[apple/network_cmds.git] / unbound / testdata / dlv_keyretry.rpl

; config options
; The island of trust is at example.com (the DLV repository)
server:
	dlv-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	val-override-date: "20070916134226"
	target-fetch-policy: "0 0 0 0 0"

stub-zone:
	name: "."
	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test validator with DLV anchor and subsequently key retries
; positive response for DLV.  But the DNSKEY for the target fails validation.

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129 
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS	K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN A
SECTION AUTHORITY
com.	IN NS	a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.	IN 	A	192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
net. IN A
SECTION AUTHORITY
net.	IN NS	a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.	IN 	A	192.5.6.30
ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 100
	ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com.    IN NS   a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.     IN      A       192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net. IN NS
SECTION ANSWER
net.    IN NS   a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.     IN      A       192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION AUTHORITY
example.com.	IN NS	ns.example.com.
SECTION ADDITIONAL
ns.example.com.		IN 	A	1.2.3.4
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.net. IN A
SECTION AUTHORITY
example.net.	IN NS	ns.example.net.
SECTION ADDITIONAL
ns.example.net.		IN 	A	1.2.3.5
ENTRY_END
RANGE_END

; ns.example.com.
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com.    IN NS   ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
SECTION AUTHORITY
example.com.	IN NS	ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.		IN 	A	1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

; DLV query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net.example.com. IN DLV
SECTION ANSWER
example.net.example.com.	3600	IN	DLV	30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
example.net.example.com.	3600	IN	RRSIG	DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854}
SECTION AUTHORITY
example.com.	IN NS	ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.		IN 	A	1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net.example.com. IN DLV
SECTION ANSWER
SECTION AUTHORITY
example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NXDOMAIN
SECTION QUESTION
com.example.com. IN DLV
SECTION ANSWER
SECTION AUTHORITY
example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
ENTRY_END

RANGE_END

; ns.example.net.
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.5
; DS RR is
; example.net.	3600	IN	DS	30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
; DNSKEY prime query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN DNSKEY
SECTION ANSWER
example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
; expired signature
example.net.	3600	IN	RRSIG	DNSKEY 5 2 3600 20050926134150 20050829134150 30899 example.net. ydM0/eWMqFn4RxMTbscdSLU7bJNoPuzjCa0eI7HSV/r/54slSGvkl0fmwqrROl1tpc0YMV6kAzgB1T5lJbvdsA== ;{id = 30899}
; good signature:
;example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
SECTION AUTHORITY
example.net.    IN NS   ns.example.net.
example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net.         IN      A       1.2.3.5
ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END

; NS query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net.    IN NS   ns.example.net.
example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net.         IN      A       1.2.3.5
ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END

; AAAA for nameserver (for dnssec retry) query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.example.net. IN AAAA
SECTION AUTHORITY
example.net. IN SOA . . 2007091300 28800 7200 604800 3600
example.net.	3600	IN	RRSIG	SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. MrpP4svNpbN/YKhuYRlNbvNg0yVxn4ywW1tyEFA9v6F7BR6k1pP8iPfN5XV+XWPAmbss9h3fwKq8zNs4F/SPkg== ;{id = 30899}
ns.example.net. IN NSEC ppp.example.net. A RRSIG NSEC
ns.example.net.	3600	IN	RRSIG	NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. freWP6rXWsU5iyRE2gIM9rICuBxCYlQSW01GkLPez5czqtEL0hHN8vtjTlfoNxjJjiZj3vAavZDIQGgOOOMIsA== ;{id = 30899}
ENTRY_END

; www.example.net query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.net. IN A
SECTION ANSWER
www.example.net.	3600	IN	A	10.20.30.40
www.example.net.	3600	IN	RRSIG	A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
SECTION AUTHORITY
example.net.    IN NS   ns.example.net.
example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net.         IN      A       1.2.3.5
ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END


RANGE_END

STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.net. IN A
ENTRY_END

; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO SERVFAIL
SECTION QUESTION
www.example.net. IN A
SECTION ANSWER
ENTRY_END

SCENARIO_END
Commit	Line	Data
89c4ed63 A	1	; config options
	2	; The island of trust is at example.com (the DLV repository)
	3	server:
	4	dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
	7
	8	stub-zone:
	9	name: "."
	10	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	11	CONFIG_END
	12
	13	SCENARIO_BEGIN Test validator with DLV anchor and subsequently key retries
	14	; positive response for DLV. But the DNSKEY for the target fails validation.
	15
	16	; K.ROOT-SERVERS.NET.
	17	RANGE_BEGIN 0 100
	18	ADDRESS 193.0.14.129
	19	ENTRY_BEGIN
	20	MATCH opcode qtype qname
	21	ADJUST copy_id
	22	REPLY QR NOERROR
	23	SECTION QUESTION
	24	. IN NS
	25	SECTION ANSWER
	26	. IN NS K.ROOT-SERVERS.NET.
	27	SECTION ADDITIONAL
	28	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	29	ENTRY_END
	30
	31	ENTRY_BEGIN
	32	MATCH opcode subdomain
	33	ADJUST copy_id copy_query
	34	REPLY QR NOERROR
	35	SECTION QUESTION
	36	com. IN A
	37	SECTION AUTHORITY
	38	com. IN NS a.gtld-servers.net.
	39	SECTION ADDITIONAL
	40	a.gtld-servers.net. IN A 192.5.6.30
	41	ENTRY_END
	42
	43	ENTRY_BEGIN
	44	MATCH opcode subdomain
	45	ADJUST copy_id copy_query
	46	REPLY QR NOERROR
	47	SECTION QUESTION
	48	net. IN A
	49	SECTION AUTHORITY
	50	net. IN NS a.gtld-servers.net.
	51	SECTION ADDITIONAL
	52	a.gtld-servers.net. IN A 192.5.6.30
	53	ENTRY_END
	54	RANGE_END
	55
	56	; a.gtld-servers.net.
	57	RANGE_BEGIN 0 100
	58	ADDRESS 192.5.6.30
	59	ENTRY_BEGIN
	60	MATCH opcode qtype qname
	61	ADJUST copy_id
	62	REPLY QR NOERROR
	63	SECTION QUESTION
	64	com. IN NS
65	SECTION ANSWER
66	com. IN NS a.gtld-servers.net.
67	SECTION ADDITIONAL
68	a.gtld-servers.net. IN A 192.5.6.30
69	ENTRY_END
70
71	ENTRY_BEGIN
72	MATCH opcode qtype qname
73	ADJUST copy_id
74	REPLY QR NOERROR
75	SECTION QUESTION
76	net. IN NS
77	SECTION ANSWER
78	net. IN NS a.gtld-servers.net.
79	SECTION ADDITIONAL
80	a.gtld-servers.net. IN A 192.5.6.30
81	ENTRY_END
82
83	ENTRY_BEGIN
84	MATCH opcode subdomain
85	ADJUST copy_id copy_query
86	REPLY QR NOERROR
87	SECTION QUESTION
88	example.com. IN A
89	SECTION AUTHORITY
90	example.com. IN NS ns.example.com.
91	SECTION ADDITIONAL
92	ns.example.com. IN A 1.2.3.4
93	ENTRY_END
94
95	ENTRY_BEGIN
96	MATCH opcode subdomain
97	ADJUST copy_id copy_query
98	REPLY QR NOERROR
99	SECTION QUESTION
100	example.net. IN A
101	SECTION AUTHORITY
102	example.net. IN NS ns.example.net.
103	SECTION ADDITIONAL
104	ns.example.net. IN A 1.2.3.5
105	ENTRY_END
106	RANGE_END
107
108	; ns.example.com.
109	RANGE_BEGIN 0 100
110	ADDRESS 1.2.3.4
111	ENTRY_BEGIN
112	MATCH opcode qtype qname
113	ADJUST copy_id
114	REPLY QR NOERROR
115	SECTION QUESTION
116	example.com. IN NS
117	SECTION ANSWER
118	example.com. IN NS ns.example.com.
119	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
120	SECTION ADDITIONAL
121	ns.example.com. IN A 1.2.3.4
122	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
123	ENTRY_END
124
125	; response to DNSKEY priming query
126	ENTRY_BEGIN
127	MATCH opcode qtype qname
128	ADJUST copy_id
129	REPLY QR NOERROR
130	SECTION QUESTION
131	example.com. IN DNSKEY
132	SECTION ANSWER
133	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
134	example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
135	SECTION AUTHORITY
136	example.com. IN NS ns.example.com.
137	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
138	SECTION ADDITIONAL
139	ns.example.com. IN A 1.2.3.4
140	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
141	ENTRY_END
142
143	; DLV query
144	ENTRY_BEGIN
145	MATCH opcode qtype qname
146	ADJUST copy_id
147	REPLY QR NOERROR
148	SECTION QUESTION
149	example.net.example.com. IN DLV
150	SECTION ANSWER
151	example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
152	example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854}
153	SECTION AUTHORITY
154	example.com. IN NS ns.example.com.
155	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
156	SECTION ADDITIONAL
157	ns.example.com. IN A 1.2.3.4
158	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
159	ENTRY_END
160
161	ENTRY_BEGIN
162	MATCH opcode qtype qname
163	ADJUST copy_id
164	REPLY QR NOERROR
165	SECTION QUESTION
166	net.example.com. IN DLV
167	SECTION ANSWER
168	SECTION AUTHORITY
169	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
170	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
171	example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
172	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
173	ENTRY_END
174
175	ENTRY_BEGIN
176	MATCH opcode qtype qname
177	ADJUST copy_id
178	REPLY QR NXDOMAIN
179	SECTION QUESTION
180	com.example.com. IN DLV
181	SECTION ANSWER
182	SECTION AUTHORITY
183	example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
184	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
185	example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
186	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
187	ENTRY_END
188
189	RANGE_END
190
191	; ns.example.net.
192	RANGE_BEGIN 0 100
193	ADDRESS 1.2.3.5
194	; DS RR is
195	; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
196	; DNSKEY prime query
197	ENTRY_BEGIN
198	MATCH opcode qtype qname
199	ADJUST copy_id
200	REPLY QR NOERROR
201	SECTION QUESTION
202	example.net. IN DNSKEY
203	SECTION ANSWER
204	example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
205	; expired signature
206	example.net. 3600 IN RRSIG DNSKEY 5 2 3600 20050926134150 20050829134150 30899 example.net. ydM0/eWMqFn4RxMTbscdSLU7bJNoPuzjCa0eI7HSV/r/54slSGvkl0fmwqrROl1tpc0YMV6kAzgB1T5lJbvdsA== ;{id = 30899}
207	; good signature:
208	;example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
209	SECTION AUTHORITY
210	example.net. IN NS ns.example.net.
211	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
212	SECTION ADDITIONAL
213	ns.example.net. IN A 1.2.3.5
214	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
215	ENTRY_END
216
217	; NS query
218	ENTRY_BEGIN
219	MATCH opcode qtype qname
220	ADJUST copy_id
221	REPLY QR NOERROR
222	SECTION QUESTION
223	example.net. IN NS
224	SECTION ANSWER
225	example.net. IN NS ns.example.net.
226	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
227	SECTION ADDITIONAL
228	ns.example.net. IN A 1.2.3.5
229	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
230	ENTRY_END
231
232	; AAAA for nameserver (for dnssec retry) query
233	ENTRY_BEGIN
234	MATCH opcode qtype qname
235	ADJUST copy_id
236	REPLY QR AA NOERROR
237	SECTION QUESTION
238	ns.example.net. IN AAAA
239	SECTION AUTHORITY
240	example.net. IN SOA . . 2007091300 28800 7200 604800 3600
241	example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. MrpP4svNpbN/YKhuYRlNbvNg0yVxn4ywW1tyEFA9v6F7BR6k1pP8iPfN5XV+XWPAmbss9h3fwKq8zNs4F/SPkg== ;{id = 30899}
242	ns.example.net. IN NSEC ppp.example.net. A RRSIG NSEC
243	ns.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. freWP6rXWsU5iyRE2gIM9rICuBxCYlQSW01GkLPez5czqtEL0hHN8vtjTlfoNxjJjiZj3vAavZDIQGgOOOMIsA== ;{id = 30899}
244	ENTRY_END
245
246	; www.example.net query
247	ENTRY_BEGIN
248	MATCH opcode qtype qname
249	ADJUST copy_id
250	REPLY QR NOERROR
251	SECTION QUESTION
252	www.example.net. IN A
253	SECTION ANSWER
254	www.example.net. 3600 IN A 10.20.30.40
255	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
256	SECTION AUTHORITY
257	example.net. IN NS ns.example.net.
258	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
259	SECTION ADDITIONAL
260	ns.example.net. IN A 1.2.3.5
261	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
262	ENTRY_END
263
264
265	RANGE_END
266
267	STEP 1 QUERY
268	ENTRY_BEGIN
269	REPLY RD DO
270	SECTION QUESTION
271	www.example.net. IN A
272	ENTRY_END
273
274	; recursion happens here.
275	STEP 10 CHECK_ANSWER
276	ENTRY_BEGIN
277	MATCH all
278	REPLY QR RD RA DO SERVFAIL
279	SECTION QUESTION
280	www.example.net. IN A
281	SECTION ANSWER
282	ENTRY_END
283
284	SCENARIO_END