tgreenx
commented
2 years ago This issue reveals another problem for this test case.
In the current implementation, it is an SOA query that is sent for this test case (see here), which means that the answer section for this query will (should) be empty. Thus, implementation will default to only check for the RCODE of the query's answer, discarding all other checks.
The specification doesn't specify the query type for this test case, which means that it requires an update before fixing the implementation.
For domain "www.usmc.mil" (-> SOA query answer section is filled -> everything is checked [current issue related to this bug]):
zonemaster-cli usmc.mil --test NAMESERVER/nameserver09 --level INFO --raw
0.00 INFO GLOBAL_VERSION version=v4.5.1
4.30 WARNING CASE_QUERY_DIFFERENT_ANSWER ns=ns1-east.usmc.mil/214.43.140.53; query1=wwW.usMc.mIL; query2=wWW.uSmC.Mil; type=SOA
4.95 WARNING CASE_QUERY_DIFFERENT_ANSWER ns=ns2-east.usmc.mil/214.43.140.54; query1=wwW.usMc.mIL; query2=wWW.uSmC.Mil; type=SOA
5.30 WARNING CASE_QUERY_DIFFERENT_ANSWER ns=ns2-west.usmc.mil/214.43.141.54; query1=wwW.usMc.mIL; query2=wWW.uSmC.Mil; type=SOA
5.30 ERROR CASE_QUERIES_RESULTS_DIFFER domain=www.usmc.mil; type=SOA(IP=214.43.140.53; dig @$IP SOA wwW.usMc.miL ; dig @$IP SOA WWW.uSMC.mIL)
[ ... ]
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11965
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;wwW.usMc.miL. IN SOA
;; ANSWER SECTION:
wwW.usMc.miL. 3 IN CNAME www.marines.miL.
www.marines.miL. 3392 IN CNAME www.mcpw2.marines.mil.edgekey.net.
[ ... ]
[ ... ]
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22408
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;WWW.uSMC.mIL. IN SOA
;; ANSWER SECTION:
WWW.uSMC.mIL. 655 IN CNAME www.marines.mIL.
www.marines.mIL. 1558 IN CNAME www.mcpw2.marines.mil.edgekey.net.
[ ... ]For domain "zonemaster.net" (-> SOA query answer section is empty -> only RCODE is checked [this comment, new bug]):
zonemaster-cli --test NAMESERVER/nameserver09 --level INFO --raw zonemaster.net
0.00 INFO GLOBAL_VERSION version=v4.5.1
1.07 INFO CASE_QUERIES_RESULTS_OK domain=www.zonemaster.net; type=SOA(IP=192.93.0.4; dig @$IP SOA wwW.zoNemASTER.Net ; dig @$IP SOA WWW.zoNEMAsteR.nET)
[ ... ]
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62437
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
; COOKIE: 7e1b3e55a243b5950100000062e12fecc5e7c95ad83a02fa (good)
;; QUESTION SECTION:
;wwW.zoNemASTER.Net. IN SOA
;; AUTHORITY SECTION:
zonemaster.net. 600 IN SOA nsa.dnsnode.net. hostmaster.nic.se. 1658795606 14400 3600 2592000 600
[ ... ]
[ ... ]
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6812
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
; COOKIE: 8f45e98815ab6b200100000062e12fec1ce162ae9d745682 (good)
;; QUESTION SECTION:
;WWW.zoNEMAsteR.nET. IN SOA
;; AUTHORITY SECTION:
zonemaster.net. 600 IN SOA nsa.dnsnode.net. hostmaster.nic.se. 1658795606 14400 3600 2592000 600
[ ... ]
matsduf
Nameserver09 verifies that the response is independent of the case (upper case/lower case) of the owner name in the query. When testing usmc.mil, an error is reported:
As can be seen from the following lookups, the responses are not identical, but the difference is only the case in the domain name in RDATA, and that should be OK: