| rfc8906v3.xml | rfc8906.xml | |||
|---|---|---|---|---|
| skipping to change at line 628 ¶ | skipping to change at line 628 ¶ | |||
| We expect the SOA record for the zone to be returned | We expect the SOA record for the zone to be returned | |||
| in the answer section, the rcode to be set to NOERROR, and | in the answer section, the rcode to be set to NOERROR, and | |||
| the Authoritative Answer (AA) and Query/Response (QR) bits to be | the Authoritative Answer (AA) and Query/Response (QR) bits to be | |||
| set in the header; the Recursion Available (RA) bits may also be | set in the header; the Recursion Available (RA) bits may also be | |||
| set <xref target="RFC1034" format="default"/>. We | set <xref target="RFC1034" format="default"/>. We | |||
| do not expect an OPT record to be returned <xref target="RFC6891" | do not expect an OPT record to be returned <xref target="RFC6891" | |||
| format="default"/>.</t> | format="default"/>.</t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Verify the server is configured for the zone: | Verify the server is configured for the zone: | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +noedns +noad +norec soa $zone @$server | dig +noedns +noad +norec soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: rd to NOT be present | expect: flag: rd to NOT be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| expect: the OPT record to NOT be present | expect: the OPT record to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing Unknown Types</name> | <name>Testing Unknown Types</name> | |||
| <t> | <t> | |||
| Identifying servers that fail to respond to unknown or | Identifying servers that fail to respond to unknown or | |||
| unsupported types can be done by making an initial DNS | unsupported types can be done by making an initial DNS | |||
| query for an A record, making a number of queries for an | query for an A record, making a number of queries for an | |||
| unallocated type, then making a query for an A record | unallocated type, then making a query for an A record | |||
| again. IANA maintains a registry of allocated types <xref | again. IANA maintains a registry of allocated types <xref | |||
| skipping to change at line 676 ¶ | skipping to change at line 676 ¶ | |||
| <t> | <t> | |||
| We expect no records to be returned in the answer | We expect no records to be returned in the answer | |||
| section, the rcode to be set to NOERROR, and the AA and | section, the rcode to be set to NOERROR, and the AA and | |||
| QR bits to be set in the header; RA may also be set | QR bits to be set in the header; RA may also be set | |||
| <xref target="RFC1034" format="default"/>. We do not expect an OPT record | <xref target="RFC1034" format="default"/>. We do not expect an OPT record | |||
| to be returned <xref target="RFC6891" format="default"/>. | to be returned <xref target="RFC6891" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that queries for an unknown type work: | Check that queries for an unknown type work: | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +noedns +noad +norec type1000 $zone @$server | dig +noedns +noad +norec type1000 $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: an empty answer section. | expect: an empty answer section. | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: rd to NOT be present | expect: flag: rd to NOT be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| expect: the OPT record to NOT be present | expect: the OPT record to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing Header Bits</name> | <name>Testing Header Bits</name> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing CD=1 Queries</name> | <name>Testing CD=1 Queries</name> | |||
| <t> | <t> | |||
| Ask for the SOA record of the configured zone. | Ask for the SOA record of the configured zone. | |||
| This query is made with only the CD DNS flag bit set, | This query is made with only the CD DNS flag bit set, | |||
| with all other DNS bits clear, and without EDNS. | with all other DNS bits clear, and without EDNS. | |||
| </t> | </t> | |||
| skipping to change at line 710 ¶ | skipping to change at line 710 ¶ | |||
| do not expect an OPT record to be returned. | do not expect an OPT record to be returned. | |||
| </t> | </t> | |||
| <t> | <t> | |||
| If the server supports DNSSEC, CD should be set in | If the server supports DNSSEC, CD should be set in | |||
| the response <xref target="RFC4035" format="default"/>; otherwise, CD | the response <xref target="RFC4035" format="default"/>; otherwise, CD | |||
| should be clear <xref target="RFC1034" format="default"/>. | should be clear <xref target="RFC1034" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that queries with CD=1 work: | Check that queries with CD=1 work: | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +noedns +noad +norec +cd soa $zone @$server | dig +noedns +noad +norec +cd soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: rd to NOT be present | expect: flag: rd to NOT be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| expect: the OPT record to NOT be present | expect: the OPT record to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing AD=1 Queries</name> | <name>Testing AD=1 Queries</name> | |||
| <t>Ask for the SOA record of the configured zone. This query is | <t>Ask for the SOA record of the configured zone. This query is | |||
| made with only the AD DNS flag bit set, with all other DNS bits clear, | made with only the AD DNS flag bit set, with all other DNS bits clear, | |||
| and without EDNS.</t> | and without EDNS.</t> | |||
| <t> | <t> | |||
| We expect the SOA record for the zone to be returned | We expect the SOA record for the zone to be returned | |||
| in the answer section, the rcode to be set to NOERROR, | in the answer section, the rcode to be set to NOERROR, | |||
| and the AA and QR bits to be set in the header. We | and the AA and QR bits to be set in the header. We | |||
| do not expect an OPT record to be returned. The | do not expect an OPT record to be returned. The | |||
| purpose of this query is to detect blocking of queries | purpose of this query is to detect blocking of queries | |||
| with the AD bit present, not the specific value of | with the AD bit present, not the specific value of | |||
| AD in the response. | AD in the response. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that queries with AD=1 work: | Check that queries with AD=1 work: | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +noedns +norec +ad soa $zone @$server | dig +noedns +norec +ad soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: rd to NOT be present | expect: flag: rd to NOT be present | |||
| expect: the OPT record to NOT be present | expect: the OPT record to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t keepWithPrevious="true"> | <t keepWithPrevious="true"> | |||
| AD use in queries is defined in <xref target="RFC6840" format="default"/>. | AD use in queries is defined in <xref target="RFC6840" format="default"/>. | |||
| </t> | </t> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing Reserved Bit</name> | <name>Testing Reserved Bit</name> | |||
| <t> | <t> | |||
| Ask for the SOA record of the configured zone. This | Ask for the SOA record of the configured zone. This | |||
| query is made with only the final reserved DNS flag | query is made with only the final reserved DNS flag | |||
| bit set, with all other DNS bits clear, and without EDNS. | bit set, with all other DNS bits clear, and without EDNS. | |||
| skipping to change at line 771 ¶ | skipping to change at line 771 ¶ | |||
| and the AA and QR bits to be set in the header; RA | and the AA and QR bits to be set in the header; RA | |||
| may be set. The final reserved bit must not be set | may be set. The final reserved bit must not be set | |||
| <xref target="RFC1034" format="default"/>. We do not expect an OPT | <xref target="RFC1034" format="default"/>. We do not expect an OPT | |||
| record to be returned <xref target="RFC6891" format="default"/>. | record to be returned <xref target="RFC6891" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that queries with the last unassigned DNS | Check that queries with the last unassigned DNS | |||
| header flag work and that the flag bit is not | header flag work and that the flag bit is not | |||
| copied to the response: | copied to the response: | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type="" ><![CDATA[ | |||
| dig +noedns +noad +norec +zflag soa $zone @$server | dig +noedns +noad +norec +zflag soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: MBZ to NOT be in the response (see below) | expect: MBZ to NOT be in the response (see below) | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: rd to NOT be present | expect: flag: rd to NOT be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| expect: the OPT record to NOT be present | expect: the OPT record to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t keepWithPrevious="true"> MBZ (Must Be Zero) is a dig-specific | <t keepWithPrevious="true"> MBZ (Must Be Zero) is a dig-specific | |||
| indication that the flag bit has been incorrectly copied. See | indication that the flag bit has been incorrectly copied. See | |||
| <xref target="RFC1035" sectionFormat="of" section="4.1.1"/>:</t> | <xref target="RFC1035" sectionFormat="of" section="4.1.1"/>:</t> | |||
| <dl newline="false"> | <dl newline="false"> | |||
| <dt>"Z</dt> | <dt>"Z</dt> | |||
| <dd>Reserved for future use. Must be zero in all queries and responses."</dd> | <dd>Reserved for future use. Must be zero in all queries and responses."</dd> | |||
| </dl> | </dl> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| skipping to change at line 808 ¶ | skipping to change at line 808 ¶ | |||
| <t> | <t> | |||
| We expect the SOA record for the zone to be returned | We expect the SOA record for the zone to be returned | |||
| in the answer section, the rcode to be set to NOERROR, and | in the answer section, the rcode to be set to NOERROR, and | |||
| the AA, QR and RD bits to be set in the header; RA | the AA, QR and RD bits to be set in the header; RA | |||
| may also be set <xref target="RFC1034" format="default"/>. We do not | may also be set <xref target="RFC1034" format="default"/>. We do not | |||
| expect an OPT record to be returned <xref target="RFC6891" format="default"/>. | expect an OPT record to be returned <xref target="RFC6891" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that recursive queries work: | Check that recursive queries work: | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +noedns +noad +rec soa $zone @$server | dig +noedns +noad +rec soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: rd to be present | expect: flag: rd to be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| expect: the OPT record to NOT be present | expect: the OPT record to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing Unknown Opcodes</name> | <name>Testing Unknown Opcodes</name> | |||
| <t> | <t> | |||
| Construct a DNS message that consists of only a DNS | Construct a DNS message that consists of only a DNS | |||
| header with opcode set to 15 (currently not allocated), | header with opcode set to 15 (currently not allocated), | |||
| no DNS header bits set, and empty question, answer, | no DNS header bits set, and empty question, answer, | |||
| authority, and additional sections. </t> | authority, and additional sections. </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that new opcodes are handled: | Check that new opcodes are handled: | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +noedns +noad +opcode=15 +norec +header-only @$server | dig +noedns +noad +opcode=15 +norec +header-only @$server | |||
| expect: status: NOTIMP | expect: status: NOTIMP | |||
| expect: opcode: 15 | expect: opcode: 15 | |||
| expect: all sections to be empty | expect: all sections to be empty | |||
| expect: flag: aa to NOT be present | expect: flag: aa to NOT be present | |||
| expect: flag: rd to NOT be present | expect: flag: rd to NOT be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| expect: the OPT record to NOT be present | expect: the OPT record to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing TCP</name> | <name>Testing TCP</name> | |||
| <t> | <t> | |||
| Whether a server accepts TCP connections can be tested | Whether a server accepts TCP connections can be tested | |||
| by first checking that it responds to UDP queries to | by first checking that it responds to UDP queries to | |||
| confirm that it is up and operating, then attempting the | confirm that it is up and operating, then attempting the | |||
| same query over TCP. An additional query should be made | same query over TCP. An additional query should be made | |||
| over UDP if the TCP connection attempt fails to confirm | over UDP if the TCP connection attempt fails to confirm | |||
| that the server under test is still operating. | that the server under test is still operating. | |||
| skipping to change at line 867 ¶ | skipping to change at line 867 ¶ | |||
| <t> | <t> | |||
| We expect the SOA record for the zone to be returned | We expect the SOA record for the zone to be returned | |||
| in the answer section, the rcode to be set to NOERROR, and | in the answer section, the rcode to be set to NOERROR, and | |||
| the AA and QR bits to be set in the header; RA may | the AA and QR bits to be set in the header; RA may | |||
| also be set <xref target="RFC1034" format="default"/>. We do not expect | also be set <xref target="RFC1034" format="default"/>. We do not expect | |||
| an OPT record to be returned <xref target="RFC6891" format="default"/>. | an OPT record to be returned <xref target="RFC6891" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that TCP queries work: | Check that TCP queries work: | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +noedns +noad +norec +tcp soa $zone @$server | dig +noedns +noad +norec +tcp soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: rd to NOT be present | expect: flag: rd to NOT be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| expect: the OPT record to NOT be present | expect: the OPT record to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t keepWithPrevious="true"> | <t keepWithPrevious="true"> | |||
| The requirement that TCP be supported is defined | The requirement that TCP be supported is defined | |||
| in <xref target="RFC7766" format="default"/>. | in <xref target="RFC7766" format="default"/>. | |||
| </t> | </t> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="testing-edns" numbered="true" toc="default"> | <section anchor="testing-edns" numbered="true" toc="default"> | |||
| <name>Testing: Extended DNS</name> | <name>Testing: Extended DNS</name> | |||
| <t> | <t> | |||
| The next set of tests cover various aspects of EDNS | The next set of tests cover various aspects of EDNS | |||
| skipping to change at line 913 ¶ | skipping to change at line 913 ¶ | |||
| the AA and QR bits to be set in the header; RA may | the AA and QR bits to be set in the header; RA may | |||
| also be set <xref target="RFC1034" format="default"/>. We expect | also be set <xref target="RFC1034" format="default"/>. We expect | |||
| an OPT record to be returned. There should be no EDNS | an OPT record to be returned. There should be no EDNS | |||
| flags present in the response. The EDNS version field | flags present in the response. The EDNS version field | |||
| should be 0, and there should be no EDNS options present | should be 0, and there should be no EDNS options present | |||
| <xref target="RFC6891" format="default"/>. | <xref target="RFC6891" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that plain EDNS queries work: | Check that plain EDNS queries work: | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +nocookie +edns=0 +noad +norec soa $zone @$server | dig +nocookie +edns=0 +noad +norec soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: an OPT record to be present in the additional section | expect: an OPT record to be present in the additional section | |||
| expect: EDNS Version 0 in response | expect: EDNS Version 0 in response | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t keepWithPrevious="true"> | <t keepWithPrevious="true"> | |||
| +nocookie disables sending an EDNS COOKIE option, which | +nocookie disables sending an EDNS COOKIE option, which | |||
| is otherwise enabled by default in BIND 9.11.0 (and | is otherwise enabled by default in BIND 9.11.0 (and | |||
| later). | later). | |||
| </t> | </t> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing EDNS Version Negotiation</name> | <name>Testing EDNS Version Negotiation</name> | |||
| <t> | <t> | |||
| Ask for the SOA record of a zone the server is nominally | Ask for the SOA record of a zone the server is nominally | |||
| skipping to change at line 950 ¶ | skipping to change at line 950 ¶ | |||
| BADVERS and the QR bit to be set in the header; RA | BADVERS and the QR bit to be set in the header; RA | |||
| may also be set <xref target="RFC1034" format="default"/>. We expect | may also be set <xref target="RFC1034" format="default"/>. We expect | |||
| an OPT record to be returned. There should be no EDNS | an OPT record to be returned. There should be no EDNS | |||
| flags present in the response. The EDNS version field | flags present in the response. The EDNS version field | |||
| should be 0 in the response, as no other EDNS version | should be 0 in the response, as no other EDNS version | |||
| has as yet been specified <xref target="RFC6891" format="default"/>. | has as yet been specified <xref target="RFC6891" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that EDNS version 1 queries work (EDNS supported): | Check that EDNS version 1 queries work (EDNS supported): | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +nocookie +edns=1 +noednsneg +noad +norec soa $zone @$server | dig +nocookie +edns=1 +noednsneg +noad +norec soa $zone @$server | |||
| expect: status: BADVERS | expect: status: BADVERS | |||
| expect: the SOA record to NOT be present in the answer section | expect: the SOA record to NOT be present in the answer section | |||
| expect: an OPT record to be present in the additional section | expect: an OPT record to be present in the additional section | |||
| expect: EDNS Version 0 in response | expect: EDNS Version 0 in response | |||
| expect: flag: aa to NOT be present | expect: flag: aa to NOT be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t keepWithPrevious="true"> | <t keepWithPrevious="true"> | |||
| +noednsneg has been set, as dig supports EDNS version | +noednsneg has been set, as dig supports EDNS version | |||
| negotiation, and we want to see only the response to the | negotiation, and we want to see only the response to the | |||
| initial EDNS version 1 query. | initial EDNS version 1 query. | |||
| </t> | </t> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing Unknown EDNS Options</name> | <name>Testing Unknown EDNS Options</name> | |||
| <t> | <t> | |||
| Ask for the SOA record of the configured zone. This | Ask for the SOA record of the configured zone. This | |||
| skipping to change at line 992 ¶ | skipping to change at line 992 ¶ | |||
| an OPT record to be returned. There should be no EDNS | an OPT record to be returned. There should be no EDNS | |||
| flags present in the response. The EDNS version field | flags present in the response. The EDNS version field | |||
| should be 0, as EDNS versions other than 0 are yet to | should be 0, as EDNS versions other than 0 are yet to | |||
| be specified, and there should be no EDNS options present, | be specified, and there should be no EDNS options present, | |||
| as unknown EDNS options are supposed to be ignored by the | as unknown EDNS options are supposed to be ignored by the | |||
| server (<xref target="RFC6891" sectionFormat="of" section="6.1.1"/>). | server (<xref target="RFC6891" sectionFormat="of" section="6.1.1"/>). | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that EDNS queries with an unknown option work (EDNS supported): | Check that EDNS queries with an unknown option work (EDNS supported): | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +nocookie +edns=0 +noad +norec +ednsopt=100 soa $zone @$server | dig +nocookie +edns=0 +noad +norec +ednsopt=100 soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: an OPT record to be present in the additional section | expect: an OPT record to be present in the additional section | |||
| expect: OPT=100 to NOT be present | expect: OPT=100 to NOT be present | |||
| expect: EDNS Version 0 in response | expect: EDNS Version 0 in response | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing Unknown EDNS Flags</name> | <name>Testing Unknown EDNS Flags</name> | |||
| <t> | <t> | |||
| Ask for the SOA record of the configured zone. This | Ask for the SOA record of the configured zone. This | |||
| query is made with no DNS flag bits set. EDNS version | query is made with no DNS flag bits set. EDNS version | |||
| 0 is used without any EDNS options. An unassigned EDNS | 0 is used without any EDNS options. An unassigned EDNS | |||
| flag bit is set (0x40 in this case). | flag bit is set (0x40 in this case). | |||
| </t> | </t> | |||
| <t> | <t> | |||
| skipping to change at line 1026 ¶ | skipping to change at line 1026 ¶ | |||
| also be set <xref target="RFC1034" format="default"/>. We expect | also be set <xref target="RFC1034" format="default"/>. We expect | |||
| an OPT record to be returned. There should be no EDNS | an OPT record to be returned. There should be no EDNS | |||
| flags present in the response, as unknown EDNS flags are | flags present in the response, as unknown EDNS flags are | |||
| supposed to be ignored. The EDNS version field | supposed to be ignored. The EDNS version field | |||
| should be 0, and there should be no EDNS options present | should be 0, and there should be no EDNS options present | |||
| <xref target="RFC6891" format="default"/>. | <xref target="RFC6891" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that EDNS queries with unknown flags work (EDNS supported): | Check that EDNS queries with unknown flags work (EDNS supported): | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +nocookie +edns=0 +noad +norec +ednsflags=0x40 soa $zone @$server | dig +nocookie +edns=0 +noad +norec +ednsflags=0x40 soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: an OPT record to be present in the additional section | expect: an OPT record to be present in the additional section | |||
| expect: MBZ not to be present | expect: MBZ not to be present | |||
| expect: EDNS Version 0 in response | expect: EDNS Version 0 in response | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t keepWithPrevious="true"> | <t keepWithPrevious="true"> | |||
| MBZ (Must Be Zero) is a dig-specific indication that | MBZ (Must Be Zero) is a dig-specific indication that | |||
| a flag bit has been incorrectly copied, as per | a flag bit has been incorrectly copied, as per | |||
| <xref target="RFC6891" sectionFormat="of" section="6.1.4"/>. | <xref target="RFC6891" sectionFormat="of" section="6.1.4"/>. | |||
| </t> | </t> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing EDNS Version Negotiation with Unknown EDNS Flags</name> | <name>Testing EDNS Version Negotiation with Unknown EDNS Flags</name> | |||
| <t> | <t> | |||
| Ask for the SOA record of the configured zone. This | Ask for the SOA record of the configured zone. This | |||
| skipping to change at line 1066 ¶ | skipping to change at line 1066 ¶ | |||
| an OPT record to be returned. There should be no EDNS | an OPT record to be returned. There should be no EDNS | |||
| flags present in the response, as unknown EDNS flags are | flags present in the response, as unknown EDNS flags are | |||
| supposed to be ignored. The EDNS version field should | supposed to be ignored. The EDNS version field should | |||
| be 0, as EDNS versions other than 0 are yet to be | be 0, as EDNS versions other than 0 are yet to be | |||
| specified, and there should be no EDNS options present | specified, and there should be no EDNS options present | |||
| <xref target="RFC6891" format="default"/>. | <xref target="RFC6891" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that EDNS version 1 queries with unknown flags work (EDNS supported): | Check that EDNS version 1 queries with unknown flags work (EDNS supported): | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +nocookie +edns=1 +noednsneg +noad +norec +ednsflags=0x40 soa \ | dig +nocookie +edns=1 +noednsneg +noad +norec +ednsflags=0x40 soa \ | |||
| $zone @$server | $zone @$server | |||
| expect: status: BADVERS | expect: status: BADVERS | |||
| expect: SOA record to NOT be present | expect: SOA record to NOT be present | |||
| expect: an OPT record to be present in the additional section | expect: an OPT record to be present in the additional section | |||
| expect: MBZ not to be present | expect: MBZ not to be present | |||
| expect: EDNS Version 0 in response | expect: EDNS Version 0 in response | |||
| expect: flag: aa to NOT be present | expect: flag: aa to NOT be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing EDNS Version Negotiation with Unknown EDNS Options</name> | <name>Testing EDNS Version Negotiation with Unknown EDNS Options</name> | |||
| <t> | <t> | |||
| Ask for the SOA record of the configured zone. This | Ask for the SOA record of the configured zone. This | |||
| query is made with no DNS flag bits set. EDNS version | query is made with no DNS flag bits set. EDNS version | |||
| 1 is used. An unknown EDNS option is present. We have | 1 is used. An unknown EDNS option is present. We have | |||
| picked an unassigned code of 100 for the example below. | picked an unassigned code of 100 for the example below. | |||
| Any unassigned EDNS option code could have been chosen for | Any unassigned EDNS option code could have been chosen for | |||
| this test. | this test. | |||
| skipping to change at line 1103 ¶ | skipping to change at line 1103 ¶ | |||
| may also be set <xref target="RFC1034" format="default"/>. We expect | may also be set <xref target="RFC1034" format="default"/>. We expect | |||
| an OPT record to be returned. There should be no EDNS | an OPT record to be returned. There should be no EDNS | |||
| flags present in the response. The EDNS version field | flags present in the response. The EDNS version field | |||
| should be 0, as EDNS versions other than 0 are yet | should be 0, as EDNS versions other than 0 are yet | |||
| to be specified, and there should be no EDNS options | to be specified, and there should be no EDNS options | |||
| present <xref target="RFC6891" format="default"/>. | present <xref target="RFC6891" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that EDNS version 1 queries with unknown options work (EDNS supported): | Check that EDNS version 1 queries with unknown options work (EDNS supported): | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +nocookie +edns=1 +noednsneg +noad +norec +ednsopt=100 soa \ | dig +nocookie +edns=1 +noednsneg +noad +norec +ednsopt=100 soa \ | |||
| $zone @$server | $zone @$server | |||
| expect: status: BADVERS | expect: status: BADVERS | |||
| expect: SOA record to NOT be present | expect: SOA record to NOT be present | |||
| expect: an OPT record to be present in the additional section | expect: an OPT record to be present in the additional section | |||
| expect: OPT=100 to NOT be present | expect: OPT=100 to NOT be present | |||
| expect: EDNS Version 0 in response | expect: EDNS Version 0 in response | |||
| expect: flag: aa to NOT be present | expect: flag: aa to NOT be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing Truncated Responses</name> | <name>Testing Truncated Responses</name> | |||
| <t> | <t> | |||
| Ask for the DNSKEY records of the configured zone, which | Ask for the DNSKEY records of the configured zone, which | |||
| must be a DNSSEC signed zone. This query is made with | must be a DNSSEC signed zone. This query is made with | |||
| no DNS flag bits set. EDNS version 0 is used without | no DNS flag bits set. EDNS version 0 is used without | |||
| any EDNS options. The only EDNS flag set is DO. The | any EDNS options. The only EDNS flag set is DO. The | |||
| EDNS UDP buffer size is set to 512. The intention of | EDNS UDP buffer size is set to 512. The intention of | |||
| this query is to elicit a truncated response from the | this query is to elicit a truncated response from the | |||
| skipping to change at line 1143 ¶ | skipping to change at line 1143 ¶ | |||
| format="default"/>. We expect an OPT record to be present in the | format="default"/>. We expect an OPT record to be present in the | |||
| response. There should be no EDNS flags other than DO present in | response. There should be no EDNS flags other than DO present in | |||
| the response. The EDNS version field should be 0, and there should | the response. The EDNS version field should be 0, and there should | |||
| be no EDNS options present <xref target="RFC6891" | be no EDNS options present <xref target="RFC6891" | |||
| format="default"/>.</t> | format="default"/>.</t> | |||
| <t> | <t> | |||
| If TC is not set, it is not possible to confirm that the | If TC is not set, it is not possible to confirm that the | |||
| server correctly adds the OPT record to the truncated | server correctly adds the OPT record to the truncated | |||
| responses or not. | responses or not. | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +norec +dnssec +bufsize=512 +ignore dnskey $zone @$server | dig +norec +dnssec +bufsize=512 +ignore dnskey $zone @$server | |||
| expect: NOERROR | expect: NOERROR | |||
| expect: OPT record with version set to 0 | expect: OPT record with version set to 0 | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing DO=1 Handling</name> | <name>Testing DO=1 Handling</name> | |||
| <t> | <t> | |||
| Ask for the SOA record of the configured zone, which | Ask for the SOA record of the configured zone, which | |||
| does not need to be DNSSEC signed. This query is made | does not need to be DNSSEC signed. This query is made | |||
| with no DNS flag bits set. EDNS version 0 is used | with no DNS flag bits set. EDNS version 0 is used | |||
| without any EDNS options. The only EDNS flag set is | without any EDNS options. The only EDNS flag set is | |||
| DO. | DO. | |||
| </t> | </t> | |||
| skipping to change at line 1171 ¶ | skipping to change at line 1171 ¶ | |||
| server supports DNSSEC, otherwise it should be clear; RA may also be | server supports DNSSEC, otherwise it should be clear; RA may also be | |||
| set <xref target="RFC1034" format="default"/>. We expect an OPT | set <xref target="RFC1034" format="default"/>. We expect an OPT | |||
| record to be returned. There should be no EDNS flags other than DO | record to be returned. There should be no EDNS flags other than DO | |||
| present in the response, which should be present if the server | present in the response, which should be present if the server | |||
| supports DNSSEC. The EDNS version field should be 0, and there | supports DNSSEC. The EDNS version field should be 0, and there | |||
| should be no EDNS options present <xref target="RFC6891" | should be no EDNS options present <xref target="RFC6891" | |||
| format="default"/>.</t> | format="default"/>.</t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that DO=1 queries work (EDNS supported): | Check that DO=1 queries work (EDNS supported): | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +nocookie +edns=0 +noad +norec +dnssec soa $zone @$server | dig +nocookie +edns=0 +noad +norec +dnssec soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: an OPT record to be present in the additional section | expect: an OPT record to be present in the additional section | |||
| expect: DO=1 to be present if an RRSIG is in the response | expect: DO=1 to be present if an RRSIG is in the response | |||
| expect: EDNS Version 0 in response | expect: EDNS Version 0 in response | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing EDNS Version Negotiation with DO=1</name> | <name>Testing EDNS Version Negotiation with DO=1</name> | |||
| <t> | <t> | |||
| Ask for the SOA record of the configured zone, which does | Ask for the SOA record of the configured zone, which does | |||
| not need to be DNSSEC signed. This query is made with no | not need to be DNSSEC signed. This query is made with no | |||
| DNS flag bits set. EDNS version 1 is used without any EDNS | DNS flag bits set. EDNS version 1 is used without any EDNS | |||
| options. The only EDNS flag set is DO. | options. The only EDNS flag set is DO. | |||
| </t> | </t> | |||
| <t>We expect the SOA record for the zone NOT to be returned in the answer | <t>We expect the SOA record for the zone NOT to be returned in the answer | |||
| skipping to change at line 1203 ¶ | skipping to change at line 1203 ¶ | |||
| format="default"/>. | format="default"/>. | |||
| We expect an OPT record to be returned. There | We expect an OPT record to be returned. There | |||
| should be no EDNS flags other than DO present in the response, which | should be no EDNS flags other than DO present in the response, which | |||
| should be there if the server supports DNSSEC. The EDNS version | should be there if the server supports DNSSEC. The EDNS version | |||
| field should be 0, and there should be no EDNS options present <xref | field should be 0, and there should be no EDNS options present <xref | |||
| target="RFC6891" format="default"/>.</t> | target="RFC6891" format="default"/>.</t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that EDNS version 1, DO=1 queries work (EDNS supported): | Check that EDNS version 1, DO=1 queries work (EDNS supported): | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +nocookie +edns=1 +noednsneg +noad +norec +dnssec soa \ | dig +nocookie +edns=1 +noednsneg +noad +norec +dnssec soa \ | |||
| $zone @$server | $zone @$server | |||
| expect: status: BADVERS | expect: status: BADVERS | |||
| expect: SOA record to NOT be present | expect: SOA record to NOT be present | |||
| expect: an OPT record to be present in the additional section | expect: an OPT record to be present in the additional section | |||
| expect: DO=1 to be present if the EDNS version 0 DNSSEC query test | expect: DO=1 to be present if the EDNS version 0 DNSSEC query test | |||
| returned DO=1 | returned DO=1 | |||
| expect: EDNS Version 0 in response | expect: EDNS Version 0 in response | |||
| expect: flag: aa to NOT be present | expect: flag: aa to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>Testing with Multiple Defined EDNS Options</name> | <name>Testing with Multiple Defined EDNS Options</name> | |||
| <t>Ask for the SOA record of the configured zone. This query is | <t>Ask for the SOA record of the configured zone. This query is | |||
| made with no DNS flag bits set. EDNS version 0 is used. A number | made with no DNS flag bits set. EDNS version 0 is used. A number | |||
| of defined EDNS options are present (NSID <xref target="RFC5001" | of defined EDNS options are present (NSID <xref target="RFC5001" | |||
| format="default"/>, DNS COOKIE <xref target="RFC7873" | format="default"/>, DNS COOKIE <xref target="RFC7873" | |||
| format="default"/>, EDNS Client Subnet <xref target="RFC7871" | format="default"/>, EDNS Client Subnet <xref target="RFC7871" | |||
| format="default"/>, and EDNS Expire <xref target="RFC7314" | format="default"/>, and EDNS Expire <xref target="RFC7314" | |||
| format="default"/>).</t> | format="default"/>).</t> | |||
| skipping to change at line 1239 ¶ | skipping to change at line 1239 ¶ | |||
| also be set <xref target="RFC1034" format="default"/>. We expect an OPT | also be set <xref target="RFC1034" format="default"/>. We expect an OPT | |||
| record to be returned. There should be no EDNS flags | record to be returned. There should be no EDNS flags | |||
| present in the response. The EDNS version field should | present in the response. The EDNS version field should | |||
| be 0. Any of the requested EDNS options supported | be 0. Any of the requested EDNS options supported | |||
| by the server and permitted server configuration may | by the server and permitted server configuration may | |||
| be returned <xref target="RFC6891" format="default"/>. | be returned <xref target="RFC6891" format="default"/>. | |||
| </t> | </t> | |||
| <t keepWithNext="true"> | <t keepWithNext="true"> | |||
| Check that EDNS queries with multiple defined EDNS options work: | Check that EDNS queries with multiple defined EDNS options work: | |||
| </t> | </t> | |||
| <artwork name="" type="" align="left" alt=""><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| dig +edns=0 +noad +norec +cookie +nsid +expire +subnet=0.0.0.0/0 \ | dig +edns=0 +noad +norec +cookie +nsid +expire +subnet=0.0.0.0/0 \ | |||
| soa $zone @$server | soa $zone @$server | |||
| expect: status: NOERROR | expect: status: NOERROR | |||
| expect: the SOA record to be present in the answer section | expect: the SOA record to be present in the answer section | |||
| expect: an OPT record to be present in the additional section | expect: an OPT record to be present in the additional section | |||
| expect: EDNS Version 0 in response | expect: EDNS Version 0 in response | |||
| expect: flag: aa to be present | expect: flag: aa to be present | |||
| expect: flag: ad to NOT be present | expect: flag: ad to NOT be present | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | <section numbered="true" toc="default"> | |||
| <name>When EDNS Is Not Supported</name> | <name>When EDNS Is Not Supported</name> | |||
| <t> | <t> | |||
| If EDNS is not supported by the nameserver, we expect a | If EDNS is not supported by the nameserver, we expect a | |||
| response to each of the above queries. That response may | response to each of the above queries. That response may | |||
| be a FORMERR error response, or the OPT record may just | be a FORMERR error response, or the OPT record may just | |||
| be ignored. | be ignored. | |||
| </t> | </t> | |||
| End of changes. 36 change blocks. | ||||
| 36 lines changed or deleted | 36 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||