; Test if DO caching works properly. First we issue a query with QTYPE equals ; RRSIG and the DO flag set and we receive an answer with NSEC and RRSIG ; records and with the AD flag set. Then we issue a test with the DO flag ; clear and AD clear. Make sure we don't get an answer from the cache because ; queries for RRSIG, NSEC, and NSEC3 are special. do-ip6: no ; config options ; target-fetch-policy: "3 2 1 0 0" ; name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END SCENARIO_BEGIN Test DO flag set followed by DO flag clear. ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS K.ROOT-SERVERS.NET. SECTION ADDITIONAL K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END ; net. ENTRY_BEGIN MATCH opcode qname ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION net. IN NS SECTION AUTHORITY . IN SOA . . 0 0 0 0 0 ENTRY_END ; root-servers.net. ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION root-servers.net. IN NS SECTION ANSWER root-servers.net. IN NS k.root-servers.net. SECTION ADDITIONAL k.root-servers.net. IN A 193.0.14.129 ENTRY_END ENTRY_BEGIN MATCH opcode qname ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION root-servers.net. IN A SECTION AUTHORITY root-servers.net. IN SOA . . 0 0 0 0 0 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION k.root-servers.net. IN A SECTION ANSWER k.root-servers.net. IN A 193.0.14.129 SECTION ADDITIONAL ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION k.root-servers.net. IN AAAA SECTION AUTHORITY root-servers.net. IN SOA . . 0 0 0 0 0 ENTRY_END ; gtld-servers.net. ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION gtld-servers.net. IN NS SECTION ANSWER gtld-servers.net. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode qname ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION gtld-servers.net. IN A SECTION AUTHORITY gtld-servers.net. IN SOA . . 0 0 0 0 0 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN A SECTION ANSWER a.gtld-servers.net. IN A 192.5.6.30 SECTION ADDITIONAL ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION AUTHORITY gtld-servers.net. IN SOA . . 0 0 0 0 0 ENTRY_END RANGE_END ; a.gtld-servers.net. RANGE_BEGIN 0 9 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname DO ADJUST copy_id copy_query REPLY QR RD AD NOERROR SECTION QUESTION doesnotexist.example.com. IN NSEC SECTION ANSWER doesnotexist.example.com. 3600 IN NSEC a.example.com. TXT RRSIG NSEC doesnotexist.example.com. 3600 IN RRSIG NSEC 8 2 3600 20240302200620 20240203200620 63939 example.com. vtM5AjaxYJLqDSXGuPkhtjH1S+YLhMkgg1YVrUpxt2QuY2APIjwUThKN3bPsht4vt/ydVchIMfkHeZRTV4a4yMfuDwr9j5gi/RhrnOLEfQyrBMT0chmKpnh/3gAjHSj9rWNwh1Lyk4p6xSwcKTkYWPHR2q6wPG9Kt6hWQpbLiU66lZE3q5DUvQmKhhorT+sdwVLbpgcilrRQ7Wj5ocXVMfVWmNPbpAg0trruqB7WbkWjkReb+v0bUCDRcGZnd+GJD+YA9rvn7cJHiJQHrURE1Gb6OdxHZslr3NTo+wizbGXN01SLOZHaLTqk+ke8qPW6RRrVwZQyk/13kPMN8Lnr7Q== SECTION AUTHORITY does-exist.example.com. 3600 IN NSEC exists.example.com. A RRSIG NSEC does-exist.example.com. 3600 IN RRSIG NSEC 8 3 3600 20240229091553 20240201091553 63939 example.com. WezFhdCGSG4azmZkeBXxILnfwWuvhkjijsfpkcKqSfhOvQXPEjY0T0Gm4FoHOGieReGPQi4+Jgqp5AjC08yQwphPR9Cq3IsIVCAhPEzh1E9pVRmAFrlf+k/EnxCZ7aN7rq9rrFsx1jK5JtB1hUuvBLpVsVwIqx5yM7LohxWwhnTj+JqqiUbMVp0BcGzz5UubaSIlyJjiGc5ra79X6PGp2Ql19+krqEzaqrVuuD044+BBQWRvG3PzIEQwC1iEumKcfyWb+4F6s806f3NqvliBZl4nxVZUdl2vwhq2+gguN/+o6l3EjySvlKUFu6z5pto+qC9qrML2EM5mPETm253pVg== ENTRY_END RANGE_END ; a.gtld-servers.net. RANGE_BEGIN 10 19 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id copy_query REPLY QR RD NOERROR SECTION QUESTION doesnotexist.example.com. IN NSEC SECTION ANSWER doesnotexist.example.com. 3600 IN NSEC aa.example.com. TXT RRSIG NSEC ENTRY_END RANGE_END ; a.gtld-servers.net. RANGE_BEGIN 20 29 ADDRESS 192.5.6.30 ; we need a way to match a flag being clear. Hack, stelline takes the last ; entry that matches. First an entry with AD clear, then one with AD set. ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id copy_query REPLY QR RD NOERROR SECTION QUESTION doesnotexist.example.com. IN NSEC SECTION ANSWER doesnotexist.example.com. 3600 IN NSEC aa.example.com. TXT RRSIG NSEC ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname AD ADJUST copy_id copy_query REPLY QR RD AD NOERROR SECTION QUESTION doesnotexist.example.com. IN NSEC SECTION ANSWER doesnotexist.example.com. 3600 IN NSEC aaa.example.com. TXT RRSIG NSEC ENTRY_END RANGE_END STEP 1 QUERY ENTRY_BEGIN REPLY RD DO SECTION QUESTION doesnotexist.example.com. IN NSEC ENTRY_END STEP 2 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD AD NOERROR SECTION QUESTION doesnotexist.example.com. IN NSEC SECTION ANSWER doesnotexist.example.com. 3600 IN NSEC a.example.com. TXT RRSIG NSEC doesnotexist.example.com. 3600 IN RRSIG NSEC 8 2 3600 20240302200620 20240203200620 63939 example.com. vtM5AjaxYJLqDSXGuPkhtjH1S+YLhMkgg1YVrUpxt2QuY2APIjwUThKN3bPsht4vt/ydVchIMfkHeZRTV4a4yMfuDwr9j5gi/RhrnOLEfQyrBMT0chmKpnh/3gAjHSj9rWNwh1Lyk4p6xSwcKTkYWPHR2q6wPG9Kt6hWQpbLiU66lZE3q5DUvQmKhhorT+sdwVLbpgcilrRQ7Wj5ocXVMfVWmNPbpAg0trruqB7WbkWjkReb+v0bUCDRcGZnd+GJD+YA9rvn7cJHiJQHrURE1Gb6OdxHZslr3NTo+wizbGXN01SLOZHaLTqk+ke8qPW6RRrVwZQyk/13kPMN8Lnr7Q== SECTION AUTHORITY does-exist.example.com. 3600 IN NSEC exists.example.com. A RRSIG NSEC does-exist.example.com. 3600 IN RRSIG NSEC 8 3 3600 20240229091553 20240201091553 63939 example.com. WezFhdCGSG4azmZkeBXxILnfwWuvhkjijsfpkcKqSfhOvQXPEjY0T0Gm4FoHOGieReGPQi4+Jgqp5AjC08yQwphPR9Cq3IsIVCAhPEzh1E9pVRmAFrlf+k/EnxCZ7aN7rq9rrFsx1jK5JtB1hUuvBLpVsVwIqx5yM7LohxWwhnTj+JqqiUbMVp0BcGzz5UubaSIlyJjiGc5ra79X6PGp2Ql19+krqEzaqrVuuD044+BBQWRvG3PzIEQwC1iEumKcfyWb+4F6s806f3NqvliBZl4nxVZUdl2vwhq2+gguN/+o6l3EjySvlKUFu6z5pto+qC9qrML2EM5mPETm253pVg== ENTRY_END STEP 10 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION doesnotexist.example.com. IN NSEC ENTRY_END STEP 11 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD NOERROR SECTION QUESTION doesnotexist.example.com. IN NSEC SECTION ANSWER doesnotexist.example.com. 3600 IN NSEC aa.example.com. TXT RRSIG NSEC ENTRY_END STEP 20 QUERY ENTRY_BEGIN REPLY RD AD SECTION QUESTION doesnotexist.example.com. IN NSEC ENTRY_END STEP 21 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD AD NOERROR SECTION QUESTION doesnotexist.example.com. IN NSEC SECTION ANSWER doesnotexist.example.com. 3600 IN NSEC aaa.example.com. TXT RRSIG NSEC ENTRY_END SCENARIO_END