1; config options 2server: 3 module-config: "validator iterator" 4 qname-minimisation: "no" 5 minimal-responses: no 6 serve-expired: yes 7 log-servfail: yes 8 ede: yes 9 ede-serve-expired: yes 10 11 12stub-zone: 13 name: "example.com" 14 stub-addr: 1.2.3.4 15CONFIG_END 16 17SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL 18; Scenario overview: 19; - query for 0ttl.example.com. IN A 20; - answer from upstream is NXDOMAIN; will be cached for the SOA negative TTL. 21; - check that the client gets the NXDOMAIN; also cached 22; - query again right after the TTL expired 23; - this time the server answers with a 0 TTL RRset 24; - check that we get the correct answer 25 26; ns.example.com. 27RANGE_BEGIN 0 20 28 ADDRESS 1.2.3.4 29 ; response to A query 30 ENTRY_BEGIN 31 MATCH opcode qtype qname 32 ADJUST copy_id 33 REPLY QR AA NXDOMAIN 34 SECTION QUESTION 35 0ttl.example.com. IN A 36 SECTION AUTHORITY 37 example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 38 ENTRY_END 39RANGE_END 40 41; ns.example.com. 42RANGE_BEGIN 30 100 43 ADDRESS 1.2.3.4 44 ENTRY_BEGIN 45 MATCH opcode qtype qname 46 ADJUST copy_id 47 REPLY QR NOERROR 48 SECTION QUESTION 49 example.com. 10 IN NS 50 SECTION ANSWER 51 example.com. 10 IN NS ns.example.com. 52 SECTION ADDITIONAL 53 ns.example.com. 10 IN A 1.2.3.4 54 ENTRY_END 55 56 ENTRY_BEGIN 57 MATCH opcode qtype qname 58 ADJUST copy_id 59 REPLY QR NOERROR 60 SECTION QUESTION 61 0ttl.example.com. IN A 62 SECTION ANSWER 63 0ttl.example.com. 0 IN A 5.6.7.8 64 SECTION AUTHORITY 65 example.com. 10 IN NS ns.example.com. 66 SECTION ADDITIONAL 67 ns.example.com. 10 IN A 1.2.3.4 68 ENTRY_END 69RANGE_END 70 71; Query with RD flag 72STEP 0 QUERY 73ENTRY_BEGIN 74 REPLY RD 75 SECTION QUESTION 76 0ttl.example.com. IN A 77ENTRY_END 78 79; Check that we get the SERVFAIL (will be cached) 80STEP 10 CHECK_ANSWER 81ENTRY_BEGIN 82 MATCH all 83 REPLY QR RD RA NXDOMAIN 84 SECTION QUESTION 85 0ttl.example.com. IN A 86 SECTION AUTHORITY 87 example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 88ENTRY_END 89 90; Query again 91STEP 20 QUERY 92ENTRY_BEGIN 93 REPLY RD 94 SECTION QUESTION 95 0ttl.example.com. IN A 96ENTRY_END 97 98; Check that we get the cached NXDOMAIN 99STEP 30 CHECK_ANSWER 100ENTRY_BEGIN 101 MATCH all 102 REPLY QR RD RA NXDOMAIN 103 SECTION QUESTION 104 0ttl.example.com. IN A 105 SECTION AUTHORITY 106 example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 107ENTRY_END 108 109; Wait for the NXDOMAIN to expire 110STEP 31 TIME_PASSES ELAPSE 32 111 112; Query again 113STEP 40 QUERY 114ENTRY_BEGIN 115 REPLY RD 116 SECTION QUESTION 117 0ttl.example.com. IN A 118ENTRY_END 119 120; Check that we get the cached NXDOMAIN 121STEP 50 CHECK_ANSWER 122ENTRY_BEGIN 123 MATCH all 124 REPLY QR RD RA NXDOMAIN 125 SECTION QUESTION 126 0ttl.example.com. IN A 127 SECTION AUTHORITY 128 example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 129ENTRY_END 130 131; Query again 132STEP 60 QUERY 133ENTRY_BEGIN 134 REPLY RD 135 SECTION QUESTION 136 0ttl.example.com. IN A 137ENTRY_END 138 139; Check that we got the correct answer 140STEP 70 CHECK_ANSWER 141ENTRY_BEGIN 142 MATCH all ttl 143 REPLY QR RD RA NOERROR 144 SECTION QUESTION 145 0ttl.example.com. IN A 146 SECTION ANSWER 147 0ttl.example.com. 0 IN A 5.6.7.8 148 SECTION AUTHORITY 149 example.com. 10 IN NS ns.example.com. 150 SECTION ADDITIONAL 151 ns.example.com. 10 IN A 1.2.3.4 152ENTRY_END 153 154SCENARIO_END 155