]> git.saurik.com Git - apple/network_cmds.git/blame_incremental - unbound/testdata/autotrust_init_fail.rpl
projects / apple / network_cmds.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
network_cmds-596.100.2.tar.gz
[apple/network_cmds.git] / unbound / testdata / autotrust_init_fail.rpl
... / ...
CommitLineData
1; config options
2server:
3 target-fetch-policy: "0 0 0 0 0"
4 log-time-ascii: yes
5stub-zone:
6 name: "."
7 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
8; initial content (say from dig example.com DNSKEY > example.com.key)
9AUTOTRUST_FILE example.com
10example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
11example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
12AUTOTRUST_END
13CONFIG_END
14
15SCENARIO_BEGIN Test autotrust with failed initial trust anchor
16
17; K-ROOT
18RANGE_BEGIN 0 100
19 ADDRESS 193.0.14.129
20ENTRY_BEGIN
21MATCH opcode qname qtype
22ADJUST copy_id copy_query
23REPLY QR AA
24SECTION QUESTION
25. IN NS
26SECTION ANSWER
27. IN NS k.root-servers.net.
28SECTION ADDITIONAL
29k.root-servers.net IN A 193.0.14.129
30ENTRY_END
31
32ENTRY_BEGIN
33MATCH opcode subdomain
34ADJUST copy_id copy_query
35REPLY QR
36SECTION QUESTION
37com. IN NS
38SECTION AUTHORITY
39com. IN NS a.gtld-servers.net.
40SECTION ADDITIONAL
41a.gtld-servers.net. IN A 192.5.6.30
42ENTRY_END
43RANGE_END
44
45; a.gtld-servers.net.
46RANGE_BEGIN 0 100
47 ADDRESS 192.5.6.30
48ENTRY_BEGIN
49MATCH opcode subdomain
50ADJUST copy_id copy_query
51REPLY QR
52SECTION QUESTION
53example.com. IN NS
54SECTION AUTHORITY
55example.com. IN NS ns.example.com.
56SECTION ADDITIONAL
57ns.example.com. IN A 1.2.3.4
58ENTRY_END
59RANGE_END
60
61; ns.example.com.
62RANGE_BEGIN 0 100
63 ADDRESS 1.2.3.4
64ENTRY_BEGIN
65MATCH opcode qname qtype
66ADJUST copy_id
67REPLY QR AA
68SECTION QUESTION
69ns.example.com. IN AAAA
70SECTION ANSWER
71ns.example.com. IN NSEC nugget.example.com. A NSEC RRSIG
72ns.example.com. 3600 IN RRSIG NSEC 5 3 3600 20090924111500 20090821111500 30899 example.com. WRUQ5d5aBO5AXbvnfCd0AWfKGvQIuAjT2qydGkUIaLZaiP4nj+JdquEy1nGvBwYQ9gWyP7b6C6UGrUnVcNBpcw== ;{id = 30899}
73SECTION AUTHORITY
74example.com. 3600 IN NS ns.example.com.
75example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
76SECTION ADDITIONAL
77ENTRY_END
78
79ENTRY_BEGIN
80MATCH opcode qname qtype
81ADJUST copy_id
82REPLY QR AA
83SECTION QUESTION
84ns.example.com. IN A
85SECTION ANSWER
86ns.example.com. 3600 IN A 1.2.3.4
87ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
88SECTION AUTHORITY
89example.com. 3600 IN NS ns.example.com.
90example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
91SECTION ADDITIONAL
92ENTRY_END
93
94ENTRY_BEGIN
95MATCH opcode qname qtype
96ADJUST copy_id
97REPLY QR AA
98SECTION QUESTION
99www.example.com. IN A
100SECTION ANSWER
101www.example.com. 3600 IN A 10.20.30.40
102www.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
103SECTION AUTHORITY
104example.com. 3600 IN NS ns.example.com.
105example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
106SECTION ADDITIONAL
107ns.example.com. 3600 IN A 1.2.3.4
108ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
109ENTRY_END
110
111ENTRY_BEGIN
112MATCH opcode qname qtype
113ADJUST copy_id
114REPLY QR AA SERVFAIL
115SECTION QUESTION
116example.com. IN DNSKEY
117SECTION ANSWER
118; KSK 1
119example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
120; ZSK 1
121example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (ksk), size = 512b}
122; signatures
123example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
124example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
125
126ENTRY_END
127RANGE_END
128
129; set date/time to Aug 24 07:46:40 (2009).
130STEP 5 TIME_PASSES ELAPSE 1251100000
131STEP 6 ASSIGN t0 = ${time}
132STEP 7 ASSIGN probe = ${range 3200 ${timeout} 3600}
133
134; the auto probing should have been done now.
135STEP 8 CHECK_AUTOTRUST example.com
136FILE_BEGIN
137example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
138example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
139FILE_END
140
141
142STEP 10 QUERY
143ENTRY_BEGIN
144REPLY RD DO
145SECTION QUESTION
146www.example.com. IN A
147ENTRY_END
148
149STEP 20 CHECK_ANSWER
150ENTRY_BEGIN
151MATCH all
152REPLY QR RD RA DO SERVFAIL
153SECTION QUESTION
154www.example.com. IN A
155SECTION ANSWER
156ENTRY_END
157
158; The autotrust anchor was probed due to the query.
159
160STEP 30 CHECK_AUTOTRUST example.com
161FILE_BEGIN
162example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
163example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
164FILE_END
165
166; wait and see if autotrust probes (the unchanged) domain again.
167STEP 40 TIME_PASSES EVAL ${$probe}
168
169STEP 50 TRAFFIC
170
171STEP 65 ASSIGN probe2 = ${range 3200 ${timeout} 3600}
172
173STEP 70 CHECK_AUTOTRUST example.com
174FILE_BEGIN
175example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
176example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
177FILE_END
178
179SCENARIO_END
mirror of network_cmds