1; Check if an expired SERVFAIL answer stored in the global cache does not block 2; ECS queries to reach the ECS cache. 3 4server: 5 trust-anchor-signaling: no 6 target-fetch-policy: "0 0 0 0 0" 7 send-client-subnet: 1.2.3.4 8 max-client-subnet-ipv4: 21 9 module-config: "subnetcache iterator" 10 verbosity: 3 11 access-control: 127.0.0.1 allow_snoop 12 qname-minimisation: no 13 minimal-responses: no 14 serve-expired: yes 15 serve-expired-client-timeout: 0 16 prefetch: yes 17 18stub-zone: 19 name: "example.com." 20 stub-addr: 1.2.3.4 21CONFIG_END 22 23SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache 24 25; ns.example.com. 26RANGE_BEGIN 0 10 27 ADDRESS 1.2.3.4 28 ENTRY_BEGIN 29 MATCH opcode qtype qname 30 ADJUST copy_id 31 REPLY QR NOERROR 32 SECTION QUESTION 33 example.com. IN NS 34 SECTION ANSWER 35 example.com. IN NS ns.example.com. 36 SECTION ADDITIONAL 37 ns.example.com. IN A 1.2.3.4 38 ENTRY_END 39 40 ; response to query of interest 41 ENTRY_BEGIN 42 MATCH opcode qtype qname 43 ADJUST copy_id 44 REPLY QR SERVFAIL 45 SECTION QUESTION 46 www.example.com. IN A 47 ENTRY_END 48RANGE_END 49 50; ns.example.com. 51RANGE_BEGIN 11 100 52 ADDRESS 1.2.3.4 53 ENTRY_BEGIN 54 MATCH opcode qtype qname 55 ADJUST copy_id 56 REPLY QR NOERROR 57 SECTION QUESTION 58 example.com. IN NS 59 SECTION ANSWER 60 example.com. IN NS ns.example.com. 61 SECTION ADDITIONAL 62 ns.example.com. IN A 1.2.3.4 63 ENTRY_END 64 65 ; response to query of interest 66 ENTRY_BEGIN 67 MATCH opcode qtype qname ednsdata 68 ADJUST copy_id copy_ednsdata_assume_clientsubnet 69 REPLY QR NOERROR 70 SECTION QUESTION 71 www.example.com. IN A 72 SECTION ANSWER 73 www.example.com. 10 IN A 10.20.30.40 74 SECTION AUTHORITY 75 example.com. IN NS ns.example.com. 76 SECTION ADDITIONAL 77 HEX_EDNSDATA_BEGIN 78 ; client is 127.0.0.1 79 00 08 ; OPC 80 00 05 ; option length 81 00 01 ; Family 82 08 00 ; source mask, scopemask 83 7f ; address 84 HEX_EDNSDATA_END 85 ns.example.com. IN A 1.2.3.4 86 ENTRY_END 87RANGE_END 88 89STEP 1 QUERY 90ENTRY_BEGIN 91REPLY RD 92SECTION QUESTION 93www.example.com. IN A 94ENTRY_END 95 96; This answer should be in the global cache 97STEP 2 CHECK_ANSWER 98ENTRY_BEGIN 99MATCH all 100REPLY QR RD RA SERVFAIL 101SECTION QUESTION 102www.example.com. IN A 103ENTRY_END 104 105; Bring the cached SERVFAIL to prefetch time 106STEP 10 TIME_PASSES ELAPSE 5 107 108STEP 11 QUERY 109ENTRY_BEGIN 110REPLY RD DO 111SECTION QUESTION 112www.example.com. IN A 113SECTION ADDITIONAL 114HEX_EDNSDATA_BEGIN 115 00 08 00 05 ; OPC, optlen 116 00 01 08 00 ; ip4, source 8, scope 0 117 7f ; 127.0.0.0/8 118HEX_EDNSDATA_END 119ENTRY_END 120 121; This answer was cached but a prefetch was triggerred 122STEP 12 CHECK_ANSWER 123ENTRY_BEGIN 124MATCH opcode qtype qname 125REPLY QR RD RA SERVFAIL 126SECTION QUESTION 127www.example.com. IN A 128ENTRY_END 129 130; Wait for the SERVFAIL to expire 131STEP 13 TIME_PASSES ELAPSE 2 132 133; Query again to verify that the record was prefetched and stored in the ECS 134; cache (because the server replied with ECS this time) 135STEP 14 QUERY 136ENTRY_BEGIN 137REPLY RD DO 138SECTION QUESTION 139www.example.com. IN A 140SECTION ADDITIONAL 141HEX_EDNSDATA_BEGIN 142 00 08 00 05 ; OPC, optlen 143 00 01 08 00 ; ip4, source 8, scope 0 144 7f ; 127.0.0.0/8 145HEX_EDNSDATA_END 146ENTRY_END 147 148; This record came from the ECS cache 149STEP 15 CHECK_ANSWER 150ENTRY_BEGIN 151MATCH all ttl 152REPLY QR RD RA DO NOERROR 153SECTION QUESTION 154www.example.com. IN A 155SECTION ANSWER 156www.example.com. 8 IN A 10.20.30.40 157SECTION AUTHORITY 158example.com. 3598 IN NS ns.example.com. 159SECTION ADDITIONAL 160HEX_EDNSDATA_BEGIN 161 00 08 00 05 ; OPC, optlen 162 00 01 08 08 ; ip4, source 8, scope 0 163 7f ; 127.0.0.0/8 164HEX_EDNSDATA_END 165ns.example.com. 3598 IN A 1.2.3.4 166ENTRY_END 167 168SCENARIO_END 169