diff --git a/doc/Changelog b/doc/Changelog index 96a3021a2..bebd67521 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,7 @@ 13 March 2017: Wouter - testbound understands Deckard MATCH rcode question answer commands. + - Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead + of YXDOMAIN + query loop, reported by Petr Spacek. 10 March 2017: Wouter - Fix #1234: shortening DNAME loop produces duplicate DNAME records diff --git a/iterator/iterator.c b/iterator/iterator.c index ed8c25099..ce03fbd54 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -2258,6 +2258,11 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, } else iter_scrub_ds(iq->response, ns, iq->dp->name); } else iter_scrub_ds(iq->response, NULL, NULL); + if(type == RESPONSE_TYPE_THROWAWAY && + FLAGS_GET_RCODE(iq->response->rep->flags) == LDNS_RCODE_YXDOMAIN) { + /* YXDOMAIN is a permanent error, no need to retry */ + type = RESPONSE_TYPE_ANSWER; + } /* handle each of the type cases */ if(type == RESPONSE_TYPE_ANSWER) { diff --git a/testcode/testpkts.c b/testcode/testpkts.c index 5e1808340..1ffaf1b7e 100644 --- a/testcode/testpkts.c +++ b/testcode/testpkts.c @@ -1149,12 +1149,12 @@ match_question(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl) if(!s) s = strstr(qcmpstr, ";; AUTHORITY SECTION"); if(!s) s = strstr(qcmpstr, ";; ADDITIONAL SECTION"); if(!s) s = strstr(qcmpstr, ";; MSG SIZE"); - if(s) s = 0; + if(s) *s = 0; s = strstr(pcmpstr, ";; ANSWER SECTION"); if(!s) s = strstr(pcmpstr, ";; AUTHORITY SECTION"); if(!s) s = strstr(pcmpstr, ";; ADDITIONAL SECTION"); if(!s) s = strstr(pcmpstr, ";; MSG SIZE"); - if(s) s = 0; + if(s) *s = 0; r = (strcmp(qcmpstr, pcmpstr) == 0); @@ -1215,11 +1215,11 @@ match_answer(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl) s = strstr(qcmpstr, ";; AUTHORITY SECTION"); if(!s) s = strstr(qcmpstr, ";; ADDITIONAL SECTION"); if(!s) s = strstr(qcmpstr, ";; MSG SIZE"); - if(s) s = 0; + if(s) *s = 0; s = strstr(pcmpstr, ";; AUTHORITY SECTION"); if(!s) s = strstr(pcmpstr, ";; ADDITIONAL SECTION"); if(!s) s = strstr(pcmpstr, ";; MSG SIZE"); - if(s) s = 0; + if(s) *s = 0; r = (strcmp(qcmpstr, pcmpstr) == 0); diff --git a/testdata/iter_dname_yx.rpl b/testdata/iter_dname_yx.rpl new file mode 100644 index 000000000..18b9725cc --- /dev/null +++ b/testdata/iter_dname_yx.rpl @@ -0,0 +1,1041 @@ +; config options +server: + harden-referral-path: no + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test scrub of insecure DNAME in answer section + +; root infrastucture +RANGE_BEGIN 0 10000000 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +shortloop. IN TXT +SECTION ANSWER +shortloop. IN TXT "shortloop end" +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN A +SECTION ANSWER +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +x. IN A +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END +; end of root infrastucture + +; a.gtld-servers.net. (com. net. x.) +RANGE_BEGIN 0 10000000 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns1.example.net. +SECTION ADDITIONAL +ns1.example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN NS +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN DNAME +SECTION AUTHORITY +x. IN DNAME . +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x.x. IN CNAME shortloop.x. +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +; DNAME at zone apex, allowed by RFC 6672 section 2.3 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +long. IN DNAME +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A +SECTION ANSWER +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR AA YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END +RANGE_END +; end of a.gtld-servers.net. + +; RFC 6672 section 2.2. The DNAME Substitution table tests +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;1 com. example.com. example.net. +;2 example.com. example.com. example.net. [0] +;3 a.example.com. example.com. example.net. a.example.net. +;4 a.b.example.com. example.com. example.net. a.b.example.net. +;5 ab.example.com. b.example.com. example.net. +;6 foo.example.com. example.com. example.net. foo.example.net. +;7 a.x.example.com. x.example.com. example.net. a.example.net. +;8 a.example.com. example.com. y.example.net. a.y.example.net. +;9 cyc.example.com. example.com. example.com. cyc.example.com. +;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +;11 shortloop.x.x. x. . shortloop.x. +;12 shortloop.x. x. . shortloop. +; +; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then +; the result is "example.com.", else "". +; +; Table 1. DNAME Substitution Examples + +; ; line no. 1 is mostly for authoritative server +; ; line no. 2 QTYPE != DNAME +; STEP 220201 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; example.com. IN NS +; ENTRY_END +; +; STEP 220202 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode answer +; REPLY QR RD RA DO +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; ENTRY_END +; +; ; line no. 2 QTYPE == DNAME +; STEP 220203 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; example.com. IN DNAME +; ENTRY_END +; +; STEP 220204 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; REPLY QR RD RA DO +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME example.net. +; ENTRY_END +; +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;3 a.example.com. example.com. example.net. a.example.net. +; +; STEP 220301 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a.example.com. IN A +; ENTRY_END +; +; STEP 220302 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.example.com. IN CNAME a.example.net. +; a.example.net. IN A 10.0.0.97 +; ENTRY_END +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;4 a.b.example.com. example.com. example.net. a.b.example.net. +; +; STEP 220401 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a.b.example.com. IN A +; ENTRY_END +; +; STEP 220402 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a.b.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.b.example.com. IN CNAME a.b.example.net. +; a.b.example.net. IN A 10.0.97.98 +; ENTRY_END +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;5 ab.example.com. b.example.com. example.net. +; ;6 foo.example.com. example.com. example.net. foo.example.net. +; +; ; line no. 5 is mostly for authoritative server +; ; line no. 6 is basically the same as line no. 3 +; +; ; ns1.example.com. +; RANGE_BEGIN 220000 220699 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 2 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME example.net. +; ENTRY_END +; +; ; line 3 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.example.com. IN CNAME a.example.net. +; ENTRY_END +; +; ; line 4 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.b.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.b.example.com. IN CNAME a.b.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;7 a.x.example.com. x.example.com. example.net. a.example.net. +; +; STEP 220701 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a.x.example.com. IN A +; ENTRY_END +; +; STEP 220702 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a.x.example.com. IN A +; SECTION ANSWER +; x.example.com. IN DNAME example.net. +; a.x.example.com. IN CNAME a.example.net. +; a.example.net. IN A 10.0.0.97 +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 220700 220799 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 7 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; x.example.com. IN DNAME example.net. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.x.example.com. IN A +; SECTION ANSWER +; x.example.com. IN DNAME example.net. +; a.x.example.com. IN CNAME a.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;8 a.example.com. example.com. y.example.net. a.y.example.net. +; ; +; ; a.example.com. was renamed to a2.example.com. to avoid cache clashes +; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) +; +; STEP 220801 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a2.example.com. IN A +; ENTRY_END +; +; STEP 220802 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a2.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME y.example.net. +; a2.example.com. IN CNAME a2.y.example.net. +; a2.y.example.net. IN A 10.97.50.121 +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 220800 220899 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 8 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME y.example.net. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a2.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME y.example.net. +; a2.example.com. IN CNAME a2.y.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;9 cyc.example.com. example.com. example.com. cyc.example.com. +; +; STEP 220901 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; cyc.example.com. IN A +; ENTRY_END +; +; ; Expected result is defined by RFC 1034 section 3.6.2: +; ; CNAME chains should be followed and CNAME loops signalled as an error +; STEP 220902 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; REPLY SERVFAIL +; SECTION QUESTION +; cyc.example.com. IN A +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 220900 220999 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 9 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME example.com. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.com. +; cyc.example.com. IN CNAME cyc.example.com. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +; ; +; ; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes +; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) +; ; +; ; target c.example.com. was renamed to cyc2.example.net. +; ; to limit number of pre-canned answers required for the test +; +; STEP 221001 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; cyc2.example.com. IN A +; ENTRY_END +; +; ; Expected result is defined by RFC 1034 section 3.6.2: +; ; CNAME chains should be followed and CNAME loops signalled as an error +; STEP 221002 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; REPLY SERVFAIL +; SECTION QUESTION +; cyc2.example.com. IN A +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 221000 221099 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 10 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME cyc2.example.net. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc2.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME cyc2.example.net. +; cyc2.example.com. IN CNAME cyc2.cyc2.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;11 shortloop.x.x. x. . shortloop.x. +; +; STEP 221101 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; shortloop.x.x. TXT +; ENTRY_END +; +; STEP 221102 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; shortloop.x.x. IN TXT +; SECTION ANSWER +; x. IN DNAME . +; ; unbound hack +; x. IN DNAME . +; shortloop.x.x. IN CNAME shortloop.x. +; shortloop.x. IN CNAME shortloop. +; shortloop. IN TXT "shortloop end" +; ENTRY_END +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;12 shortloop.x. x. . shortloop. +; +; ; expire potentically cached CNAMEs for shortloop.x. from cache +; STEP 221200 TIME_PASSES ELAPSE 10000 +; +; STEP 221201 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; shortloop.x. TXT +; ENTRY_END +; +; STEP 221202 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; shortloop.x. IN TXT +; SECTION ANSWER +; x. IN DNAME . +; shortloop.x. IN CNAME shortloop. +; shortloop. IN TXT "shortloop end" +; ENTRY_END +; +; +; ; ns1.example.net. (data shared by whole 22xxxx range) +; RANGE_BEGIN 220000 229999 +; ADDRESS 168.192.3.3 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.net. IN NS +; SECTION ANSWER +; example.net. IN NS ns1.example.net. +; SECTION ADDITIONAL +; example.net. IN A 168.192.3.3 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.net. IN A +; SECTION ANSWER +; ns1.example.net. IN A 168.192.3.3 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.net. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 3 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.example.net. IN A +; SECTION ANSWER +; a.example.net. IN A 10.0.0.97 +; ENTRY_END +; +; ; line 4 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.b.example.net. IN A +; SECTION ANSWER +; a.b.example.net. IN A 10.0.97.98 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a2.y.example.net. IN A +; SECTION ANSWER +; a2.y.example.net. IN A 10.97.50.121 +; ENTRY_END +; +; ; line 10 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc2.example.net. IN DNAME +; SECTION ANSWER +; cyc2.example.net. IN DNAME example.com. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc2.cyc2.example.net. IN A +; SECTION ANSWER +; cyc2.example.net. IN DNAME example.com. +; cyc2.cyc2.example.com. IN CNAME cyc2.example.com. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.net. +; +; +; ; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution +; ; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. +; STEP 229001 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; x.long. IN A +; ENTRY_END +; +; ; query returning maximal permissible length - should work +; STEP 229002 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; x.long. IN A +; SECTION ANSWER +; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +; x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +; x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +; ENTRY_END + +; result of substitution has too long name +; YXDOMAIN should be propagated to the client +; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html +STEP 229003 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +too.long. IN A +ENTRY_END + +STEP 229004 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +REPLY QR YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + + ; ; YXDOMAIN should work even if the cache is empty + ; STEP 229005 TIME_PASSES ELAPSE 4000 + ; + ; STEP 229006 QUERY + ; ENTRY_BEGIN + ; REPLY RD DO + ; SECTION QUESTION + ; too.long. IN A + ; ENTRY_END + ; + ; STEP 229007 CHECK_ANSWER + ; ENTRY_BEGIN + ; MATCH rcode question answer + ; REPLY QR YXDOMAIN + ; SECTION QUESTION + ; x.long. IN A + ; SECTION ANSWER + ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. + ; ENTRY_END + + + + +SCENARIO_END