unbound/testdata/subnet_scopezero_noedns.crpl
W.C.A. Wijngaards be626f7c53 - Fix edns subnet replies for scope zero answers to not get stored
in the global cache, and in cachedb, when the upstream replies
  without an EDNS record.
2024-03-04 13:20:13 +01:00

442 lines
10 KiB
Plaintext

; scope of 0, if the query also had scope of 0, do not answer this
; to everyone, but only for scope 0 queries. Otherwise can answer cached.
server:
target-fetch-policy: "0 0 0 0 0"
send-client-subnet: 1.2.3.4
module-config: "subnetcache validator iterator"
verbosity: 4
qname-minimisation: no
stub-zone:
name: "."
stub-addr: 193.0.14.129
stub-zone:
name: "example.com"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test subnet cache with scope zero response without EDNS.
; the upstream server.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname ednsdata
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
;; we expect to receive empty
HEX_EDNSDATA_END
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
RANGE_END
RANGE_BEGIN 0 11
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
;copy_ednsdata_assume_clientsubnet
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
RANGE_BEGIN 20 31
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
;copy_ednsdata_assume_clientsubnet
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.41
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 01 00 ; address
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
RANGE_BEGIN 40 51
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
;copy_ednsdata_assume_clientsubnet
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.42
SECTION AUTHORITY
SECTION ADDITIONAL
;no EDNS in this answer. Tests if the back_parsed callback
;is called to process the lack of edns contents.
;HEX_EDNSDATA_BEGIN
;00 08 ; OPC
;00 04 ; option length
;00 01 ; Family
;00 00 ; source mask, scopemask
; ; address 0.0.0.0/0 scope 0
;HEX_EDNSDATA_END
ENTRY_END
RANGE_END
RANGE_BEGIN 120 131
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
;copy_ednsdata_assume_clientsubnet
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.43
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 00 ; source mask, scopemask
7f 02 00 ; address 127.2.0.0/24 scope 0
HEX_EDNSDATA_END
ENTRY_END
RANGE_END
; query for 127.0.0.0/24
STEP 1 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 00 00 ;127.0.0.0/24
HEX_ANSWER_END
ENTRY_END
; answer is 10.20.30.40 for 127.0.0.0/24 scope 17
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
; query for 127.1.0.0/24
STEP 20 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 01 00 ;127.1.0.0/24
HEX_ANSWER_END
ENTRY_END
; answer is 10.20.30.41 for 127.1.0.0/24 scope 17
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.41
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.1.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 01 00 ; address
HEX_EDNSDATA_END
ENTRY_END
; query for 0.0.0.0/0
STEP 40 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 08
00 08 00 04 ; OPC, optlen
00 01 00 00 ; ip4, scope 0, source 0
;0.0.0.0/0
HEX_ANSWER_END
ENTRY_END
; answer is 10.20.30.42 for 0.0.0.0/0 scope 0
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.42
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 08 ; OPC
00 04 ; option length
00 01 ; Family
00 00 ; source mask, scopemask
; address
HEX_EDNSDATA_END
ENTRY_END
; query for 127.0.0.0/24, again, it should be in cache.
; and not from the scope 0 answer.
STEP 60 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 00 00 ;127.0.0.0/24
HEX_ANSWER_END
ENTRY_END
; answer should be 10.20.30.40 for 127.0.0.0/24 scope 17
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
; query for 127.1.0.0/24, again, it should be in cache.
STEP 80 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 01 00 ;127.1.0.0/24
HEX_ANSWER_END
ENTRY_END
; answer should be 10.20.30.41 for 127.1.0.0/24 scope 17
STEP 90 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.41
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.1.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 11 ; source mask, scopemask
7f 01 00 ; address
HEX_EDNSDATA_END
ENTRY_END
; query for 0.0.0.0/0, again.
STEP 100 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 08
00 08 00 04 ; OPC, optlen
00 01 00 00 ; ip4, scope 0, source 0
;0.0.0.0/0
HEX_ANSWER_END
ENTRY_END
; answer should be 10.20.30.42 for 0.0.0.0/0 scope 0
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.42
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 08 ; OPC
00 04 ; option length
00 01 ; Family
00 00 ; source mask, scopemask
; address
HEX_EDNSDATA_END
ENTRY_END
; now a query for a /24 that gets an answer for a /0.
STEP 120 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 02 00 ;127.2.0.0/24
HEX_ANSWER_END
ENTRY_END
; answer should be 10.20.30.43 for 127.2.0.0/24 scope 0
STEP 130 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.43
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.2.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 00 ; source mask, scopemask
7f 02 00 ; address
HEX_EDNSDATA_END
ENTRY_END
; the scope 0 answer is now used to answer queries from
; query for 127.0.0.0/24
STEP 140 QUERY
ENTRY_BEGIN
HEX_ANSWER_BEGIN
00 00 01 00 00 01 00 00 ;ID 0
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
07 65 78 61 6d 70 6c 65
03 63 6f 6d 00 00 01 00
01 00 00 29 10 00 00 00
80 00 00 0b
00 08 00 07 ; OPC, optlen
00 01 18 00 ; ip4, scope 24, source 0
7f 00 00 ;127.0.0.0/24
HEX_ANSWER_END
ENTRY_END
STEP 150 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ednsdata
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.43
SECTION AUTHORITY
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 07 ; option length
00 01 ; Family
18 00 ; source mask, scopemask
7f 00 00 ; address
HEX_EDNSDATA_END
ENTRY_END
SCENARIO_END