1; Check if an expired SERVFAIL answer stored in the global cache does not block 2; ECS queries to reach the ECS cache. 3 4server: 5 trust-anchor-signaling: no 6 target-fetch-policy: "0 0 0 0 0" 7 send-client-subnet: 1.2.3.4 8 max-client-subnet-ipv4: 21 9 module-config: "subnetcache iterator" 10 verbosity: 3 11 access-control: 127.0.0.1 allow_snoop 12 qname-minimisation: no 13 minimal-responses: no 14 serve-expired: yes 15 prefetch: yes 16 17stub-zone: 18 name: "example.com." 19 stub-addr: 1.2.3.4 20CONFIG_END 21 22SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache 23 24; ns.example.com. 25RANGE_BEGIN 0 10 26 ADDRESS 1.2.3.4 27 ENTRY_BEGIN 28 MATCH opcode qtype qname 29 ADJUST copy_id 30 REPLY QR NOERROR 31 SECTION QUESTION 32 example.com. IN NS 33 SECTION ANSWER 34 example.com. IN NS ns.example.com. 35 SECTION ADDITIONAL 36 ns.example.com. IN A 1.2.3.4 37 ENTRY_END 38 39 ; response to query of interest 40 ENTRY_BEGIN 41 MATCH opcode qtype qname 42 ADJUST copy_id 43 REPLY QR SERVFAIL 44 SECTION QUESTION 45 www.example.com. IN A 46 ENTRY_END 47RANGE_END 48 49; ns.example.com. 50RANGE_BEGIN 11 100 51 ADDRESS 1.2.3.4 52 ENTRY_BEGIN 53 MATCH opcode qtype qname 54 ADJUST copy_id 55 REPLY QR NOERROR 56 SECTION QUESTION 57 example.com. IN NS 58 SECTION ANSWER 59 example.com. IN NS ns.example.com. 60 SECTION ADDITIONAL 61 ns.example.com. IN A 1.2.3.4 62 ENTRY_END 63 64 ; response to query of interest 65 ENTRY_BEGIN 66 MATCH opcode qtype qname ednsdata 67 ADJUST copy_id copy_ednsdata_assume_clientsubnet 68 REPLY QR NOERROR 69 SECTION QUESTION 70 www.example.com. IN A 71 SECTION ANSWER 72 www.example.com. 10 IN A 10.20.30.40 73 SECTION AUTHORITY 74 example.com. IN NS ns.example.com. 75 SECTION ADDITIONAL 76 HEX_EDNSDATA_BEGIN 77 ; client is 127.0.0.1 78 00 08 ; OPC 79 00 05 ; option length 80 00 01 ; Family 81 08 00 ; source mask, scopemask 82 7f ; address 83 HEX_EDNSDATA_END 84 ns.example.com. IN A 1.2.3.4 85 ENTRY_END 86RANGE_END 87 88STEP 1 QUERY 89ENTRY_BEGIN 90REPLY RD 91SECTION QUESTION 92www.example.com. IN A 93ENTRY_END 94 95; This answer should be in the global cache 96STEP 2 CHECK_ANSWER 97ENTRY_BEGIN 98MATCH all 99REPLY QR RD RA SERVFAIL 100SECTION QUESTION 101www.example.com. IN A 102ENTRY_END 103 104; Bring the cached SERVFAIL to prefetch time 105STEP 10 TIME_PASSES ELAPSE 5 106 107STEP 11 QUERY 108ENTRY_BEGIN 109REPLY RD DO 110SECTION QUESTION 111www.example.com. IN A 112SECTION ADDITIONAL 113HEX_EDNSDATA_BEGIN 114 00 08 00 05 ; OPC, optlen 115 00 01 08 00 ; ip4, source 8, scope 0 116 7f ; 127.0.0.0/8 117HEX_EDNSDATA_END 118ENTRY_END 119 120; This answer was cached but a prefetch was triggerred 121STEP 12 CHECK_ANSWER 122ENTRY_BEGIN 123MATCH opcode qtype qname 124REPLY QR RD RA SERVFAIL 125SECTION QUESTION 126www.example.com. IN A 127ENTRY_END 128 129; Wait for the SERVFAIL to expire 130STEP 13 TIME_PASSES ELAPSE 2 131 132; Query again to verify that the record was prefetched and stored in the ECS 133; cache (because the server replied with ECS this time) 134STEP 14 QUERY 135ENTRY_BEGIN 136REPLY RD DO 137SECTION QUESTION 138www.example.com. IN A 139SECTION ADDITIONAL 140HEX_EDNSDATA_BEGIN 141 00 08 00 05 ; OPC, optlen 142 00 01 08 00 ; ip4, source 8, scope 0 143 7f ; 127.0.0.0/8 144HEX_EDNSDATA_END 145ENTRY_END 146 147; This record came from the ECS cache 148STEP 15 CHECK_ANSWER 149ENTRY_BEGIN 150MATCH all ttl 151REPLY QR RD RA DO NOERROR 152SECTION QUESTION 153www.example.com. IN A 154SECTION ANSWER 155www.example.com. 8 IN A 10.20.30.40 156SECTION AUTHORITY 157example.com. 3598 IN NS ns.example.com. 158SECTION ADDITIONAL 159HEX_EDNSDATA_BEGIN 160 00 08 00 05 ; OPC, optlen 161 00 01 08 08 ; ip4, source 8, scope 0 162 7f ; 127.0.0.0/8 163HEX_EDNSDATA_END 164ns.example.com. 3598 IN A 1.2.3.4 165ENTRY_END 166 167SCENARIO_END 168