Consistency05 returns CHILD_ZONE_LAME when it should not #1349

matsduf · 2024-05-17T13:22:52Z

A test zone is delegated with two in-bailiwick name servers with glue in parent. The zone has the equivalent NS records, but there are no address records for the two NS, which is an error. However, the zone is not lame.

Basic02 says that there are two working name servers (four addresses). Consistency05 reports that the zone is lame.

$ zonemaster-cli ADDR-MATCH-DEL-UNDEL-1.consistency05.xa --raw  --test basic02 --test consistency05 --hints COMMON/hintfile --show-testcase  --level info --profile COMMON/custom-profile.json
Loading profile from COMMON/custom-profile.json.
   0.00 INFO     Unspecified    GLOBAL_VERSION  version=v5.0.0
   0.13 INFO     Basic02        B02_AUTH_RESPONSE_SOA  domain="addr-match-del-undel-1.consistency05.xa"; ns_list=ns1.addr-match-del-undel-1.consistency05.xa/127.14.5.31;ns1.addr-match-del-undel-1.consistency05.xa/fda1:b2:c3:0:127:14:5:31;ns2.addr-match-del-undel-1.consistency05.xa/127.14.5.32;ns2.addr-match-del-undel-1.consistency05.xa/fda1:b2:c3:0:127:14:5:32
   0.00 INFO     Unspecified    GLOBAL_VERSION  version=v5.0.0
   0.00 INFO     Consistency05  TEST_CASE_START  testcase=Consistency05
   0.15 ERROR    Consistency05  CHILD_ZONE_LAME  
   0.15 INFO     Consistency05  TEST_CASE_END  testcase=Consistency05

The specification for Consistency says

   3. If all servers outputted *[NO_RESPONSE]* or *[CHILD_NS_FAILED]*, 
      then output *[CHILD_ZONE_LAME]* and completely stop processing 
      this test case.

None of the name servers output NO_RESPONSE or CHILD_NS_FAILED. The output should rather be IN_BAILIWICK_ADDR_MISMATCH.

6. Compare the IP address for the name servers from 
   *Delegation Strict Glue* with *Address Records From Child*
   (i.e. [in-bailiwick][terminology] only).

   1. If an IP from *Delegation Strict Glue* is not listed in 
      *Address Records From Child* with that same name server name, 
      then output *[IN_BAILIWICK_ADDR_MISMATCH]*.

https://github.com/zonemaster/zonemaster/blob/master/docs/public/specifications/tests/Consistency-TP/consistency05.md

The text was updated successfully, but these errors were encountered:

tgreenx · 2024-07-09T13:37:45Z

It seems that the zone nameservers responds REFUSED on that zone name. Zone is not loaded?

$ dig NS ADDR-MATCH-DEL-UNDEL-1.consistency05.xa @127.14.5.21

; <<>> DiG 9.18.24-1-Debian <<>> NS ADDR-MATCH-DEL-UNDEL-1.consistency05.xa @127.14.5.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57586
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 9c5b4e9dc6bfac84 (echoed)
;; QUESTION SECTION:
;ADDR-MATCH-DEL-UNDEL-1.consistency05.xa. IN NS

;; AUTHORITY SECTION:
addr-match-del-undel-1.consistency05.xa. 3600 IN NS ns1.addr-match-del-undel-1.consistency05.xa.
addr-match-del-undel-1.consistency05.xa. 3600 IN NS ns2.addr-match-del-undel-1.consistency05.xa.

;; ADDITIONAL SECTION:
ns1.addr-match-del-undel-1.consistency05.xa. 3600 IN A 127.14.5.31
ns1.addr-match-del-undel-1.consistency05.xa. 3600 IN AAAA fda1:b2:c3:0:127:14:5:31
ns2.addr-match-del-undel-1.consistency05.xa. 3600 IN A 127.14.5.32
ns2.addr-match-del-undel-1.consistency05.xa. 3600 IN AAAA fda1:b2:c3:0:127:14:5:32

;; Query time: 0 msec
;; SERVER: 127.14.5.21#53(127.14.5.21) (UDP)
;; WHEN: Tue Jul 09 15:29:32 CEST 2024
;; MSG SIZE  rcvd: 532

$ dig NS ADDR-MATCH-DEL-UNDEL-1.consistency05.xa @127.14.5.31

; <<>> DiG 9.18.24-1-Debian <<>> NS ADDR-MATCH-DEL-UNDEL-1.consistency05.xa @127.14.5.31
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 36462
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 4700b1f6c8148b81 (echoed)
;; QUESTION SECTION:
;ADDR-MATCH-DEL-UNDEL-1.consistency05.xa. IN NS

;; Query time: 0 msec
;; SERVER: 127.14.5.31#53(127.14.5.31) (UDP)
;; WHEN: Tue Jul 09 15:29:55 CEST 2024
;; MSG SIZE  rcvd: 80

$ dig NS ADDR-MATCH-DEL-UNDEL-1.consistency05.xa @127.14.5.32

; <<>> DiG 9.18.24-1-Debian <<>> NS ADDR-MATCH-DEL-UNDEL-1.consistency05.xa @127.14.5.32
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 35025
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7ce2f73ea6067370 (echoed)
;; QUESTION SECTION:
;ADDR-MATCH-DEL-UNDEL-1.consistency05.xa. IN NS

;; Query time: 0 msec
;; SERVER: 127.14.5.32#53(127.14.5.32) (UDP)
;; WHEN: Tue Jul 09 15:30:01 CEST 2024
;; MSG SIZE  rcvd: 80

matsduf added T-Bug Type: Bug in software or error in test case description A-TestCase Area: Test case specification or implementation of test case labels May 17, 2024

matsduf added this to the v2024.1 milestone May 17, 2024

matsduf modified the milestones: v2024.1, v2024.2 Jul 3, 2024

matsduf mentioned this issue Jul 4, 2024

Removes old consistency05/06 unit tests #1372

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Consistency05 returns CHILD_ZONE_LAME when it should not #1349

Consistency05 returns CHILD_ZONE_LAME when it should not #1349

matsduf commented May 17, 2024

tgreenx commented Jul 9, 2024

Consistency05 returns CHILD_ZONE_LAME when it should not #1349

Consistency05 returns CHILD_ZONE_LAME when it should not #1349

Comments

matsduf commented May 17, 2024

tgreenx commented Jul 9, 2024