[apple/network_cmds.git] / unbound / testdata / val_dsnsec.rpl

; config options
; The island of trust is at example.com
server:
	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	val-override-date: "20070916134226"
	target-fetch-policy: "0 0 0 0 0"

stub-zone:
	name: "."
	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test pickup of DS NSEC from the cache.
; make sure unbound does not pick up the wrong nsec.

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129 
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS	K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN A
SECTION AUTHORITY
com.	IN NS	a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.	IN 	A	192.5.6.30
ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 100
	ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com.    IN NS   a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.     IN      A       192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION AUTHORITY
example.com.	IN NS	ns.example.com.
SECTION ADDITIONAL
ns.example.com.		IN 	A	1.2.3.4
ENTRY_END
RANGE_END

; ns.example.com.
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com.    IN NS   ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

; barely valid nodata for AAAA
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.com. IN AAAA
SECTION ANSWER
SECTION AUTHORITY
example.com.    IN NS   ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.com. IN A
SECTION ANSWER
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
SECTION AUTHORITY
example.com.    IN NS   ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
ENTRY_END

; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
SECTION AUTHORITY
example.com.	IN NS	ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.		IN 	A	1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

; response for   tub.example.com
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NXDOMAIN
SECTION QUESTION
tub.example.com. IN DNSKEY
SECTION ANSWER
SECTION AUTHORITY
; SOA record
example.com IN SOA ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400
example.com.	3600	IN	RRSIG	SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854}
; qname denial
sub.example.com. IN	NSEC wub.example.com. NS DS RRSIG NSEC
sub.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854}
; wildcard denial
example.com. IN NSEC blub.example.com. NS SOA RRSIG NSEC DNSKEY
example.com.	3600	IN	RRSIG	NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854}
SECTION ADDITIONAL
ENTRY_END

; DS query for sub.example.com
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
sub.example.com. IN DS
SECTION ANSWER
sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END

; response for delegation to sub.example.com.
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
sub.example.com. IN DNSKEY
SECTION ANSWER
SECTION AUTHORITY
sub.example.com. IN	NS ns.sub.example.com.
;sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
SECTION ADDITIONAL
ns.sub.example.com. IN A 1.2.3.6
ENTRY_END
RANGE_END

; ns.sub.example.com.
RANGE_BEGIN 0 100
	ADDRESS 1.2.3.6
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
sub.example.com. IN NS
SECTION ANSWER
sub.example.com. IN	NS ns.sub.example.com.
sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
SECTION ADDITIONAL
ns.sub.example.com. IN A 1.2.3.6
ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
ENTRY_END

; response to DNSKEY priming query
; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
sub.example.com. IN DNSKEY
SECTION ANSWER
sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
SECTION AUTHORITY
sub.example.com. IN	NS ns.sub.example.com.
sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
SECTION ADDITIONAL
ns.sub.example.com. IN A 1.2.3.6
ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
ENTRY_END

; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.sub.example.com. IN A
SECTION ANSWER
www.sub.example.com. IN A	11.11.11.11
www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
RANGE_END

; query for a domain next to it, so the wrong NSEC gets in the cache.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.tub.example.com. IN A
ENTRY_END

; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NXDOMAIN
SECTION QUESTION
www.tub.example.com. IN A
SECTION ANSWER
SECTION AUTHORITY
example.com.    3600    IN      SOA     ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400
example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854}
sub.example.com.        3600    IN      NSEC    wub.example.com. NS DS RRSIG NSEC 
sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854}
example.com.    3600    IN      NSEC    blub.example.com. NS SOA RRSIG NSEC DNSKEY 
example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854}
SECTION ADDITIONAL
ENTRY_END

; query of interest.
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.sub.example.com. IN A
ENTRY_END

STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.sub.example.com. IN A
SECTION ANSWER
www.sub.example.com. 	3600	IN	A	11.11.11.11
www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END


SCENARIO_END
Commit	Line	Data
89c4ed63 A	1	; config options
	2	; The island of trust is at example.com
	3	server:
	4	trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
	5	val-override-date: "20070916134226"
	6	target-fetch-policy: "0 0 0 0 0"
	7
	8	stub-zone:
	9	name: "."
	10	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	11	CONFIG_END
	12
	13	SCENARIO_BEGIN Test pickup of DS NSEC from the cache.
	14	; make sure unbound does not pick up the wrong nsec.
	15
	16	; K.ROOT-SERVERS.NET.
	17	RANGE_BEGIN 0 100
	18	ADDRESS 193.0.14.129
	19	ENTRY_BEGIN
	20	MATCH opcode qtype qname
	21	ADJUST copy_id
	22	REPLY QR NOERROR
	23	SECTION QUESTION
	24	. IN NS
	25	SECTION ANSWER
	26	. IN NS K.ROOT-SERVERS.NET.
	27	SECTION ADDITIONAL
	28	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	29	ENTRY_END
	30
	31	ENTRY_BEGIN
	32	MATCH opcode subdomain
	33	ADJUST copy_id copy_query
	34	REPLY QR NOERROR
	35	SECTION QUESTION
	36	com. IN A
	37	SECTION AUTHORITY
	38	com. IN NS a.gtld-servers.net.
	39	SECTION ADDITIONAL
	40	a.gtld-servers.net. IN A 192.5.6.30
	41	ENTRY_END
	42	RANGE_END
	43
	44	; a.gtld-servers.net.
	45	RANGE_BEGIN 0 100
	46	ADDRESS 192.5.6.30
	47	ENTRY_BEGIN
	48	MATCH opcode qtype qname
	49	ADJUST copy_id
	50	REPLY QR NOERROR
	51	SECTION QUESTION
	52	com. IN NS
	53	SECTION ANSWER
	54	com. IN NS a.gtld-servers.net.
	55	SECTION ADDITIONAL
	56	a.gtld-servers.net. IN A 192.5.6.30
	57	ENTRY_END
	58
	59	ENTRY_BEGIN
	60	MATCH opcode subdomain
	61	ADJUST copy_id copy_query
	62	REPLY QR NOERROR
	63	SECTION QUESTION
	64	example.com. IN A
65	SECTION AUTHORITY
66	example.com. IN NS ns.example.com.
67	SECTION ADDITIONAL
68	ns.example.com. IN A 1.2.3.4
69	ENTRY_END
70	RANGE_END
71
72	; ns.example.com.
73	RANGE_BEGIN 0 100
74	ADDRESS 1.2.3.4
75	ENTRY_BEGIN
76	MATCH opcode qtype qname
77	ADJUST copy_id
78	REPLY QR NOERROR
79	SECTION QUESTION
80	example.com. IN NS
81	SECTION ANSWER
82	example.com. IN NS ns.example.com.
83	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
84	SECTION ADDITIONAL
85	ns.example.com. IN A 1.2.3.4
86	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
87	ENTRY_END
88
89	; barely valid nodata for AAAA
90	ENTRY_BEGIN
91	MATCH opcode qtype qname
92	ADJUST copy_id
93	REPLY QR NOERROR
94	SECTION QUESTION
95	ns.example.com. IN AAAA
96	SECTION ANSWER
97	SECTION AUTHORITY
98	example.com. IN NS ns.example.com.
99	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
100	ENTRY_END
101
102	ENTRY_BEGIN
103	MATCH opcode qtype qname
104	ADJUST copy_id
105	REPLY QR NOERROR
106	SECTION QUESTION
107	ns.example.com. IN A
108	SECTION ANSWER
109	ns.example.com. IN A 1.2.3.4
110	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
111	SECTION AUTHORITY
112	example.com. IN NS ns.example.com.
113	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
114	ENTRY_END
115
116	; response to DNSKEY priming query
117	ENTRY_BEGIN
118	MATCH opcode qtype qname
119	ADJUST copy_id
120	REPLY QR NOERROR
121	SECTION QUESTION
122	example.com. IN DNSKEY
123	SECTION ANSWER
124	example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
125	example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
126	SECTION AUTHORITY
127	example.com. IN NS ns.example.com.
128	example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
129	SECTION ADDITIONAL
130	ns.example.com. IN A 1.2.3.4
131	ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
132	ENTRY_END
133
134	; response for tub.example.com
135	ENTRY_BEGIN
136	MATCH opcode subdomain
137	ADJUST copy_id copy_query
138	REPLY QR NXDOMAIN
139	SECTION QUESTION
140	tub.example.com. IN DNSKEY
141	SECTION ANSWER
142	SECTION AUTHORITY
143	; SOA record
144	example.com IN SOA ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400
145	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854}
146	; qname denial
147	sub.example.com. IN NSEC wub.example.com. NS DS RRSIG NSEC
148	sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854}
149	; wildcard denial
150	example.com. IN NSEC blub.example.com. NS SOA RRSIG NSEC DNSKEY
151	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854}
152	SECTION ADDITIONAL
153	ENTRY_END
154
155	; DS query for sub.example.com
156	ENTRY_BEGIN
157	MATCH opcode qtype qname
158	ADJUST copy_id
159	REPLY QR NOERROR
160	SECTION QUESTION
161	sub.example.com. IN DS
162	SECTION ANSWER
163	sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
164	sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
165	SECTION AUTHORITY
166	SECTION ADDITIONAL
167	ENTRY_END
168
169	; response for delegation to sub.example.com.
170	ENTRY_BEGIN
171	MATCH opcode subdomain
172	ADJUST copy_id copy_query
173	REPLY QR NOERROR
174	SECTION QUESTION
175	sub.example.com. IN DNSKEY
176	SECTION ANSWER
177	SECTION AUTHORITY
178	sub.example.com. IN NS ns.sub.example.com.
179	;sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
180	;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
181	SECTION ADDITIONAL
182	ns.sub.example.com. IN A 1.2.3.6
183	ENTRY_END
184	RANGE_END
185
186	; ns.sub.example.com.
187	RANGE_BEGIN 0 100
188	ADDRESS 1.2.3.6
189	ENTRY_BEGIN
190	MATCH opcode qtype qname
191	ADJUST copy_id
192	REPLY QR NOERROR
193	SECTION QUESTION
194	sub.example.com. IN NS
195	SECTION ANSWER
196	sub.example.com. IN NS ns.sub.example.com.
197	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
198	SECTION ADDITIONAL
199	ns.sub.example.com. IN A 1.2.3.6
200	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
201	ENTRY_END
202
203	; response to DNSKEY priming query
204	; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
205	ENTRY_BEGIN
206	MATCH opcode qtype qname
207	ADJUST copy_id
208	REPLY QR NOERROR
209	SECTION QUESTION
210	sub.example.com. IN DNSKEY
211	SECTION ANSWER
212	sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
213	sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
214	SECTION AUTHORITY
215	sub.example.com. IN NS ns.sub.example.com.
216	sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
217	SECTION ADDITIONAL
218	ns.sub.example.com. IN A 1.2.3.6
219	ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
220	ENTRY_END
221
222	; response to query of interest
223	ENTRY_BEGIN
224	MATCH opcode qtype qname
225	ADJUST copy_id
226	REPLY QR NOERROR
227	SECTION QUESTION
228	www.sub.example.com. IN A
229	SECTION ANSWER
230	www.sub.example.com. IN A 11.11.11.11
231	www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
232	SECTION AUTHORITY
233	SECTION ADDITIONAL
234	ENTRY_END
235	RANGE_END
236
237	; query for a domain next to it, so the wrong NSEC gets in the cache.
238	STEP 1 QUERY
239	ENTRY_BEGIN
240	REPLY RD DO
241	SECTION QUESTION
242	www.tub.example.com. IN A
243	ENTRY_END
244
245	; recursion happens here.
246	STEP 10 CHECK_ANSWER
247	ENTRY_BEGIN
248	MATCH all
249	REPLY QR RD RA AD DO NXDOMAIN
250	SECTION QUESTION
251	www.tub.example.com. IN A
252	SECTION ANSWER
253	SECTION AUTHORITY
254	example.com. 3600 IN SOA ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400
255	example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854}
256	sub.example.com. 3600 IN NSEC wub.example.com. NS DS RRSIG NSEC
257	sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854}
258	example.com. 3600 IN NSEC blub.example.com. NS SOA RRSIG NSEC DNSKEY
259	example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854}
260	SECTION ADDITIONAL
261	ENTRY_END
262
263	; query of interest.
264	STEP 30 QUERY
265	ENTRY_BEGIN
266	REPLY RD DO
267	SECTION QUESTION
268	www.sub.example.com. IN A
269	ENTRY_END
270
271	STEP 40 CHECK_ANSWER
272	ENTRY_BEGIN
273	MATCH all
274	REPLY QR RD RA AD DO NOERROR
275	SECTION QUESTION
276	www.sub.example.com. IN A
277	SECTION ANSWER
278	www.sub.example.com. 3600 IN A 11.11.11.11
279	www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
280	SECTION AUTHORITY
281	SECTION ADDITIONAL
282	ENTRY_END
283
284
285	SCENARIO_END