]>
Commit | Line | Data |
---|---|---|
1 | ; config options | |
2 | server: | |
3 | target-fetch-policy: "0 0 0 0 0" | |
4 | log-time-ascii: yes | |
5 | stub-zone: | |
6 | name: "." | |
7 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
8 | ; initial content (say from dig example.com DNSKEY > example.com.key) | |
9 | AUTOTRUST_FILE example.com | |
10 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} | |
11 | example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} | |
12 | AUTOTRUST_END | |
13 | CONFIG_END | |
14 | ||
15 | SCENARIO_BEGIN Test autotrust with ADDPEND seen twice | |
16 | ; this should work. | |
17 | ||
18 | ; K-ROOT | |
19 | RANGE_BEGIN 0 100 | |
20 | ADDRESS 193.0.14.129 | |
21 | ENTRY_BEGIN | |
22 | MATCH opcode qname qtype | |
23 | ADJUST copy_id copy_query | |
24 | REPLY QR AA | |
25 | SECTION QUESTION | |
26 | . IN NS | |
27 | SECTION ANSWER | |
28 | . IN NS k.root-servers.net. | |
29 | SECTION ADDITIONAL | |
30 | k.root-servers.net IN A 193.0.14.129 | |
31 | ENTRY_END | |
32 | ||
33 | ENTRY_BEGIN | |
34 | MATCH opcode subdomain | |
35 | ADJUST copy_id copy_query | |
36 | REPLY QR | |
37 | SECTION QUESTION | |
38 | com. IN NS | |
39 | SECTION AUTHORITY | |
40 | com. IN NS a.gtld-servers.net. | |
41 | SECTION ADDITIONAL | |
42 | a.gtld-servers.net. IN A 192.5.6.30 | |
43 | ENTRY_END | |
44 | RANGE_END | |
45 | ||
46 | ; a.gtld-servers.net. | |
47 | RANGE_BEGIN 0 100 | |
48 | ADDRESS 192.5.6.30 | |
49 | ENTRY_BEGIN | |
50 | MATCH opcode subdomain | |
51 | ADJUST copy_id copy_query | |
52 | REPLY QR | |
53 | SECTION QUESTION | |
54 | example.com. IN NS | |
55 | SECTION AUTHORITY | |
56 | example.com. IN NS ns.example.com. | |
57 | SECTION ADDITIONAL | |
58 | ns.example.com. IN A 1.2.3.4 | |
59 | ENTRY_END | |
60 | RANGE_END | |
61 | ||
62 | ; ns.example.com. KSK 55582 | |
63 | RANGE_BEGIN 0 10 | |
64 | ADDRESS 1.2.3.4 | |
65 | ENTRY_BEGIN | |
66 | MATCH opcode qname qtype | |
67 | ADJUST copy_id | |
68 | REPLY QR AA | |
69 | SECTION QUESTION | |
70 | www.example.com. IN A | |
71 | SECTION ANSWER | |
72 | www.example.com. 3600 IN A 10.20.30.40 | |
73 | www.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899} | |
74 | SECTION AUTHORITY | |
75 | example.com. 3600 IN NS ns.example.com. | |
76 | example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899} | |
77 | SECTION ADDITIONAL | |
78 | ns.example.com. 3600 IN A 1.2.3.4 | |
79 | ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899} | |
80 | ENTRY_END | |
81 | ||
82 | ENTRY_BEGIN | |
83 | MATCH opcode qname qtype | |
84 | ADJUST copy_id | |
85 | REPLY QR AA | |
86 | SECTION QUESTION | |
87 | example.com. IN DNSKEY | |
88 | SECTION ANSWER | |
89 | ; KSK 1 | |
90 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} | |
91 | ; ZSK 1 | |
92 | example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} | |
93 | ; signatures | |
94 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899} | |
95 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582} | |
96 | ENTRY_END | |
97 | RANGE_END | |
98 | ||
99 | ; ns.example.com. KSK 55582 and 60946 | |
100 | RANGE_BEGIN 11 40 | |
101 | ADDRESS 1.2.3.4 | |
102 | ENTRY_BEGIN | |
103 | MATCH opcode qname qtype | |
104 | ADJUST copy_id | |
105 | REPLY QR AA | |
106 | SECTION QUESTION | |
107 | example.com. IN DNSKEY | |
108 | SECTION ANSWER | |
109 | ; KSK 1 | |
110 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} | |
111 | ; KSK 2 | |
112 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} | |
113 | ; ZSK 1 | |
114 | example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} | |
115 | ; signatures | |
116 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 30899 example.com. rkaCUpTFPWVu4Om5oMTR+39Mct6ZMs56xrE0rbxMMOokfvIQheIxsAEc5BFJeA/2y5WTewl6diCD6yQXCybrDg== ;{id = 30899} | |
117 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 55582 example.com. CoMon+lWPAsUvgfpCTDPx8Zn8dQpky3lu2O6T+oJ2Mat9a/u1YwGhSQHGPn7ZNG/4vKM97tx84sSlUGz3geD1w== ;{id = 55582} | |
118 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 60946 example.com. o+Cbs7DcYPYlSLd4hi3vkSVQpXGnKgKSi9MpHGfu1Uahv5190U2DUOxP1du/HOYbf+IHYL8zLbMZjVEG5wgnTg== ;{id = 60946} | |
119 | ENTRY_END | |
120 | RANGE_END | |
121 | ||
122 | ; ns.example.com. KSK 55582 and 60946 (signatures updated) | |
123 | RANGE_BEGIN 41 50 | |
124 | ADDRESS 1.2.3.4 | |
125 | ENTRY_BEGIN | |
126 | MATCH opcode qname qtype | |
127 | ADJUST copy_id | |
128 | REPLY QR AA | |
129 | SECTION QUESTION | |
130 | example.com. IN DNSKEY | |
131 | SECTION ANSWER | |
132 | ; KSK 1 | |
133 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} | |
134 | ; KSK 2 | |
135 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} | |
136 | ; ZSK 1 | |
137 | example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} | |
138 | ; signatures | |
139 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 30899 example.com. rkaCUpTFPWVu4Om5oMTR+39Mct6ZMs56xrE0rbxMMOokfvIQheIxsAEc5BFJeA/2y5WTewl6diCD6yQXCybrDg== ;{id = 30899} | |
140 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 55582 example.com. v/HJbdpeVMpbhwYXrT1EDGpAFMvEgdKQII1cAbP6o8KHYNKDh8TIJ25/pXe3daEXfej6/Z5kpqJ79okPKUoi1Q== ;{id = 55582} | |
141 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 60946 example.com. HgXol1hdvbomOM1CFRW8qsHd3D0qOnN72EeMHTcpxIBBiuNLKZn4n1M14Voxj3vo0eAMNuG/y7EjQkxKvSsaDA== ;{id = 60946} | |
142 | ENTRY_END | |
143 | RANGE_END | |
144 | ||
145 | ; ns.example.com. KSK 55582-REVOKED and 60946 | |
146 | RANGE_BEGIN 51 60 | |
147 | ADDRESS 1.2.3.4 | |
148 | ENTRY_BEGIN | |
149 | MATCH opcode qname qtype | |
150 | ADJUST copy_id | |
151 | REPLY QR AA | |
152 | SECTION QUESTION | |
153 | example.com. IN DNSKEY | |
154 | SECTION ANSWER | |
155 | ; KSK 1 | |
156 | example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} | |
157 | ; KSK 2 | |
158 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} | |
159 | ; ZSK 1 | |
160 | example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} | |
161 | ; signatures | |
162 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 30899 example.com. qLKZUJEi3ajSJ4/b7xl0BwhzW6JtjsojpZ+2nUx1PvaeQVoTmyWxjxc2tAmJGcBPqMqzeY470xvyMDvGTOiQCQ== ;{id = 30899} | |
163 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 55710 example.com. EW2YB+2yNX9LTNDPVwkcGnRTTx38pOiwBaixdwxmDgqWKXLDLM6Kd2Xv9tveS39RnSZ5H1inRXE55q+rL6Re3g== ;{id = 55710} | |
164 | ; wrong keytag: | |
165 | ;example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 55582 example.com. nH/6HauVJI4GGz78UoK/38cOOrEqsYZP0jFzfCC3OyIlclVTjAFvjVPlVMGK7sA5Nw1v20YtFTQkXZgbrRuInQ== ;{id = 55582} | |
166 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 60946 example.com. xKSBZr4vOsEUKlVoNb6SOV69DM7xFOJI4gPFKq5Tv4APIMJ/9G3odoDmNcLCVyYGzhoDik5hciJnZio6UHgzAA== ;{id = 60946} | |
167 | ENTRY_END | |
168 | RANGE_END | |
169 | ||
170 | ; ns.example.com. KSK 60946 | |
171 | RANGE_BEGIN 61 70 | |
172 | ADDRESS 1.2.3.4 | |
173 | ENTRY_BEGIN | |
174 | MATCH opcode qname qtype | |
175 | ADJUST copy_id | |
176 | REPLY QR AA | |
177 | SECTION QUESTION | |
178 | example.com. IN DNSKEY | |
179 | SECTION ANSWER | |
180 | ; KSK 2 | |
181 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} | |
182 | ; ZSK 1 | |
183 | example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} | |
184 | ; signatures | |
185 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20101224111500 20101118111500 30899 example.com. TfFGz1kDtkn3ixbKMJvQDZ0uGw/eW+inIiPqQVPQtO2WiocKrnYnzwv/AqwnFvEar70dF15/zffNIF+ipOS5/g== ;{id = 30899} | |
186 | example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20101224111500 20101118111500 60946 example.com. X0Ci//w0czN/J5RvypHGqp56n1tLdapi92ODAqjM7QpZXbSHaJ7wfPG1PZzvdxHUZUVyf8uy2stjg/XoLGHMWA== ;{id = 60946} | |
187 | ENTRY_END | |
188 | RANGE_END | |
189 | ||
190 | ; set date/time to Aug 24 07:46:40 (2009). | |
191 | STEP 5 TIME_PASSES ELAPSE 1251100000 | |
192 | STEP 6 TRAFFIC ; the initial probe | |
193 | STEP 7 ASSIGN t0 = ${time} | |
194 | STEP 8 ASSIGN probe0 = ${range 4800 ${timeout} 5400} | |
195 | ||
196 | ; the auto probing should have been done now. | |
197 | STEP 10 CHECK_AUTOTRUST example.com | |
198 | FILE_BEGIN | |
199 | ; autotrust trust anchor file | |
200 | ;;id: example.com. 1 | |
201 | ;;last_queried: ${$t0} ;;${ctime $t0} | |
202 | ;;last_success: ${$t0} ;;${ctime $t0} | |
203 | ;;next_probe_time: ${$t0 + $probe0} ;;${ctime $t0 + $probe0} | |
204 | ;;query_failed: 0 | |
205 | ;;query_interval: 5400 | |
206 | ;;retry_time: 3600 | |
207 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0} | |
208 | FILE_END | |
209 | ||
210 | ; key prepublished. First poll. 30 days later | |
211 | STEP 11 TIME_PASSES EVAL ${30*24*3600} | |
212 | STEP 12 TRAFFIC | |
213 | STEP 13 ASSIGN t1 = ${time} | |
214 | STEP 14 ASSIGN probe1 = ${range 4800 ${timeout} 5400} | |
215 | STEP 15 CHECK_AUTOTRUST example.com | |
216 | FILE_BEGIN | |
217 | ; autotrust trust anchor file | |
218 | ;;id: example.com. 1 | |
219 | ;;last_queried: ${$t1} ;;${ctime $t1} | |
220 | ;;last_success: ${$t1} ;;${ctime $t1} | |
221 | ;;next_probe_time: ${$t1 + $probe1} ;;${ctime $t1 + $probe1} | |
222 | ;;query_failed: 0 | |
223 | ;;query_interval: 5400 | |
224 | ;;retry_time: 3600 | |
225 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t1} ;;${ctime $t1} | |
226 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0} | |
227 | FILE_END | |
228 | ||
229 | ; Second poll. 10 days later | |
230 | STEP 21 TIME_PASSES EVAL ${10*24*3600} | |
231 | STEP 22 TRAFFIC | |
232 | STEP 23 ASSIGN t2 = ${time} | |
233 | STEP 24 ASSIGN probe2 = ${range 4800 ${timeout} 5400} | |
234 | STEP 25 CHECK_AUTOTRUST example.com | |
235 | FILE_BEGIN | |
236 | ; autotrust trust anchor file | |
237 | ;;id: example.com. 1 | |
238 | ;;last_queried: ${$t2} ;;${ctime $t2} | |
239 | ;;last_success: ${$t2} ;;${ctime $t2} | |
240 | ;;next_probe_time: ${$t2 + $probe2} ;;${ctime $t2 + $probe2} | |
241 | ;;query_failed: 0 | |
242 | ;;query_interval: 5400 | |
243 | ;;retry_time: 3600 | |
244 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=2 ;;lastchange=${$t1} ;;${ctime $t1} | |
245 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0} | |
246 | FILE_END | |
247 | ||
248 | ; t3 is removed third poll time. | |
249 | ||
250 | ; 21 days later, hold down has lapsed. | |
251 | STEP 41 TIME_PASSES EVAL ${21*24*3600} | |
252 | STEP 42 TRAFFIC | |
253 | STEP 43 ASSIGN t4 = ${time} | |
254 | STEP 44 ASSIGN probe4 = ${range 4800 ${timeout} 5400} | |
255 | STEP 45 CHECK_AUTOTRUST example.com | |
256 | FILE_BEGIN | |
257 | ; autotrust trust anchor file | |
258 | ;;id: example.com. 1 | |
259 | ;;last_queried: ${$t4} ;;${ctime $t4} | |
260 | ;;last_success: ${$t4} ;;${ctime $t4} | |
261 | ;;next_probe_time: ${$t4 + $probe4} ;;${ctime $t4 + $probe4} | |
262 | ;;query_failed: 0 | |
263 | ;;query_interval: 5400 | |
264 | ;;retry_time: 3600 | |
265 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4} | |
266 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0} | |
267 | FILE_END | |
268 | ||
269 | ; 30 days later, the old key is revoked | |
270 | STEP 51 TIME_PASSES EVAL ${30*24*3600} | |
271 | STEP 52 TRAFFIC | |
272 | STEP 53 ASSIGN t5 = ${time} | |
273 | STEP 54 ASSIGN probe5 = ${range 4800 ${timeout} 5400} | |
274 | STEP 55 CHECK_AUTOTRUST example.com | |
275 | FILE_BEGIN | |
276 | ; autotrust trust anchor file | |
277 | ;;id: example.com. 1 | |
278 | ;;last_queried: ${$t5} ;;${ctime $t5} | |
279 | ;;last_success: ${$t5} ;;${ctime $t5} | |
280 | ;;next_probe_time: ${$t5 + $probe5} ;;${ctime $t5 + $probe5} | |
281 | ;;query_failed: 0 | |
282 | ;;query_interval: 5400 | |
283 | ;;retry_time: 3600 | |
284 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4} | |
285 | example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t5} ;;${ctime $t5} | |
286 | FILE_END | |
287 | ||
288 | ; 370 days later, the old key is removed from storage | |
289 | STEP 61 TIME_PASSES EVAL ${370*24*3600} | |
290 | STEP 62 TRAFFIC | |
291 | STEP 63 ASSIGN t6 = ${time} | |
292 | STEP 64 ASSIGN probe6 = ${range 4800 ${timeout} 5400} | |
293 | STEP 65 CHECK_AUTOTRUST example.com | |
294 | FILE_BEGIN | |
295 | ; autotrust trust anchor file | |
296 | ;;id: example.com. 1 | |
297 | ;;last_queried: ${$t6} ;;${ctime $t6} | |
298 | ;;last_success: ${$t6} ;;${ctime $t6} | |
299 | ;;next_probe_time: ${$t6 + $probe6} ;;${ctime $t6 + $probe6} | |
300 | ;;query_failed: 0 | |
301 | ;;query_interval: 5400 | |
302 | ;;retry_time: 3600 | |
303 | example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4} | |
304 | FILE_END | |
305 | ||
306 | ||
307 | SCENARIO_END |