[apple/network_cmds.git] / unbound / testdata / autotrust_revtp.rpl

; config options
server:
	target-fetch-policy: "0 0 0 0 0"
	log-time-ascii: yes
stub-zone:
	name: "."
	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
AUTOTRUST_FILE example.com
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: 1258962400 ;;Mon Nov 23 08:46:40 2009
;;last_success: 1258962400 ;;Mon Nov 23 08:46:40 2009
;;next_probe_time: 1258967360 ;;Mon Nov 23 10:09:20 2009
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.    10800   IN      DNSKEY  257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009
AUTOTRUST_END
CONFIG_END

SCENARIO_BEGIN Test autotrust with trust point revocation

; K-ROOT
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id copy_query
REPLY QR AA
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS k.root-servers.net.
SECTION ADDITIONAL
k.root-servers.net IN A 193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 100
	ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END

; ns.example.com.
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER

; revoked keys

example.com.    10800   IN      DNSKEY  385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b}
example.com.	10800	IN	DNSKEY	385 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16614 (ksk), size = 512b}
; signatures
example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091124111500 20091018111500 55710 example.com. zOSlB1iwtlP2lum1RK0WoDQrMVj0JKwk2E5Mu1okzV38hAx3Xm9IGMK6WrNkVVLmx4OkhYmdPVA95jVsFpwLMw== ;{id = 55710}
example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091124111500 20091018111500 16614 example.com. qP49cCYP3lvNnLBYty/JxAwHqBIGjpup5zQ7qpjPnaZpBb/TlpOhY17LBZrqD86VvBbEVz5tkxC9UrCy85ePDQ== ;{id = 16614}

ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
RANGE_END

RANGE_END

; set date/time to Mon Nov 23 09:46:40 2009
STEP 5 TIME_PASSES EVAL ${1258962400 + 7200}
STEP 6 TRAFFIC   ; do the probe
STEP 7 ASSIGN t0 = ${time}
STEP 8 ASSIGN probe0 = ${range 0 ${timeout} 0}
STEP 9 ASSIGN tp = ${1258962400}

; the auto probing should have been done now.
STEP 11 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;REVOKED
; The zone has all keys revoked, and is
; considered as if it has no trust anchors.
; the remainder of the file is the last probe.
; to restart the trust anchor, overwrite this file.
; with one containing valid DNSKEYs or DSes.
;;id: example.com. 1
;;last_queried: ${$t0} ;;${ctime $t0}
;;last_success: ${$t0} ;;${ctime $t0}
;;next_probe_time: ${0} ;;${ctime 0}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
example.com.	10800	IN	DNSKEY	385 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16614 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
FILE_END

STEP 20 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END

; correct unsigned response works after trust point revocation.
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A   10.20.30.40
ENTRY_END

SCENARIO_END
Commit	Line	Data
89c4ed63 A	1	; config options
	2	server:
	3	target-fetch-policy: "0 0 0 0 0"
	4	log-time-ascii: yes
	5	stub-zone:
	6	name: "."
	7	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	8	AUTOTRUST_FILE example.com
	9	; autotrust trust anchor file
	10	;;id: example.com. 1
	11	;;last_queried: 1258962400 ;;Mon Nov 23 08:46:40 2009
	12	;;last_success: 1258962400 ;;Mon Nov 23 08:46:40 2009
	13	;;next_probe_time: 1258967360 ;;Mon Nov 23 10:09:20 2009
	14	;;query_failed: 0
	15	;;query_interval: 5400
	16	;;retry_time: 3600
	17	example.com. 10800 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009
	18	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009
	19	AUTOTRUST_END
	20	CONFIG_END
	21
	22	SCENARIO_BEGIN Test autotrust with trust point revocation
	23
	24	; K-ROOT
	25	RANGE_BEGIN 0 100
	26	ADDRESS 193.0.14.129
	27	ENTRY_BEGIN
	28	MATCH opcode qname qtype
	29	ADJUST copy_id copy_query
	30	REPLY QR AA
	31	SECTION QUESTION
	32	. IN NS
	33	SECTION ANSWER
	34	. IN NS k.root-servers.net.
	35	SECTION ADDITIONAL
	36	k.root-servers.net IN A 193.0.14.129
	37	ENTRY_END
	38
	39	ENTRY_BEGIN
	40	MATCH opcode subdomain
	41	ADJUST copy_id copy_query
	42	REPLY QR
	43	SECTION QUESTION
	44	com. IN NS
	45	SECTION AUTHORITY
	46	com. IN NS a.gtld-servers.net.
	47	SECTION ADDITIONAL
	48	a.gtld-servers.net. IN A 192.5.6.30
	49	ENTRY_END
	50	RANGE_END
	51
	52	; a.gtld-servers.net.
	53	RANGE_BEGIN 0 100
	54	ADDRESS 192.5.6.30
	55	ENTRY_BEGIN
	56	MATCH opcode subdomain
	57	ADJUST copy_id copy_query
	58	REPLY QR
	59	SECTION QUESTION
	60	example.com. IN NS
	61	SECTION AUTHORITY
	62	example.com. IN NS ns.example.com.
	63	SECTION ADDITIONAL
	64	ns.example.com. IN A 1.2.3.4
65	ENTRY_END
66	RANGE_END
67
68	; ns.example.com.
69	RANGE_BEGIN 0 100
70	ADDRESS 1.2.3.4
71	ENTRY_BEGIN
72	MATCH opcode qname qtype
73	ADJUST copy_id
74	REPLY QR AA
75	SECTION QUESTION
76	example.com. IN DNSKEY
77	SECTION ANSWER
78
79	; revoked keys
80
81	example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b}
82	example.com. 10800 IN DNSKEY 385 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16614 (ksk), size = 512b}
83	; signatures
84	example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 55710 example.com. zOSlB1iwtlP2lum1RK0WoDQrMVj0JKwk2E5Mu1okzV38hAx3Xm9IGMK6WrNkVVLmx4OkhYmdPVA95jVsFpwLMw== ;{id = 55710}
85	example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 16614 example.com. qP49cCYP3lvNnLBYty/JxAwHqBIGjpup5zQ7qpjPnaZpBb/TlpOhY17LBZrqD86VvBbEVz5tkxC9UrCy85ePDQ== ;{id = 16614}
86
87	ENTRY_END
88
89	ENTRY_BEGIN
90	MATCH opcode subdomain
91	ADJUST copy_id copy_query
92	REPLY QR
93	SECTION QUESTION
94	www.example.com. IN A
95	SECTION ANSWER
96	www.example.com. IN A 10.20.30.40
97	ENTRY_END
98	RANGE_END
99
100	RANGE_END
101
102	; set date/time to Mon Nov 23 09:46:40 2009
103	STEP 5 TIME_PASSES EVAL ${1258962400 + 7200}
104	STEP 6 TRAFFIC ; do the probe
105	STEP 7 ASSIGN t0 = ${time}
106	STEP 8 ASSIGN probe0 = ${range 0 ${timeout} 0}
107	STEP 9 ASSIGN tp = ${1258962400}
108
109	; the auto probing should have been done now.
110	STEP 11 CHECK_AUTOTRUST example.com
111	FILE_BEGIN
112	; autotrust trust anchor file
113	;;REVOKED
114	; The zone has all keys revoked, and is
115	; considered as if it has no trust anchors.
116	; the remainder of the file is the last probe.
117	; to restart the trust anchor, overwrite this file.
118	; with one containing valid DNSKEYs or DSes.
119	;;id: example.com. 1
120	;;last_queried: ${$t0} ;;${ctime $t0}
121	;;last_success: ${$t0} ;;${ctime $t0}
122	;;next_probe_time: ${0} ;;${ctime 0}
123	;;query_failed: 0
124	;;query_interval: 5400
125	;;retry_time: 3600
126	example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
127	example.com. 10800 IN DNSKEY 385 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16614 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
128	FILE_END
129
130	STEP 20 QUERY
131	ENTRY_BEGIN
132	REPLY RD DO
133	SECTION QUESTION
134	www.example.com. IN A
135	ENTRY_END
136
137	; correct unsigned response works after trust point revocation.
138	STEP 30 CHECK_ANSWER
139	ENTRY_BEGIN
140	MATCH all
141	REPLY QR RD RA DO NOERROR
142	SECTION QUESTION
143	www.example.com. IN A
144	SECTION ANSWER
145	www.example.com. IN A 10.20.30.40
146	ENTRY_END
147
148	SCENARIO_END