1; Check if an expired SERVFAIL answer stored in the global cache does not block
2; ECS queries to reach the ECS cache.
3
4server:
5	trust-anchor-signaling: no
6	target-fetch-policy: "0 0 0 0 0"
7	send-client-subnet: 1.2.3.4
8	max-client-subnet-ipv4: 21
9	module-config: "subnetcache iterator"
10	verbosity: 3
11	access-control: 127.0.0.1 allow_snoop
12	qname-minimisation: no
13	minimal-responses: no
14	serve-expired: yes
15	prefetch: yes
16
17stub-zone:
18	name: "example.com."
19	stub-addr: 1.2.3.4
20CONFIG_END
21
22SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache
23
24; ns.example.com.
25RANGE_BEGIN 0 10
26	ADDRESS 1.2.3.4
27	ENTRY_BEGIN
28		MATCH opcode qtype qname
29		ADJUST copy_id
30		REPLY QR NOERROR
31		SECTION QUESTION
32			example.com. IN NS
33		SECTION ANSWER
34			example.com.    IN NS   ns.example.com.
35		SECTION ADDITIONAL
36			ns.example.com.         IN      A       1.2.3.4
37	ENTRY_END
38
39	; response to query of interest
40	ENTRY_BEGIN
41		MATCH opcode qtype qname
42		ADJUST copy_id
43		REPLY QR SERVFAIL
44		SECTION QUESTION
45			www.example.com. IN A
46	ENTRY_END
47RANGE_END
48
49; ns.example.com.
50RANGE_BEGIN 11 100
51	ADDRESS 1.2.3.4
52	ENTRY_BEGIN
53		MATCH opcode qtype qname
54		ADJUST copy_id
55		REPLY QR NOERROR
56		SECTION QUESTION
57			example.com. IN NS
58		SECTION ANSWER
59			example.com.    IN NS   ns.example.com.
60		SECTION ADDITIONAL
61			ns.example.com.         IN      A       1.2.3.4
62	ENTRY_END
63
64	; response to query of interest
65	ENTRY_BEGIN
66		MATCH opcode qtype qname ednsdata
67		ADJUST copy_id copy_ednsdata_assume_clientsubnet
68		REPLY QR NOERROR
69		SECTION QUESTION
70			www.example.com. IN A
71		SECTION ANSWER
72			www.example.com. 10 IN A	10.20.30.40
73		SECTION AUTHORITY
74			example.com.	IN NS	ns.example.com.
75		SECTION ADDITIONAL
76			HEX_EDNSDATA_BEGIN
77						; client is 127.0.0.1
78				00 08 		; OPC
79				00 05 		; option length
80				00 01 		; Family
81				08 00 		; source mask, scopemask
82				7f		; address
83			HEX_EDNSDATA_END
84			ns.example.com.		IN 	A	1.2.3.4
85	ENTRY_END
86RANGE_END
87
88STEP 1 QUERY
89ENTRY_BEGIN
90REPLY RD
91SECTION QUESTION
92www.example.com. IN A
93ENTRY_END
94
95; This answer should be in the global cache
96STEP 2 CHECK_ANSWER
97ENTRY_BEGIN
98MATCH all
99REPLY QR RD RA SERVFAIL
100SECTION QUESTION
101www.example.com.	IN A
102ENTRY_END
103
104; Bring the cached SERVFAIL to prefetch time
105STEP 10 TIME_PASSES ELAPSE 5
106
107STEP 11 QUERY
108ENTRY_BEGIN
109REPLY RD DO
110SECTION QUESTION
111www.example.com. IN A
112SECTION ADDITIONAL
113HEX_EDNSDATA_BEGIN
114	00 08 00 05	; OPC, optlen
115	00 01 08 00	; ip4, source 8, scope 0
116	7f   		; 127.0.0.0/8
117HEX_EDNSDATA_END
118ENTRY_END
119
120; This answer was cached but a prefetch was triggerred
121STEP 12 CHECK_ANSWER
122ENTRY_BEGIN
123MATCH opcode qtype qname
124REPLY QR RD RA SERVFAIL
125SECTION QUESTION
126www.example.com.	IN A
127ENTRY_END
128
129; Wait for the SERVFAIL to expire
130STEP 13 TIME_PASSES ELAPSE 2
131
132; Query again to verify that the record was prefetched and stored in the ECS
133; cache (because the server replied with ECS this time)
134STEP 14 QUERY
135ENTRY_BEGIN
136REPLY RD DO
137SECTION QUESTION
138www.example.com. IN A
139SECTION ADDITIONAL
140HEX_EDNSDATA_BEGIN
141	00 08 00 05	; OPC, optlen
142	00 01 08 00	; ip4, source 8, scope 0
143	7f   		; 127.0.0.0/8
144HEX_EDNSDATA_END
145ENTRY_END
146
147; This record came from the ECS cache
148STEP 15 CHECK_ANSWER
149ENTRY_BEGIN
150MATCH all ttl
151REPLY QR RD RA DO NOERROR
152SECTION QUESTION
153www.example.com.		IN A
154SECTION ANSWER
155www.example.com.	8	IN A	10.20.30.40
156SECTION AUTHORITY
157example.com.		3598	IN NS	ns.example.com.
158SECTION ADDITIONAL
159HEX_EDNSDATA_BEGIN
160	00 08 00 05	; OPC, optlen
161	00 01 08 08	; ip4, source 8, scope 0
162	7f		; 127.0.0.0/8
163HEX_EDNSDATA_END
164ns.example.com.		3598	IN A	1.2.3.4
165ENTRY_END
166
167SCENARIO_END
168