.192.2.2 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.com. IN AAAA ; SECTION ANSWER ; ENTRY_END ; ; ; line 8 DNAME ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.com. IN DNAME ; SECTION ANSWER ; example.com. IN DNAME y.example.net. ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; a2.example.com. IN A ; SECTION ANSWER ; example.com. IN DNAME y.example.net. ; a2.example.com. IN CNAME a2.y.example.net. ; ENTRY_END ; RANGE_END ; ; end of ns1.example.com. ; ; ; ;# QNAME owner DNAME target result ; ;-- ---------------- -------------- -------------- ----------------- ; ;9 cyc.example.com. example.com. example.com. cyc.example.com. ; ; STEP 220901 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; cyc.example.com. IN A ; ENTRY_END ; ; ; Expected result is defined by RFC 1034 section 3.6.2: ; ; CNAME chains should be followed and CNAME loops signalled as an error ; STEP 220902 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; REPLY SERVFAIL ; SECTION QUESTION ; cyc.example.com. IN A ; ENTRY_END ; ; ; ns1.example.com. ; RANGE_BEGIN 220900 220999 ; ADDRESS 168.192.2.2 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.com. IN NS ; SECTION ANSWER ; example.com. IN NS ns1.example.com. ; SECTION ADDITIONAL ; ns1.example.com. IN A 168.192.2.2 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.com. IN A ; SECTION ANSWER ; ns1.example.com. IN A 168.192.2.2 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.com. IN AAAA ; SECTION ANSWER ; ENTRY_END ; ; ; line 9 DNAME ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.com. IN DNAME ; SECTION ANSWER ; example.com. IN DNAME example.com. ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; cyc.example.com. IN A ; SECTION ANSWER ; example.com. IN DNAME example.com. ; cyc.example.com. IN CNAME cyc.example.com. ; ENTRY_END ; RANGE_END ; ; end of ns1.example.com. ; ; ;# QNAME owner DNAME target result ; ;-- ---------------- -------------- -------------- ----------------- ; ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. ; ; ; ; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes ; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) ; ; ; ; target c.example.com. was renamed to cyc2.example.net. ; ; to limit number of pre-canned answers required for the test ; ; STEP 221001 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; cyc2.example.com. IN A ; ENTRY_END ; ; ; Expected result is defined by RFC 1034 section 3.6.2: ; ; CNAME chains should be followed and CNAME loops signalled as an error ; STEP 221002 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; REPLY SERVFAIL ; SECTION QUESTION ; cyc2.example.com. IN A ; ENTRY_END ; ; ; ns1.example.com. ; RANGE_BEGIN 221000 221099 ; ADDRESS 168.192.2.2 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.com. IN NS ; SECTION ANSWER ; example.com. IN NS ns1.example.com. ; SECTION ADDITIONAL ; ns1.example.com. IN A 168.192.2.2 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.com. IN A ; SECTION ANSWER ; ns1.example.com. IN A 168.192.2.2 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.com. IN AAAA ; SECTION ANSWER ; ENTRY_END ; ; ; line 10 DNAME ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.com. IN DNAME ; SECTION ANSWER ; example.com. IN DNAME cyc2.example.net. ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; cyc2.example.com. IN A ; SECTION ANSWER ; example.com. IN DNAME cyc2.example.net. ; cyc2.example.com. IN CNAME cyc2.cyc2.example.net. ; ENTRY_END ; RANGE_END ; ; end of ns1.example.com. ; ; ;# QNAME owner DNAME target result ; ;-- ---------------- -------------- -------------- ----------------- ; ;11 shortloop.x.x. x. . shortloop.x. ; ; STEP 221101 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; shortloop.x.x. TXT ; ENTRY_END ; ; STEP 221102 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; SECTION QUESTION ; shortloop.x.x. IN TXT ; SECTION ANSWER ; x. IN DNAME . ; ; unbound hack ; x. IN DNAME . ; shortloop.x.x. IN CNAME shortloop.x. ; shortloop.x. IN CNAME shortloop. ; shortloop. IN TXT "shortloop end" ; ENTRY_END ; ; ;# QNAME owner DNAME target result ; ;-- ---------------- -------------- -------------- ----------------- ; ;12 shortloop.x. x. . shortloop. ; ; ; expire potentically cached CNAMEs for shortloop.x. from cache ; STEP 221200 TIME_PASSES ELAPSE 10000 ; ; STEP 221201 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; shortloop.x. TXT ; ENTRY_END ; ; STEP 221202 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; SECTION QUESTION ; shortloop.x. IN TXT ; SECTION ANSWER ; x. IN DNAME . ; shortloop.x. IN CNAME shortloop. ; shortloop. IN TXT "shortloop end" ; ENTRY_END ; ; ; ; ns1.example.net. (data shared by whole 22xxxx range) ; RANGE_BEGIN 220000 229999 ; ADDRESS 168.192.3.3 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; example.net. IN NS ; SECTION ANSWER ; example.net. IN NS ns1.example.net. ; SECTION ADDITIONAL ; example.net. IN A 168.192.3.3 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.net. IN A ; SECTION ANSWER ; ns1.example.net. IN A 168.192.3.3 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; ns1.example.net. IN AAAA ; SECTION ANSWER ; ENTRY_END ; ; ; line 3 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; a.example.net. IN A ; SECTION ANSWER ; a.example.net. IN A 10.0.0.97 ; ENTRY_END ; ; ; line 4 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; a.b.example.net. IN A ; SECTION ANSWER ; a.b.example.net. IN A 10.0.97.98 ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; a2.y.example.net. IN A ; SECTION ANSWER ; a2.y.example.net. IN A 10.97.50.121 ; ENTRY_END ; ; ; line 10 ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; cyc2.example.net. IN DNAME ; SECTION ANSWER ; cyc2.example.net. IN DNAME example.com. ; ENTRY_END ; ; ENTRY_BEGIN ; MATCH opcode qtype qname ; ADJUST copy_id ; REPLY QR AA NOERROR ; SECTION QUESTION ; cyc2.cyc2.example.net. IN A ; SECTION ANSWER ; cyc2.example.net. IN DNAME example.com. ; cyc2.cyc2.example.com. IN CNAME cyc2.example.com. ; ENTRY_END ; RANGE_END ; ; end of ns1.example.net. ; ; ; ; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution ; ; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. ; STEP 229001 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; x.long. IN A ; ENTRY_END ; ; ; query returning maximal permissible length - should work ; STEP 229002 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; SECTION QUESTION ; x.long. IN A ; SECTION ANSWER ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. ; x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. ; x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 ; ENTRY_END ; result of substitution has too long name ; YXDOMAIN should be propagated to the client ; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html STEP 229003 QUERY ENTRY_BEGIN REPLY RD DO SECTION QUESTION too.long. IN A ENTRY_END STEP 229004 CHECK_ANSWER ENTRY_BEGIN MATCH rcode question answer REPLY QR YXDOMAIN SECTION QUESTION too.long. IN A SECTION ANSWER long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. ENTRY_END ; ; YXDOMAIN should work even if the cache is empty ; STEP 229005 TIME_PASSES ELAPSE 4000 ; ; STEP 229006 QUERY ; ENTRY_BEGIN ; REPLY RD DO ; SECTION QUESTION ; too.long. IN A ; ENTRY_END ; ; STEP 229007 CHECK_ANSWER ; ENTRY_BEGIN ; MATCH rcode question answer ; REPLY QR YXDOMAIN ; SECTION QUESTION ; x.long. IN A ; SECTION ANSWER ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. ; ENTRY_END SCENARIO_END