SV_RFC2181_5_4_1_Lease_reliability_1 - Least reliability data should not return as answer
(Additional section from an authoritative answer)
Verify that a NUT doesn't use the least reliability data as answer.
-
Unauthenticated RRs received and cached from the least trustworthy of
those groupings, that is data from the additional data section, and
data from the authority section of a non-authoritative answer, should
not be cached in such a way that they would ever be returned as
answers to a received query. They may be returned as additional
information where appropriate. Ignoring this would allow the
trustworthiness of relatively untrustworthy data to be increased
without cause or excuse.
Caching Server
SV_RFC2181_5_4_1_Lease_reliability_1.seq [-tooloption ...]: KOI tool option
See also DNSConfig.pm
This test sequence is following.
<-------------- TN --------------->
DNS Client1 (TN) DNS Server1 (NUT) DNS Server2 DNS Server3 DNS Server4
| | | | |
|----------------------------->| | | |
| 1. Send standard query | | | |
| QNAME=A.example.org | | | |
| QTYPE=A | | | |
| | | | |
| |-------------------------------->| | |
| | 2. Recv standard query | | |
| | QNAME=A.example.org | | |
| | QTYPE=A | | |
| | | | |
| |<--------------------------------| | |
| | 3. Send standard query response | | |
| | QNAME=A.example.org | | |
| | QTYPE=A | | |
| | AUTHORITY Name=org | | |
| | AUTHORITY Name Server | | |
| | =NS3.example.org | | |
| | ADDITIONAL Name | | |
| | =NS3.example.org | | |
| | ADDITIONAL Address | | |
| | =192.168.1.30 | | |
| | | | |
| | v | |
| | | |
| |-------------------------------------------->| |
| | 4. Recv standard query | |
| | QNAME=A.example.org | |
| | QTYPE=A | |
| | | |
| |<--------------------------------------------| |
| | 5. Send standard query response | |
| | QNAME=A.example.org | |
| | QTYPE=A | |
| | AUTHORITY Name=example.org | |
| | AUTHORITY Name Server | |
| | = NS4.example.org | |
| | ADDITIONAL Name | |
| | = NS4.example.org | |
| | ADDITIONAL Address | |
| | = 192.168.1.40 | |
| | | |
| | v |
| | |
| |-------------------------------------------------------->|
| | 6. Send standard query |
| | QNAME=A.example.org |
| | QTYPE=A |
| | |
| |<--------------------------------------------------------|
| | 7. Send standard query response|
| | QNAME=A.example.org |
| | QTYPE=A |
| | ANSWER Name=A.example.org |
| | ANSWER Address=192.168.1.10 |
| | ANSWER TTL=1 day |
| | AUTHORITY Name=example.org |
| | AUTHORITY Name Server |
| | = NS4.example.org |
| | ADDITIONAL Name |
| | = NS4.example.org |
| | ADDITIONAL Address |
| | = 192.168.1.40 |
| | |
| | |
|<-----------------------------| |
| 8.Standard query response | |
| QNAME= A.example.org | |
| QTYPE=A | |
| ANSWER Name=A.example.org | |
| ANSWER Address=192.168.1.10 | |
| ANSWER TTL=1 day | |
| AUTHORITY Name=example.org | |
| AUTHORITY Name Server | |
| = NS4.example.org | |
| ADDITIONAL Name | |
| = NS4.example.org | |
| ADDITIONAL Address | |
| = 192.168.1.40 | |
| | |
|----------------------------->| |
| 9. Send standard query | |
| QNAME=NS4.example.org | |
| QTYPE=A | |
| | |
| |-------------------------------------------------------->|
| | 10A. Send standard query |
| | QNAME=NS4.example.org |
| | QTYPE=A |
| | |
| | |
| X <--------------------------| |
|10B.Standard query response | |
| QNAME=NS4.example.org | |
| QTYPE=A | |
| ANSWER Name=NS4.example.org | |
| ANSWER Type=A | |
| ANSWER Address=192.168.1.40 | |
| | |
v v v
1. TN send standard query QNAME=A.example.org, QTYPE=A to NUT.
2. NUT transmits standard query to DNS Server2 (TN: root name server) (Judgment *2)
3. TN send query response to NUT w/ AUTHORITY Name=org, AUTHORITY Name Server=NS3.example.org.
4. NUT transmits standard query QNAME=A.example.org, QTYPE=A to DNS Server3 (TN: NS3.example.org) (Judgment *4)
5. TN send query response to NUT w/ AUTHORITY Name=example.org, AUTHORITY Name Server=NS4.example.org.
6. NUT transmits standard query QNAME=A.example.org, QTYPE=A to DNS Server4 (TN: NS4.example.org) (Judgment *6)
7. TN send query response to ANSWER Name=A.example.org, ANSWER Address=192.168.1.10.
8. NUT transmits query response to DNS Client1 (TN). (Judgment *8)
9. TN send standard query QNAME=NS4.example.org, QTYPE=A to NUT.
10A. NUT transmits standard query QNAME=NS4.example.org, QTYPE=A to DNS Server4 (TN: NS4.example.org) (Judgment *10A)
10B. TN send query response to ANSWER Name=NS4.example.org, ANSWER Address=192.168.1.40. (Judgment *10B)
- Packet Description
- 1st packet.
Standard query from DNS Client1 (TN) to Server1 (NUT)
|
IP Header |
Source Address |
CL1_NETZ |
Destination Address |
NUT_NETZ |
UDP Header |
Src Port |
2000 |
Dst Port |
53 |
DNS Header |
ID |
0x1000 |
QR |
0 |
OPCODE |
0 |
AA |
0 |
TC |
0 |
RD |
1 |
RA |
0 |
Z |
0 |
RCODE |
0 |
QDCOUNT |
1 |
ANCOUNT |
0 |
NSCOUNT |
0 |
ARCOUNT |
0 |
DNS Question section |
QNAME |
A.example.org |
QTYPE |
A (0x0001) |
QCLASS |
IN (0x0001) |
- 2nd packet.
Standard query from DNS Server1 (NUT) to Server2 (TN)
|
IP Header |
Source Address |
NUT_NETZ |
Destination Address |
SV2_NETY |
UDP Header |
Src Port |
ANY |
Dst Port |
53 |
DNS Header |
ID |
ANY |
QR |
0 |
OPCODE |
0 |
AA |
ANY |
TC |
0 |
RD |
0 |
RA |
ANY |
Z |
ANY |
RCODE |
ANY |
QDCOUNT |
1 |
ANCOUNT |
0 |
NSCOUNT |
0 |
ARCOUNT |
ANY |
DNS Question section |
QNAME |
A.example.org |
QTYPE |
A (0x0001) |
QCLASS |
IN (0x0001) |
- 3rd packet.
Standard query response from DNS Server2 (TN) to Server1 (NUT)
|
IP Header |
Source Address |
SV2_NETY |
Destination Address |
NUT_NETZ |
UDP Header |
Src Port |
53 |
Dst Port |
Value that NUT uses |
DNS Header |
ID |
Value that NUT uses |
QR |
1 |
OPCODE |
0 |
AA |
0 |
TC |
0 |
RD |
0 |
RA |
0 |
Z |
0 |
RCODE |
0 |
QDCOUNT |
1 |
ANCOUNT |
0 |
NSCOUNT |
1 |
ARCOUNT |
1 |
DNS Question section |
QNAME |
A.example.org
|
QTYPE |
A (0x0001) |
QCLASS |
IN (0x0001) |
DNS Authority section |
NAME |
org (Pointer 0xC016) |
TYPE |
NS (0x0002) |
CLASS |
IN (0x0001) |
TTL |
1 day (86400) |
RDLENGTH |
6 |
NSDNAME |
NS3.example.org (NS3 + Pointer 0xC00E) |
DNS Additional section |
NAME |
NS3.example.org (Pointer 0xC02B) |
TYPE
|
A (0x0001) |
CLASS |
IN (0x0001) |
TTL |
1 day (86400) |
RDLENGTH |
4 |
ADDRESS |
192.168.1.30 |
- 4th packet.
Standard query from DNS Server1 (NUT) to Server3 (TN)
|
IP Header |
Source Address |
NUT_NETZ |
Destination Address |
SV3_NETY |
UDP Header |
Src Port |
ANY |
Dst Port |
53 |
DNS Header |
ID |
ANY |
QR |
0 |
OPCODE |
0 |
AA |
ANY |
TC |
0 |
RD |
0 |
RA |
ANY |
Z |
ANY |
RCODE |
ANY |
QDCOUNT |
1 |
ANCOUNT |
0 |
NSCOUNT |
0 |
ARCOUNT |
ANY |
DNS Question section |
QNAME |
A.example.org |
QTYPE |
A (0x0001) |
QCLASS |
IN (0x0001) |
- 5th packet.
Standard query response from DNS Server3 (TN) to Server1 (NUT)
|
IP Header |
Source Address |
SV3_NETY |
Destination Address |
NUT_NETZ |
UDP Header |
Src Port |
Value that NUT uses |
Dst Port |
53 |
DNS Header |
ID |
Value that NUT uses |
QR |
1 |
OPCODE |
0 |
AA |
0 |
TC |
0 |
RD |
0 |
RA |
0 |
Z |
0 |
RCODE |
0 |
QDCOUNT |
1 |
ANCOUNT |
0 |
NSCOUNT |
1 |
ARCOUNT |
1 |
DNS Question section |
QNAME |
A.example.org
|
QTYPE |
A (0x0001) |
QCLASS |
IN (0x0001) |
DNS Authority section |
NAME |
example.org (Pointer 0xC00E) |
TYPE |
NS (0x0002) |
CLASS |
IN (0x0001) |
TTL |
1 day (86400) |
RDLENGTH |
6 |
NSDNAME |
NS4.example.org (NS4 + Pointer 0xC00E) |
DNS Additional section |
NAME |
NS4.example.org (Pointer 0xC02B) |
TYPE
|
A (0x0001) |
CLASS |
IN (0x0001) |
TTL |
1 day (86400) |
RDLENGTH |
4 |
ADDRESS |
192.168.1.40 |
- 6th packet.
Standard query from DNS Server1 (NUT) to Server4 (TN)
|
IP Header |
Source Address |
NUT_NETZ |
Destination Address |
SV4_NETY |
UDP Header |
Src Port |
any |
Dst Port |
53 |
DNS Header |
ID |
any |
QR |
0 |
OPCODE |
0 |
AA |
any |
TC |
0 |
RD |
0 |
RA |
any |
Z |
any |
RCODE |
any |
QDCOUNT |
1 |
ANCOUNT |
0 |
NSCOUNT |
0 |
ARCOUNT |
any |
DNS Question section |
QNAME |
A.example.org |
QTYPE |
A (0x0001) |
QCLASS |
IN (0x0001) |
- 7th packet.
Standard query response from DNS Server4 (TN) to Server1 (NUT)
|
IP Header |
Source Address |
SV4_NETY |
Destination Address |
NUT_NETZ |
UDP Header |
Src Port |
Value that NUT uses |
Dst Port |
53 |
DNS Header |
ID |
Value that NUT uses |
QR |
1 |
OPCODE |
0 |
AA |
1 |
TC |
0 |
RD |
0 |
RA |
0 |
Z |
0 |
RCODE |
0 |
QDCOUNT |
1 |
ANCOUNT |
1 |
NSCOUNT |
1 |
ARCOUNT |
1 |
DNS Question section |
QNAME |
A.example.org
|
QTYPE |
A (0x0001) |
QCLASS |
IN (0x0001) |
DNS Answer section |
NAME |
A.example.org (Pointer 0xC00C)
|
TYPE |
A (0x0001) |
CLASS |
IN (0x0001) |
TTL |
1 day (86400) |
RDLENGTH |
4 |
ADDRESS |
192.168.1.10 |
DNS Authority section |
NAME |
example.org (Pointer 0xC00E) |
TYPE |
NS (0x0002) |
CLASS |
IN (0x0001) |
TTL |
1 day (86400) |
RDLENGTH |
6 |
NSDNAME |
NS4.example.org (NS4 + Pointer 0xC00E) |
DNS Additional section |
NAME |
NS4.example.org (Pointer 0xC03B) |
TYPE
|
A (0x0001) |
CLASS |
IN (0x0001) |
TTL |
1 day (86400) |
RDLENGTH |
4 |
ADDRESS |
192.168.1.40 |
- 8th packet.
Standard query response from DNS Server1 (NUT) to Client1 (TN)
|
IP Header |
Source Address |
NUT_NETZ |
Destination Address |
CL1_NETZ |
UDP Header |
Src Port |
53 |
Dst Port |
2000 |
DNS Header |
ID |
0x1000 |
QR |
1 |
OPCODE |
0 |
AA |
0 |
TC |
0 |
RD |
1 |
RA |
1 |
Z |
0 |
RCODE |
0 |
QDCOUNT |
1 |
ANCOUNT |
1 |
NSCOUNT |
1 |
ARCOUNT |
1 |
DNS Question section |
QNAME |
A.example.org |
QTYPE |
A (0x0001) |
QCLASS |
IN (0x0001) |
DNS Answer section |
NAME |
A.example.org (Pointer 0xC00C)
|
TYPE |
A (0x0001) |
CLASS |
IN (0x0001) |
TTL |
1 day (86400) |
RDLENGTH |
4 |
ADDRESS |
192.168.1.10 |
DNS Authority section |
NAME |
example.org (Pointer 0xC00E) |
TYPE |
NS (0x0002) |
CLASS |
IN (0x0001) |
TTL |
1 day (86400) |
RDLENGTH |
6 |
NSDNAME |
NS4.example.org (NS4 + Pointer 0xC00E) |
DNS Additional section |
NAME |
NS4.example.org (Pointer 0xC03B) |
TYPE
|
A (0x0001) |
CLASS |
IN (0x0001) |
TTL |
1 day (86400) |
RDLENGTH |
4 |
ADDRESS |
192.168.1.40 |
- 9th packet.
Standard query from DNS Client1 (TN) to Server1 (NUT)
|
IP Header |
Source Address |
CL1_NETZ |
Destination Address |
NUT_NETZ |
UDP Header |
Src Port |
2000 |
Dst Port |
53 |
DNS Header |
ID |
0x1001 |
QR |
0 |
OPCODE |
0 |
AA |
0 |
TC |
0 |
RD |
1 |
RA |
0 |
Z |
0 |
RCODE |
0 |
QDCOUNT |
1 |
ANCOUNT |
0 |
NSCOUNT |
0 |
ARCOUNT |
0 |
DNS Question section |
QNAME |
NS4.example.org |
QTYPE |
A (0x0001) |
QCLASS |
IN (0x0001) |
- 10th packet (10A).
Standard query from DNS Server1 (NUT) to Server4 (TN)
|
IP Header |
Source Address |
NUT_NETZ |
Destination Address |
SV4_NETY |
UDP Header |
Src Port |
ANY |
Dst Port |
53 |
DNS Header |
ID |
ANY |
QR |
0 |
OPCODE |
0 |
AA |
ANY |
TC |
0 |
RD |
0 |
RA |
ANY |
Z |
ANY |
RCODE |
ANY |
QDCOUNT |
1 |
ANCOUNT |
0 |
NSCOUNT |
0 |
ARCOUNT |
ANY |
DNS Question section |
QNAME |
NS4.example.org |
QTYPE |
A (0x0001) |
QCLASS |
IN (0x0001) |
- Exp.
NUT_NETZ |
DNS Server1's (NUT) Net-z address |
CL1_NETZ |
DNS Client1's (TN) Net-z address |
SV2_NETY |
DNS Server2's (TN) Net-y address |
SV3_NETY |
DNS Server3's (TN) Net-y address |
SV4_NETY |
DNS Server4's (TN) Net-y address |
2. Received standard query including QNAME=A.example.org, QTYPE=A.
4. Received standard query including QNAME=A.example.org, QTYPE=A.
6. Received standard query including QNAME=A.example.org, QTYPE=A.
8. Received standard query response.
10A. Received standard query including QNAME=NS4.example.org, QTYPE=A.
or
10B. Not received standard query response.
*10A or 10B is judged.
None
RFC2181 Clarifications to the DNS Specification
5.4.1. Ranking data