3 trust-anchor-signaling: no
4 send-client-subnet: 1.2.3.4
5 send-client-subnet: 1.2.3.5
6 target-fetch-policy: "0 0 0 0 0"
7 module-config: "subnetcache validator iterator"
16 SCENARIO_BEGIN Test subnetcache source prefix zero from client.
17 ; In RFC7871 section-7.1.2 (para. 2).
18 ; It says that the recursor must send no EDNS subnet or its own address
19 ; in the EDNS subnet to the upstream server. And use that answer for the
20 ; source prefix length zero query. That type of query is for privacy.
21 ; The authority server is then going to use the resolver's IP, if any, to
22 ; tailor the answer to the query source address.
28 ; reply with 0.0.0.0/0 in reply
29 ; For the test the answers for 0.0.0.0/0 queries are SERVFAIL, the normal
30 ; answers are NOERROR.
32 MATCH opcode qtype qname ednsdata
34 REPLY QR AA DO SERVFAIL
38 www.example.com. IN CNAME star.c10r.example.com.
41 00 08 00 04 ; OPCODE=subnet, optlen
42 00 01 00 00 ; ip4, scope 0, source 0
47 ; reply without subnet
49 MATCH opcode qtype qname
51 REPLY QR AA DO NOERROR
55 www.example.com. IN CNAME star.c10r.example.com.
58 ; delegation answer for c10r.example.com, with subnet /0
60 MATCH opcode subdomain ednsdata
61 ADJUST copy_id copy_query
64 c10r.example.com. IN NS
66 c10r.example.com. IN NS ns.c10r.example.com.
68 ns.c10r.example.com. IN A 1.2.3.5
70 00 08 00 04 ; OPCODE=subnet, optlen
71 00 01 00 00 ; ip4, scope 0, source 0
76 ; delegation answer for c10r.example.com, without subnet
78 MATCH opcode subdomain
79 ADJUST copy_id copy_query
82 c10r.example.com. IN NS
84 c10r.example.com. IN NS ns.c10r.example.com.
86 ns.c10r.example.com. IN A 1.2.3.5
94 ; reply with 0.0.0.0/0 in reply
96 MATCH opcode qtype qname ednsdata
98 REPLY QR AA DO SERVFAIL
100 star.c10r.example.com. IN A
102 star.c10r.example.com. IN A 1.2.3.6
105 00 08 00 04 ; OPCODE=subnet, optlen
106 00 01 00 00 ; ip4, scope 0, source 0
111 ; reply without subnet
113 MATCH opcode qtype qname
115 REPLY QR AA DO NOERROR
117 star.c10r.example.com. IN A
119 star.c10r.example.com. IN A 1.2.3.6
123 ; ask for www.example.com
124 ; server answers with CNAME to a delegation, that then
125 ; returns a /24 answer.
130 www.example.com. IN A
133 00 08 00 04 ; OPCODE=subnet, optlen
134 00 01 00 00 ; ip4, scope 0, source 0
142 REPLY QR RD RA DO NOERROR
144 www.example.com. IN A
146 www.example.com. IN CNAME star.c10r.example.com.
147 star.c10r.example.com. IN A 1.2.3.6
150 00 08 00 04 ; OPCODE=subnet, optlen
151 00 01 00 00 ; ip4, scope 0, source 0