[apple/network_cmds.git] / unbound / testdata / val_nsec3_b3_optout_noce.rpl

; config options
server:
        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
	val-override-date: "20120420235959"
	target-fetch-policy: "0 0 0 0 0"

stub-zone:
	name: "."
	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without ce.

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129 
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS	K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example. IN A
SECTION AUTHORITY
example.	IN NS	ns1.example.
; leave out to make unbound take ns1
;example.	IN NS	ns2.example.
SECTION ADDITIONAL
ns1.example.	IN A 192.0.2.1
; leave out to make unbound take ns1
;ns2.example.	IN A 192.0.2.2
ENTRY_END
RANGE_END

; ns1.example.
RANGE_BEGIN 0 100
	ADDRESS 192.0.2.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR REFUSED
SECTION QUESTION
ns1.example. IN A
SECTION ANSWER
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR REFUSED
SECTION QUESTION
ns1.example. IN AAAA
SECTION ANSWER
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR REFUSED
SECTION QUESTION
example. IN NS
SECTION ANSWER
ENTRY_END

; response to DNSKEY priming query

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example. IN DNSKEY
SECTION ANSWER
example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA DO NOERROR
SECTION QUESTION
c.example.       IN DS
SECTION AUTHORITY
;; NSEC3 RR that covers the "next closer" name (c.example)
;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )

;; NSEC3 RR that matches the closest encloser (example)
;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR AA DO NOERROR
SECTION QUESTION
c.example.       IN MX
SECTION AUTHORITY
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.

;; NSEC3 RR that covers the "next closer" name (c.example)
;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )

;; NSEC3 RR that matches the closest encloser (example)
;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )

SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8

ENTRY_END
RANGE_END

; ns1.c.example.
RANGE_BEGIN 0 100
	ADDRESS 192.0.2.7
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA REFUSED
SECTION QUESTION
ns1.c.example.       IN AAAA
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA REFUSED
SECTION QUESTION
ns2.c.example.       IN AAAA
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
c.example.       IN NS
SECTION ANSWER
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.
SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
mc.c.example.       IN MX
SECTION ANSWER
mc.c.example.       IN MX 50 mx.c.example.
SECTION AUTHORITY
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.
SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8
ENTRY_END
RANGE_END

; ns2.c.example.
RANGE_BEGIN 0 100
	ADDRESS 192.0.2.8
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA REFUSED
SECTION QUESTION
ns1.c.example.       IN AAAA
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA REFUSED
SECTION QUESTION
ns2.c.example.       IN AAAA
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
c.example.       IN NS
SECTION ANSWER
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.
SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
mc.c.example.       IN MX
SECTION ANSWER
mc.c.example.       IN MX 50 mx.c.example.
SECTION AUTHORITY
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.
SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8
ENTRY_END
RANGE_END


STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
mc.c.example.       IN MX
ENTRY_END

; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
mc.c.example.       IN MX
ENTRY_END

SCENARIO_END
Commit	Line	Data
89c4ed63 A	1	; config options
	2	server:
	3	trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
	4	val-override-date: "20120420235959"
	5	target-fetch-policy: "0 0 0 0 0"
	6
	7	stub-zone:
	8	name: "."
	9	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
	10	CONFIG_END
	11
	12	SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without ce.
	13
	14	; K.ROOT-SERVERS.NET.
	15	RANGE_BEGIN 0 100
	16	ADDRESS 193.0.14.129
	17	ENTRY_BEGIN
	18	MATCH opcode qtype qname
	19	ADJUST copy_id
	20	REPLY QR NOERROR
	21	SECTION QUESTION
	22	. IN NS
	23	SECTION ANSWER
	24	. IN NS K.ROOT-SERVERS.NET.
	25	SECTION ADDITIONAL
	26	K.ROOT-SERVERS.NET. IN A 193.0.14.129
	27	ENTRY_END
	28
	29	ENTRY_BEGIN
	30	MATCH opcode subdomain
	31	ADJUST copy_id copy_query
	32	REPLY QR NOERROR
	33	SECTION QUESTION
	34	example. IN A
	35	SECTION AUTHORITY
	36	example. IN NS ns1.example.
	37	; leave out to make unbound take ns1
	38	;example. IN NS ns2.example.
	39	SECTION ADDITIONAL
	40	ns1.example. IN A 192.0.2.1
	41	; leave out to make unbound take ns1
	42	;ns2.example. IN A 192.0.2.2
	43	ENTRY_END
	44	RANGE_END
	45
	46	; ns1.example.
	47	RANGE_BEGIN 0 100
	48	ADDRESS 192.0.2.1
	49	ENTRY_BEGIN
	50	MATCH opcode qtype qname
	51	ADJUST copy_id copy_query
	52	REPLY QR REFUSED
	53	SECTION QUESTION
	54	ns1.example. IN A
	55	SECTION ANSWER
	56	ENTRY_END
	57
	58	ENTRY_BEGIN
	59	MATCH opcode qtype qname
	60	ADJUST copy_id copy_query
	61	REPLY QR REFUSED
	62	SECTION QUESTION
	63	ns1.example. IN AAAA
	64	SECTION ANSWER
65	ENTRY_END
66
67	ENTRY_BEGIN
68	MATCH opcode qtype qname
69	ADJUST copy_id copy_query
70	REPLY QR REFUSED
71	SECTION QUESTION
72	example. IN NS
73	SECTION ANSWER
74	ENTRY_END
75
76	; response to DNSKEY priming query
77
78	ENTRY_BEGIN
79	MATCH opcode qtype qname
80	ADJUST copy_id
81	REPLY QR NOERROR
82	SECTION QUESTION
83	example. IN DNSKEY
84	SECTION ANSWER
85	example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
86	example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
87	example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
88	ENTRY_END
89
90	ENTRY_BEGIN
91	MATCH opcode qtype qname
92	ADJUST copy_id
93	REPLY QR AA DO NOERROR
94	SECTION QUESTION
95	c.example. IN DS
96	SECTION AUTHORITY
97	;; NSEC3 RR that covers the "next closer" name (c.example)
98	;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
99	35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
100	35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
101
102	;; NSEC3 RR that matches the closest encloser (example)
103	;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
104	;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
105	;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
106	ENTRY_END
107
108	ENTRY_BEGIN
109	MATCH opcode subdomain
110	ADJUST copy_id copy_query
111	REPLY QR AA DO NOERROR
112	SECTION QUESTION
113	c.example. IN MX
114	SECTION AUTHORITY
115	c.example. NS ns1.c.example.
116	c.example. NS ns2.c.example.
117
118	;; NSEC3 RR that covers the "next closer" name (c.example)
119	;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
120	35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
121	35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
122
123	;; NSEC3 RR that matches the closest encloser (example)
124	;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
125	; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
126	; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
127
128	SECTION ADDITIONAL
129	ns1.c.example. A 192.0.2.7
130	ns2.c.example. A 192.0.2.8
131
132	ENTRY_END
133	RANGE_END
134
135	; ns1.c.example.
136	RANGE_BEGIN 0 100
137	ADDRESS 192.0.2.7
138	ENTRY_BEGIN
139	MATCH opcode qtype qname
140	ADJUST copy_id
141	REPLY QR AA REFUSED
142	SECTION QUESTION
143	ns1.c.example. IN AAAA
144	ENTRY_END
145
146	ENTRY_BEGIN
147	MATCH opcode qtype qname
148	ADJUST copy_id
149	REPLY QR AA REFUSED
150	SECTION QUESTION
151	ns2.c.example. IN AAAA
152	ENTRY_END
153
154	ENTRY_BEGIN
155	MATCH opcode qtype qname
156	ADJUST copy_id
157	REPLY QR AA NOERROR
158	SECTION QUESTION
159	c.example. IN NS
160	SECTION ANSWER
161	c.example. NS ns1.c.example.
162	c.example. NS ns2.c.example.
163	SECTION ADDITIONAL
164	ns1.c.example. A 192.0.2.7
165	ns2.c.example. A 192.0.2.8
166	ENTRY_END
167
168	ENTRY_BEGIN
169	MATCH opcode qtype qname
170	ADJUST copy_id
171	REPLY QR AA NOERROR
172	SECTION QUESTION
173	mc.c.example. IN MX
174	SECTION ANSWER
175	mc.c.example. IN MX 50 mx.c.example.
176	SECTION AUTHORITY
177	c.example. NS ns1.c.example.
178	c.example. NS ns2.c.example.
179	SECTION ADDITIONAL
180	ns1.c.example. A 192.0.2.7
181	ns2.c.example. A 192.0.2.8
182	ENTRY_END
183	RANGE_END
184
185	; ns2.c.example.
186	RANGE_BEGIN 0 100
187	ADDRESS 192.0.2.8
188	ENTRY_BEGIN
189	MATCH opcode qtype qname
190	ADJUST copy_id
191	REPLY QR AA REFUSED
192	SECTION QUESTION
193	ns1.c.example. IN AAAA
194	ENTRY_END
195
196	ENTRY_BEGIN
197	MATCH opcode qtype qname
198	ADJUST copy_id
199	REPLY QR AA REFUSED
200	SECTION QUESTION
201	ns2.c.example. IN AAAA
202	ENTRY_END
203
204	ENTRY_BEGIN
205	MATCH opcode qtype qname
206	ADJUST copy_id
207	REPLY QR AA NOERROR
208	SECTION QUESTION
209	c.example. IN NS
210	SECTION ANSWER
211	c.example. NS ns1.c.example.
212	c.example. NS ns2.c.example.
213	SECTION ADDITIONAL
214	ns1.c.example. A 192.0.2.7
215	ns2.c.example. A 192.0.2.8
216	ENTRY_END
217
218	ENTRY_BEGIN
219	MATCH opcode qtype qname
220	ADJUST copy_id
221	REPLY QR AA NOERROR
222	SECTION QUESTION
223	mc.c.example. IN MX
224	SECTION ANSWER
225	mc.c.example. IN MX 50 mx.c.example.
226	SECTION AUTHORITY
227	c.example. NS ns1.c.example.
228	c.example. NS ns2.c.example.
229	SECTION ADDITIONAL
230	ns1.c.example. A 192.0.2.7
231	ns2.c.example. A 192.0.2.8
232	ENTRY_END
233	RANGE_END
234
235
236	STEP 1 QUERY
237	ENTRY_BEGIN
238	REPLY RD
239	SECTION QUESTION
240	mc.c.example. IN MX
241	ENTRY_END
242
243	; recursion happens here.
244	STEP 10 CHECK_ANSWER
245	ENTRY_BEGIN
246	MATCH all
247	REPLY QR RD RA SERVFAIL
248	SECTION QUESTION
249	mc.c.example. IN MX
250	ENTRY_END
251
252	SCENARIO_END