NAME

        SV_RFC2181_6_1_not_set_AA - A server for a zone should not return authoritative answer 
                                    for queries related to names in another name

VERIFICATION POINTS

        Verify that a NUT does not set AA bit for subdomain.

A server for a zone should not return authoritative answers for queries related to names in another zone, which includes the NS, and perhaps A, records at a zone cut, unless it also happens to be a server for the other zone.

TARGET

        Authoritative Server

SYNOPSIS

	SV_RFC2181_6_1_not_set_AA.seq [-tooloption ...]: KOI tool option
	See also DNSConfig.pm

INITIALIZATION

Network Topology

        AP Server1 (TN)
          |3ffe:501:ffff:101::10
          |192.168.1.10
          |
Net-y   --+--------+---------------------------- 3ffe:501:ffff:101::/64 
                   |                             192.168.1/24
                   |
                   |
                   |                         sub.example.com zone
                 Router (TN)             DNS Server6 (TN)
                   |3ffe:501:ffff:100::1     |NS6.sub.example.com
                   |192.168.0.1              |3ffe:501:ffff:100::30
                   |                         |192.168.0.30
                   |                         |
Net-z   --+--------+-----------------+-------+-- 3ffe:501:ffff:100::/64 
          |                          |           192.168.0/24
          |                          |
        DNS Server1 (NUT)            DNS Client1 (TN)
           3ffe:501:ffff:100::XXXX     3ffe:501:ffff:100::20 
           192.168.0.10                192.168.0.20
	

	XXXX: EUI64

Setup

Set the DNS Server1's (NUT) address as above mentioned Network Topology.

Configure the Server1's (NUT) zone file to response query from TN.

Example of example.com zone file:

$TTL    86400           ; TTL of 1 day
@ IN SOA NS1.example.com. root.example.com. (
	2005081600	; serial
	3600		; refresh every 1 hr
	900		; retry every 15 min
	604800		; expire after a week
	3600		; Minimum TTL of a 1 hr
)
;
	IN	NS	NS1.example.com.
NS1	IN	A	192.168.0.10
;
sub	IN	NS	NS6.sub.example.com.
NS6.sub	IN	A	192.168.0.30
;

TEST PROCEDURE

        This test sequence is following.

    DNS Client1 (TN)                       DNS Server1 (NUT)
        |                                      |
        |------------------------------------->|
        |   1. Send standard query             |
        |       QNAME=sub.example.com          |
        |       QTYPE=NS                       |
        |                                      |
        |<-------------------------------------|
        |   2. Standard query response         |
        |   AA=0                               |
        |   RD=0                               |
        |   QNAME Name=sub.example.com         |
        |   OTYPE=NS                           |
        |   AUTHORITY Name=sub.example.com     |
        |   AUTHORITY NSDNAME                  |
        |                 =NS6.sub.example.com |
        |   ADDITIONAL Name=NS6.sub.example.com|
        |   ADDITIONAL ADDRESS=192.168.0.30    |
        |                                      |
        |------------------------------------->|
        |   3. Send standard query             |
        |       QNAME=NS6.sub.example.com      |
        |       QTYPE=A                        |
        |                                      |
        |<-------------------------------------|
        |   4. Standard query response         |
        |   AA=0                               |
        |   RD=0                               |
        |   QNAME Name=NS6.sub.example.com     |
        |   OTYPE=A                            |
        |   AUTHORITY Name=sub.example.com     |
        |   AUTHORITY Name Server              |
        |                 =NS6.sub.example.com |
        |   ADDITIONAL Name=NS6.sub.example.com|
        |   ADDITIONAL ADDRESS=192.168.0.30    |
        |                                      |
        v                                      v

        1. TN send standard query QNAME=sub.example.com, QTYPE=NS to NUT.
        2. NUT reply query response(non-authoritative answer) to TN (Judgment *2)
        3. TN send standard query QNAME=NS6.sub.example.com, QTYPE=A to NUT.
        4. NUT reply query response(non-authoritative answer) to TN (Judgment *2)

Packet Description

1st packet.

Standard query from DNS Client1 (TN) to Server1 (NUT)
IP Header	Source Address	CL1_NETZ
IP Header	Destination Address	NUT_NETZ
UDP Header	Src Port	2000
UDP Header	Dst Port	53
DNS Header	ID	0x1000
	QR	0
	OPCODE	0
	AA	0
	TC	0
	RD	0
	RA	0
	Z	0
	RCODE	0
	QDCOUNT	1
	ANCOUNT	0
	NSCOUNT	0
	ARCOUNT	0
DNS Question section	QNAME	sub.example.com
	QTYPE	NS (0x0002)
	QCLASS	IN (0x0001)

2nd packet.

Standard query response from DNS Server1 (NUT) to Client1 (TN)
IP Header	Source Address	NUT_NETZ
IP Header	Destination Address	CL1_NETZ
UDP Header	Src Port	53
UDP Header	Dst Port	2000
DNS Header	ID	0x1000
	QR	1
	OPCODE	0
	AA	0
	TC	0
	RD	0
	RA	any
	Z	0
	RCODE	0
	QDCOUNT	1
	ANCOUNT	0
	NSCOUNT	1
	ARCOUNT	1
DNS Question section	QNAME	sub.example.com
	QTYPE	NS (0x0002)
	QCLASS	IN (0x0001)
DNS Authority section	NAME	sub.example.com (Pointer 0xC00C)
	TYPE	NS (0x0002)
	CLASS	IN (0x0001)
	TTL	1 day (86400)
	RDLENGTH	6
	NSDNAME	NS6.sub.example.com (NS6 + Pointer 0xC00C)
DNS Additional section	NAME	NS6.sub.example.com (Pointer 0xC02D)
	TYPE	A (0x0001)
	CLASS	IN (0x0001)
	TTL	1 day (86400)
	RDLENGTH	4
	ADDRESS	192.168.0.30

3rd packet.

Standard query from DNS Client1 (TN) to Server1 (NUT)
IP Header	Source Address	CL1_NETZ
IP Header	Destination Address	NUT_NETZ
UDP Header	Src Port	2000
UDP Header	Dst Port	53
DNS Header	ID	0x1001
	QR	0
	OPCODE	0
	AA	0
	TC	0
	RD	0
	RA	0
	Z	0
	RCODE	0
	QDCOUNT	1
	ANCOUNT	0
	NSCOUNT	0
	ARCOUNT	0
DNS Question section	QNAME	NS6.sub.example.com
	QTYPE	A (0x0001)
	QCLASS	IN (0x0001)

4th packet.

Standard query response from DNS Server1 (NUT) to Client1 (TN)
IP Header	Source Address	NUT_NETZ
IP Header	Destination Address	CL1_NETZ
UDP Header	Src Port	53
UDP Header	Dst Port	2000
DNS Header	ID	0x1001
	QR	1
	OPCODE	0
	AA	0
	TC	0
	RD	0
	RA	any
	Z	0
	RCODE	0
	QDCOUNT	1
	ANCOUNT	0
	NSCOUNT	1
	ARCOUNT	1
DNS Question section	QNAME	NS6.sub.example.com
	QTYPE	A (0x0001)
	QCLASS	IN (0x0001)
DNS Authority section	NAME	sub.example.com (Pointer 0xC010)
	TYPE	NS (0x0002)
	CLASS	IN (0x0001)
	TTL	1 day (86400)
	RDLENGTH	6
	NSDNAME	NS6.sub.example.com (Pointer 0xC00C)
DNS Additional section	NAME	NS6.sub.example.com (Pointer 0xC00C)
	TYPE	A (0x0001)
	CLASS	IN (0x0001)
	TTL	1 day (86400)
	RDLENGTH	4
	ADDRESS	192.168.0.30

Exp.

NUT_NETZ	DNS Server1's (NUT) Net-z address
CL1_NETZ	DNS Client1's (TN) Net-z address

JUDGMENT

        2. Received standard query response with AA = 0.
        4. Received standard query response with AA = 0.

TERMINATION

        None

REFERENCE

        RFC2181 Clarifications to the DNS Specification
        6.1. Zone authority