]> git.saurik.com Git - apple/network_cmds.git/blame_incremental - unbound/testdata/autotrust_addpend_twice.rpl
network_cmds-596.100.2.tar.gz
[apple/network_cmds.git] / unbound / testdata / autotrust_addpend_twice.rpl
... / ...
CommitLineData
1; config options
2server:
3 target-fetch-policy: "0 0 0 0 0"
4 log-time-ascii: yes
5stub-zone:
6 name: "."
7 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
8; initial content (say from dig example.com DNSKEY > example.com.key)
9AUTOTRUST_FILE example.com
10example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
11example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
12AUTOTRUST_END
13CONFIG_END
14
15SCENARIO_BEGIN Test autotrust with ADDPEND seen twice
16; this should work.
17
18; K-ROOT
19RANGE_BEGIN 0 100
20 ADDRESS 193.0.14.129
21ENTRY_BEGIN
22MATCH opcode qname qtype
23ADJUST copy_id copy_query
24REPLY QR AA
25SECTION QUESTION
26. IN NS
27SECTION ANSWER
28. IN NS k.root-servers.net.
29SECTION ADDITIONAL
30k.root-servers.net IN A 193.0.14.129
31ENTRY_END
32
33ENTRY_BEGIN
34MATCH opcode subdomain
35ADJUST copy_id copy_query
36REPLY QR
37SECTION QUESTION
38com. IN NS
39SECTION AUTHORITY
40com. IN NS a.gtld-servers.net.
41SECTION ADDITIONAL
42a.gtld-servers.net. IN A 192.5.6.30
43ENTRY_END
44RANGE_END
45
46; a.gtld-servers.net.
47RANGE_BEGIN 0 100
48 ADDRESS 192.5.6.30
49ENTRY_BEGIN
50MATCH opcode subdomain
51ADJUST copy_id copy_query
52REPLY QR
53SECTION QUESTION
54example.com. IN NS
55SECTION AUTHORITY
56example.com. IN NS ns.example.com.
57SECTION ADDITIONAL
58ns.example.com. IN A 1.2.3.4
59ENTRY_END
60RANGE_END
61
62; ns.example.com. KSK 55582
63RANGE_BEGIN 0 10
64 ADDRESS 1.2.3.4
65ENTRY_BEGIN
66MATCH opcode qname qtype
67ADJUST copy_id
68REPLY QR AA
69SECTION QUESTION
70www.example.com. IN A
71SECTION ANSWER
72www.example.com. 3600 IN A 10.20.30.40
73www.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
74SECTION AUTHORITY
75example.com. 3600 IN NS ns.example.com.
76example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
77SECTION ADDITIONAL
78ns.example.com. 3600 IN A 1.2.3.4
79ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
80ENTRY_END
81
82ENTRY_BEGIN
83MATCH opcode qname qtype
84ADJUST copy_id
85REPLY QR AA
86SECTION QUESTION
87example.com. IN DNSKEY
88SECTION ANSWER
89; KSK 1
90example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
91; ZSK 1
92example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
93; signatures
94example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
95example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
96ENTRY_END
97RANGE_END
98
99; ns.example.com. KSK 55582 and 60946
100RANGE_BEGIN 11 40
101 ADDRESS 1.2.3.4
102ENTRY_BEGIN
103MATCH opcode qname qtype
104ADJUST copy_id
105REPLY QR AA
106SECTION QUESTION
107example.com. IN DNSKEY
108SECTION ANSWER
109; KSK 1
110example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
111; KSK 2
112example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
113; ZSK 1
114example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
115; signatures
116example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 30899 example.com. rkaCUpTFPWVu4Om5oMTR+39Mct6ZMs56xrE0rbxMMOokfvIQheIxsAEc5BFJeA/2y5WTewl6diCD6yQXCybrDg== ;{id = 30899}
117example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 55582 example.com. CoMon+lWPAsUvgfpCTDPx8Zn8dQpky3lu2O6T+oJ2Mat9a/u1YwGhSQHGPn7ZNG/4vKM97tx84sSlUGz3geD1w== ;{id = 55582}
118example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 60946 example.com. o+Cbs7DcYPYlSLd4hi3vkSVQpXGnKgKSi9MpHGfu1Uahv5190U2DUOxP1du/HOYbf+IHYL8zLbMZjVEG5wgnTg== ;{id = 60946}
119ENTRY_END
120RANGE_END
121
122; ns.example.com. KSK 55582 and 60946 (signatures updated)
123RANGE_BEGIN 41 50
124 ADDRESS 1.2.3.4
125ENTRY_BEGIN
126MATCH opcode qname qtype
127ADJUST copy_id
128REPLY QR AA
129SECTION QUESTION
130example.com. IN DNSKEY
131SECTION ANSWER
132; KSK 1
133example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
134; KSK 2
135example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
136; ZSK 1
137example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
138; signatures
139example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 30899 example.com. rkaCUpTFPWVu4Om5oMTR+39Mct6ZMs56xrE0rbxMMOokfvIQheIxsAEc5BFJeA/2y5WTewl6diCD6yQXCybrDg== ;{id = 30899}
140example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 55582 example.com. v/HJbdpeVMpbhwYXrT1EDGpAFMvEgdKQII1cAbP6o8KHYNKDh8TIJ25/pXe3daEXfej6/Z5kpqJ79okPKUoi1Q== ;{id = 55582}
141example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 60946 example.com. HgXol1hdvbomOM1CFRW8qsHd3D0qOnN72EeMHTcpxIBBiuNLKZn4n1M14Voxj3vo0eAMNuG/y7EjQkxKvSsaDA== ;{id = 60946}
142ENTRY_END
143RANGE_END
144
145; ns.example.com. KSK 55582-REVOKED and 60946
146RANGE_BEGIN 51 60
147 ADDRESS 1.2.3.4
148ENTRY_BEGIN
149MATCH opcode qname qtype
150ADJUST copy_id
151REPLY QR AA
152SECTION QUESTION
153example.com. IN DNSKEY
154SECTION ANSWER
155; KSK 1
156example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b}
157; KSK 2
158example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
159; ZSK 1
160example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
161; signatures
162example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 30899 example.com. qLKZUJEi3ajSJ4/b7xl0BwhzW6JtjsojpZ+2nUx1PvaeQVoTmyWxjxc2tAmJGcBPqMqzeY470xvyMDvGTOiQCQ== ;{id = 30899}
163example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 55710 example.com. EW2YB+2yNX9LTNDPVwkcGnRTTx38pOiwBaixdwxmDgqWKXLDLM6Kd2Xv9tveS39RnSZ5H1inRXE55q+rL6Re3g== ;{id = 55710}
164; wrong keytag:
165;example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 55582 example.com. nH/6HauVJI4GGz78UoK/38cOOrEqsYZP0jFzfCC3OyIlclVTjAFvjVPlVMGK7sA5Nw1v20YtFTQkXZgbrRuInQ== ;{id = 55582}
166example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 60946 example.com. xKSBZr4vOsEUKlVoNb6SOV69DM7xFOJI4gPFKq5Tv4APIMJ/9G3odoDmNcLCVyYGzhoDik5hciJnZio6UHgzAA== ;{id = 60946}
167ENTRY_END
168RANGE_END
169
170; ns.example.com. KSK 60946
171RANGE_BEGIN 61 70
172 ADDRESS 1.2.3.4
173ENTRY_BEGIN
174MATCH opcode qname qtype
175ADJUST copy_id
176REPLY QR AA
177SECTION QUESTION
178example.com. IN DNSKEY
179SECTION ANSWER
180; KSK 2
181example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
182; ZSK 1
183example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
184; signatures
185example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20101224111500 20101118111500 30899 example.com. TfFGz1kDtkn3ixbKMJvQDZ0uGw/eW+inIiPqQVPQtO2WiocKrnYnzwv/AqwnFvEar70dF15/zffNIF+ipOS5/g== ;{id = 30899}
186example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20101224111500 20101118111500 60946 example.com. X0Ci//w0czN/J5RvypHGqp56n1tLdapi92ODAqjM7QpZXbSHaJ7wfPG1PZzvdxHUZUVyf8uy2stjg/XoLGHMWA== ;{id = 60946}
187ENTRY_END
188RANGE_END
189
190; set date/time to Aug 24 07:46:40 (2009).
191STEP 5 TIME_PASSES ELAPSE 1251100000
192STEP 6 TRAFFIC ; the initial probe
193STEP 7 ASSIGN t0 = ${time}
194STEP 8 ASSIGN probe0 = ${range 4800 ${timeout} 5400}
195
196; the auto probing should have been done now.
197STEP 10 CHECK_AUTOTRUST example.com
198FILE_BEGIN
199; autotrust trust anchor file
200;;id: example.com. 1
201;;last_queried: ${$t0} ;;${ctime $t0}
202;;last_success: ${$t0} ;;${ctime $t0}
203;;next_probe_time: ${$t0 + $probe0} ;;${ctime $t0 + $probe0}
204;;query_failed: 0
205;;query_interval: 5400
206;;retry_time: 3600
207example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
208FILE_END
209
210; key prepublished. First poll. 30 days later
211STEP 11 TIME_PASSES EVAL ${30*24*3600}
212STEP 12 TRAFFIC
213STEP 13 ASSIGN t1 = ${time}
214STEP 14 ASSIGN probe1 = ${range 4800 ${timeout} 5400}
215STEP 15 CHECK_AUTOTRUST example.com
216FILE_BEGIN
217; autotrust trust anchor file
218;;id: example.com. 1
219;;last_queried: ${$t1} ;;${ctime $t1}
220;;last_success: ${$t1} ;;${ctime $t1}
221;;next_probe_time: ${$t1 + $probe1} ;;${ctime $t1 + $probe1}
222;;query_failed: 0
223;;query_interval: 5400
224;;retry_time: 3600
225example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t1} ;;${ctime $t1}
226example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
227FILE_END
228
229; Second poll. 10 days later
230STEP 21 TIME_PASSES EVAL ${10*24*3600}
231STEP 22 TRAFFIC
232STEP 23 ASSIGN t2 = ${time}
233STEP 24 ASSIGN probe2 = ${range 4800 ${timeout} 5400}
234STEP 25 CHECK_AUTOTRUST example.com
235FILE_BEGIN
236; autotrust trust anchor file
237;;id: example.com. 1
238;;last_queried: ${$t2} ;;${ctime $t2}
239;;last_success: ${$t2} ;;${ctime $t2}
240;;next_probe_time: ${$t2 + $probe2} ;;${ctime $t2 + $probe2}
241;;query_failed: 0
242;;query_interval: 5400
243;;retry_time: 3600
244example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=2 ;;lastchange=${$t1} ;;${ctime $t1}
245example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
246FILE_END
247
248; t3 is removed third poll time.
249
250; 21 days later, hold down has lapsed.
251STEP 41 TIME_PASSES EVAL ${21*24*3600}
252STEP 42 TRAFFIC
253STEP 43 ASSIGN t4 = ${time}
254STEP 44 ASSIGN probe4 = ${range 4800 ${timeout} 5400}
255STEP 45 CHECK_AUTOTRUST example.com
256FILE_BEGIN
257; autotrust trust anchor file
258;;id: example.com. 1
259;;last_queried: ${$t4} ;;${ctime $t4}
260;;last_success: ${$t4} ;;${ctime $t4}
261;;next_probe_time: ${$t4 + $probe4} ;;${ctime $t4 + $probe4}
262;;query_failed: 0
263;;query_interval: 5400
264;;retry_time: 3600
265example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
266example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
267FILE_END
268
269; 30 days later, the old key is revoked
270STEP 51 TIME_PASSES EVAL ${30*24*3600}
271STEP 52 TRAFFIC
272STEP 53 ASSIGN t5 = ${time}
273STEP 54 ASSIGN probe5 = ${range 4800 ${timeout} 5400}
274STEP 55 CHECK_AUTOTRUST example.com
275FILE_BEGIN
276; autotrust trust anchor file
277;;id: example.com. 1
278;;last_queried: ${$t5} ;;${ctime $t5}
279;;last_success: ${$t5} ;;${ctime $t5}
280;;next_probe_time: ${$t5 + $probe5} ;;${ctime $t5 + $probe5}
281;;query_failed: 0
282;;query_interval: 5400
283;;retry_time: 3600
284example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
285example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t5} ;;${ctime $t5}
286FILE_END
287
288; 370 days later, the old key is removed from storage
289STEP 61 TIME_PASSES EVAL ${370*24*3600}
290STEP 62 TRAFFIC
291STEP 63 ASSIGN t6 = ${time}
292STEP 64 ASSIGN probe6 = ${range 4800 ${timeout} 5400}
293STEP 65 CHECK_AUTOTRUST example.com
294FILE_BEGIN
295; autotrust trust anchor file
296;;id: example.com. 1
297;;last_queried: ${$t6} ;;${ctime $t6}
298;;last_success: ${$t6} ;;${ctime $t6}
299;;next_probe_time: ${$t6 + $probe6} ;;${ctime $t6 + $probe6}
300;;query_failed: 0
301;;query_interval: 5400
302;;retry_time: 3600
303example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
304FILE_END
305
306
307SCENARIO_END