unbound/testdata/iter_nat64_donotq.rpl

; config options
server:
	do-nat64: yes
	nat64-prefix: 2001:db8:1234::/96
	target-fetch-policy: "0 0 0 0 0"

	; This is like a machine that is part of a cluster of hosts that
	; is IPv6-only, and uses NAT64. The cluster has no internet access.
	do-not-query-address: ::0/0

	qname-minimisation: no

stub-zone:
	name: "."
	; Pick an address in the NAT64 prefix, so it is allowed.
	; other addresses would not be allowed. Or without the bugfix,
	; allowed depending on state machine activation sequence.
	stub-addr: 2001:db8:1234::1
CONFIG_END

SCENARIO_BEGIN Test NAT64 transport for v4-only with do-not-query-addresses.

RANGE_BEGIN 0 100
	ADDRESS 2001:db8:1234::1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS	FAKE.ROOT.
SECTION ADDITIONAL
FAKE.ROOT.	IN	AAAA 2001:db8:1234::1
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
v4only. IN NS
SECTION AUTHORITY
v4only.	IN NS	ns.v4only.
SECTION ADDITIONAL
ns.v4only.	IN	A	192.0.2.1
ENTRY_END

RANGE_END

; replies from NS over "NAT64"

RANGE_BEGIN 0 20
	ADDRESS 2001:db8:1234::c000:0201

; A over NAT64
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
ns.v4only. IN A
SECTION ANSWER
ns.v4only.	IN	A	192.0.2.1
SECTION AUTHORITY
v4only.		IN	NS	ns.v4only.
ENTRY_END

; no AAAA
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
ns.v4only.	IN	AAAA
SECTION AUTHORITY
v4only.		IN	SOA	ns.v4only. host. 1 3600 300 48000 3600
v4only.		IN	NS	ns.v4only.
SECTION ADDITIONAL
ns.v4only.	IN	A	192.0.2.1
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
v4only.		IN	NS
SECTION ANSWER
v4only.		IN	NS	ns.v4only.
SECTION ADDITIONAL
ns.v4only.	IN	A	192.0.2.1
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
test.v4only.	IN	A
SECTION ANSWER
test.v4only.	IN	A	192.0.2.2
SECTION AUTHORITY
v4only.		IN	NS	ns.v4only.
SECTION ADDITIONAL
ns.v4only.	IN	A	192.0.2.1
ENTRY_END
RANGE_END

RANGE_BEGIN 50 100
	ADDRESS 2001:db8:1234::c000:0201
; no AAAA
; The last resort lookup of the AAAA is blocked here,
; the last resort processing is not desired, it should resolve test2
; straight away.
;ENTRY_BEGIN
;MATCH opcode qtype qname
;ADJUST copy_id
;REPLY AA QR NOERROR
;SECTION QUESTION
;ns.v4only.	IN	AAAA
;SECTION AUTHORITY
;v4only.		IN	SOA	ns.v4only. host. 1 3600 300 48000 3600
;v4only.		IN	NS	ns.v4only.
;SECTION ADDITIONAL
;ns.v4only.	IN	A	192.0.2.1
;ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
ns.v4only.	IN	A
SECTION ANSWER
ns.v4only.	IN	A	192.0.2.1
SECTION AUTHORITY
v4only.		IN	NS	ns.v4only.
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY AA QR NOERROR
SECTION QUESTION
test2.v4only.	IN	A
SECTION ANSWER
test2.v4only.	IN	A	192.0.2.3
ENTRY_END
RANGE_END

STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test.v4only. IN A
ENTRY_END

STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
test.v4only.	IN	A
SECTION ANSWER
test.v4only.	IN	A	192.0.2.2
ENTRY_END

; for a query where the upstream nameserver has a timeout.
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
test2.v4only. IN A
ENTRY_END

; Only the test2 query is there, and it has a timeout.
; The address is already NAT64 translated, so now that it is
; attempted again, it is looked up in dotnotq as the ipv6 address.
STEP 40 TIMEOUT

STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
test2.v4only.	IN	A
SECTION ANSWER
test2.v4only.	IN	A	192.0.2.3
ENTRY_END

SCENARIO_END