; config options server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" minimal-responses: no iter-scrub-promiscuous: no stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END SCENARIO_BEGIN Test that deep delegation from the parent deletes intermediate delegations to avoid triggering the ghost domain countermeasure. ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 19 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . 86400 IN NS K.ROOT-SERVERS.NET. SECTION ADDITIONAL K.ROOT-SERVERS.NET. 86400 IN A 193.0.14.129 ENTRY_END ; we will explicitly ask for this ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION AUTHORITY com. 10 IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. 86400 IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION AUTHORITY example.com. 86400 IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. 86400 IN A 1.2.3.4 ENTRY_END RANGE_END ; a.gtld-servers.net. RANGE_BEGIN 0 100 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION ANSWER com. 10 IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. 86400 IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END RANGE_END ; ns.example.com. RANGE_BEGIN 0 100 ADDRESS 1.2.3.4 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION ANSWER example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ns.example.com. IN A SECTION ANSWER ns.example.com. IN A 1.2.3.4 SECTION AUTHORITY example.com. IN NS ns.example.com. ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.example.com. IN A SECTION ANSWER a.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com IN A 1.2.3.4 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION b.example.com. IN A SECTION ANSWER b.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com IN A 1.2.3.4 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION c.example.com. IN A SECTION ANSWER c.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com IN A 1.2.3.4 ENTRY_END RANGE_END ; get the com. IN NS delegation in cache STEP 0 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION com. IN NS ENTRY_END STEP 1 CHECK_ANSWER ENTRY_BEGIN MATCH all ttl REPLY QR RD RA NOERROR SECTION QUESTION com. IN NS SECTION ANSWER com. 10 IN NS a.gtld-servers.net. ENTRY_END STEP 2 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION a.example.com. IN A ENTRY_END STEP 3 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION a.example.com. IN A SECTION ANSWER a.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END ; time passes for com. IN NS to expire. STEP 9 TIME_PASSES ELAPSE 11 ; the following query should go to the root instead of example.com. IN NS ; because com. IN NS is expired STEP 10 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION b.example.com. IN A ENTRY_END ; root replies with the example.com IN NS delegation ; the expired com. IN NS delegation should be deleted STEP 12 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION b.example.com. IN A SECTION ANSWER b.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END ; root is offline in this range. ; the following query should go straight to the example.com. IN NS delegation ; because the expired com. IN NS should not be in the cache anymore STEP 20 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION c.example.com. IN A ENTRY_END STEP 21 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION c.example.com. IN A SECTION ANSWER c.example.com. IN A 10.20.30.40 SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END SCENARIO_END