1server: 2 minimal-responses: no 3 serve-expired: yes 4 # The value does not matter, we will not simulate delay. 5 # We do not want only serve-expired because fetches from that 6 # apply a generous PREFETCH_LEEWAY. 7 serve-expired-client-timeout: 1000 8 # So that we can only have to give one SERVFAIL answer. 9 outbound-msg-retry: 0 10 11forward-zone: name: "." forward-addr: 216.0.0.1 12CONFIG_END 13 14SCENARIO_BEGIN RRset from cache updates the message TTL. 15 16STEP 1 QUERY 17ENTRY_BEGIN 18 REPLY RD 19 SECTION QUESTION 20 www.example.com. IN A 21ENTRY_END 22; the query is sent to the forwarder - no cache yet. 23STEP 2 CHECK_OUT_QUERY 24ENTRY_BEGIN 25 MATCH qname qtype opcode 26 SECTION QUESTION 27 www.example.com. IN A 28ENTRY_END 29STEP 3 REPLY 30ENTRY_BEGIN 31 MATCH opcode qtype qname 32 ADJUST copy_id 33 ; authoritative answer 34 REPLY QR AA RD RA NOERROR 35 SECTION QUESTION 36 www.example.com. IN A 37 SECTION ANSWER 38 www.example.com. 5 IN A 10.20.30.40 39 SECTION AUTHORITY 40 example.com. 10 IN NS ns.example.com. 41 SECTION ADDITIONAL 42 ns.example.com. 10 IN A 10.20.30.50 43ENTRY_END 44STEP 4 CHECK_ANSWER 45ENTRY_BEGIN 46 MATCH all ttl 47 REPLY QR RD RA 48 SECTION QUESTION 49 www.example.com. IN A 50 SECTION ANSWER 51 www.example.com. 5 IN A 10.20.30.40 52 SECTION AUTHORITY 53 example.com. 10 IN NS ns.example.com. 54 SECTION ADDITIONAL 55 ns.example.com. 10 IN A 10.20.30.50 56ENTRY_END 57 58; Wait for the A RRSET to expire. 59STEP 5 TIME_PASSES ELAPSE 6 60 61STEP 6 QUERY 62ENTRY_BEGIN 63 REPLY RD 64 SECTION QUESTION 65 www.example.com. IN A 66ENTRY_END 67; expired answer will not be served due to serve-expired-client-timeout. 68STEP 7 CHECK_OUT_QUERY 69ENTRY_BEGIN 70 MATCH qname qtype opcode 71 SECTION QUESTION 72 www.example.com. IN A 73ENTRY_END 74STEP 8 REPLY 75ENTRY_BEGIN 76 MATCH opcode qtype qname 77 ADJUST copy_id 78 ; authoritative answer 79 REPLY QR AA RD RA NOERROR 80 SECTION QUESTION 81 www.example.com. IN A 82 SECTION ANSWER 83 www.example.com. 5 IN A 10.20.30.40 84 SECTION AUTHORITY 85 example.com. 10 IN NS ns.example.com. 86 SECTION ADDITIONAL 87 ns.example.com. 10 IN A 10.20.30.50 88ENTRY_END 89; The cached NS related RRSETs will not be overwritten by the fresh answer. 90; The message should have a TTL of 4 instead of 5 from above. 91STEP 9 CHECK_ANSWER 92ENTRY_BEGIN 93 MATCH all ttl 94 REPLY QR RD RA 95 SECTION QUESTION 96 www.example.com. IN A 97 SECTION ANSWER 98 www.example.com. 5 IN A 10.20.30.40 99 SECTION AUTHORITY 100 example.com. 4 IN NS ns.example.com. 101 SECTION ADDITIONAL 102 ns.example.com. 4 IN A 10.20.30.50 103ENTRY_END 104 105; Wait for the NS RRSETs to expire. 106STEP 10 TIME_PASSES ELAPSE 5 107 108STEP 11 QUERY 109ENTRY_BEGIN 110 REPLY RD 111 SECTION QUESTION 112 www.example.com. IN A 113ENTRY_END 114; The message should be expired, again no expired answer at this point due to 115; serve-expired-client-timeout. 116STEP 12 CHECK_OUT_QUERY 117ENTRY_BEGIN 118 MATCH qname qtype opcode 119 SECTION QUESTION 120 www.example.com. IN A 121ENTRY_END 122STEP 13 REPLY 123ENTRY_BEGIN 124 MATCH opcode qtype qname 125 ADJUST copy_id 126 REPLY QR RD RA SERVFAIL 127 SECTION QUESTION 128 www.example.com. IN A 129ENTRY_END 130; The SERVFAIL will trigger the serve-expired-client-timeout logic to try and 131; replace the SERVFAIL with a possible cached (expired) answer. 132; The A RRSET would be at 0TTL left (not expired) but the message should have 133; been updated to use a TTL of 4 so expired by now. 134; If the message TTL was not updated (bug), this message would be treated as 135; non-expired and the now expired NS related RRSETs would fail sanity checks 136; for non-expired messages. The result would be SERVFAIL here. 137STEP 14 CHECK_ANSWER 138ENTRY_BEGIN 139 MATCH all ttl 140 REPLY QR RD RA 141 SECTION QUESTION 142 www.example.com. IN A 143 SECTION ANSWER 144 www.example.com. 0 IN A 10.20.30.40 145 SECTION AUTHORITY 146 example.com. 30 IN NS ns.example.com. 147 SECTION ADDITIONAL 148 ns.example.com. 30 IN A 10.20.30.50 149ENTRY_END 150 151SCENARIO_END 152