[apple/network_cmds.git] / unbound / testdata / autotrust_revtp_read.rpl

; config options
server:
	target-fetch-policy: "0 0 0 0 0"
	log-time-ascii: yes
	val-override-date: '20091018111500'
stub-zone:
	name: "."
	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
AUTOTRUST_FILE example.com
; autotrust trust anchor file
;;REVOKED
; The zone has all keys revoked, and is
; considered as if it has no trust anchors.
; the remainder of the file is the last probe.
; to restart the trust anchor, overwrite this file.
; with one containing valid DNSKEYs or DSes.
;;id: example.com. 1
;;last_queried: 1258962400 ;;Mon Nov 23 08:46:40 2009
;;last_success: 1258962400 ;;Mon Nov 23 08:46:40 2009
;;next_probe_time: ${0} ;;${ctime 0}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009
example.com.	10800	IN	DNSKEY	385 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16614 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009
AUTOTRUST_END
CONFIG_END

SCENARIO_BEGIN Test autotrust with revoked trust point read back from config

; K-ROOT
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id copy_query
REPLY QR AA
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS k.root-servers.net.
SECTION ADDITIONAL
k.root-servers.net IN A 193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 100
	ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END

; ns.example.com.
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END
RANGE_END

RANGE_END

STEP 20 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END

; correct unsigned response works after trust point revocation.
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A   10.20.30.40
ENTRY_END

SCENARIO_END
Commit	Line	Data
89c4ed63 A	1	; config options
	2	server:
	3	target-fetch-policy: "0 0 0 0 0"
	4	log-time-ascii: yes
	5	val-override-date: '20091018111500'
	6	stub-zone:
	7	name: "."
	8	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	9	AUTOTRUST_FILE example.com
	10	; autotrust trust anchor file
	11	;;REVOKED
	12	; The zone has all keys revoked, and is
	13	; considered as if it has no trust anchors.
	14	; the remainder of the file is the last probe.
	15	; to restart the trust anchor, overwrite this file.
	16	; with one containing valid DNSKEYs or DSes.
	17	;;id: example.com. 1
	18	;;last_queried: 1258962400 ;;Mon Nov 23 08:46:40 2009
	19	;;last_success: 1258962400 ;;Mon Nov 23 08:46:40 2009
	20	;;next_probe_time: ${0} ;;${ctime 0}
	21	;;query_failed: 0
	22	;;query_interval: 5400
	23	;;retry_time: 3600
	24	example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009
	25	example.com. 10800 IN DNSKEY 385 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16614 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009
	26	AUTOTRUST_END
	27	CONFIG_END
	28
	29	SCENARIO_BEGIN Test autotrust with revoked trust point read back from config
	30
	31	; K-ROOT
	32	RANGE_BEGIN 0 100
	33	ADDRESS 193.0.14.129
	34	ENTRY_BEGIN
	35	MATCH opcode qname qtype
	36	ADJUST copy_id copy_query
	37	REPLY QR AA
	38	SECTION QUESTION
	39	. IN NS
	40	SECTION ANSWER
	41	. IN NS k.root-servers.net.
	42	SECTION ADDITIONAL
	43	k.root-servers.net IN A 193.0.14.129
	44	ENTRY_END
	45
	46	ENTRY_BEGIN
	47	MATCH opcode subdomain
	48	ADJUST copy_id copy_query
	49	REPLY QR
	50	SECTION QUESTION
	51	com. IN NS
	52	SECTION AUTHORITY
	53	com. IN NS a.gtld-servers.net.
	54	SECTION ADDITIONAL
	55	a.gtld-servers.net. IN A 192.5.6.30
	56	ENTRY_END
	57	RANGE_END
	58
	59	; a.gtld-servers.net.
	60	RANGE_BEGIN 0 100
	61	ADDRESS 192.5.6.30
	62	ENTRY_BEGIN
	63	MATCH opcode subdomain
	64	ADJUST copy_id copy_query
65	REPLY QR
66	SECTION QUESTION
67	example.com. IN NS
68	SECTION AUTHORITY
69	example.com. IN NS ns.example.com.
70	SECTION ADDITIONAL
71	ns.example.com. IN A 1.2.3.4
72	ENTRY_END
73	RANGE_END
74
75	; ns.example.com.
76	RANGE_BEGIN 0 100
77	ADDRESS 1.2.3.4
78	ENTRY_BEGIN
79	MATCH opcode subdomain
80	ADJUST copy_id copy_query
81	REPLY QR
82	SECTION QUESTION
83	www.example.com. IN A
84	SECTION ANSWER
85	www.example.com. IN A 10.20.30.40
86	ENTRY_END
87	RANGE_END
88
89	RANGE_END
90
91	STEP 20 QUERY
92	ENTRY_BEGIN
93	REPLY RD DO
94	SECTION QUESTION
95	www.example.com. IN A
96	ENTRY_END
97
98	; correct unsigned response works after trust point revocation.
99	STEP 30 CHECK_ANSWER
100	ENTRY_BEGIN
101	MATCH all
102	REPLY QR RD RA DO NOERROR
103	SECTION QUESTION
104	www.example.com. IN A
105	SECTION ANSWER
106	www.example.com. IN A 10.20.30.40
107	ENTRY_END
108
109	SCENARIO_END