NAMESERVER02: Test of EDNS0 support
Test case identifier
NAMESERVER02
Objective
EDNS(0) is a mechanism to announce capabilities of a DNS implementation, and is now basically required by any new functionality in DNS such as DNSSEC. EDNS(0) is standardized in RFC 6891.
This test case checks that all name servers has the capability to do EDNS(0) or if not, correctly replies to queries containing EDNS (OPT record).
Servers not supporting EDNS(0) must return FORMERR (RFC 6891, section 7):
Responders that choose not to implement the protocol extensions defined in this document MUST respond with a return code (RCODE) of FORMERR to messages containing an OPT record in the additional section and MUST NOT include an OPT record in the response.
Servers supporting EDNS(0) must reply with EDNS(0) (RFC 6891, section 6.1.1):
If an OPT record is present in a received request, compliant responders MUST include an OPT record in their respective responses.
To eliminating the risk of falsely classifying the server as not supporting EDNS due e.g. firewall issues, the UDP buffer size is set to 512 bytes (octets).
Scope
It is assumed that Child Zone is also tested by Connectivity01. This test case will set DEBUG level on messages for non-responsive name servers.
Inputs
- "Child Zone" - The domain name to be tested.
Ordered description of steps to be taken to execute the test case
-
Created an SOA query for the Child Zone with an OPT record with EDNS version set to "0" and with EDNS(0) option of payload size ("bufsize") set to 512 and "DO" bit unset.
-
Create a second SOA query for the Child Zone without any OPT record.
-
Obtain the set of name server IP addresses using Method4 and Method5 ("Name Server IP").
-
For each name server in Name Server IP do:
- Send the SOA query with OPT record to the name server and collect the response.
- If there is no DNS response, then:
- Send the SOA query without OPT record to the name server and collect the response.
- If there is no DNS response, then output NO_RESPONSE and go to next server.
- Else (there is a DNS response), then output BREAKS_ON_EDNS and go to next server.
- Else, if the DNS response meet the following two criteria,
then output NO_EDNS_SUPPORT:
- It has the RCODE "FORMERR"
- It has no OPT record.
- Else, if the DNS response meet the following criteria (compliant
server), then go to the next name server:
- It has the RCODE "NOERROR".
- The answer section contains the SOA record for Child Zone.
- It has OPT record with EDNS version 0.
- Else, if the DNS response meet the following criteria,
then output EDNS_RESPONSE_WITHOUT_EDNS and go to next server.
- It has the RCODE "NOERROR".
- It has no OPT record.
- Else, if the DNS response meet the following criteria,
then output EDNS_VERSION_ERROR and go to next server.
- It has the RCODE "NOERROR".
- It has OPT record with EDNS version other than 0.
- Else output NS_ERROR (i.e. other erroneous or unexpected response).
Outcome(s)
The outcome of this Test Case is "fail" if there is at least one message with the severity level ERROR or CRITICAL.
The outcome of this Test Case is "warning" if there is at least one message with the severity level WARNING, but no message with severity level ERROR or CRITICAL.
The outcome of this Test case is "pass" in all other cases.
Message | Default severity level (when message is outputted) |
---|---|
NO_RESPONSE | DEBUG |
NO_EDNS_SUPPORT | WARNING |
BREAKS_ON_EDNS | ERROR |
EDNS_RESPONSE_WITHOUT_EDNS | ERROR |
EDNS_VERSION_ERROR | ERROR |
NS_ERROR | WARNING |
Special procedural requirements
If either IPv4 or IPv6 transport is disabled, ignore the evaluation of the result of any test using this transport protocol and log a message reporting the ignored result.
Intercase dependencies
None