[apple/network_cmds.git] / unbound / testdata / val_cnameinsectopos.rpl

; config options
; The island of trust is at example.com
server:
	;trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
	val-override-date: "20070916134226"
	target-fetch-policy: "0 0 0 0 0"

stub-zone:
	name: "."
	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test validator with an insecure cname to positive cached

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129 
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS	K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com.	IN NS	a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.	IN 	A	192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.net. IN A
SECTION AUTHORITY
net.	IN NS	a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.	IN 	A	192.5.6.30
ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 100
	ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com.    IN NS   a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.     IN      A       192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net. IN NS
SECTION ANSWER
net.    IN NS   a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.     IN      A       192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com.	IN NS	ns.example.com.
SECTION ADDITIONAL
ns.example.com.		IN 	A	1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.net. IN A
SECTION AUTHORITY
example.net.	IN NS	ns.example.net.
SECTION ADDITIONAL
ns.example.net.		IN 	A	1.2.3.5
ENTRY_END
RANGE_END

; ns.example.com.
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com.    IN NS   ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
SECTION AUTHORITY
example.com.	IN NS	ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.		IN 	A	1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN	CNAME	www.example.net.
www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
insecure.example.com. IN A
SECTION ANSWER
insecure.example.com. IN	CNAME	www.example.net.
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
RANGE_END

; ns.example.net.
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net.	IN NS	ns.example.net.
example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net.		IN 	A	1.2.3.5
ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END

; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN DNSKEY
SECTION ANSWER
example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
SECTION AUTHORITY
example.net.	IN NS	ns.example.net.
example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net.		IN 	A	1.2.3.5
ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END

; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.net. IN A
SECTION ANSWER
www.example.net. IN	A	11.12.13.14
www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
RANGE_END

STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END

; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN	CNAME	www.example.net.
www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
www.example.net. IN	A	11.12.13.14
www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END


; Get www.example.net validated in the cache.
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.net. IN A
ENTRY_END

; recursion happens here.
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.net. IN A
SECTION ANSWER
www.example.net. IN	A	11.12.13.14
www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END


; reference the cache object
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
insecure.example.com. IN A
ENTRY_END

STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO NOERROR
SECTION QUESTION
insecure.example.com. IN A
SECTION ANSWER
insecure.example.com. IN	CNAME	www.example.net.
www.example.net. IN	A	11.12.13.14
www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END


SCENARIO_END
Commit	Line	Data
89c4ed63 A	1	; config options
	2	; The island of trust is at example.com
	3	server:
	4	;trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	5	trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
	6	val-override-date: "20070916134226"
	7	target-fetch-policy: "0 0 0 0 0"
	8
	9	stub-zone:
	10	name: "."
	11	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	12	CONFIG_END
	13
	14	SCENARIO_BEGIN Test validator with an insecure cname to positive cached
	15
	16	; K.ROOT-SERVERS.NET.
	17	RANGE_BEGIN 0 100
	18	ADDRESS 193.0.14.129
	19	ENTRY_BEGIN
	20	MATCH opcode qtype qname
	21	ADJUST copy_id
	22	REPLY QR NOERROR
	23	SECTION QUESTION
	24	. IN NS
	25	SECTION ANSWER
	26	. IN NS K.ROOT-SERVERS.NET.
	27	SECTION ADDITIONAL
	28	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	29	ENTRY_END
	30
	31	ENTRY_BEGIN
	32	MATCH opcode qtype qname
	33	ADJUST copy_id
	34	REPLY QR NOERROR
	35	SECTION QUESTION
	36	www.example.com. IN A
	37	SECTION AUTHORITY
	38	com. IN NS a.gtld-servers.net.
	39	SECTION ADDITIONAL
	40	a.gtld-servers.net. IN A 192.5.6.30
	41	ENTRY_END
	42
	43	ENTRY_BEGIN
	44	MATCH opcode qtype qname
	45	ADJUST copy_id
	46	REPLY QR NOERROR
	47	SECTION QUESTION
	48	www.example.net. IN A
	49	SECTION AUTHORITY
	50	net. IN NS a.gtld-servers.net.
	51	SECTION ADDITIONAL
	52	a.gtld-servers.net. IN A 192.5.6.30
	53	ENTRY_END
	54	RANGE_END
	55
	56	; a.gtld-servers.net.
	57	RANGE_BEGIN 0 100
	58	ADDRESS 192.5.6.30
	59	ENTRY_BEGIN
	60	MATCH opcode qtype qname
	61	ADJUST copy_id
	62	REPLY QR NOERROR
	63	SECTION QUESTION
	64	com. IN NS
65	SECTION ANSWER
66	com. IN NS a.gtld-servers.net.
67	SECTION ADDITIONAL
68	a.gtld-servers.net. IN A 192.5.6.30
69	ENTRY_END
70
71	ENTRY_BEGIN
72	MATCH opcode qtype qname
73	ADJUST copy_id
74	REPLY QR NOERROR
75	SECTION QUESTION
76	net. IN NS
77	SECTION ANSWER
78	net. IN NS a.gtld-servers.net.
79	SECTION ADDITIONAL
80	a.gtld-servers.net. IN A 192.5.6.30
81	ENTRY_END
82
83	ENTRY_BEGIN
84	MATCH opcode qtype qname
85	ADJUST copy_id
86	REPLY QR NOERROR
87	SECTION QUESTION
88	www.example.com. IN A
89	SECTION AUTHORITY
90	example.com. IN NS ns.example.com.
91	SECTION ADDITIONAL
92	ns.example.com. IN A 1.2.3.4
93	ENTRY_END
94	ENTRY_BEGIN
95	MATCH opcode qtype qname
96	ADJUST copy_id
97	REPLY QR NOERROR
98	SECTION QUESTION
99	www.example.net. IN A
100	SECTION AUTHORITY
101	example.net. IN NS ns.example.net.
102	SECTION ADDITIONAL
103	ns.example.net. IN A 1.2.3.5
104	ENTRY_END
105	RANGE_END
106
107	; ns.example.com.
108	RANGE_BEGIN 0 100
109	ADDRESS 1.2.3.4
110	ENTRY_BEGIN
111	MATCH opcode qtype qname
112	ADJUST copy_id
113	REPLY QR NOERROR
114	SECTION QUESTION
115	example.com. IN NS
116	SECTION ANSWER
117	example.com. IN NS ns.example.com.
118	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
119	SECTION ADDITIONAL
120	ns.example.com. IN A 1.2.3.4
121	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
122	ENTRY_END
123
124	; response to DNSKEY priming query
125	ENTRY_BEGIN
126	MATCH opcode qtype qname
127	ADJUST copy_id
128	REPLY QR NOERROR
129	SECTION QUESTION
130	example.com. IN DNSKEY
131	SECTION ANSWER
132	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
133	example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
134	SECTION AUTHORITY
135	example.com. IN NS ns.example.com.
136	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
137	SECTION ADDITIONAL
138	ns.example.com. IN A 1.2.3.4
139	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
140	ENTRY_END
141
142	; response to query of interest
143	ENTRY_BEGIN
144	MATCH opcode qtype qname
145	ADJUST copy_id
146	REPLY QR NOERROR
147	SECTION QUESTION
148	www.example.com. IN A
149	SECTION ANSWER
150	www.example.com. IN CNAME www.example.net.
151	www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
152	SECTION AUTHORITY
153	SECTION ADDITIONAL
154	ENTRY_END
155
156	ENTRY_BEGIN
157	MATCH opcode qtype qname
158	ADJUST copy_id
159	REPLY QR AA NOERROR
160	SECTION QUESTION
161	insecure.example.com. IN A
162	SECTION ANSWER
163	insecure.example.com. IN CNAME www.example.net.
164	SECTION AUTHORITY
165	SECTION ADDITIONAL
166	ENTRY_END
167	RANGE_END
168
169	; ns.example.net.
170	RANGE_BEGIN 0 100
171	ADDRESS 1.2.3.5
172	ENTRY_BEGIN
173	MATCH opcode qtype qname
174	ADJUST copy_id
175	REPLY QR NOERROR
176	SECTION QUESTION
177	example.net. IN NS
178	SECTION ANSWER
179	example.net. IN NS ns.example.net.
180	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
181	SECTION ADDITIONAL
182	ns.example.net. IN A 1.2.3.5
183	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
184	ENTRY_END
185
186	; response to DNSKEY priming query
187	ENTRY_BEGIN
188	MATCH opcode qtype qname
189	ADJUST copy_id
190	REPLY QR NOERROR
191	SECTION QUESTION
192	example.net. IN DNSKEY
193	SECTION ANSWER
194	example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
195	example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
196	SECTION AUTHORITY
197	example.net. IN NS ns.example.net.
198	example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
199	SECTION ADDITIONAL
200	ns.example.net. IN A 1.2.3.5
201	ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
202	ENTRY_END
203
204	; response to query of interest
205	ENTRY_BEGIN
206	MATCH opcode qtype qname
207	ADJUST copy_id
208	REPLY QR NOERROR
209	SECTION QUESTION
210	www.example.net. IN A
211	SECTION ANSWER
212	www.example.net. IN A 11.12.13.14
213	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
214	SECTION AUTHORITY
215	SECTION ADDITIONAL
216	ENTRY_END
217	RANGE_END
218
219	STEP 1 QUERY
220	ENTRY_BEGIN
221	REPLY RD DO
222	SECTION QUESTION
223	www.example.com. IN A
224	ENTRY_END
225
226	; recursion happens here.
227	STEP 10 CHECK_ANSWER
228	ENTRY_BEGIN
229	MATCH all
230	REPLY QR RD RA DO NOERROR
231	SECTION QUESTION
232	www.example.com. IN A
233	SECTION ANSWER
234	www.example.com. IN CNAME www.example.net.
235	www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
236	www.example.net. IN A 11.12.13.14
237	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
238	SECTION AUTHORITY
239	SECTION ADDITIONAL
240	ENTRY_END
241
242
243	; Get www.example.net validated in the cache.
244	STEP 30 QUERY
245	ENTRY_BEGIN
246	REPLY RD DO
247	SECTION QUESTION
248	www.example.net. IN A
249	ENTRY_END
250
251	; recursion happens here.
252	STEP 40 CHECK_ANSWER
253	ENTRY_BEGIN
254	MATCH all
255	REPLY QR RD RA AD DO NOERROR
256	SECTION QUESTION
257	www.example.net. IN A
258	SECTION ANSWER
259	www.example.net. IN A 11.12.13.14
260	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
261	SECTION AUTHORITY
262	SECTION ADDITIONAL
263	ENTRY_END
264
265
266	; reference the cache object
267	STEP 50 QUERY
268	ENTRY_BEGIN
269	REPLY RD DO
270	SECTION QUESTION
271	insecure.example.com. IN A
272	ENTRY_END
273
274	STEP 60 CHECK_ANSWER
275	ENTRY_BEGIN
276	MATCH all
277	REPLY QR RD RA DO NOERROR
278	SECTION QUESTION
279	insecure.example.com. IN A
280	SECTION ANSWER
281	insecure.example.com. IN CNAME www.example.net.
282	www.example.net. IN A 11.12.13.14
283	www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
284	SECTION AUTHORITY
285	SECTION ADDITIONAL
286	ENTRY_END
287
288
289	SCENARIO_END