]> git.saurik.com Git - apple/network_cmds.git/blame_incremental - unbound/testdata/val_ans_nx.rpl
projects / apple / network_cmds.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
network_cmds-596.100.2.tar.gz
[apple/network_cmds.git] / unbound / testdata / val_ans_nx.rpl
... / ...
CommitLineData
1; config options
2; The island of trust is at example.com
3server:
4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5 val-override-date: "20070916134226"
6 target-fetch-policy: "0 0 0 0 0"
7
8stub-zone:
9 name: "."
10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
11CONFIG_END
12
13SCENARIO_BEGIN Test validator with DS nodata as nxdomain on trust chain
14; This is a bug in ANS 2.8.1.0 where it gives an NXDOMAIN instead of
15; NOERROR for an empty nonterminal DS query. The proof for this NXDOMAIN
16; is the NSEC that proves emptynonterminal.
17
18; K.ROOT-SERVERS.NET.
19RANGE_BEGIN 0 100
20 ADDRESS 193.0.14.129
21ENTRY_BEGIN
22MATCH opcode qtype qname
23ADJUST copy_id
24REPLY QR NOERROR
25SECTION QUESTION
26. IN NS
27SECTION ANSWER
28. IN NS K.ROOT-SERVERS.NET.
29SECTION ADDITIONAL
30K.ROOT-SERVERS.NET. IN A 193.0.14.129
31ENTRY_END
32
33ENTRY_BEGIN
34MATCH opcode qtype qname
35ADJUST copy_id
36REPLY QR NOERROR
37SECTION QUESTION
38328.0.0.194.example.com. IN A
39SECTION AUTHORITY
40com. IN NS a.gtld-servers.net.
41SECTION ADDITIONAL
42a.gtld-servers.net. IN A 192.5.6.30
43ENTRY_END
44RANGE_END
45
46; a.gtld-servers.net.
47RANGE_BEGIN 0 100
48 ADDRESS 192.5.6.30
49ENTRY_BEGIN
50MATCH opcode qtype qname
51ADJUST copy_id
52REPLY QR NOERROR
53SECTION QUESTION
54com. IN NS
55SECTION ANSWER
56com. IN NS a.gtld-servers.net.
57SECTION ADDITIONAL
58a.gtld-servers.net. IN A 192.5.6.30
59ENTRY_END
60
61ENTRY_BEGIN
62MATCH opcode qtype qname
63ADJUST copy_id
64REPLY QR NOERROR
65SECTION QUESTION
66328.0.0.194.example.com. IN A
67SECTION AUTHORITY
68example.com. IN NS ns.example.com.
69SECTION ADDITIONAL
70ns.example.com. IN A 1.2.3.4
71ENTRY_END
72RANGE_END
73
74; ns.example.com.
75RANGE_BEGIN 0 100
76 ADDRESS 1.2.3.4
77ENTRY_BEGIN
78MATCH opcode qtype qname
79ADJUST copy_id
80REPLY QR NOERROR
81SECTION QUESTION
82example.com. IN NS
83SECTION ANSWER
84example.com. IN NS ns.example.com.
85example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
86SECTION ADDITIONAL
87ns.example.com. IN A 1.2.3.4
88ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
89ENTRY_END
90
91; response to DNSKEY priming query
92ENTRY_BEGIN
93MATCH opcode qtype qname
94ADJUST copy_id
95REPLY QR NOERROR
96SECTION QUESTION
97example.com. IN DNSKEY
98SECTION ANSWER
99example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
100example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
101SECTION AUTHORITY
102example.com. IN NS ns.example.com.
103example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
104SECTION ADDITIONAL
105ns.example.com. IN A 1.2.3.4
106ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
107ENTRY_END
108
109; responses to DS empty nonterminal queries.
110ENTRY_BEGIN
111MATCH opcode qtype qname
112ADJUST copy_id
113REPLY QR AA NOERROR
114SECTION QUESTION
115194.example.com. IN DS
116SECTION AUTHORITY
117example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
118example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
119
120; This NSEC proves the NOERROR/NODATA case.
121194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
122194.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
123
124ENTRY_END
125
126ENTRY_BEGIN
127MATCH opcode qtype qname
128ADJUST copy_id
129; Bad NXDOMAIN response, this should be NOERROR.
130REPLY QR AA NXDOMAIN
131SECTION QUESTION
1320.194.example.com. IN DS
133SECTION AUTHORITY
134example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
135example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
136
137; This NSEC proves the NOERROR/NODATA case.
138194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
139194.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
140
141ENTRY_END
142
143; response for delegation to sub zone.
144ENTRY_BEGIN
145MATCH opcode qtype qname
146ADJUST copy_id
147REPLY QR NOERROR
148SECTION QUESTION
149328.0.0.194.example.com. IN A
150SECTION ANSWER
151SECTION AUTHORITY
1520.0.194.example.com. IN NS ns.sub.example.com.
1530.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
1540.0.194.example.com. 3600 IN RRSIG DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
155SECTION ADDITIONAL
156ns.sub.example.com. IN A 1.2.3.6
157ENTRY_END
158
159; response for delegation to sub zone
160ENTRY_BEGIN
161MATCH opcode qtype qname
162ADJUST copy_id
163REPLY QR NOERROR
164SECTION QUESTION
1650.0.194.example.com. IN DNSKEY
166SECTION ANSWER
167SECTION AUTHORITY
1680.0.194.example.com. IN NS ns.sub.example.com.
1690.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
1700.0.194.example.com. 3600 IN RRSIG DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
171SECTION ADDITIONAL
172ns.sub.example.com. IN A 1.2.3.6
173ENTRY_END
174RANGE_END
175
176; ns.sub.example.com. for zone 0.0.194.example.com.
177RANGE_BEGIN 0 100
178 ADDRESS 1.2.3.6
179ENTRY_BEGIN
180MATCH opcode qtype qname
181ADJUST copy_id
182REPLY QR NOERROR
183SECTION QUESTION
1840.0.194.example.com. IN NS
185SECTION ANSWER
1860.0.194.example.com. IN NS ns.sub.example.com.
1870.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
188SECTION ADDITIONAL
189ns.sub.example.com. IN A 1.2.3.6
190ENTRY_END
191
192; response to DNSKEY priming query
193; 0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
194ENTRY_BEGIN
195MATCH opcode qtype qname
196ADJUST copy_id
197REPLY QR NOERROR
198SECTION QUESTION
1990.0.194.example.com. IN DNSKEY
200SECTION ANSWER
2010.0.194.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
2020.0.194.example.com. 3600 IN RRSIG DNSKEY 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. fSmc7ef6NwbDXC0o4wPc/aa8LakW5ZJwEZ4xPYl3tTZKmPNM7hPXskl1tFlvst9Va4u37F62v+16trprHb+SCQ== ;{id = 30899}
203SECTION AUTHORITY
2040.0.194.example.com. IN NS ns.sub.example.com.
2050.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
206SECTION ADDITIONAL
207ns.sub.example.com. IN A 1.2.3.6
208ENTRY_END
209
210; response to query of interest
211ENTRY_BEGIN
212MATCH opcode qtype qname
213ADJUST copy_id
214REPLY QR NOERROR
215SECTION QUESTION
216328.0.0.194.example.com. IN A
217SECTION ANSWER
218328.0.0.194.example.com. IN A 11.11.11.11
219328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
220SECTION AUTHORITY
221SECTION ADDITIONAL
222ENTRY_END
223RANGE_END
224
225STEP 1 QUERY
226ENTRY_BEGIN
227REPLY RD DO
228SECTION QUESTION
229328.0.0.194.example.com. IN A
230ENTRY_END
231
232; recursion happens here.
233STEP 10 CHECK_ANSWER
234ENTRY_BEGIN
235MATCH all
236REPLY QR RD RA AD DO NOERROR
237SECTION QUESTION
238328.0.0.194.example.com. IN A
239SECTION ANSWER
240328.0.0.194.example.com. 3600 IN A 11.11.11.11
241328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
242SECTION AUTHORITY
243SECTION ADDITIONAL
244ENTRY_END
245
246SCENARIO_END
mirror of network_cmds