From 68abde7fa42d622231be426956cef92164e2e677 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Bal=C3=A1=C5=BEik?= <stepan.balazik@nic.cz> Date: Tue, 19 Jan 2021 17:01:45 +0100 Subject: [PATCH 1/2] val_dname_bogus: query minimization fix Fix for resolver that does apply query minimization. --- sets/resolver/iter_dname_insec.rpl | 10 ++++++++++ sets/resolver/val_dname_bogus.rpl | 23 +++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/sets/resolver/iter_dname_insec.rpl b/sets/resolver/iter_dname_insec.rpl index ce1a441..b011008 100644 --- a/sets/resolver/iter_dname_insec.rpl +++ b/sets/resolver/iter_dname_insec.rpl @@ -1004,6 +1004,16 @@ y.example.net. IN NS SECTION ANSWER ENTRY_END +; empty non-terminal for QNAME minimization +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +b.example.net. IN NS +SECTION ANSWER +ENTRY_END + ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id diff --git a/sets/resolver/val_dname_bogus.rpl b/sets/resolver/val_dname_bogus.rpl index 3dd01c1..e757128 100644 --- a/sets/resolver/val_dname_bogus.rpl +++ b/sets/resolver/val_dname_bogus.rpl @@ -4,6 +4,7 @@ do-ip6: no trust-anchor: ". IN DS 37471 5 1 da74e4e0fe4067c2afd1d4a3cceb852a3c0d4401" stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. val-override-date: "20170301000000" +domain-insecure: net. CONFIG_END SCENARIO_BEGIN Test DNAME validation @@ -11,6 +12,28 @@ SCENARIO_BEGIN Test DNAME validation ; all the data are on the "root servers" RANGE_BEGIN 0 10000000 ADDRESS 193.0.14.129 + +ENTRY_BEGIN +MATCH qname qtype +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. 3600 IN NS K.ROOT-SERVERS.NET. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +root-servers.net. IN NS +SECTION AUTHORITY +. 86400 IN SOA . . 2017021500 1800 900 604800 86400 +. 86400 IN RRSIG SOA 5 0 86400 20170315140518 20170215140518 37471 . drrv7SjrOkuNwlILiziPxHTuIKs/tO2WcVEdipA/LNkt0h09zuWbr3Rk5gtEDTSECbZEXYTa4YaeJs3ODmikzVaJd5EVLsDdGnV3mZ/w7WYHA0Uc1GH5HZm1uQwA4DlwY5e5Ry80pIhInZ1Lqiz1ut9yWbHzODdcUOdpE+XiPzYCKR1hRWi099dIQtDhZYottvQNXXmsJDY41PwvWaxqbXGYgiQCX3cN/W5PM0hs7xMxAjanKh32PXKcHSfTeko87BvERMZnibc2O8efl7S62Zp68Q4guMfe4P++ue22PctjwfeR5nDi31c3+USi63ujrKSDGujaIsIMyIHNFm1/zQ== +ENTRY_END + ENTRY_BEGIN MATCH qname qtype opcode ADJUST copy_id -- GitLab From ae90a4598be8c87e3bf90d6352f002d60222e409 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Bal=C3=A1=C5=BEik?= <stepan.balazik@nic.cz> Date: Mon, 25 Jan 2021 11:30:37 +0100 Subject: [PATCH 2/2] add some AA bits, as new selection is more adventureous There might be more missing, these will be uncovered by more runs in CI, I quess. --- sets/resolver/iter_ns_badip.rpl | 6 +++--- sets/resolver/iter_pc_aaaa.rpl | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sets/resolver/iter_ns_badip.rpl b/sets/resolver/iter_ns_badip.rpl index 091c10b..a432f8f 100644 --- a/sets/resolver/iter_ns_badip.rpl +++ b/sets/resolver/iter_ns_badip.rpl @@ -24,7 +24,7 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION K.ROOT-SERVERS.NET. IN AAAA SECTION ANSWER @@ -43,7 +43,7 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qname ADJUST copy_id copy_query -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION net. IN A SECTION ANSWER @@ -61,7 +61,7 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id copy_query -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN A SECTION ANSWER diff --git a/sets/resolver/iter_pc_aaaa.rpl b/sets/resolver/iter_pc_aaaa.rpl index 817434b..58502a4 100644 --- a/sets/resolver/iter_pc_aaaa.rpl +++ b/sets/resolver/iter_pc_aaaa.rpl @@ -25,7 +25,7 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION K.ROOT-SERVERS.NET. IN AAAA SECTION ANSWER -- GitLab