[apple/network_cmds.git] / unbound / testdata / autotrust_rollalgo.rpl

; config options
server:
	target-fetch-policy: "0 0 0 0 0"
	log-time-ascii: yes
stub-zone:
	name: "."
	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
; initial content (say from dig example.com DNSKEY > example.com.key) 
AUTOTRUST_FILE example.com
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
AUTOTRUST_END
CONFIG_END

SCENARIO_BEGIN Test autotrust with algorithm rollover
; from RSASHA1(5) to DSASHA1(3)
; Note, when both algorithms are present, the zone must be double-signed.
; with a ZSK for RSASHA1(5) and a ZSK for DSASHA1(3).

; K-ROOT
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id copy_query
REPLY QR AA
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS k.root-servers.net.
SECTION ADDITIONAL
k.root-servers.net IN A 193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 100
	ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END

; ns.example.com.  KSK 55582
RANGE_BEGIN 0 10
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com.	3600	IN	A	10.20.30.40
www.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
SECTION AUTHORITY
example.com.	3600	IN	NS	ns.example.com.
example.com.	3600	IN	RRSIG	NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
SECTION ADDITIONAL
ns.example.com.	3600	IN	A	1.2.3.4
ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
; KSK 1
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
; ZSK 1
example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
; signatures
example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
ENTRY_END
RANGE_END

; ns.example.com.  KSK 55582 and DSAkey 02855
RANGE_BEGIN 11 40
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
; KSK 1
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
; KSK 2
example.com.	10800	IN	DNSKEY	257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 1688b}
; and two ZSKs (omitted) for both algorithms.
; signatures
example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091024111500 20090921111500 55582 example.com. aCZVA+PLXxm15p46499FCPHvhR/MSpMSRTZT6PoUy2e+wdk7bszLdsEmfWym81UN2Xx1JOj5104c43c3QnvjNQ== ;{id = 55582}
example.com.	10800	IN	RRSIG	DNSKEY 3 2 10800 20091024111500 20090921111500 2855 example.com. AKdhmjqEbe0STsFNq/UxOidElaWHWCy2hSPQ7oN0Tsq56w6Hsk72PpM= ;{id = 2855}
ENTRY_END
RANGE_END

; ns.example.com.  KSK 55582 and 02855 (signatures updated)
RANGE_BEGIN 41 50
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
; KSK 1
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
; KSK 2
example.com.	10800	IN	DNSKEY	257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 1688b}
; signatures
example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091124111500 20091018111500 55582 example.com. vpLMiMW+2uxqE1+OpMWipQdyGJ/pOQ63tIhup50WFejPysvlZRZ27XOoB4GVRyCwK9Bv46PrsQf3IsjHZf6jvw== ;{id = 55582}
example.com.	10800	IN	RRSIG	DNSKEY 3 2 10800 20091124111500 20091018111500 2855 example.com. ABJyZ97htJyBFk5wsKml3YAz81FpXkQKdJeC++fB5ysvl3i+zKJFzTo= ;{id = 2855}
ENTRY_END
RANGE_END

; ns.example.com.  KSK 55582-REVOKED and 02855
RANGE_BEGIN 51 60
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
; KSK 1
example.com.	10800	IN	DNSKEY	385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b}
; KSK 2
example.com.	10800	IN	DNSKEY	257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 1688b}
; signatures
example.com.	10800	IN	RRSIG	DNSKEY 3 2 10800 20091224111500 20091118111500 2855 example.com. AFAbqLJsTDBfwAipE84ETdFTfzKHs7pzdyzjTKHR2VXygGvHY4QsBaA= ;{id = 2855}
example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091224111500 20091118111500 55710 example.com. DqR6BRE9G+kEb+ZorUr3yKKUsCF2TN+vrsNBaLfpHR+Vgv0RgeRCkXki+/FY9b4NEhXkg719dlLSASg4DmyV7g== ;{id = 55710}
; wrong keytag: 55582
ENTRY_END
RANGE_END

; ns.example.com.  KSK 02855
RANGE_BEGIN 61 70
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
; KSK 2
example.com.	10800	IN	DNSKEY	257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 1688b}
; signatures
example.com.	10800	IN	RRSIG	DNSKEY 3 2 10800 20101224111500 20101118111500 2855 example.com. AJv9ujre3iUykHlhJpLYPqsXq12lmQp+AHUPSPpE5zuUhXAPjbnbewk= ;{id = 2855}
ENTRY_END
RANGE_END

; set date/time to Aug 24 07:46:40  (2009).
STEP 5 TIME_PASSES ELAPSE 1251100000
STEP 6 TRAFFIC   ; the initial probe
STEP 7 ASSIGN t0 = ${time}
STEP 8 ASSIGN probe0 = ${range 4800 ${timeout} 5400}

; the auto probing should have been done now.
STEP 10 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: ${$t0} ;;${ctime $t0}
;;last_success: ${$t0} ;;${ctime $t0}
;;next_probe_time: ${$t0 + $probe0} ;;${ctime $t0 + $probe0}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
FILE_END

; key prepublished.  First poll. 30 days later
STEP 11 TIME_PASSES EVAL ${30*24*3600}
STEP 12 TRAFFIC
STEP 13 ASSIGN t1 = ${time}
STEP 14 ASSIGN probe1 = ${range 4800 ${timeout} 5400}
STEP 15 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: ${$t1} ;;${ctime $t1}
;;last_success: ${$t1} ;;${ctime $t1}
;;next_probe_time: ${$t1 + $probe1} ;;${ctime $t1 + $probe1}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t1} ;;${ctime $t1}
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
FILE_END

; Second poll. 10 days later
STEP 21 TIME_PASSES EVAL ${10*24*3600}
STEP 22 TRAFFIC
STEP 23 ASSIGN t2 = ${time}
STEP 24 ASSIGN probe2 = ${range 4800 ${timeout} 5400}
STEP 25 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: ${$t2} ;;${ctime $t2}
;;last_success: ${$t2} ;;${ctime $t2}
;;next_probe_time: ${$t2 + $probe2} ;;${ctime $t2 + $probe2}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=2 ;;lastchange=${$t1} ;;${ctime $t1}
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
FILE_END

; Third poll. 10 days later
STEP 31 TIME_PASSES EVAL ${10*24*3600}
STEP 32 TRAFFIC
STEP 33 ASSIGN t3 = ${time}
STEP 34 ASSIGN probe3 = ${range 4800 ${timeout} 5400}
STEP 35 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: ${$t3} ;;${ctime $t3}
;;last_success: ${$t3} ;;${ctime $t3}
;;next_probe_time: ${$t3 + $probe3} ;;${ctime $t3 + $probe3}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=3 ;;lastchange=${$t1} ;;${ctime $t1}
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
FILE_END

; 11 days later, hold down has lapsed.
STEP 41 TIME_PASSES EVAL ${11*24*3600}
STEP 42 TRAFFIC
STEP 43 ASSIGN t4 = ${time}
STEP 44 ASSIGN probe4 = ${range 4800 ${timeout} 5400}
STEP 45 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: ${$t4} ;;${ctime $t4}
;;last_success: ${$t4} ;;${ctime $t4}
;;next_probe_time: ${$t4 + $probe4} ;;${ctime $t4 + $probe4}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
FILE_END

; 30 days later, the old key is revoked
STEP 51 TIME_PASSES EVAL ${30*24*3600}
STEP 52 TRAFFIC
STEP 53 ASSIGN t5 = ${time}
STEP 54 ASSIGN probe5 = ${range 4800 ${timeout} 5400}
STEP 55 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: ${$t5} ;;${ctime $t5}
;;last_success: ${$t5} ;;${ctime $t5}
;;next_probe_time: ${$t5 + $probe5} ;;${ctime $t5 + $probe5}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
example.com.	10800	IN	DNSKEY	385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t5} ;;${ctime $t5}
FILE_END

; 370 days later, the old key is removed from storage
STEP 61 TIME_PASSES EVAL ${370*24*3600}
STEP 62 TRAFFIC
STEP 63 ASSIGN t6 = ${time}
STEP 64 ASSIGN probe6 = ${range 4800 ${timeout} 5400}
STEP 65 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: ${$t6} ;;${ctime $t6}
;;last_success: ${$t6} ;;${ctime $t6}
;;next_probe_time: ${$t6 + $probe6} ;;${ctime $t6 + $probe6}
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com.	10800	IN	DNSKEY	257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
FILE_END


SCENARIO_END
Commit	Line	Data
89c4ed63 A	1	; config options
	2	server:
	3	target-fetch-policy: "0 0 0 0 0"
	4	log-time-ascii: yes
	5	stub-zone:
	6	name: "."
	7	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	8	; initial content (say from dig example.com DNSKEY > example.com.key)
	9	AUTOTRUST_FILE example.com
	10	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
	11	example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
	12	AUTOTRUST_END
	13	CONFIG_END
	14
	15	SCENARIO_BEGIN Test autotrust with algorithm rollover
	16	; from RSASHA1(5) to DSASHA1(3)
	17	; Note, when both algorithms are present, the zone must be double-signed.
	18	; with a ZSK for RSASHA1(5) and a ZSK for DSASHA1(3).
	19
	20	; K-ROOT
	21	RANGE_BEGIN 0 100
	22	ADDRESS 193.0.14.129
	23	ENTRY_BEGIN
	24	MATCH opcode qname qtype
	25	ADJUST copy_id copy_query
	26	REPLY QR AA
	27	SECTION QUESTION
	28	. IN NS
	29	SECTION ANSWER
	30	. IN NS k.root-servers.net.
	31	SECTION ADDITIONAL
	32	k.root-servers.net IN A 193.0.14.129
	33	ENTRY_END
	34
	35	ENTRY_BEGIN
	36	MATCH opcode subdomain
	37	ADJUST copy_id copy_query
	38	REPLY QR
	39	SECTION QUESTION
	40	com. IN NS
	41	SECTION AUTHORITY
	42	com. IN NS a.gtld-servers.net.
	43	SECTION ADDITIONAL
	44	a.gtld-servers.net. IN A 192.5.6.30
	45	ENTRY_END
	46	RANGE_END
	47
	48	; a.gtld-servers.net.
	49	RANGE_BEGIN 0 100
	50	ADDRESS 192.5.6.30
	51	ENTRY_BEGIN
	52	MATCH opcode subdomain
	53	ADJUST copy_id copy_query
	54	REPLY QR
	55	SECTION QUESTION
	56	example.com. IN NS
	57	SECTION AUTHORITY
	58	example.com. IN NS ns.example.com.
	59	SECTION ADDITIONAL
	60	ns.example.com. IN A 1.2.3.4
	61	ENTRY_END
	62	RANGE_END
	63
	64	; ns.example.com. KSK 55582
65	RANGE_BEGIN 0 10
66	ADDRESS 1.2.3.4
67	ENTRY_BEGIN
68	MATCH opcode qname qtype
69	ADJUST copy_id
70	REPLY QR AA
71	SECTION QUESTION
72	www.example.com. IN A
73	SECTION ANSWER
74	www.example.com. 3600 IN A 10.20.30.40
75	www.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
76	SECTION AUTHORITY
77	example.com. 3600 IN NS ns.example.com.
78	example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
79	SECTION ADDITIONAL
80	ns.example.com. 3600 IN A 1.2.3.4
81	ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
82	ENTRY_END
83
84	ENTRY_BEGIN
85	MATCH opcode qname qtype
86	ADJUST copy_id
87	REPLY QR AA
88	SECTION QUESTION
89	example.com. IN DNSKEY
90	SECTION ANSWER
91	; KSK 1
92	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
93	; ZSK 1
94	example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
95	; signatures
96	example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
97	example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
98	ENTRY_END
99	RANGE_END
100
101	; ns.example.com. KSK 55582 and DSAkey 02855
102	RANGE_BEGIN 11 40
103	ADDRESS 1.2.3.4
104	ENTRY_BEGIN
105	MATCH opcode qname qtype
106	ADJUST copy_id
107	REPLY QR AA
108	SECTION QUESTION
109	example.com. IN DNSKEY
110	SECTION ANSWER
111	; KSK 1
112	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
113	; KSK 2
114	example.com. 10800 IN DNSKEY 257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 1688b}
115	; and two ZSKs (omitted) for both algorithms.
116	; signatures
117	example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 55582 example.com. aCZVA+PLXxm15p46499FCPHvhR/MSpMSRTZT6PoUy2e+wdk7bszLdsEmfWym81UN2Xx1JOj5104c43c3QnvjNQ== ;{id = 55582}
118	example.com. 10800 IN RRSIG DNSKEY 3 2 10800 20091024111500 20090921111500 2855 example.com. AKdhmjqEbe0STsFNq/UxOidElaWHWCy2hSPQ7oN0Tsq56w6Hsk72PpM= ;{id = 2855}
119	ENTRY_END
120	RANGE_END
121
122	; ns.example.com. KSK 55582 and 02855 (signatures updated)
123	RANGE_BEGIN 41 50
124	ADDRESS 1.2.3.4
125	ENTRY_BEGIN
126	MATCH opcode qname qtype
127	ADJUST copy_id
128	REPLY QR AA
129	SECTION QUESTION
130	example.com. IN DNSKEY
131	SECTION ANSWER
132	; KSK 1
133	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
134	; KSK 2
135	example.com. 10800 IN DNSKEY 257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 1688b}
136	; signatures
137	example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 55582 example.com. vpLMiMW+2uxqE1+OpMWipQdyGJ/pOQ63tIhup50WFejPysvlZRZ27XOoB4GVRyCwK9Bv46PrsQf3IsjHZf6jvw== ;{id = 55582}
138	example.com. 10800 IN RRSIG DNSKEY 3 2 10800 20091124111500 20091018111500 2855 example.com. ABJyZ97htJyBFk5wsKml3YAz81FpXkQKdJeC++fB5ysvl3i+zKJFzTo= ;{id = 2855}
139	ENTRY_END
140	RANGE_END
141
142	; ns.example.com. KSK 55582-REVOKED and 02855
143	RANGE_BEGIN 51 60
144	ADDRESS 1.2.3.4
145	ENTRY_BEGIN
146	MATCH opcode qname qtype
147	ADJUST copy_id
148	REPLY QR AA
149	SECTION QUESTION
150	example.com. IN DNSKEY
151	SECTION ANSWER
152	; KSK 1
153	example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b}
154	; KSK 2
155	example.com. 10800 IN DNSKEY 257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 1688b}
156	; signatures
157	example.com. 10800 IN RRSIG DNSKEY 3 2 10800 20091224111500 20091118111500 2855 example.com. AFAbqLJsTDBfwAipE84ETdFTfzKHs7pzdyzjTKHR2VXygGvHY4QsBaA= ;{id = 2855}
158	example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 55710 example.com. DqR6BRE9G+kEb+ZorUr3yKKUsCF2TN+vrsNBaLfpHR+Vgv0RgeRCkXki+/FY9b4NEhXkg719dlLSASg4DmyV7g== ;{id = 55710}
159	; wrong keytag: 55582
160	ENTRY_END
161	RANGE_END
162
163	; ns.example.com. KSK 02855
164	RANGE_BEGIN 61 70
165	ADDRESS 1.2.3.4
166	ENTRY_BEGIN
167	MATCH opcode qname qtype
168	ADJUST copy_id
169	REPLY QR AA
170	SECTION QUESTION
171	example.com. IN DNSKEY
172	SECTION ANSWER
173	; KSK 2
174	example.com. 10800 IN DNSKEY 257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 1688b}
175	; signatures
176	example.com. 10800 IN RRSIG DNSKEY 3 2 10800 20101224111500 20101118111500 2855 example.com. AJv9ujre3iUykHlhJpLYPqsXq12lmQp+AHUPSPpE5zuUhXAPjbnbewk= ;{id = 2855}
177	ENTRY_END
178	RANGE_END
179
180	; set date/time to Aug 24 07:46:40 (2009).
181	STEP 5 TIME_PASSES ELAPSE 1251100000
182	STEP 6 TRAFFIC ; the initial probe
183	STEP 7 ASSIGN t0 = ${time}
184	STEP 8 ASSIGN probe0 = ${range 4800 ${timeout} 5400}
185
186	; the auto probing should have been done now.
187	STEP 10 CHECK_AUTOTRUST example.com
188	FILE_BEGIN
189	; autotrust trust anchor file
190	;;id: example.com. 1
191	;;last_queried: ${$t0} ;;${ctime $t0}
192	;;last_success: ${$t0} ;;${ctime $t0}
193	;;next_probe_time: ${$t0 + $probe0} ;;${ctime $t0 + $probe0}
194	;;query_failed: 0
195	;;query_interval: 5400
196	;;retry_time: 3600
197	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
198	FILE_END
199
200	; key prepublished. First poll. 30 days later
201	STEP 11 TIME_PASSES EVAL ${30243600}
202	STEP 12 TRAFFIC
203	STEP 13 ASSIGN t1 = ${time}
204	STEP 14 ASSIGN probe1 = ${range 4800 ${timeout} 5400}
205	STEP 15 CHECK_AUTOTRUST example.com
206	FILE_BEGIN
207	; autotrust trust anchor file
208	;;id: example.com. 1
209	;;last_queried: ${$t1} ;;${ctime $t1}
210	;;last_success: ${$t1} ;;${ctime $t1}
211	;;next_probe_time: ${$t1 + $probe1} ;;${ctime $t1 + $probe1}
212	;;query_failed: 0
213	;;query_interval: 5400
214	;;retry_time: 3600
215	example.com. 10800 IN DNSKEY 257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t1} ;;${ctime $t1}
216	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
217	FILE_END
218
219	; Second poll. 10 days later
220	STEP 21 TIME_PASSES EVAL ${10243600}
221	STEP 22 TRAFFIC
222	STEP 23 ASSIGN t2 = ${time}
223	STEP 24 ASSIGN probe2 = ${range 4800 ${timeout} 5400}
224	STEP 25 CHECK_AUTOTRUST example.com
225	FILE_BEGIN
226	; autotrust trust anchor file
227	;;id: example.com. 1
228	;;last_queried: ${$t2} ;;${ctime $t2}
229	;;last_success: ${$t2} ;;${ctime $t2}
230	;;next_probe_time: ${$t2 + $probe2} ;;${ctime $t2 + $probe2}
231	;;query_failed: 0
232	;;query_interval: 5400
233	;;retry_time: 3600
234	example.com. 10800 IN DNSKEY 257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=2 ;;lastchange=${$t1} ;;${ctime $t1}
235	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
236	FILE_END
237
238	; Third poll. 10 days later
239	STEP 31 TIME_PASSES EVAL ${10243600}
240	STEP 32 TRAFFIC
241	STEP 33 ASSIGN t3 = ${time}
242	STEP 34 ASSIGN probe3 = ${range 4800 ${timeout} 5400}
243	STEP 35 CHECK_AUTOTRUST example.com
244	FILE_BEGIN
245	; autotrust trust anchor file
246	;;id: example.com. 1
247	;;last_queried: ${$t3} ;;${ctime $t3}
248	;;last_success: ${$t3} ;;${ctime $t3}
249	;;next_probe_time: ${$t3 + $probe3} ;;${ctime $t3 + $probe3}
250	;;query_failed: 0
251	;;query_interval: 5400
252	;;retry_time: 3600
253	example.com. 10800 IN DNSKEY 257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=3 ;;lastchange=${$t1} ;;${ctime $t1}
254	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
255	FILE_END
256
257	; 11 days later, hold down has lapsed.
258	STEP 41 TIME_PASSES EVAL ${11243600}
259	STEP 42 TRAFFIC
260	STEP 43 ASSIGN t4 = ${time}
261	STEP 44 ASSIGN probe4 = ${range 4800 ${timeout} 5400}
262	STEP 45 CHECK_AUTOTRUST example.com
263	FILE_BEGIN
264	; autotrust trust anchor file
265	;;id: example.com. 1
266	;;last_queried: ${$t4} ;;${ctime $t4}
267	;;last_success: ${$t4} ;;${ctime $t4}
268	;;next_probe_time: ${$t4 + $probe4} ;;${ctime $t4 + $probe4}
269	;;query_failed: 0
270	;;query_interval: 5400
271	;;retry_time: 3600
272	example.com. 10800 IN DNSKEY 257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
273	example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
274	FILE_END
275
276	; 30 days later, the old key is revoked
277	STEP 51 TIME_PASSES EVAL ${30243600}
278	STEP 52 TRAFFIC
279	STEP 53 ASSIGN t5 = ${time}
280	STEP 54 ASSIGN probe5 = ${range 4800 ${timeout} 5400}
281	STEP 55 CHECK_AUTOTRUST example.com
282	FILE_BEGIN
283	; autotrust trust anchor file
284	;;id: example.com. 1
285	;;last_queried: ${$t5} ;;${ctime $t5}
286	;;last_success: ${$t5} ;;${ctime $t5}
287	;;next_probe_time: ${$t5 + $probe5} ;;${ctime $t5 + $probe5}
288	;;query_failed: 0
289	;;query_interval: 5400
290	;;retry_time: 3600
291	example.com. 10800 IN DNSKEY 257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
292	example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t5} ;;${ctime $t5}
293	FILE_END
294
295	; 370 days later, the old key is removed from storage
296	STEP 61 TIME_PASSES EVAL ${370243600}
297	STEP 62 TRAFFIC
298	STEP 63 ASSIGN t6 = ${time}
299	STEP 64 ASSIGN probe6 = ${range 4800 ${timeout} 5400}
300	STEP 65 CHECK_AUTOTRUST example.com
301	FILE_BEGIN
302	; autotrust trust anchor file
303	;;id: example.com. 1
304	;;last_queried: ${$t6} ;;${ctime $t6}
305	;;last_success: ${$t6} ;;${ctime $t6}
306	;;next_probe_time: ${$t6 + $probe6} ;;${ctime $t6 + $probe6}
307	;;query_failed: 0
308	;;query_interval: 5400
309	;;retry_time: 3600
310	example.com. 10800 IN DNSKEY 257 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2855 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
311	FILE_END
312
313
314	SCENARIO_END