unbound/testdata/subnet_prezero.crpl

; subnet unit test
server:
	trust-anchor-signaling: no
	send-client-subnet: 1.2.3.4
	send-client-subnet: 1.2.3.5
	target-fetch-policy: "0 0 0 0 0"
	module-config: "subnetcache validator iterator"
	qname-minimisation: no
	minimal-responses: no

stub-zone:
	name: "example.com"
	stub-addr: 1.2.3.4
CONFIG_END

SCENARIO_BEGIN Test subnetcache source prefix zero from client.
; In RFC7871 section-7.1.2 (para. 2).
; It says that the recursor must send no EDNS subnet or its own address
; in the EDNS subnet to the upstream server. And use that answer for the
; source prefix length zero query. That type of query is for privacy.
; The authority server is then going to use the resolver's IP, if any, to
; tailor the answer to the query source address.

; ns.example.com
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.4

; reply with 0.0.0.0/0 in reply
; For the test the answers for 0.0.0.0/0 queries are SERVFAIL, the normal
; answers are NOERROR.
ENTRY_BEGIN
MATCH opcode qtype qname ednsdata
ADJUST copy_id
REPLY QR AA DO SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN CNAME star.c10r.example.com.
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
	00 08 00 04     ; OPCODE=subnet, optlen
	00 01 00 00     ; ip4, scope 0, source 0
			; 0.0.0.0/0
HEX_EDNSDATA_END
ENTRY_END

; reply without subnet
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN CNAME star.c10r.example.com.
ENTRY_END

; delegation answer for c10r.example.com, with subnet /0
ENTRY_BEGIN
MATCH opcode subdomain ednsdata
ADJUST copy_id copy_query
REPLY QR DO SERVFAIL
SECTION QUESTION
c10r.example.com. IN NS
SECTION AUTHORITY
c10r.example.com. IN NS ns.c10r.example.com.
SECTION ADDITIONAL
ns.c10r.example.com. IN A 1.2.3.5
HEX_EDNSDATA_BEGIN
	00 08 00 04     ; OPCODE=subnet, optlen
	00 01 00 00     ; ip4, scope 0, source 0
			; 0.0.0.0/0
HEX_EDNSDATA_END
ENTRY_END

; delegation answer for c10r.example.com, without subnet
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR DO NOERROR
SECTION QUESTION
c10r.example.com. IN NS
SECTION AUTHORITY
c10r.example.com. IN NS ns.c10r.example.com.
SECTION ADDITIONAL
ns.c10r.example.com. IN A 1.2.3.5
ENTRY_END
RANGE_END

; ns.c10r.example.com
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.5

; reply with 0.0.0.0/0 in reply
ENTRY_BEGIN
MATCH opcode qtype qname ednsdata
ADJUST copy_id
REPLY QR AA DO SERVFAIL
SECTION QUESTION
star.c10r.example.com. IN A
SECTION ANSWER
star.c10r.example.com. IN A 1.2.3.6
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
	00 08 00 04     ; OPCODE=subnet, optlen
	00 01 00 00     ; ip4, scope 0, source 0
			; 0.0.0.0/0
HEX_EDNSDATA_END
ENTRY_END

; reply without subnet
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA DO NOERROR
SECTION QUESTION
star.c10r.example.com. IN A
SECTION ANSWER
star.c10r.example.com. IN A 1.2.3.6
ENTRY_END
RANGE_END

; ask for www.example.com
; server answers with CNAME to a delegation, that then
; returns a /24 answer.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
	00 08 00 04     ; OPCODE=subnet, optlen
	00 01 00 00     ; ip4, scope 0, source 0
			; 0.0.0.0/0
HEX_EDNSDATA_END
ENTRY_END

STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN CNAME star.c10r.example.com.
star.c10r.example.com. IN A 1.2.3.6
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
	00 08 00 04     ; OPCODE=subnet, optlen
	00 01 00 00     ; ip4, scope 0, source 0
			; 0.0.0.0/0
HEX_EDNSDATA_END
ENTRY_END
SCENARIO_END