[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DNSIND interoperability test log

To: namedroppers <namedroppers@internic.net>
Subject: DNSIND interoperability test log
From: ken lindahl <lindahl@ACK.BERKELEY.EDU>
Date: Fri, 3 Apr 1998 20:37:13 -0800 (PST)
98.03.31 DNSIND interoperatability testing.

Observers and loggers: Ken Lindahl, Randy Bush, Robert Elz

A Microsoft - Stuart Kwan
  NT Notify Client and Server
  NT DynUpd Client and Server w/ forwarding secondary

B Process Software - Jeff Schreiber
  VMS Notify Client and Server
  VMS DynUpd Client and Server
  NT  Notify Client and Server w/o forwarding secondary
  NT  DynUpd Client and Server w/o forwarding secondary

C American Internet - Josh Littlefield
  NT  IXFR   Client and Server (could not test as no second impl)
  NT  Notify Client and Server
  NT  DynUpd Client and Server w/o forwarding secondary

D Name Surfer - Andreas Gustafsson & Bengt Sahlin (primary server only)
  NetBSD Notify Client and Server
  NetBSD DynUpd Client and Server w/o forwarding secondary

E MetaInfo - Kevin Dunlap
  NT Notify Client and Server
  NT DynUpd Client and Server w/o forwarding secondary

F WIDE - Yusuke Doi
  FreeBSD DynUpd Client and Server w/o forwarding secondary

G cisco - Mark Beyer
  Linux DynUpd Client

Running on network 10.0.0.0/8.

Set up local root zone.

Set up zone B.A. in which hosts were put as
  one.b.a.
  two.b.a.
  etc.
with the low order end being the english of the last octet of the host's
address.

Test zone was C.A.

Impl-A set up C.A primary on 10.0.0.1, and everyone else set up secondary.
Confirmed AXFR to secondaries on Impl-B, Impl-C, and Impl-E.

Impl-A changed the primary by adding a host, changing the SOA and the
primary automatically sent a NOTIFY.  
  o Impl-C, NOTIFY received and tried an IXFR which failed but did not
    roll over to AXFR.
  o Impl-E received NOTIFY and successfully AXFRed the zone.
  o Impl-B NT received NOTIFY and successfully AXFRed the zone.

D.A was set up on five.B.A, Impl-E and secondaries confirmed AXFR.  

When Impl-C received the AXFR, it issued NOTIFY.  Impl-A received it but
already had the zone so did not AXFR.

The primary SOA.serial was changed and the primary HUPped.  But the Class
and Type were reversed in the NOTIFY, so all secondaries refused the NOTIFY.

Impl-D fixed his code and retried.  Impl-C and Impl-A all successfully
AXFRed.  Impl-B had problems.

Impl-D indeed sent multiple NOTIFYs when it got timeouts, and did indeed
eventually give up.

Impl-D hacked code and forced a NOTIFY of D.A with TCP-only to test
section 3.4.  Impl-C and Impl-A received it and did a successful AXFR.

The following NOTIFY behavior was not tested:

   3.5. If TCP is used, both master and slave must continue to offer
   name service during the transaction, even when the TCP transaction is
   not making progress.  The NOTIFY request is sent once, and a
   "timeout" is said to have occurred if no NOTIFY response is received
   within a reasonable interval.


Insecure Dynamic Update:

Each machine set up as primary for one.A, etc., the IP address of the
machine in the A zone.

Impl-A added an A RR to to two.A, successfully sent the DynUpd.  Impl-B
indeed crancked the SOA and added the new A RR.

Impl-A added an A RR to to four.A, successfully sent the DynUpd.
Impl-C indeed cranked the SOA and added the new A RR.

Impl-A added an A RR to to five.A, successfully sent the DynUpd.
Impl-D refused because it accidentally had insecure DynUpd disabled.
Impl-A then tried to start a TKEY session but Impl-D sent back a FORMERR
because it does not implement TKEY.

Impl-D enabled insecure DynUpd.  Impl-A added an A RR to to five.A,
successfully sent the DynUpd.  Impl-D received it and processed it
correctly.  Impl-D did have a minor bug in that it tried to NOTIFY itself.

Impl-A added an A RR to to eight.A, successfully sent the DynUpd.  Impl-F
indeed crancked the SOA and added the new A RR.

Impl-B then ran its client to add an A RR against the same list of servers.
Two to one succeeded.  Two to four succeeded.  Two to five succeeded.  Two
to eight succeeded.

Impl-D successfully added an A RR to Impl-A and Impl-D.

Impl-A sent an A RR to Impl-E.  Impl-E added it correctly.  Impl-A then sent
a CNAME update for the same name.  Impl-E correctly accepted the update.
But it added the CNAME and kept the A RR, which is not correct.

Impl-A sent an A RR to Impl-D.  Impl-D added it correctly.

Impl-A then sent a CNAME update for the same name.  Impl-D correctly
accepted the update.  But it added the CNAME and kept some mangled vestigal
data, which is not correct.

Impl-A did the same to Impl-F.  Impl-F correctly kept the A.

Impl-D successfully sent the A RR to Impl-C.

Impl-D sent a single transaction with an A and a CNAME of the same name.
Impl-C successfuly added the A but not the CNAME, which is correct.

Impl-A sent an A update to Impl-E, which succeeded.  Then Impl-A sent an
update with a prereq of RR exists with data and conditionally added another
A RR.  This succeeded.

Impl-D sent a CNAME and an A to Impl-A, and the CNAME was the result.  This
is correct.

Impl-A sent a SOA update to Impl-B, successfully: SOA fields were updated
(rather than incorrectly adding a second SOA record).

Impl-A sent a SOA update to Impl-C, who refused because of policy (Impl-C
considers this correct).

Impl-A sent a SOA update to Impl-E, successfully.

Impl-A sent a SOA update to Impl-F, Impl-F took the update but created
a second SOA record.

Impl-B sent a SOA update to Impl-A, unsuccessfully. Impl-A returned NOERR
rcode, but bumped serial number.

Impl-E sent a SOA update to Impl-A, successfully.

Impl-B sent a SOA update to Impl-D, unsuccessfully due to a decreasing
serial number. Impl-D silently ignored the update. This is correct.
The SOA was updated success, when the serial number was increasing.

Impl-B sent a WKS update to Impl-E, creating a WKS record, then sent a
second update with additional service, Impl-E replaced the original WKS
record (rather than adding a second). Correct. Tested again for UDP, as well
as TCP service.

Impl-A sent a CNAME record to Impl-B, then sent a second CNAME with the same
name, different rdata. Impl-B kept the first, ignored the second; sending
NOERR on the second update.

Impl-A set a CNAME record to Impl-C, then a second CNAME. Impl-C correctly
replaced the first CNAME with the second.

Impl-A set a CNAME record to Impl-D, then a second CNAME. Impl-D correctly
replaced the first CNAME with the second.

Impl-B sent a SOA record with decreasing serial number to Impl-A, who
silently ignored it. This is correct. (sec 3.6, see also Impl-B to Impl-D
SOA update above.)

Section 1.2--there is uncertain about what is being stated; what does "owned
by" mean in this context? Vixie referred to "mount-like semantics"; the idea
being that updates below a zone cut are allowed; though they may not be
visible due to data in the deeper zone from the delegated server(s). e.g.
if server has delgated deep.zone.example to another server, but gets an
update for very.very.deep.zone.example, the server can make the update even
though it never will be seen by anyone. Group consensus that this section
needs to be clarified before the draft progresses.

Impl-A sent a pre-requisite (name exists) request to Impl-C. Correct result
when pre-req was true and also when it was untrue.

Impl-A sent a pre-requisite only request to Impl-E. Correct result when
pre-req was true and also when it was untrue.

Impl-A sent a pre-requisite only request to Impl-F. Correct result when
pre-req was true and also when it was untrue.

Impl-F sent a pre-requisite only request to Impl-A. Correct result when
pre-req was true and also when it was untrue.

Impl-C sent a pre-requisite only request to Impl-E. Correct result when
pre-req was true and also when it was untrue.

Impl-A sent {Impl-C,Impl-E,Impl-F} a value-dependent pre-requisite
(specifying both records, where 2 records exist); got NOERR. Then sent a
partial requisite (specifying only one record where 2 records exist); got
NXRR. This is correct.

Impl-C sent {Impl-A,Impl-E} a value-dependent pre-requisite (specifying both
records, where 2 records exist); got NOERR. Then sent a partial requisite
(specifying only one record where 2 records exist); got NXRR. This is
correct.

Impl-A sent {Impl-C,Impl-E} pre-req -- "RRset does not exist" -- when RRset
did not exist, got NOERR, when RRset did exist got YXRRSET. This correct.

Impl-C sent {Impl-E,Impl-A} pre-req -- "RRset does not exist" -- when RRset
did not exist, got NOERR, when RRset did exist got YXRRSET. This correct.

Impl-C sent {Impl-A,Impl-E) update with (true) pre-req "name exists"; worked
correctly; then sent update with (true) pre-req "name does not exist";
worked correctly.

Impl-D successfully sent a TCP update to Impl-E.

Impl-A deleted an RR from an RRset from {Impl-C,Impl-D,Impl-E} successfully.

Impl-A attempted to delete a non-existant RRset against
{Impl-E,Impl-C,Impl-D,Impl-B}; requestwas silently ignored. This is correct.

Impl-C attempted to delete a non-existant RRset against
{Impl-E,Impl-A,Impl-D,Impl-B}; request was silently ignored. This is
correct.

Impl-A attempted to delete a non-existant RRset against
{Impl-E,Impl-C,Impl-D,Impl-B}; request was silently ignored. This is
correct.

Impl-A deleted an entire RRset against Impl-B; successfully.  (Added 2 A RRs
and a MX RR; then deleted the AA RRset, leaving the MX behind.)

Impl-A deleted an entire RRset against {Impl-C,Impl-G,Impl-D,Impl-F};
successfully. (Added 2 A RRs and a TXT RR; then deleted the AA RRset,
leaving the TXT behind.)

Impl-C deleted an entire RRset against {Impl-A,Impl-B,Impl-E} successfully.
(Added 2 A RRs and a MX RR; then deleted the AA RRset, leaving the MX
behind.)

Impl-A created several RRsets for a name, then deleted them, against
{Impl-B,Impl-C,Impl-D,Impl-E,Impl-F,Impl-G}

Impl-C created several RRsets for a name, then deleted them, against
{Impl-A,Impl-E}

Impl-B created a wildcard A record on Impl-A. 

Impl-A created a wildcard A record on Impl-B. Tested a pre-req "name exists"
(should return NXDOMAIN since wildcarding is disabled in pre-req testing);
but got NOERR. Impl-A deleted wildcard record against Impl-B.

Section 1.1.3 needs clarification to indicate that it applies to all
situations, including pre-requisites.

Impl-A created a wildcard A record on Impl-E. Tested a pre-req "RR exists"
(should return NXDOMAIN since wildcarding is disabled in pre-req testing);
got NXDOMAIN. Impl-A deleted wildcard record against Impl-B.

Impl-C created a wildcard A record on Impl-A. Tested a pre-req "name exists"
(should return NXDOMAIN since wildcarding is disabled in pre-req testing);
but got NOERR. Impl-C deleted wildcard record against Impl-A.

Impl-A tested for existence of a wildcard RR on Impl-B. Succcessfully.

Impl-C tested for existence of a wildcard RR on {Impl-A,Impl-E,Impl-D}, with
varying results.

Impl-A tested an update for data not in the zone against {Impl-B,
Impl-C,Impl-D,Impl-E}; got NOTZONE. Against Impl-F, got NOERR.

Impl-C tested a prerequisite for data not in the zone against {Impl-A;
got NOTZONE. This is correct. 

Impl-C tested adding out-of-zone names against {Impl-A,Impl-E}; got NOTZONE.

Impl-C tested specifying zone record with name in zone rather than top of
zone against {Impl-A,Impl-B,Impl-E}; got NOTZONE.

Also: tested serial number arithmetic (wraparound past zero); Impl-A,
Impl-C, Impl-B, Impl-E all did the right thing.

-30-
Prev by Date: Re: EDNS: OPT and forwarders
Next by Date: Re: more on binary labels and longest match
Prev by thread: BIND 8.1.2-T3B and BIND 4.9.7-T1B
Next by thread: more on binary labels and longest match
Index(es):
- Date
- Thread