1 files changed, 159 insertions, 0 deletions

diff --git a/contrib/unbound/testdata/subnet_noecs_refused.crpl b/contrib/unbound/testdata/subnet_noecs_refused.crpl
new file mode 100644
index 000000000000..39fbe85b4777
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_noecs_refused.crpl
@@ -0,0 +1,159 @@
+# config
+server:
+	send-client-subnet: 1.2.3.4
+	max-client-subnet-ipv4: 17
+	module-config: "subnetcache iterator"
+	qname-minimisation: no
+	minimal-responses: yes
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test subnet with no edns subnet support but it is refused
+; The query is sent to a server that does not reply with the edns-subnet
+; option. The upstream server sends rcode refused. That results in a
+; NULL return_msg.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com. IN NS ns.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. host.example.com. 4 86400 3600 86400 3600
+ENTRY_END
+
+; This matches the no EDNS subnet info queries that are made for the
+; fallback without subnet. The answer is refused.
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+;www.example.com. IN A 10.20.30.40
+ENTRY_END
+
+; This matches the initial query with edns subnet in the query,
+; the answer has no edns subnet in the reply.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+;ENTRY_BEGIN
+;REPLY RD DO
+;SECTION QUESTION
+;www.example.com. IN A
+; but send this query with subnet scope zero in the query, because that
+; makes the reply possibly get stored in the cache.
+;
+; query with subnet 0.0.0.0/0.
+ENTRY_BEGIN
+HEX_ANSWER_BEGIN
+	00 00 01 00 00 01 00 00         ;ID 0
+	00 00 00 01 03 77 77 77         ; www.example.com A? (DO)
+	07 65 78 61 6d 70 6c 65
+	03 63 6f 6d 00 00 01 00
+	01 00 00 29 10 00 00 00
+	80 00 00 08
+
+	00 08 00 04                     ; OPC, optlen
+	00 01 00 00                     ; ip4, scope 0, source 0
+	                                ;0.0.0.0/0
+HEX_ANSWER_END
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+;www.example.com. IN A 10.20.30.40
+ENTRY_END
+SCENARIO_END