[apple/network_cmds.git] / unbound / testdata / autotrust_init_zsk.rpl

; config options
server:
	target-fetch-policy: "0 0 0 0 0"
	log-time-ascii: yes
stub-zone:
	name: "."
	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
; initial content (say from dig example.com DNSKEY > example.com.key) 
AUTOTRUST_FILE example.com
example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
AUTOTRUST_END
CONFIG_END

SCENARIO_BEGIN Test autotrust with initial trust anchor ZSK

; K-ROOT
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id copy_query
REPLY QR AA
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS k.root-servers.net.
SECTION ADDITIONAL
k.root-servers.net IN A 193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 100
	ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END

; ns.example.com.
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com.	3600	IN	A	10.20.30.40
www.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
SECTION AUTHORITY
example.com.	3600	IN	NS	ns.example.com.
example.com.	3600	IN	RRSIG	NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
SECTION ADDITIONAL
ns.example.com.	3600	IN	A	1.2.3.4
ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
; KSK 1
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
; ZSK 1
example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (ksk), size = 512b}
; signatures
example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}

ENTRY_END
RANGE_END

; set date/time to Aug 24 07:46:40  (2009).
STEP 5 TIME_PASSES ELAPSE 1251100000
STEP 6 ASSIGN t0 = ${time}
; get probe time and check it. 4800 is about 10% less than 5400. And more than
; the 3600 that a failure timeout would have.
STEP 7 ASSIGN probe = ${range 4800 ${timeout} 5400}


; the auto probing should have been done now.
STEP 8 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: 1251100000 ;;Mon Aug 24 07:46:40 2009
;;last_success: 1251100000 ;;Mon Aug 24 07:46:40 2009
;;next_probe_time: ${$t0 + $probe} ;;${ctime $t0 + $probe}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 07:46:40 2009
FILE_END


STEP 10 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END

STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com.	3600	IN	A	10.20.30.40
www.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
SECTION AUTHORITY
example.com.	3600	IN	NS	ns.example.com.
example.com.	3600	IN	RRSIG	NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
SECTION ADDITIONAL
ns.example.com.	3600	IN	A	1.2.3.4
ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
ENTRY_END

; The autotrust anchor was probed due to the query.

STEP 30 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: 1251100000 ;;Mon Aug 24 07:46:40 2009
;;last_success: 1251100000 ;;Mon Aug 24 07:46:40 2009
;;next_probe_time: ${$t0 + $probe} ;;${ctime $t0 + $probe}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 07:46:40 2009
FILE_END

; wait and see if autotrust probes (the unchanged) domain again.
STEP 40 TIME_PASSES EVAL ${$probe}

STEP 50 TRAFFIC

STEP 65 ASSIGN probe2 = ${range 4800 ${timeout} 5400}

STEP 70 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: ${time} ;;${ctime ${time}}
;;last_success: ${time} ;;${ctime ${time}}
;;next_probe_time: ${$t0 + $probe + $probe2} ;;${ctime $t0 + $probe + $probe2}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 07:46:40 2009
FILE_END

SCENARIO_END
Commit	Line	Data
89c4ed63 A	1	; config options
	2	server:
	3	target-fetch-policy: "0 0 0 0 0"
	4	log-time-ascii: yes
	5	stub-zone:
	6	name: "."
	7	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	8	; initial content (say from dig example.com DNSKEY > example.com.key)
	9	AUTOTRUST_FILE example.com
	10	example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	11	AUTOTRUST_END
	12	CONFIG_END
	13
	14	SCENARIO_BEGIN Test autotrust with initial trust anchor ZSK
	15
	16	; K-ROOT
	17	RANGE_BEGIN 0 100
	18	ADDRESS 193.0.14.129
	19	ENTRY_BEGIN
	20	MATCH opcode qname qtype
	21	ADJUST copy_id copy_query
	22	REPLY QR AA
	23	SECTION QUESTION
	24	. IN NS
	25	SECTION ANSWER
	26	. IN NS k.root-servers.net.
	27	SECTION ADDITIONAL
	28	k.root-servers.net IN A 193.0.14.129
	29	ENTRY_END
	30
	31	ENTRY_BEGIN
	32	MATCH opcode subdomain
	33	ADJUST copy_id copy_query
	34	REPLY QR
	35	SECTION QUESTION
	36	com. IN NS
	37	SECTION AUTHORITY
	38	com. IN NS a.gtld-servers.net.
	39	SECTION ADDITIONAL
	40	a.gtld-servers.net. IN A 192.5.6.30
	41	ENTRY_END
	42	RANGE_END
	43
	44	; a.gtld-servers.net.
	45	RANGE_BEGIN 0 100
	46	ADDRESS 192.5.6.30
	47	ENTRY_BEGIN
	48	MATCH opcode subdomain
	49	ADJUST copy_id copy_query
	50	REPLY QR
	51	SECTION QUESTION
	52	example.com. IN NS
	53	SECTION AUTHORITY
	54	example.com. IN NS ns.example.com.
	55	SECTION ADDITIONAL
	56	ns.example.com. IN A 1.2.3.4
	57	ENTRY_END
	58	RANGE_END
	59
	60	; ns.example.com.
	61	RANGE_BEGIN 0 100
	62	ADDRESS 1.2.3.4
	63	ENTRY_BEGIN
	64	MATCH opcode qname qtype
65	ADJUST copy_id
66	REPLY QR AA
67	SECTION QUESTION
68	www.example.com. IN A
69	SECTION ANSWER
70	www.example.com. 3600 IN A 10.20.30.40
71	www.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
72	SECTION AUTHORITY
73	example.com. 3600 IN NS ns.example.com.
74	example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
75	SECTION ADDITIONAL
76	ns.example.com. 3600 IN A 1.2.3.4
77	ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
78	ENTRY_END
79
80	ENTRY_BEGIN
81	MATCH opcode qname qtype
82	ADJUST copy_id
83	REPLY QR AA
84	SECTION QUESTION
85	example.com. IN DNSKEY
86	SECTION ANSWER
87	; KSK 1
88	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
89	; ZSK 1
90	example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (ksk), size = 512b}
91	; signatures
92	example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
93	example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
94
95	ENTRY_END
96	RANGE_END
97
98	; set date/time to Aug 24 07:46:40 (2009).
99	STEP 5 TIME_PASSES ELAPSE 1251100000
100	STEP 6 ASSIGN t0 = ${time}
101	; get probe time and check it. 4800 is about 10% less than 5400. And more than
102	; the 3600 that a failure timeout would have.
103	STEP 7 ASSIGN probe = ${range 4800 ${timeout} 5400}
104
105
106	; the auto probing should have been done now.
107	STEP 8 CHECK_AUTOTRUST example.com
108	FILE_BEGIN
109	; autotrust trust anchor file
110	;;id: example.com. 1
111	;;last_queried: 1251100000 ;;Mon Aug 24 07:46:40 2009
112	;;last_success: 1251100000 ;;Mon Aug 24 07:46:40 2009
113	;;next_probe_time: ${$t0 + $probe} ;;${ctime $t0 + $probe}
114	;;query_failed: 0
115	;;query_interval: 5400
116	;;retry_time: 3600
117	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 07:46:40 2009
118	FILE_END
119
120
121	STEP 10 QUERY
122	ENTRY_BEGIN
123	REPLY RD DO
124	SECTION QUESTION
125	www.example.com. IN A
126	ENTRY_END
127
128	STEP 20 CHECK_ANSWER
129	ENTRY_BEGIN
130	MATCH all
131	REPLY QR RD RA AD DO NOERROR
132	SECTION QUESTION
133	www.example.com. IN A
134	SECTION ANSWER
135	www.example.com. 3600 IN A 10.20.30.40
136	www.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
137	SECTION AUTHORITY
138	example.com. 3600 IN NS ns.example.com.
139	example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
140	SECTION ADDITIONAL
141	ns.example.com. 3600 IN A 1.2.3.4
142	ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
143	ENTRY_END
144
145	; The autotrust anchor was probed due to the query.
146
147	STEP 30 CHECK_AUTOTRUST example.com
148	FILE_BEGIN
149	; autotrust trust anchor file
150	;;id: example.com. 1
151	;;last_queried: 1251100000 ;;Mon Aug 24 07:46:40 2009
152	;;last_success: 1251100000 ;;Mon Aug 24 07:46:40 2009
153	;;next_probe_time: ${$t0 + $probe} ;;${ctime $t0 + $probe}
154	;;query_failed: 0
155	;;query_interval: 5400
156	;;retry_time: 3600
157	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 07:46:40 2009
158	FILE_END
159
160	; wait and see if autotrust probes (the unchanged) domain again.
161	STEP 40 TIME_PASSES EVAL ${$probe}
162
163	STEP 50 TRAFFIC
164
165	STEP 65 ASSIGN probe2 = ${range 4800 ${timeout} 5400}
166
167	STEP 70 CHECK_AUTOTRUST example.com
168	FILE_BEGIN
169	; autotrust trust anchor file
170	;;id: example.com. 1
171	;;last_queried: ${time} ;;${ctime ${time}}
172	;;last_success: ${time} ;;${ctime ${time}}
173	;;next_probe_time: ${$t0 + $probe + $probe2} ;;${ctime $t0 + $probe + $probe2}
174	;;query_failed: 0
175	;;query_interval: 5400
176	;;retry_time: 3600
177	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 07:46:40 2009
178	FILE_END
179
180	SCENARIO_END