| 1 | ; config options |
| 2 | ; The island of trust is at example.com |
| 3 | server: |
| 4 | trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" |
| 5 | trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" |
| 6 | val-override-date: "20070916134226" |
| 7 | target-fetch-policy: "0 0 0 0 0" |
| 8 | |
| 9 | stub-zone: |
| 10 | name: "." |
| 11 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. |
| 12 | CONFIG_END |
| 13 | |
| 14 | SCENARIO_BEGIN Test validator with cname to nxdomain |
| 15 | |
| 16 | ; K.ROOT-SERVERS.NET. |
| 17 | RANGE_BEGIN 0 100 |
| 18 | ADDRESS 193.0.14.129 |
| 19 | ENTRY_BEGIN |
| 20 | MATCH opcode qtype qname |
| 21 | ADJUST copy_id |
| 22 | REPLY QR NOERROR |
| 23 | SECTION QUESTION |
| 24 | . IN NS |
| 25 | SECTION ANSWER |
| 26 | . IN NS K.ROOT-SERVERS.NET. |
| 27 | SECTION ADDITIONAL |
| 28 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 |
| 29 | ENTRY_END |
| 30 | |
| 31 | ENTRY_BEGIN |
| 32 | MATCH opcode qtype qname |
| 33 | ADJUST copy_id |
| 34 | REPLY QR NOERROR |
| 35 | SECTION QUESTION |
| 36 | www.example.com. IN A |
| 37 | SECTION AUTHORITY |
| 38 | com. IN NS a.gtld-servers.net. |
| 39 | SECTION ADDITIONAL |
| 40 | a.gtld-servers.net. IN A 192.5.6.30 |
| 41 | ENTRY_END |
| 42 | |
| 43 | ENTRY_BEGIN |
| 44 | MATCH opcode qtype qname |
| 45 | ADJUST copy_id |
| 46 | REPLY QR NOERROR |
| 47 | SECTION QUESTION |
| 48 | www.example.net. IN A |
| 49 | SECTION AUTHORITY |
| 50 | net. IN NS a.gtld-servers.net. |
| 51 | SECTION ADDITIONAL |
| 52 | a.gtld-servers.net. IN A 192.5.6.30 |
| 53 | ENTRY_END |
| 54 | RANGE_END |
| 55 | |
| 56 | ; a.gtld-servers.net. |
| 57 | RANGE_BEGIN 0 100 |
| 58 | ADDRESS 192.5.6.30 |
| 59 | ENTRY_BEGIN |
| 60 | MATCH opcode qtype qname |
| 61 | ADJUST copy_id |
| 62 | REPLY QR NOERROR |
| 63 | SECTION QUESTION |
| 64 | com. IN NS |
| 65 | SECTION ANSWER |
| 66 | com. IN NS a.gtld-servers.net. |
| 67 | SECTION ADDITIONAL |
| 68 | a.gtld-servers.net. IN A 192.5.6.30 |
| 69 | ENTRY_END |
| 70 | |
| 71 | ENTRY_BEGIN |
| 72 | MATCH opcode qtype qname |
| 73 | ADJUST copy_id |
| 74 | REPLY QR NOERROR |
| 75 | SECTION QUESTION |
| 76 | net. IN NS |
| 77 | SECTION ANSWER |
| 78 | net. IN NS a.gtld-servers.net. |
| 79 | SECTION ADDITIONAL |
| 80 | a.gtld-servers.net. IN A 192.5.6.30 |
| 81 | ENTRY_END |
| 82 | |
| 83 | ENTRY_BEGIN |
| 84 | MATCH opcode qtype qname |
| 85 | ADJUST copy_id |
| 86 | REPLY QR NOERROR |
| 87 | SECTION QUESTION |
| 88 | www.example.com. IN A |
| 89 | SECTION AUTHORITY |
| 90 | example.com. IN NS ns.example.com. |
| 91 | SECTION ADDITIONAL |
| 92 | ns.example.com. IN A 1.2.3.4 |
| 93 | ENTRY_END |
| 94 | ENTRY_BEGIN |
| 95 | MATCH opcode qtype qname |
| 96 | ADJUST copy_id |
| 97 | REPLY QR NOERROR |
| 98 | SECTION QUESTION |
| 99 | www.example.net. IN A |
| 100 | SECTION AUTHORITY |
| 101 | example.net. IN NS ns.example.net. |
| 102 | SECTION ADDITIONAL |
| 103 | ns.example.net. IN A 1.2.3.5 |
| 104 | ENTRY_END |
| 105 | RANGE_END |
| 106 | |
| 107 | ; ns.example.com. |
| 108 | RANGE_BEGIN 0 100 |
| 109 | ADDRESS 1.2.3.4 |
| 110 | ENTRY_BEGIN |
| 111 | MATCH opcode qtype qname |
| 112 | ADJUST copy_id |
| 113 | REPLY QR NOERROR |
| 114 | SECTION QUESTION |
| 115 | example.com. IN NS |
| 116 | SECTION ANSWER |
| 117 | example.com. IN NS ns.example.com. |
| 118 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} |
| 119 | SECTION ADDITIONAL |
| 120 | ns.example.com. IN A 1.2.3.4 |
| 121 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} |
| 122 | ENTRY_END |
| 123 | |
| 124 | ; response to DNSKEY priming query |
| 125 | ENTRY_BEGIN |
| 126 | MATCH opcode qtype qname |
| 127 | ADJUST copy_id |
| 128 | REPLY QR NOERROR |
| 129 | SECTION QUESTION |
| 130 | example.com. IN DNSKEY |
| 131 | SECTION ANSWER |
| 132 | example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} |
| 133 | example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} |
| 134 | SECTION AUTHORITY |
| 135 | example.com. IN NS ns.example.com. |
| 136 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} |
| 137 | SECTION ADDITIONAL |
| 138 | ns.example.com. IN A 1.2.3.4 |
| 139 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} |
| 140 | ENTRY_END |
| 141 | |
| 142 | ; response to query of interest |
| 143 | ENTRY_BEGIN |
| 144 | MATCH opcode qtype qname |
| 145 | ADJUST copy_id |
| 146 | REPLY QR NOERROR |
| 147 | SECTION QUESTION |
| 148 | www.example.com. IN A |
| 149 | SECTION ANSWER |
| 150 | www.example.com. 3600 IN CNAME www.example.net. |
| 151 | www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} |
| 152 | SECTION AUTHORITY |
| 153 | SECTION ADDITIONAL |
| 154 | ENTRY_END |
| 155 | RANGE_END |
| 156 | |
| 157 | ; ns.example.net. |
| 158 | RANGE_BEGIN 0 100 |
| 159 | ADDRESS 1.2.3.5 |
| 160 | ENTRY_BEGIN |
| 161 | MATCH opcode qtype qname |
| 162 | ADJUST copy_id |
| 163 | REPLY QR NOERROR |
| 164 | SECTION QUESTION |
| 165 | example.net. IN NS |
| 166 | SECTION ANSWER |
| 167 | example.net. IN NS ns.example.net. |
| 168 | example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} |
| 169 | SECTION ADDITIONAL |
| 170 | ns.example.net. IN A 1.2.3.5 |
| 171 | ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} |
| 172 | ENTRY_END |
| 173 | |
| 174 | ; response to DNSKEY priming query |
| 175 | ENTRY_BEGIN |
| 176 | MATCH opcode qtype qname |
| 177 | ADJUST copy_id |
| 178 | REPLY QR NOERROR |
| 179 | SECTION QUESTION |
| 180 | example.net. IN DNSKEY |
| 181 | SECTION ANSWER |
| 182 | example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} |
| 183 | example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} |
| 184 | SECTION AUTHORITY |
| 185 | example.net. IN NS ns.example.net. |
| 186 | example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} |
| 187 | SECTION ADDITIONAL |
| 188 | ns.example.net. IN A 1.2.3.5 |
| 189 | ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} |
| 190 | ENTRY_END |
| 191 | |
| 192 | ; response to query of interest |
| 193 | ENTRY_BEGIN |
| 194 | MATCH opcode qtype qname |
| 195 | ADJUST copy_id |
| 196 | REPLY QR NXDOMAIN |
| 197 | SECTION QUESTION |
| 198 | www.example.net. IN A |
| 199 | SECTION ANSWER |
| 200 | SECTION AUTHORITY |
| 201 | example.net. IN NSEC abc.example.net. SOA NS DNSKEY NSEC RRSIG |
| 202 | example.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899} |
| 203 | wab.example.net. IN NSEC wzz.example.net. A NSEC RRSIG |
| 204 | wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} |
| 205 | SECTION ADDITIONAL |
| 206 | ENTRY_END |
| 207 | RANGE_END |
| 208 | |
| 209 | STEP 1 QUERY |
| 210 | ENTRY_BEGIN |
| 211 | REPLY RD DO |
| 212 | SECTION QUESTION |
| 213 | www.example.com. IN A |
| 214 | ENTRY_END |
| 215 | |
| 216 | ; recursion happens here. |
| 217 | STEP 10 CHECK_ANSWER |
| 218 | ENTRY_BEGIN |
| 219 | MATCH all |
| 220 | REPLY QR RD RA AD DO NXDOMAIN |
| 221 | SECTION QUESTION |
| 222 | www.example.com. IN A |
| 223 | SECTION ANSWER |
| 224 | www.example.com. IN CNAME www.example.net. |
| 225 | www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} |
| 226 | SECTION AUTHORITY |
| 227 | example.net. IN NSEC abc.example.net. SOA NS DNSKEY NSEC RRSIG |
| 228 | example.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899} |
| 229 | wab.example.net. IN NSEC wzz.example.net. A NSEC RRSIG |
| 230 | wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} |
| 231 | SECTION ADDITIONAL |
| 232 | ENTRY_END |
| 233 | |
| 234 | SCENARIO_END |