NAME

        SV_RFC1996_3_6_master_NOTIFY_retrans_recv_ICMP - a master periodically sends a NOTIFY request to a slave until ICMP message indicating.

VERIFICATION POINTS

        If UDP is used, a master periodically sends a NOTIFY request to
        a slave until either too many copies have been sent (a "timeout"), an
        ICMP message indicating that the port is unreachable, or until a
        NOTIFY response is received from the slave with a matching query ID,
        QNAME, IP source address, and UDP source port number.

The interval between transmissions, and the total number of

retransmissions, should be operational parameters specifiable by

the name server administrator, perhaps on a per-zone basis.

Reasonable defaults are a 60 second interval (or timeout if

using TCP), and a maximum of 5 retransmissions (for UDP). It is

considered reasonable to use additive or exponential backoff for

the retry interval.

TARGET

        Server (AXFR/IXFR server)

SYNOPSIS

	SV_RFC1996_3_6_master_NOTIFY_retrans_recv_ICMP.seq [-tooloption ...]: KOI tool option
	See also DNSConfig.pm

INITIALIZATION

Network Topology

Net-z   --+------------------------+--------------------------- 3ffe:501:ffff:100::/64
          |                        |                            192.168.0/24
          |                        |
	sec.example.com domain
        DNS Server1 (NUT)         DNS Server2 (TN)
           3ffe:501:ffff:100::10    3ffe:501:ffff:100::30
           192.168.0.10             192.168.0.30

Setup

Set the DNS Server1's (NUT) address as above mentioned Network Topology.

Configure the Server1's: (NUT)

zone file to response query from TN.

configuration file as slave server about sec.example.com zone.

Enable zone transfer function.

Enable Notify mechanism function.

Example of DNS server configuration on DNS Server1 (NUT):

	
For IPv4 transport
zone "sec.example.com" {
	type master;
	allow-transfer { 192.168.0.30; };
	also-notify    { 192.168.0.30; };
	file "master/sec.example.com";
};
	
For IPv6 transport
zone "sec.example.com" {
	type master;
	allow-transfer { 3ffe:501:ffff:100::30; };
	also-notify    { 3ffe:501:ffff:100::30; };
	file "master/sec.example.com";
};

Transferred sec.example.com zone information:

$TTL    86400	; TTL of 1 day
@ IN SOA NS1.sec.example.com. root.sec.example.com. (
	1	; serial
	180	; refresh every 3 min
	30	; retry every 30 sec
	360	; expire after 6 min
	30	; Minimum TTL of 30 sec
)
;
	IN	NS	NS1.sec.example.com.
	IN	NS	NS2.sec.example.com.
NS1	IN	A	192.168.0.10
	IN	AAAA	3ffe:501:ffff:100::10
NS2	IN	A	192.168.0.30
	IN	AAAA	3ffe:501:ffff:100::30
;
CL1	IN	A	192.168.0.20

PRE-TEST SEQUENCE

Update sec.example.com zone like following on DNS Server1 (NUT)

$TTL    86400           ; TTL of 1 day
@ IN SOA NS1.sec.example.com. root.sec.example.com. (
        2               ; serial
        3600            ; refresh every 1 hr
        900             ; retry every 15 min
        604800          ; expire after a week
        3600            ; Minimum TTL of a 1 hr
)
;
        IN      NS      NS1.sec.example.com.
        IN      NS      NS2.sec.example.com.
NS1     IN      A       192.168.0.10
NS1     IN      AAAA    3ffe:501:ffff:100::10
NS2     IN      A       192.168.0.30
NS2     IN      AAAA    3ffe:501:ffff:100::30
;
CL1     IN      A       192.168.0.20
CL2     IN      A       192.168.0.21

TEST PROCEDURE

        This test sequence is following.

    DNS Server1 (NUT)            DNS Server2 (TN)
        |                              |
        |----------------------------->|
        | 1. NOTIFY requests           |
        |    (in UDP)                  |
        |                              |
        |  QR = 0                      |
        |  OPCODE = NOTIFY (4)         |
        |  QDCOUNT >  0                |
        |  ANCOUNT >= 0                |
        |  NSCOUNT >= 0                |
        |  ARCOUNT >= 0                |
        |  QNAME = sec.example.com     |
        |  QTYPE = SOA (0x0006)        |
        |                              |
        |<-----------------------------|
        | 2. ICMP port unreachable     |
        |                              |
        |----------------------------->|
        | 3. no response               |
        |    for 60 seconds            |
        |                              |
        v                              v

        This test sequence is following.

        1. DNS Server1 (NUT) sends a NOTIFY request to DNS Server2 (TN). (Judgment *1)
        2. DNS Server2 (TN) sends a ICMP port unreachable to DNS Server1 (NUT).
        3. DNS Server1 (NUT) doesn't sends a NOTIFY request to DNS Server2 (TN) for 60 seconds. (Judgment *3)

Packet Description

1st packet.

A NOTIFY request from DNS Server1 (NUT) to Server2 (TN)
IP Header	Source Address	NUT_NETZ
IP Header	Destination Address	SV2_NETZ
UDP Header	Src Port	any
UDP Header	Dst Port	53
DNS Header	ID	any
	QR	0
	OPCODE	4
	AA	1
	TC	0
	RD	0
	RA	0
	Z	0
	RCODE	0
	QDCOUNT	1
	ANCOUNT	>=0
	NSCOUNT	>=0
	ARCOUNT	>=0
DNS Question section	QNAME	sec.example.com
	QTYPE	SOA (0x0006)
	QCLASS	IN (0x0001)

2nd packet.

ICMP port unreachable from DNS Server2 (TN) to Server1 (NUT)
IP Header	Source Address	SV2_NETZ
IP Header	Destination Address	NUT_NETZ
ICMP Header	Type	ICMPv4: 3, ICMPv6: 1
ICMP Header	Code	ICMPv4: 3, ICMPv6: 4
Message Body	contents of 1st packet from IP header

Exp.

NUT_NETZ	DNS Server1's (NUT) Net-z address
SV2_NETZ	DNS Server7's (TN) Net-z address

JUDGMENT

        1. DNS Server1 (NUT) sends a NOTIFY request to DNS Server2 (TN).
        3. DNS Server1 (NUT) doesn't sends a NOTIFY request to DNS Server2 (TN) for 60 seconds.

TERMINATION

        None

REFERENCE

        RFC1996 DNS NOTIFY
        3. NOTIFY Message