1; subnet unit test 2server: 3 trust-anchor-signaling: no 4 send-client-subnet: 1.2.3.4 5 send-client-subnet: 1.2.3.5 6 target-fetch-policy: "0 0 0 0 0" 7 module-config: "subnetcache validator iterator" 8 qname-minimisation: no 9 minimal-responses: no 10 11stub-zone: 12 name: "example.com" 13 stub-addr: 1.2.3.4 14CONFIG_END 15 16SCENARIO_BEGIN Test subnetcache source prefix zero from client. 17; In RFC7871 section-7.1.2 (para. 2). 18; It says that the recursor must send no EDNS subnet or its own address 19; in the EDNS subnet to the upstream server. And use that answer for the 20; source prefix length zero query. That type of query is for privacy. 21; The authority server is then going to use the resolver's IP, if any, to 22; tailor the answer to the query source address. 23 24; ns.example.com 25RANGE_BEGIN 0 100 26 ADDRESS 1.2.3.4 27 28; reply with 0.0.0.0/0 in reply 29; For the test the answers for 0.0.0.0/0 queries are SERVFAIL, the normal 30; answers are NOERROR. 31ENTRY_BEGIN 32MATCH opcode qtype qname ednsdata 33ADJUST copy_id 34REPLY QR AA DO SERVFAIL 35SECTION QUESTION 36www.example.com. IN A 37SECTION ANSWER 38www.example.com. IN CNAME star.c10r.example.com. 39SECTION ADDITIONAL 40HEX_EDNSDATA_BEGIN 41 00 08 00 04 ; OPCODE=subnet, optlen 42 00 01 00 00 ; ip4, scope 0, source 0 43 ; 0.0.0.0/0 44HEX_EDNSDATA_END 45ENTRY_END 46 47; reply without subnet 48ENTRY_BEGIN 49MATCH opcode qtype qname 50ADJUST copy_id 51REPLY QR AA DO NOERROR 52SECTION QUESTION 53www.example.com. IN A 54SECTION ANSWER 55www.example.com. IN CNAME star.c10r.example.com. 56ENTRY_END 57 58; delegation answer for c10r.example.com, with subnet /0 59ENTRY_BEGIN 60MATCH opcode subdomain ednsdata 61ADJUST copy_id copy_query 62REPLY QR DO SERVFAIL 63SECTION QUESTION 64c10r.example.com. IN NS 65SECTION AUTHORITY 66c10r.example.com. IN NS ns.c10r.example.com. 67SECTION ADDITIONAL 68ns.c10r.example.com. IN A 1.2.3.5 69HEX_EDNSDATA_BEGIN 70 00 08 00 04 ; OPCODE=subnet, optlen 71 00 01 00 00 ; ip4, scope 0, source 0 72 ; 0.0.0.0/0 73HEX_EDNSDATA_END 74ENTRY_END 75 76; delegation answer for c10r.example.com, without subnet 77ENTRY_BEGIN 78MATCH opcode subdomain 79ADJUST copy_id copy_query 80REPLY QR DO NOERROR 81SECTION QUESTION 82c10r.example.com. IN NS 83SECTION AUTHORITY 84c10r.example.com. IN NS ns.c10r.example.com. 85SECTION ADDITIONAL 86ns.c10r.example.com. IN A 1.2.3.5 87ENTRY_END 88RANGE_END 89 90; ns.c10r.example.com 91RANGE_BEGIN 0 100 92 ADDRESS 1.2.3.5 93 94; reply with 0.0.0.0/0 in reply 95ENTRY_BEGIN 96MATCH opcode qtype qname ednsdata 97ADJUST copy_id 98REPLY QR AA DO SERVFAIL 99SECTION QUESTION 100star.c10r.example.com. IN A 101SECTION ANSWER 102star.c10r.example.com. IN A 1.2.3.6 103SECTION ADDITIONAL 104HEX_EDNSDATA_BEGIN 105 00 08 00 04 ; OPCODE=subnet, optlen 106 00 01 00 00 ; ip4, scope 0, source 0 107 ; 0.0.0.0/0 108HEX_EDNSDATA_END 109ENTRY_END 110 111; reply without subnet 112ENTRY_BEGIN 113MATCH opcode qtype qname 114ADJUST copy_id 115REPLY QR AA DO NOERROR 116SECTION QUESTION 117star.c10r.example.com. IN A 118SECTION ANSWER 119star.c10r.example.com. IN A 1.2.3.6 120ENTRY_END 121RANGE_END 122 123; ask for www.example.com 124; server answers with CNAME to a delegation, that then 125; returns a /24 answer. 126STEP 1 QUERY 127ENTRY_BEGIN 128REPLY RD DO 129SECTION QUESTION 130www.example.com. IN A 131SECTION ADDITIONAL 132HEX_EDNSDATA_BEGIN 133 00 08 00 04 ; OPCODE=subnet, optlen 134 00 01 00 00 ; ip4, scope 0, source 0 135 ; 0.0.0.0/0 136HEX_EDNSDATA_END 137ENTRY_END 138 139STEP 10 CHECK_ANSWER 140ENTRY_BEGIN 141MATCH all ednsdata 142REPLY QR RD RA DO NOERROR 143SECTION QUESTION 144www.example.com. IN A 145SECTION ANSWER 146www.example.com. IN CNAME star.c10r.example.com. 147star.c10r.example.com. IN A 1.2.3.6 148SECTION ADDITIONAL 149HEX_EDNSDATA_BEGIN 150 00 08 00 04 ; OPCODE=subnet, optlen 151 00 01 00 00 ; ip4, scope 0, source 0 152 ; 0.0.0.0/0 153HEX_EDNSDATA_END 154ENTRY_END 155SCENARIO_END 156