1*b7c0c8c1SCy Schubertserver: 2*b7c0c8c1SCy Schubert minimal-responses: no 3*b7c0c8c1SCy Schubert serve-expired: yes 4*b7c0c8c1SCy Schubert # The value does not matter, we will not simulate delay. 5*b7c0c8c1SCy Schubert # We do not want only serve-expired because fetches from that 6*b7c0c8c1SCy Schubert # apply a generous PREFETCH_LEEWAY. 7*b7c0c8c1SCy Schubert serve-expired-client-timeout: 1000 8*b7c0c8c1SCy Schubert # So that we can only have to give one SERVFAIL answer. 9*b7c0c8c1SCy Schubert outbound-msg-retry: 0 10*b7c0c8c1SCy Schubert 11*b7c0c8c1SCy Schubertforward-zone: name: "." forward-addr: 216.0.0.1 12*b7c0c8c1SCy SchubertCONFIG_END 13*b7c0c8c1SCy Schubert 14*b7c0c8c1SCy SchubertSCENARIO_BEGIN RRset from cache updates the message TTL. 15*b7c0c8c1SCy Schubert 16*b7c0c8c1SCy SchubertSTEP 1 QUERY 17*b7c0c8c1SCy SchubertENTRY_BEGIN 18*b7c0c8c1SCy Schubert REPLY RD 19*b7c0c8c1SCy Schubert SECTION QUESTION 20*b7c0c8c1SCy Schubert www.example.com. IN A 21*b7c0c8c1SCy SchubertENTRY_END 22*b7c0c8c1SCy Schubert; the query is sent to the forwarder - no cache yet. 23*b7c0c8c1SCy SchubertSTEP 2 CHECK_OUT_QUERY 24*b7c0c8c1SCy SchubertENTRY_BEGIN 25*b7c0c8c1SCy Schubert MATCH qname qtype opcode 26*b7c0c8c1SCy Schubert SECTION QUESTION 27*b7c0c8c1SCy Schubert www.example.com. IN A 28*b7c0c8c1SCy SchubertENTRY_END 29*b7c0c8c1SCy SchubertSTEP 3 REPLY 30*b7c0c8c1SCy SchubertENTRY_BEGIN 31*b7c0c8c1SCy Schubert MATCH opcode qtype qname 32*b7c0c8c1SCy Schubert ADJUST copy_id 33*b7c0c8c1SCy Schubert ; authoritative answer 34*b7c0c8c1SCy Schubert REPLY QR AA RD RA NOERROR 35*b7c0c8c1SCy Schubert SECTION QUESTION 36*b7c0c8c1SCy Schubert www.example.com. IN A 37*b7c0c8c1SCy Schubert SECTION ANSWER 38*b7c0c8c1SCy Schubert www.example.com. 5 IN A 10.20.30.40 39*b7c0c8c1SCy Schubert SECTION AUTHORITY 40*b7c0c8c1SCy Schubert example.com. 10 IN NS ns.example.com. 41*b7c0c8c1SCy Schubert SECTION ADDITIONAL 42*b7c0c8c1SCy Schubert ns.example.com. 10 IN A 10.20.30.50 43*b7c0c8c1SCy SchubertENTRY_END 44*b7c0c8c1SCy SchubertSTEP 4 CHECK_ANSWER 45*b7c0c8c1SCy SchubertENTRY_BEGIN 46*b7c0c8c1SCy Schubert MATCH all ttl 47*b7c0c8c1SCy Schubert REPLY QR RD RA 48*b7c0c8c1SCy Schubert SECTION QUESTION 49*b7c0c8c1SCy Schubert www.example.com. IN A 50*b7c0c8c1SCy Schubert SECTION ANSWER 51*b7c0c8c1SCy Schubert www.example.com. 5 IN A 10.20.30.40 52*b7c0c8c1SCy Schubert SECTION AUTHORITY 53*b7c0c8c1SCy Schubert example.com. 10 IN NS ns.example.com. 54*b7c0c8c1SCy Schubert SECTION ADDITIONAL 55*b7c0c8c1SCy Schubert ns.example.com. 10 IN A 10.20.30.50 56*b7c0c8c1SCy SchubertENTRY_END 57*b7c0c8c1SCy Schubert 58*b7c0c8c1SCy Schubert; Wait for the A RRSET to expire. 59*b7c0c8c1SCy SchubertSTEP 5 TIME_PASSES ELAPSE 6 60*b7c0c8c1SCy Schubert 61*b7c0c8c1SCy SchubertSTEP 6 QUERY 62*b7c0c8c1SCy SchubertENTRY_BEGIN 63*b7c0c8c1SCy Schubert REPLY RD 64*b7c0c8c1SCy Schubert SECTION QUESTION 65*b7c0c8c1SCy Schubert www.example.com. IN A 66*b7c0c8c1SCy SchubertENTRY_END 67*b7c0c8c1SCy Schubert; expired answer will not be served due to serve-expired-client-timeout. 68*b7c0c8c1SCy SchubertSTEP 7 CHECK_OUT_QUERY 69*b7c0c8c1SCy SchubertENTRY_BEGIN 70*b7c0c8c1SCy Schubert MATCH qname qtype opcode 71*b7c0c8c1SCy Schubert SECTION QUESTION 72*b7c0c8c1SCy Schubert www.example.com. IN A 73*b7c0c8c1SCy SchubertENTRY_END 74*b7c0c8c1SCy SchubertSTEP 8 REPLY 75*b7c0c8c1SCy SchubertENTRY_BEGIN 76*b7c0c8c1SCy Schubert MATCH opcode qtype qname 77*b7c0c8c1SCy Schubert ADJUST copy_id 78*b7c0c8c1SCy Schubert ; authoritative answer 79*b7c0c8c1SCy Schubert REPLY QR AA RD RA NOERROR 80*b7c0c8c1SCy Schubert SECTION QUESTION 81*b7c0c8c1SCy Schubert www.example.com. IN A 82*b7c0c8c1SCy Schubert SECTION ANSWER 83*b7c0c8c1SCy Schubert www.example.com. 5 IN A 10.20.30.40 84*b7c0c8c1SCy Schubert SECTION AUTHORITY 85*b7c0c8c1SCy Schubert example.com. 10 IN NS ns.example.com. 86*b7c0c8c1SCy Schubert SECTION ADDITIONAL 87*b7c0c8c1SCy Schubert ns.example.com. 10 IN A 10.20.30.50 88*b7c0c8c1SCy SchubertENTRY_END 89*b7c0c8c1SCy Schubert; The cached NS related RRSETs will not be overwritten by the fresh answer. 90*b7c0c8c1SCy Schubert; The message should have a TTL of 4 instead of 5 from above. 91*b7c0c8c1SCy SchubertSTEP 9 CHECK_ANSWER 92*b7c0c8c1SCy SchubertENTRY_BEGIN 93*b7c0c8c1SCy Schubert MATCH all ttl 94*b7c0c8c1SCy Schubert REPLY QR RD RA 95*b7c0c8c1SCy Schubert SECTION QUESTION 96*b7c0c8c1SCy Schubert www.example.com. IN A 97*b7c0c8c1SCy Schubert SECTION ANSWER 98*b7c0c8c1SCy Schubert www.example.com. 5 IN A 10.20.30.40 99*b7c0c8c1SCy Schubert SECTION AUTHORITY 100*b7c0c8c1SCy Schubert example.com. 4 IN NS ns.example.com. 101*b7c0c8c1SCy Schubert SECTION ADDITIONAL 102*b7c0c8c1SCy Schubert ns.example.com. 4 IN A 10.20.30.50 103*b7c0c8c1SCy SchubertENTRY_END 104*b7c0c8c1SCy Schubert 105*b7c0c8c1SCy Schubert; Wait for the NS RRSETs to expire. 106*b7c0c8c1SCy SchubertSTEP 10 TIME_PASSES ELAPSE 5 107*b7c0c8c1SCy Schubert 108*b7c0c8c1SCy SchubertSTEP 11 QUERY 109*b7c0c8c1SCy SchubertENTRY_BEGIN 110*b7c0c8c1SCy Schubert REPLY RD 111*b7c0c8c1SCy Schubert SECTION QUESTION 112*b7c0c8c1SCy Schubert www.example.com. IN A 113*b7c0c8c1SCy SchubertENTRY_END 114*b7c0c8c1SCy Schubert; The message should be expired, again no expired answer at this point due to 115*b7c0c8c1SCy Schubert; serve-expired-client-timeout. 116*b7c0c8c1SCy SchubertSTEP 12 CHECK_OUT_QUERY 117*b7c0c8c1SCy SchubertENTRY_BEGIN 118*b7c0c8c1SCy Schubert MATCH qname qtype opcode 119*b7c0c8c1SCy Schubert SECTION QUESTION 120*b7c0c8c1SCy Schubert www.example.com. IN A 121*b7c0c8c1SCy SchubertENTRY_END 122*b7c0c8c1SCy SchubertSTEP 13 REPLY 123*b7c0c8c1SCy SchubertENTRY_BEGIN 124*b7c0c8c1SCy Schubert MATCH opcode qtype qname 125*b7c0c8c1SCy Schubert ADJUST copy_id 126*b7c0c8c1SCy Schubert REPLY QR RD RA SERVFAIL 127*b7c0c8c1SCy Schubert SECTION QUESTION 128*b7c0c8c1SCy Schubert www.example.com. IN A 129*b7c0c8c1SCy SchubertENTRY_END 130*b7c0c8c1SCy Schubert; The SERVFAIL will trigger the serve-expired-client-timeout logic to try and 131*b7c0c8c1SCy Schubert; replace the SERVFAIL with a possible cached (expired) answer. 132*b7c0c8c1SCy Schubert; The A RRSET would be at 0TTL left (not expired) but the message should have 133*b7c0c8c1SCy Schubert; been updated to use a TTL of 4 so expired by now. 134*b7c0c8c1SCy Schubert; If the message TTL was not updated (bug), this message would be treated as 135*b7c0c8c1SCy Schubert; non-expired and the now expired NS related RRSETs would fail sanity checks 136*b7c0c8c1SCy Schubert; for non-expired messages. The result would be SERVFAIL here. 137*b7c0c8c1SCy SchubertSTEP 14 CHECK_ANSWER 138*b7c0c8c1SCy SchubertENTRY_BEGIN 139*b7c0c8c1SCy Schubert MATCH all ttl 140*b7c0c8c1SCy Schubert REPLY QR RD RA 141*b7c0c8c1SCy Schubert SECTION QUESTION 142*b7c0c8c1SCy Schubert www.example.com. IN A 143*b7c0c8c1SCy Schubert SECTION ANSWER 144*b7c0c8c1SCy Schubert www.example.com. 0 IN A 10.20.30.40 145*b7c0c8c1SCy Schubert SECTION AUTHORITY 146*b7c0c8c1SCy Schubert example.com. 30 IN NS ns.example.com. 147*b7c0c8c1SCy Schubert SECTION ADDITIONAL 148*b7c0c8c1SCy Schubert ns.example.com. 30 IN A 10.20.30.50 149*b7c0c8c1SCy SchubertENTRY_END 150*b7c0c8c1SCy Schubert 151*b7c0c8c1SCy SchubertSCENARIO_END 152