SV_RFC1035_4_1_1_RCODE_5_zone - Refused (RCODE=5) for zone transfer
Verify that a NUT transmits Refused (RCODE=5) for query.
RCODE Response code - this 4 bit field is set as part of
responses. The values have the following
interpretation:
0 No error condition
1 Format error - The name server was
unable to interpret the query.
2 Server failure - The name server was
unable to process this query due to a
problem with the name server.
3 Name Error - Meaningful only for
responses from an authoritative name
server, this code signifies that the
domain name referenced in the query does
not exist.
4 Not Implemented - The name server does
not support the requested kind of query.
5 Refused - The name server refuses to
perform the specified operation for
policy reasons. For example, a name
server may not wish to provide the
information to the particular requester,
or a name server may not wish to perform
a particular operation (e.g., zone
transfer) for particular data.
Authoritative Server
SV_RFC1035_4_1_1_RCODE_5_zone.seq [-tooloption ...]: KOI tool option See also DNSConfig.pm
AP Server1 (TN)
|3ffe:501:ffff:101::10
|192.168.1.10
|
Net-y --+--------+-------------------------- 3ffe:501:ffff:101::/64
| 192.168.1/24
|
|
Router (TN)
|3ffe:501:ffff:100::1
|192.168.0.1
|
|
Net-z --+--------+-----------------+--------------------------+------ 3ffe:501:ffff:100::/64
| | | 192.168.0/24
| | |
DNS Server1 (NUT) DNS Client1 (TN) DNS Server2 (TN)
3ffe:501:ffff:100::XXXX 3ffe:501:ffff:100::20 3ffe:501:ffff:100::21
192.168.0.10 192.168.0.20 192.168.0.21
XXXX: EUI64
$TTL 86400 ; TTL of 1 day @ IN SOA NS1.example.com. root.example.com. ( 2005081600 ; serial 3600 ; refresh every 1 hr 900 ; retry every 15 min 604800 ; expire after a week 3600 ; Minimum TTL of a 1 hr ) ; IN NS NS1.example.com. NS1 IN A 192.168.0.10 ; A IN A 192.168.1.10
acl "Server2" { 192.168.0.21; };
;
zone "example.com" {
type master;
file "example.com.zone";
allow-transfer {
"Server2";
};
};
This test sequence is following.
DNS Client1 (TN) DNS Server1 (NUT)
| |
|------------------------------------->|
| 1. Send standard query in TCP |
| QNAME=A.example.com |
| QTYPE=AXFR |
| |
|<-------------------------------------|
| 2. Standard query response in TCP |
| Refused (RCODE=5) |
| |
v v
1. TN send standard QNAME=A.example.com, QTYPE=A to NUT.
2. NUT reply query response to TN (Judgment *2)
|
|
||
| IP Header | Source Address | CL1_NETZ |
| Destination Address | NUT_NETZ | |
| UDP Header | Src Port | 2000 |
| Dst Port | 53 | |
| DNS Header | ID | 0x1000 |
| QR | 0 | |
| OPCODE | 0 | |
| AA | 0 | |
| TC | 0 | |
| RD | 1 | |
| RA | 0 | |
| Z | 0 | |
| RCODE | 0 | |
| QDCOUNT | 1 | |
| ANCOUNT | 0 | |
| NSCOUNT | 0 | |
| ARCOUNT | 0 | |
| DNS Question section | QNAME | example.com |
| QTYPE | AXFR (0x00FC) | |
| QCLASS | IN (0x0001) | |
|
|
||
| IP Header | Source Address | NUT_NETZ |
| Destination Address | CL1_NETZ | |
| UDP Header | Src Port | 53 |
| Dst Port | 2000 | |
| DNS Header | ID | 0x1000 |
| QR | 1 | |
| OPCODE | 0 | |
| AA | ANY | |
| TC | 0 | |
| RD | 1 | |
| RA | any | |
| Z | 0 | |
| RCODE | 5 | |
| QDCOUNT | 1 | |
| ANCOUNT | 0 | |
| NSCOUNT | 0 | |
| ARCOUNT | 0 | |
| DNS Question section | QNAME | example.com |
| QTYPE | AXFR (0x00FC) | |
| QCLASS | IN (0x0001) | |
| NUT_NETZ | DNS Server1's (NUT) Net-z address |
| CL1_NETZ | DNS Client1's (TN) Net-z address |
2. Received standard query response including RCODE=5.
None
RFC1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
4.1.1. Header section format