Functional overview
Resolvers which support QName Minimisation will make incremental backwards DNS lookups to the authoritative nameserver when resolving a subdomain such that a resolution for e.g. a.b.domain.com would result in 2 distinct queries to the nameserver for b.domain.com and a.b.domain.com respectively.
An effective test for support of this feature would seek to confirm that for a configured subdomain A record, DNS queries were received for each of the incremental backwards paths along with a successful HTTP request for the full A record.
Implementation
In order to track unique requests and avoid caching issues the Client Side Website Toolkit (CSWT) will send HTTP requests of the format
UUID.qname.resolver.test.DOMAIN_NAME
Where the UUID is generated uniquely for each request. The SSCRT configures the DNS zone for the domain name with a wildcard IPv4 A record and sets up a wildcard SSL cert and matching web server virtual host for *.qname.resolver.test.DOMAIN_NAME
After observing a DNS request for the full A record (including UUID prefix) the SSCRT will then seek to find matching queries for qname.resolver.test.DOMAIN_NAME, resolver.test.DOMAIN_NAME and test.DOMAIN_NAME with the same source resolver IP address. If all 4 queries have been observed along with a resolved HTTP query the test is marked as successful, otherwise it will be marked as failed.
Configuring test sessions
QName Minimisation test sessions are configured using the test key qname-minimisation which should be supplied when creating new sessions on the SSCRT
e.g.
resolvertest install qname-minimisation example.com
and when invoking tests using the CSWT.
e.g.
let test = new ResolverCapabilityTest(“qname-minimisation”, “example.com”);
Log format
The log output for QName minimisation tests will contain the following distinct fields:
id - A unique numerical id for the log entry
date - The date and time of the combined log entry.
status - Either “Success” or “Failed” depending upon whether the client resolver supports QName minimisation or not - this is inferred by the presence of all 4 DNS queries and a successful HTTP request.
dnsResolutionTime1 - The date and time that the first DNS query was received for test.DOMAIN_NAME if partial query was made
dnsResolvedHostname1 - If query was made this will be set to test.DOMAIN_NAME
dnsClientIpAddress1 - The IPv4 address of the client resolver or the /24 depending upon the configured privacy setting in the SSCRT if this query was made
dnsResolverQuery1 - The full query string made by the resolver for the resolution of test.DOMAIN_NAME if a query was made.
dnsResolutionTime2 - The date and time that the second DNS query was received for resolver.test.DOMAIN_NAME if partial query was made
dnsResolvedHostname2 - If query was made this will be set to resolver.test.DOMAIN_NAME
dnsClientIpAddress2- The IPv4 address of the client resolver or the /24 depending upon the configured privacy setting in the SSCRT if this query was made.
dnsResolverQuery2 - The full query string made by the resolver for the resolution of qname.resolver.test.DOMAIN_NAME if a query was made.
dnsResolutionTime3 - The date and time that the third DNS query was received for qname.esolver.test.DOMAIN_NAME if partial query was made
dnsResolvedHostname3 - If query was made this will be set to qname.resolver.test.DOMAIN_NAME
dnsClientIpAddress3- The IPv4 address of the client resolver or the /24 depending upon the configured privacy setting in the SSCRT if this query was made.
dnsResolverQuery3 - The full query string made by the resolver for the resolution of qname.resolver.test.DOMAIN_NAME if a query was made.
dnsResolutionTime4 - The date and time that the fourth DNS query was received for the fully qualified UUID.qname.esolver.test.DOMAIN_NAME. This should always be present even if QName minimisation is not enabled for the client resolver.
dnsResolvedHostname4 - This will be set to UUID.qname.resolver.test.DOMAIN_NAME
dnsClientIpAddress4- The IPv4 address of the client resolver or the /24 depending upon the configured privacy setting in the SSCRT if this query was made.
dnsResolverQuery4 - The full query string made by the resolver for the resolution of UUID.qname.resolver.test.DOMAIN_NAME if a query was made.
webServerRequestTime1 - The date and time that the HTTP request was made for UUID.qname.resolver.test.DOMAIN_NAME
webServerRequestHostname1- This will be set to UUID.qname.resolver.test.DOMAIN_NAME
webServerClientIpAddress1- The IPv4 address of the client machine (web browser) or the /24 depending upon the configured privacy setting in the SSCRT if this query was made.
webServerResponseCode1 - The HTTP response code returned from the web server - generally should be 200 unless something has gone wrong.