SV_RFC1996_3_10_slave_ignore_unknown - a slave ignores a NOTIFY request from a unknown master for the zone.
Verify that a NUT ignores NOTIFY request from unknown node.
Server (an AXFR/IXFR client)
SV_RFC1996_3_10_slave_ignore_unknown.seq [-tooloption ...]: KOI tool option See also DNSConfig.pm
| | sec.example.com domain sec.example.com domain Router (TN) DNS Server7 DNS Server8 |3ffe:501:ffff:100::1 |3ffe:501:ffff:100::31 |3ffe:501:ffff:100::32 |192.168.0.1 |192.168.0.31 |192.168.0.32 | | | | | | Net-z --+--------+---------------+-------+-----------------------+------------------- 3ffe:501:ffff:100::/64 | | 192.168.0/24 | | DNS Server1 (NUT) DNS Client1 (TN) 3ffe:501:ffff:100::10 3ffe:501:ffff:100::20 192.168.0.10 192.168.0.20
$TTL 86400 ; TTL of 1 day @ IN SOA NS7.sec.example.com. root.sec.example.com. ( 1 ; serial 180 ; refresh every 3 min 30 ; retry every 30 sec 360 ; expire after 6 min 30 ; Minimum TTL of 30 sec ) ; IN NS NS7.sec.example.com. IN NS NS1.sec.example.com. IN MX 10 NS7 NS7 IN A 192.168.0.31 IN AAAA 3ffe:501:ffff:100::31 NS1 IN A 192.168.0.10 IN AAAA 3ffe:501:ffff:100::10 ; CL1 IN A 192.168.0.20 CL2 IN A 192.168.0.21
After all zone information are transferred between primary DNS server7 (TN) and slave DNS server1 (NUT), following pre-test sequence is performed.
DNS Client1 (TN) DNS Server1 (NUT) DNS Server7 (TN) DNS Server8 (TN) | | | | | | | | |----------------------------->| | | | 1. Send standard query | | | | RD = 0 | | | | QNAME = CL2.sec.example.com | | | | QTYPE = A | | | | | | | |<-----------------------------| | | | 2. Standard query response | | | | AA = 0 | | | | RD = 0 | | | | RA = 1 | | | | QNAME = CL2.sec.example.com | | | | QTYPE = A | | | | ANSWER Name | | | | = CL2.sec.example.com | | | | ANSWER Type | | | | = A (0x0001) | | | | ANSWER Address | | | | = 192.168.0.21 | | | | | | | v v v v
This test sequence is following. NOTE: SOA's parameter and TTL are same as above sec.example.com zone information. TN includes NS7 and NS1.sub.example.com into Authority section as type = NS. Also TN includes NS7 and NS1.sub.example.com address into Additional section. Thus NUT may reply to answer client with Authority and Additional section including those values.
DNS Client1 (TN) DNS Server1 (NUT) DNS Server7 (TN) DNS Server8 (TN) | | | | | |<------------------------------------------------------------| | | | 1. A NOTIFY request | | | | OPCODE = NOTIFY (4) | | | | QNAME = sec.example.com | | | | QTYPE = SOA (0x0006) | | | | ANSWER Name | | | | = sec.example.com | | | | ANSWER Type | | | | = SOA (0x0006) | | | | ANSWER SERIAL | | | | = 2 | | | | | | |---------------------------------------------X | | | 2. no response | | | | | | | |<-----------------------------| | | | 3. A NOTIFY request | | | | OPCODE = NOTIFY (4) | | | | QNAME = sec.example.com | | | | QTYPE = SOA (0x0006) | | | | ANSWER Name | | | | = sec.example.com | | | | ANSWER Type | | | | = SOA (0x0006) | | | | ANSWER SERIAL | | | | = 2 | | | | | | | |----------------------------->| | | | 4. A NOTIFY response | | | | OPCODE = NOTIFY (4) | | | | QNAME = sec.example.com | | | | QTYPE = SOA (0x0006) | | | | | | v v v v
This test sequence is following.
1. DNS Server8 (TN) sends a NOTIFY request with Answer type SOA, serial = 2 to DNS Server1 (NUT). 2. DNS Server1 (NUT) ignore NOTIFY request from DNS Server8 (TN). (Judgment *2)
3. DNS Server7 (TN) sends a NOTIFY request with Answer type SOA, serial = 2 to DNS Server1 (NUT). 4. DNS Server1 (NUT) transmits a NOTIFY response with QNAME = sec.example.com, Type = SOA to DNS Server7 (TN). (Judgment *4)
|
||
IP Header | Source Address | SV8_NETZ |
Destination Address | NUT_NETZ | |
UDP Header | Src Port | 1000 |
Dst Port | 53 | |
DNS Header | ID | 0x1000 |
QR | 0 | |
OPCODE | 4 | |
AA | 0 | |
TC | 0 | |
RD | 0 | |
RA | 0 | |
Z | 0 | |
RCODE | 0 | |
QDCOUNT | 1 | |
ANCOUNT | 1 | |
NSCOUNT | 0 | |
ARCOUNT | 0 | |
DNS Question section | QNAME | sec.example.com |
QTYPE | SOA (0x0006) | |
QCLASS | IN (0x0001) | |
DNS Answer section | NAME | sec.example.com (Pointer 0xC00C) |
TYPE | SOA (0x0006) | |
CLASS | IN (0x0001) | |
TTL | 86400sec | |
RDLENGTH | 33 | |
MNAME | NS7.sec.example.com (NS7 + Pointer 0xC00C) | |
RNAME | root.sec.example.com (root + Pointer 0xC00C) | |
SERIAL | 2 | |
REFRESH | 180sec | |
RETRY | 30sec | |
EXPIRE | 600sec | |
MINIMUM | 30sec |
|
||
IP Header | Source Address | SV7_NETZ |
Destination Address | NUT_NETZ | |
UDP Header | Src Port | 1000 |
Dst Port | 53 | |
DNS Header | ID | 0x1000 |
QR | 0 | |
OPCODE | 4 | |
AA | 0 | |
TC | 0 | |
RD | 0 | |
RA | 0 | |
Z | 0 | |
RCODE | 0 | |
QDCOUNT | 1 | |
ANCOUNT | 1 | |
NSCOUNT | 0 | |
ARCOUNT | 0 | |
DNS Question section | QNAME | sec.example.com |
QTYPE | SOA (0x0006) | |
QCLASS | IN (0x0001) | |
DNS Answer section | NAME | sec.example.com (Pointer 0xC00C) |
TYPE | SOA (0x0006) | |
CLASS | IN (0x0001) | |
TTL | 86400sec | |
RDLENGTH | 33 | |
MNAME | NS7.sec.example.com (NS7 + Pointer 0xC00C) | |
RNAME | root.sec.example.com (root + Pointer 0xC00C) | |
SERIAL | 2 | |
REFRESH | 180sec | |
RETRY | 30sec | |
EXPIRE | 600sec | |
MINIMUM | 30sec |
|
||
IP Header | Source Address | NUT_NETZ |
Destination Address | SV7_NETZ | |
UDP Header | Src Port | 53 |
Dst Port | 1000 | |
DNS Header | ID | 0x1000 |
QR | 1 | |
OPCODE | 4 | |
AA | 0 | |
TC | 0 | |
RD | 0 | |
RA | 0 | |
Z | 0 | |
RCODE | 0 | |
QDCOUNT | 1 | |
ANCOUNT | 0 | |
NSCOUNT | 0 | |
ARCOUNT | 0 | |
DNS Question section | QNAME | sec.example.com |
QTYPE | SOA (0x0006) | |
QCLASS | IN (0x0001) |
NUT_NETZ | DNS Server1's (NUT) Net-z address |
CL1_NETZ | DNS Client1's (TN) Net-z address |
SV7_NETZ | DNS Server7's (TN) Net-z address |
SV8_NETZ | DNS Server8's (TN) Net-z address |
2. DNS Server1 (NUT) ignore NOTIFY request from DNS Server8.
4. DNS Server1 (NUT) transmits a NOTIFY response with QNAME = sec.example.com, Type = SOA to DNS Server7 (TN).
None
RFC1996 DNS NOTIFY 3. NOTIFY Message