Help & Documentation

All sections / {current.section.title} / {current.chapter.title} / {current.topic.title} / {current.title} / {current.title} / {current.title} / {current.title}

QName Minimisation

Functional overview

Resolvers which support QName Minimisation will make incremental backwards DNS lookups to the authoritative nameserver when resolving a subdomain such that a resolution for e.g. a.b.domain.com would result in 2 distinct queries to the nameserver for b.domain.com and a.b.domain.com respectively.    

An effective test for support of this feature would seek to confirm that for a configured subdomain A record, DNS queries were received for each of the incremental backwards paths along with a successful HTTP request for the full A record. 

Implementation

In order to track unique requests and avoid caching issues the Client Side Website Toolkit (CSWT) will send HTTP requests of the format 

UUID.qname.resolver.test.DOMAIN_NAME 

Where the UUID is generated uniquely for each request.  The SSCRT configures the DNS zone for the domain name with a wildcard IPv4 A record and sets up a wildcard SSL cert and matching web server virtual host for *.qname.resolver.test.DOMAIN_NAME 

After observing a DNS request for the full A record (including UUID prefix) the SSCRT will then seek to find matching queries for qname.resolver.test.DOMAIN_NAME, resolver.test.DOMAIN_NAME and test.DOMAIN_NAME with the same source resolver IP address.  If all 4 queries have been observed along with a resolved HTTP query the test is marked as successful, otherwise it will be marked as failed.


Configuring test sessions

QName Minimisation test sessions are configured using the test key qname-minimisation which should be supplied when creating new sessions on the SSCRT  

e.g.

resolvertest install qname-minimisation example.com  

and when invoking tests using the CSWT.
e.g.

let test = new ResolverCapabilityTest(“qname-minimisation”, “example.com”);    


Log format

The log output for QName minimisation tests will contain the following distinct fields:


id - A unique numerical id for the log entry

date - The date and time of the combined log entry.

status - Either “Success” or “Failed” depending upon whether the client resolver supports QName minimisation or not - this is inferred by the presence of all 4 DNS queries and a successful HTTP request.

dnsResolutionTime1 - The date and time that the first DNS query was received for test.DOMAIN_NAME if partial query was made

dnsResolvedHostname1 - If query was made this will be set to test.DOMAIN_NAME

dnsClientIpAddress1 - The IPv4 address of the client resolver or the /24 depending upon the configured privacy setting in the SSCRT if this query was made

dnsResolverQuery1 - The full query string made by the resolver for the resolution of test.DOMAIN_NAME if a query was made.

dnsResolutionTime2 - The date and time that the second DNS query was received for resolver.test.DOMAIN_NAME if partial query was made

dnsResolvedHostname2 - If query was made this will be set to resolver.test.DOMAIN_NAME

dnsClientIpAddress2- The IPv4 address of the client resolver or the /24 depending upon the configured privacy setting in the SSCRT if this query was made.  

dnsResolverQuery2 - The full query string made by the resolver for the resolution of qname.resolver.test.DOMAIN_NAME if a query was made.

dnsResolutionTime3 - The date and time that the third DNS query was received for qname.esolver.test.DOMAIN_NAME if partial query was made

dnsResolvedHostname3 - If query was made this will be set to qname.resolver.test.DOMAIN_NAME

dnsClientIpAddress3- The IPv4 address of the client resolver or the /24 depending upon the configured privacy setting in the SSCRT if this query was made.  

dnsResolverQuery3 - The full query string made by the resolver for the resolution of qname.resolver.test.DOMAIN_NAME if a query was made.

dnsResolutionTime4 - The date and time that the fourth DNS query was received for the fully qualified UUID.qname.esolver.test.DOMAIN_NAME.  This should always be present even if QName minimisation is not enabled for the client resolver.

dnsResolvedHostname4 - This will be set to UUID.qname.resolver.test.DOMAIN_NAME

dnsClientIpAddress4- The IPv4 address of the client resolver or the /24 depending upon the configured privacy setting in the SSCRT if this query was made.  

dnsResolverQuery4 - The full query string made by the resolver for the resolution of UUID.qname.resolver.test.DOMAIN_NAME if a query was made.


webServerRequestTime1 - The date and time that the HTTP request was made for UUID.qname.resolver.test.DOMAIN_NAME

webServerRequestHostname1- This will be set to UUID.qname.resolver.test.DOMAIN_NAME

webServerClientIpAddress1- The IPv4 address of the client machine (web browser) or the /24 depending upon the configured privacy setting in the SSCRT if this query was made.  

webServerResponseCode1 - The HTTP response code returned from the web server - generally should be 200 unless something has gone wrong.

← Introduction IPv6 →
Top
DNSRF Corporate Logo - words and line shorter version
Search
{item._type | case 'page' 'Web page' 'blog/blog' publication 'adnewsfeed/news' 'News' 'docs/article' 'Docs'}{item.section.title} / {item.chapter.title} / {item.topic.title}  | {category.title}
{item.title}
{item.publishDate | date 'DD MMM YYYY' | append ': '}
{tag.title}