unbound/testdata/iter_dname_insec.rpl

; config options
server:
	harden-referral-path: no
	target-fetch-policy: "0 0 0 0 0"
	qname-minimisation: "no"
	minimal-responses: no

stub-zone:
        name: "."
	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test scrub of insecure DNAME in answer section

; root infrastucture
RANGE_BEGIN 0 10000000
	ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
shortloop. IN TXT
SECTION ANSWER
shortloop. IN TXT "shortloop end"
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
K.ROOT-SERVERS.NET. IN A
SECTION ANSWER
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
K.ROOT-SERVERS.NET. IN AAAA
SECTION ANSWER
ENTRY_END

ENTRY_BEGIN
MATCH subdomain opcode
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH subdomain opcode
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
net. IN A
SECTION AUTHORITY
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH subdomain opcode
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
x. IN A
SECTION AUTHORITY
x. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
long. IN NS
SECTION AUTHORITY
long. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS
SECTION AUTHORITY
60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.gtld-servers.net. IN A
SECTION ANSWER
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.gtld-servers.net. IN AAAA
SECTION ANSWER
ENTRY_END
RANGE_END
; end of root infrastucture

; a.gtld-servers.net. (com. net. x.)
RANGE_BEGIN 0 10000000
	ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.gtld-servers.net. IN A
SECTION ANSWER
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
a.gtld-servers.net. IN AAAA
SECTION ANSWER
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net. IN NS
SECTION AUTHORITY
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns1.example.com.
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.net. IN A
SECTION AUTHORITY
example.net. IN NS ns1.example.net.
SECTION ADDITIONAL
ns1.example.net. IN A 168.192.3.3
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
x. IN NS
SECTION AUTHORITY
x. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
x. IN DNAME
SECTION AUTHORITY
x. IN DNAME .
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH qname opcode
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
shortloop.x.x. IN CNAME
SECTION ANSWER
x. DNAME .
shortloop.x.x. IN CNAME shortloop.x.
shortloop.x. IN CNAME shortloop.
ENTRY_END

ENTRY_BEGIN
MATCH qname opcode
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
shortloop.x. IN CNAME
SECTION ANSWER
x. DNAME .
shortloop.x. IN CNAME shortloop.
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS
SECTION AUTHORITY
60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
long. IN NS
SECTION AUTHORITY
long. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

; DNAME at zone apex, allowed by RFC 6672 section 2.3
ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
long. IN DNAME
SECTION ANSWER
long.			3600	IN	DNAME	63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
x.long. IN A
SECTION ANSWER
long.			3600	IN	DNAME	63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
x.long.			3600	IN	CNAME	x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.	3600	IN	A	192.0.2.1
ENTRY_END

ENTRY_BEGIN
MATCH qname qtype opcode
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A
SECTION ANSWER
x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.	3600	IN	A	192.0.2.1
ENTRY_END

ENTRY_BEGIN
MATCH qname opcode
ADJUST copy_id copy_query
REPLY QR YXDOMAIN
SECTION QUESTION
too.long. IN A
SECTION ANSWER
long.			3600	IN	DNAME	63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
ENTRY_END
RANGE_END
; end of a.gtld-servers.net.

; RFC 6672 section 2.2. The DNAME Substitution table tests
;#  QNAME            owner  DNAME   target         result
;-- ---------------- -------------- -------------- -----------------
;1  com.             example.com.   example.net.   <no match>
;2  example.com.     example.com.   example.net.   [0]
;3  a.example.com.   example.com.   example.net.   a.example.net.
;4  a.b.example.com. example.com.   example.net.   a.b.example.net.
;5  ab.example.com.  b.example.com. example.net.   <no match>
;6  foo.example.com. example.com.   example.net.   foo.example.net.
;7  a.x.example.com. x.example.com. example.net.   a.example.net.
;8  a.example.com.   example.com.   y.example.net. a.y.example.net.
;9  cyc.example.com. example.com.   example.com.   cyc.example.com.
;10 cyc.example.com. example.com.   c.example.com. cyc.c.example.com.
;11 shortloop.x.x.   x.             .              shortloop.x.
;12 shortloop.x.     x.             .              shortloop.
;
;  [0] The result depends on the QTYPE.  If the QTYPE = DNAME, then
;      the result is "example.com.", else "<no match>".
;
;                  Table 1. DNAME Substitution Examples

; line no. 1 is mostly for authoritative server
; line no. 2 QTYPE != DNAME
STEP 220201 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
example.com. IN NS
ENTRY_END

STEP 220202 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns1.example.com.
SECTION ADDITIONAL
ns1.example.com.        0       IN      A       168.192.2.2
ENTRY_END

; line no. 2 QTYPE == DNAME
STEP 220203 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
example.com. IN DNAME
ENTRY_END

STEP 220204 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO
SECTION QUESTION
example.com. IN DNAME
SECTION ANSWER
example.com. IN DNAME example.net.
ENTRY_END


;#  QNAME            owner  DNAME   target         result
;-- ---------------- -------------- -------------- -----------------
;3  a.example.com.   example.com.   example.net.   a.example.net.

STEP 220301 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
a.example.com. IN A
ENTRY_END

STEP 220302 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO
SECTION QUESTION
a.example.com. IN A
SECTION ANSWER
example.com. IN DNAME example.net.
a.example.com. IN CNAME a.example.net.
a.example.net. IN A 10.0.0.97
ENTRY_END

;#  QNAME            owner  DNAME   target         result
;-- ---------------- -------------- -------------- -----------------
;4  a.b.example.com. example.com.   example.net.   a.b.example.net.

STEP 220401 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
a.b.example.com. IN A
ENTRY_END

STEP 220402 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO
SECTION QUESTION
a.b.example.com. IN A
SECTION ANSWER
example.com. IN DNAME example.net.
a.b.example.com. IN CNAME a.b.example.net.
a.b.example.net. IN A 10.0.97.98
ENTRY_END

;#  QNAME            owner  DNAME   target         result
;-- ---------------- -------------- -------------- -----------------
;5  ab.example.com.  b.example.com. example.net.   <no match>
;6  foo.example.com. example.com.   example.net.   foo.example.net.

; line no. 5 is mostly for authoritative server
; line no. 6 is basically the same as line no. 3

; ns1.example.com.
RANGE_BEGIN 220000 220699
	ADDRESS 168.192.2.2
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns1.example.com.
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.com. IN A
SECTION ANSWER
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.com. IN AAAA
SECTION ANSWER
ENTRY_END

; line 2 DNAME
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN DNAME
SECTION ANSWER
example.com. IN DNAME example.net.
ENTRY_END

; line 3
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
a.example.com. IN A
SECTION ANSWER
example.com. IN DNAME example.net.
a.example.com. IN CNAME a.example.net.
ENTRY_END

; line 4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
a.b.example.com. IN A
SECTION ANSWER
example.com. IN DNAME example.net.
a.b.example.com. IN CNAME a.b.example.net.
ENTRY_END
RANGE_END
; end of ns1.example.com.


;#  QNAME            owner  DNAME   target         result
;-- ---------------- -------------- -------------- -----------------
;7  a.x.example.com. x.example.com. example.net.   a.example.net.

STEP 220701 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
a.x.example.com. IN A
ENTRY_END

STEP 220702 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO
SECTION QUESTION
a.x.example.com. IN A
SECTION ANSWER
x.example.com. IN DNAME example.net.
a.x.example.com. IN CNAME a.example.net.
a.example.net. IN A 10.0.0.97
ENTRY_END

; ns1.example.com.
RANGE_BEGIN 220700 220799
	ADDRESS 168.192.2.2
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns1.example.com.
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.com. IN A
SECTION ANSWER
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.com. IN AAAA
SECTION ANSWER
ENTRY_END

; line 7 DNAME
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN DNAME
SECTION ANSWER
x.example.com. IN DNAME example.net.
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
a.x.example.com. IN A
SECTION ANSWER
x.example.com. IN DNAME example.net.
a.x.example.com. IN CNAME a.example.net.
ENTRY_END
RANGE_END
; end of ns1.example.com.

;#  QNAME            owner  DNAME   target         result
;-- ---------------- -------------- -------------- -----------------
;8  a.example.com.   example.com.   y.example.net. a.y.example.net.
;
; a.example.com. was renamed to a2.example.com. to avoid cache clashes
; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4)

STEP 220801 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
a2.example.com. IN A
ENTRY_END

STEP 220802 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO
SECTION QUESTION
a2.example.com. IN A
SECTION ANSWER
example.com. IN DNAME y.example.net.
a2.example.com. IN CNAME a2.y.example.net.
a2.y.example.net. IN A 10.97.50.121
ENTRY_END

; ns1.example.com.
RANGE_BEGIN 220800 220899
	ADDRESS 168.192.2.2
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns1.example.com.
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.com. IN A
SECTION ANSWER
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.com. IN AAAA
SECTION ANSWER
ENTRY_END

; line 8 DNAME
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN DNAME
SECTION ANSWER
example.com. IN DNAME y.example.net.
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
a2.example.com. IN A
SECTION ANSWER
example.com. IN DNAME y.example.net.
a2.example.com. IN CNAME a2.y.example.net.
ENTRY_END
RANGE_END
; end of ns1.example.com.


;#  QNAME            owner  DNAME   target         result
;-- ---------------- -------------- -------------- -----------------
;9  cyc.example.com. example.com.   example.com.   cyc.example.com.

STEP 220901 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
cyc.example.com. IN A
ENTRY_END

; Expected result is defined by RFC 1034 section 3.6.2:
; CNAME chains should be followed and CNAME loops signalled as an error
STEP 220902 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO
REPLY NOERROR
SECTION QUESTION
cyc.example.com. IN A
SECTION ANSWER
example.com.	0	IN	DNAME	example.com.
cyc.example.com.	0	IN	CNAME	cyc.example.com.
ENTRY_END

; ns1.example.com.
RANGE_BEGIN 220900 220999
	ADDRESS 168.192.2.2
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns1.example.com.
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.com. IN A
SECTION ANSWER
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.com. IN AAAA
SECTION ANSWER
ENTRY_END

; line 9 DNAME
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN DNAME
SECTION ANSWER
example.com. IN DNAME example.com.
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
cyc.example.com. IN A
SECTION ANSWER
example.com. IN DNAME example.com.
cyc.example.com. IN CNAME cyc.example.com.
ENTRY_END
RANGE_END
; end of ns1.example.com.

;#  QNAME            owner  DNAME   target         result
;-- ---------------- -------------- -------------- -----------------
;10 cyc.example.com. example.com.   c.example.com. cyc.c.example.com.
;
; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes
; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4)
;
; target c.example.com. was renamed to cyc2.example.net.
; to limit number of pre-canned answers required for the test

STEP 221001 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
cyc2.example.com. IN A
ENTRY_END

; Expected result is defined by RFC 1034 section 3.6.2:
; CNAME chains should be followed and CNAME loops signalled as an error
STEP 221002 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO SERVFAIL
SECTION QUESTION
cyc2.example.com. IN A
ENTRY_END

; ns1.example.com.
RANGE_BEGIN 221000 221099
	ADDRESS 168.192.2.2
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns1.example.com.
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.com. IN A
SECTION ANSWER
ns1.example.com. IN A 168.192.2.2
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.com. IN AAAA
SECTION ANSWER
ENTRY_END

; line 10 DNAME
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN DNAME
SECTION ANSWER
example.com. IN DNAME cyc2.example.net.
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
cyc2.example.com. IN A
SECTION ANSWER
example.com. IN DNAME cyc2.example.net.
cyc2.example.com. IN CNAME cyc2.cyc2.example.net.
ENTRY_END
RANGE_END
; end of ns1.example.com.

;#  QNAME            owner  DNAME   target         result
;-- ---------------- -------------- -------------- -----------------
;11 shortloop.x.x.   x.             .              shortloop.x.

STEP 221101 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
shortloop.x.x.	TXT
ENTRY_END

STEP 221102 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO
SECTION QUESTION
shortloop.x.x.	IN TXT
SECTION ANSWER
x.		IN DNAME	.
shortloop.x.x.	IN CNAME	shortloop.x.
;;x.		IN DNAME	.
shortloop.x.	IN CNAME	shortloop.
shortloop.	IN TXT		"shortloop end"
ENTRY_END

;#  QNAME            owner  DNAME   target         result
;-- ---------------- -------------- -------------- -----------------
;12 shortloop.x.     x.             .              shortloop.

; expire potentically cached CNAMEs for shortloop.x. from cache
STEP 221200 TIME_PASSES ELAPSE 10000

STEP 221201 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
shortloop.x.	TXT
ENTRY_END

STEP 221202 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO
SECTION QUESTION
shortloop.x.	IN TXT
SECTION ANSWER
x.		IN DNAME	.
shortloop.x.	IN CNAME	shortloop.
shortloop.	IN TXT		"shortloop end"
ENTRY_END


; ns1.example.net. (data shared by whole 22xxxx range)
RANGE_BEGIN 220000 229999
	ADDRESS 168.192.3.3
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net. IN NS ns1.example.net.
SECTION ADDITIONAL
example.net. IN A 168.192.3.3
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.net. IN A
SECTION ANSWER
ns1.example.net. IN A 168.192.3.3
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns1.example.net. IN AAAA
SECTION ANSWER
ENTRY_END

; line 3
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
a.example.net. IN A
SECTION ANSWER
a.example.net. IN A 10.0.0.97
ENTRY_END

; line 4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
a.b.example.net. IN A
SECTION ANSWER
a.b.example.net. IN A 10.0.97.98
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
a2.y.example.net. IN A
SECTION ANSWER
a2.y.example.net. IN A 10.97.50.121
ENTRY_END

; line 10
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
cyc2.example.net. IN DNAME
SECTION ANSWER
cyc2.example.net. IN DNAME example.com.
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
cyc2.cyc2.example.net. IN A
SECTION ANSWER
cyc2.example.net. IN DNAME example.com.
cyc2.cyc2.example.com. IN CNAME cyc2.example.com.
ENTRY_END
RANGE_END
; end of ns1.example.net.


; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution
; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long.
STEP 229001 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
x.long.	IN A
ENTRY_END

; query returning maximal permissible length - should work
STEP 229002 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO
SECTION QUESTION
x.long.	IN A
SECTION ANSWER
long.			3600	IN	DNAME	63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
x.long.			3600	IN	CNAME	x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.	3600	IN	A	192.0.2.1
ENTRY_END

; result of substitution has too long name
; YXDOMAIN should be propagated to the client
; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html
;TODO
; STEP 229003 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; too.long.	IN A
; ENTRY_END
;
; STEP 229004 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH all
; REPLY QR YXDOMAIN
; SECTION QUESTION
; x.long.	IN A
; SECTION ANSWER
; long.			3600	IN	DNAME	63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
; ENTRY_END

; YXDOMAIN should work even if the cache is empty
STEP 229005 TIME_PASSES ELAPSE 4000

; STEP 229006 QUERY
; ENTRY_BEGIN
; REPLY RD DO
; SECTION QUESTION
; too.long.	IN A
; ENTRY_END
; 
; STEP 229007 CHECK_ANSWER
; ENTRY_BEGIN
; MATCH all
; REPLY QR YXDOMAIN
; SECTION QUESTION
; x.long.	IN A
; SECTION ANSWER
; long.			3600	IN	DNAME	63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
; ENTRY_END




SCENARIO_END