SV_RFC2181_6_1_not_set_AA - A server for a zone should not return authoritative answer for queries related to names in another name
Verify that a NUT does not set AA bit for subdomain.
Authoritative Server
SV_RFC2181_6_1_not_set_AA.seq [-tooloption ...]: KOI tool option See also DNSConfig.pm
AP Server1 (TN) |3ffe:501:ffff:101::10 |192.168.1.10 | Net-y --+--------+---------------------------- 3ffe:501:ffff:101::/64 | 192.168.1/24 | | | sub.example.com zone Router (TN) DNS Server6 (TN) |3ffe:501:ffff:100::1 |NS6.sub.example.com |192.168.0.1 |3ffe:501:ffff:100::30 | |192.168.0.30 | | Net-z --+--------+-----------------+-------+-- 3ffe:501:ffff:100::/64 | | 192.168.0/24 | | DNS Server1 (NUT) DNS Client1 (TN) 3ffe:501:ffff:100::XXXX 3ffe:501:ffff:100::20 192.168.0.10 192.168.0.20
XXXX: EUI64
$TTL 86400 ; TTL of 1 day @ IN SOA NS1.example.com. root.example.com. ( 2005081600 ; serial 3600 ; refresh every 1 hr 900 ; retry every 15 min 604800 ; expire after a week 3600 ; Minimum TTL of a 1 hr ) ; IN NS NS1.example.com. NS1 IN A 192.168.0.10 ; sub IN NS NS6.sub.example.com. NS6.sub IN A 192.168.0.30 ;
This test sequence is following.
DNS Client1 (TN) DNS Server1 (NUT) | | |------------------------------------->| | 1. Send standard query | | QNAME=sub.example.com | | QTYPE=NS | | | |<-------------------------------------| | 2. Standard query response | | AA=0 | | RD=0 | | QNAME Name=sub.example.com | | OTYPE=NS | | AUTHORITY Name=sub.example.com | | AUTHORITY NSDNAME | | =NS6.sub.example.com | | ADDITIONAL Name=NS6.sub.example.com| | ADDITIONAL ADDRESS=192.168.0.30 | | | |------------------------------------->| | 3. Send standard query | | QNAME=NS6.sub.example.com | | QTYPE=A | | | |<-------------------------------------| | 4. Standard query response | | AA=0 | | RD=0 | | QNAME Name=NS6.sub.example.com | | OTYPE=A | | AUTHORITY Name=sub.example.com | | AUTHORITY Name Server | | =NS6.sub.example.com | | ADDITIONAL Name=NS6.sub.example.com| | ADDITIONAL ADDRESS=192.168.0.30 | | | v v
1. TN send standard query QNAME=sub.example.com, QTYPE=NS to NUT. 2. NUT reply query response(non-authoritative answer) to TN (Judgment *2) 3. TN send standard query QNAME=NS6.sub.example.com, QTYPE=A to NUT. 4. NUT reply query response(non-authoritative answer) to TN (Judgment *2)
|
||
IP Header | Source Address | CL1_NETZ |
Destination Address | NUT_NETZ | |
UDP Header | Src Port | 2000 |
Dst Port | 53 | |
DNS Header | ID | 0x1000 |
QR | 0 | |
OPCODE | 0 | |
AA | 0 | |
TC | 0 | |
RD | 0 | |
RA | 0 | |
Z | 0 | |
RCODE | 0 | |
QDCOUNT | 1 | |
ANCOUNT | 0 | |
NSCOUNT | 0 | |
ARCOUNT | 0 | |
DNS Question section | QNAME | sub.example.com |
QTYPE | NS (0x0002) | |
QCLASS | IN (0x0001) |
|
||
IP Header | Source Address | NUT_NETZ |
Destination Address | CL1_NETZ | |
UDP Header | Src Port | 53 |
Dst Port | 2000 | |
DNS Header | ID | 0x1000 |
QR | 1 | |
OPCODE | 0 | |
AA | 0 | |
TC | 0 | |
RD | 0 | |
RA | any | |
Z | 0 | |
RCODE | 0 | |
QDCOUNT | 1 | |
ANCOUNT | 0 | |
NSCOUNT | 1 | |
ARCOUNT | 1 | |
DNS Question section | QNAME | sub.example.com |
QTYPE | NS (0x0002) | |
QCLASS | IN (0x0001) | |
DNS Authority section | NAME | sub.example.com (Pointer 0xC00C) |
TYPE | NS (0x0002) | |
CLASS | IN (0x0001) | |
TTL | 1 day (86400) | |
RDLENGTH | 6 | |
NSDNAME | NS6.sub.example.com (NS6 + Pointer 0xC00C) | |
DNS Additional section | NAME | NS6.sub.example.com (Pointer 0xC02D) |
TYPE |
A (0x0001) | |
CLASS | IN (0x0001) | |
TTL | 1 day (86400) | |
RDLENGTH | 4 | |
ADDRESS | 192.168.0.30 |
|
||
IP Header | Source Address | CL1_NETZ |
Destination Address | NUT_NETZ | |
UDP Header | Src Port | 2000 |
Dst Port | 53 | |
DNS Header | ID | 0x1001 |
QR | 0 | |
OPCODE | 0 | |
AA | 0 | |
TC | 0 | |
RD | 0 | |
RA | 0 | |
Z | 0 | |
RCODE | 0 | |
QDCOUNT | 1 | |
ANCOUNT | 0 | |
NSCOUNT | 0 | |
ARCOUNT | 0 | |
DNS Question section | QNAME | NS6.sub.example.com |
QTYPE | A (0x0001) | |
QCLASS | IN (0x0001) |
|
||
IP Header | Source Address | NUT_NETZ |
Destination Address | CL1_NETZ | |
UDP Header | Src Port | 53 |
Dst Port | 2000 | |
DNS Header | ID | 0x1001 |
QR | 1 | |
OPCODE | 0 | |
AA | 0 | |
TC | 0 | |
RD | 0 | |
RA | any | |
Z | 0 | |
RCODE | 0 | |
QDCOUNT | 1 | |
ANCOUNT | 0 | |
NSCOUNT | 1 | |
ARCOUNT | 1 | |
DNS Question section | QNAME | NS6.sub.example.com |
QTYPE | A (0x0001) | |
QCLASS | IN (0x0001) | |
DNS Authority section | NAME | sub.example.com (Pointer 0xC010) |
TYPE | NS (0x0002) | |
CLASS | IN (0x0001) | |
TTL | 1 day (86400) | |
RDLENGTH | 6 | |
NSDNAME | NS6.sub.example.com (Pointer 0xC00C) | |
DNS Additional section | NAME | NS6.sub.example.com (Pointer 0xC00C) |
TYPE | A (0x0001) | |
CLASS | IN (0x0001) | |
TTL | 1 day (86400) | |
RDLENGTH | 4 | |
ADDRESS | 192.168.0.30 |
NUT_NETZ | DNS Server1's (NUT) Net-z address |
CL1_NETZ | DNS Client1's (TN) Net-z address |
2. Received standard query response with AA = 0. 4. Received standard query response with AA = 0.
None
RFC2181 Clarifications to the DNS Specification 6.1. Zone authority