SV_RFC1035_4_1_1_RCODE_5_query - Refused (RCODE=5) for query
Verify that a NUT transmits Refused (RCODE=5) for query.
RCODE Response code - this 4 bit field is set as part of responses. The values have the following interpretation: 0 No error condition 1 Format error - The name server was unable to interpret the query. 2 Server failure - The name server was unable to process this query due to a problem with the name server. 3 Name Error - Meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist. 4 Not Implemented - The name server does not support the requested kind of query.
5 Refused - The name server refuses to perform the specified operation for policy reasons. For example, a name server may not wish to provide the information to the particular requester, or a name server may not wish to perform a particular operation (e.g., zone transfer) for particular data.
Authoritative Server
SV_RFC1035_4_1_1_RCODE_5_query.seq [-tooloption ...]: KOI tool option See also DNSConfig.pm
AP Server1 (TN) |3ffe:501:ffff:101::10 |192.168.1.10 | Net-y --+--------+-------------------------- 3ffe:501:ffff:101::/64 | 192.168.1/24 | | Router (TN) |3ffe:501:ffff:100::1 |192.168.0.1 | | Net-z --+--------+-----------------+--------------------------+------ 3ffe:501:ffff:100::/64 | | | 192.168.0/24 | | | DNS Server1 (NUT) DNS Client1 (TN) DNS Client2 (TN) 3ffe:501:ffff:100::XXXX 3ffe:501:ffff:100::20 3ffe:501:ffff:100::21 192.168.0.10 192.168.0.20 192.168.0.21
XXXX: EUI64
$TTL 86400 ; TTL of 1 day @ IN SOA NS1.example.com. root.example.com. ( 2005081600 ; serial 3600 ; refresh every 1 hr 900 ; retry every 15 min 604800 ; expire after a week 3600 ; Minimum TTL of a 1 hr ) ; IN NS NS1.example.com. NS1 IN A 192.168.0.10 ; A IN A 192.168.1.10
acl "Client2" { 192.168.0.21; }; ; zone "example.com" { type master; file "example.com.zone"; allow-query { "Client2"; }; };
This test sequence is following.
DNS Client1 (TN) DNS Server1 (NUT) | | |------------------------------------->| | 1. Send standard query | | QNAME=A.example.com | | QTYPE=A | | | |<-------------------------------------| | 2. Standard query response | | Refused (RCODE=5) | | | v v
1. TN send standard QNAME=A.example.com, QTYPE=A to NUT. 2. NUT reply query response to TN (Judgment *2)
|
||
IP Header | Source Address | CL1_NETZ |
Destination Address | NUT_NETZ | |
UDP Header | Src Port | 2000 |
Dst Port | 53 | |
DNS Header | ID | 0x1000 |
QR | 0 | |
OPCODE | 0 | |
AA | 0 | |
TC | 0 | |
RD | 1 | |
RA | 0 | |
Z | 0 | |
RCODE | 0 | |
QDCOUNT | 1 | |
ANCOUNT | 0 | |
NSCOUNT | 0 | |
ARCOUNT | 0 | |
DNS Question section | QNAME | A.example.com |
QTYPE | A (0x0001) | |
QCLASS | IN (0x0001) |
|
||
IP Header | Source Address | NUT_NETZ |
Destination Address | CL1_NETZ | |
UDP Header | Src Port | 53 |
Dst Port | 2000 | |
DNS Header | ID | 0x1000 |
QR | 1 | |
OPCODE | 0 | |
AA | ANY | |
TC | 0 | |
RD | 1 | |
RA | any | |
Z | 0 | |
RCODE | 5 | |
QDCOUNT | 1 | |
ANCOUNT | 0 | |
NSCOUNT | 0 | |
ARCOUNT | 0 | |
DNS Question section | QNAME | A.example.com |
QTYPE | A (0x0001) | |
QCLASS | IN (0x0001) |
NUT_NETZ | DNS Server1's (NUT) Net-z address |
CL1_NETZ | DNS Client1's (TN) Net-z address |
2. Received standard query response including RCODE=5.
None
RFC1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION 4.1.1. Header section format