]>
Commit | Line | Data |
---|---|---|
1 | ; config options | |
2 | ; The island of trust is at example.com (the DLV repository) | |
3 | server: | |
4 | dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" | |
5 | val-override-date: "20070916134226" | |
6 | target-fetch-policy: "0 0 0 0 0" | |
7 | ||
8 | stub-zone: | |
9 | name: "." | |
10 | stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. | |
11 | CONFIG_END | |
12 | ||
13 | SCENARIO_BEGIN Test validator with unknown algorithm DLV anchor | |
14 | ; positive response for DLV. | |
15 | ; but only has unknown algos | |
16 | ; have to treat zone as insecure | |
17 | ||
18 | ; K.ROOT-SERVERS.NET. | |
19 | RANGE_BEGIN 0 100 | |
20 | ADDRESS 193.0.14.129 | |
21 | ENTRY_BEGIN | |
22 | MATCH opcode qtype qname | |
23 | ADJUST copy_id | |
24 | REPLY QR NOERROR | |
25 | SECTION QUESTION | |
26 | . IN NS | |
27 | SECTION ANSWER | |
28 | . IN NS K.ROOT-SERVERS.NET. | |
29 | SECTION ADDITIONAL | |
30 | K.ROOT-SERVERS.NET. IN A 193.0.14.129 | |
31 | ENTRY_END | |
32 | ||
33 | ENTRY_BEGIN | |
34 | MATCH opcode subdomain | |
35 | ADJUST copy_id copy_query | |
36 | REPLY QR NOERROR | |
37 | SECTION QUESTION | |
38 | com. IN A | |
39 | SECTION AUTHORITY | |
40 | com. IN NS a.gtld-servers.net. | |
41 | SECTION ADDITIONAL | |
42 | a.gtld-servers.net. IN A 192.5.6.30 | |
43 | ENTRY_END | |
44 | ||
45 | ENTRY_BEGIN | |
46 | MATCH opcode subdomain | |
47 | ADJUST copy_id copy_query | |
48 | REPLY QR NOERROR | |
49 | SECTION QUESTION | |
50 | net. IN A | |
51 | SECTION AUTHORITY | |
52 | net. IN NS a.gtld-servers.net. | |
53 | SECTION ADDITIONAL | |
54 | a.gtld-servers.net. IN A 192.5.6.30 | |
55 | ENTRY_END | |
56 | RANGE_END | |
57 | ||
58 | ; a.gtld-servers.net. | |
59 | RANGE_BEGIN 0 100 | |
60 | ADDRESS 192.5.6.30 | |
61 | ENTRY_BEGIN | |
62 | MATCH opcode qtype qname | |
63 | ADJUST copy_id | |
64 | REPLY QR NOERROR | |
65 | SECTION QUESTION | |
66 | com. IN NS | |
67 | SECTION ANSWER | |
68 | com. IN NS a.gtld-servers.net. | |
69 | SECTION ADDITIONAL | |
70 | a.gtld-servers.net. IN A 192.5.6.30 | |
71 | ENTRY_END | |
72 | ||
73 | ENTRY_BEGIN | |
74 | MATCH opcode qtype qname | |
75 | ADJUST copy_id | |
76 | REPLY QR NOERROR | |
77 | SECTION QUESTION | |
78 | net. IN NS | |
79 | SECTION ANSWER | |
80 | net. IN NS a.gtld-servers.net. | |
81 | SECTION ADDITIONAL | |
82 | a.gtld-servers.net. IN A 192.5.6.30 | |
83 | ENTRY_END | |
84 | ||
85 | ENTRY_BEGIN | |
86 | MATCH opcode subdomain | |
87 | ADJUST copy_id copy_query | |
88 | REPLY QR NOERROR | |
89 | SECTION QUESTION | |
90 | example.com. IN A | |
91 | SECTION AUTHORITY | |
92 | example.com. IN NS ns.example.com. | |
93 | SECTION ADDITIONAL | |
94 | ns.example.com. IN A 1.2.3.4 | |
95 | ENTRY_END | |
96 | ||
97 | ENTRY_BEGIN | |
98 | MATCH opcode subdomain | |
99 | ADJUST copy_id copy_query | |
100 | REPLY QR NOERROR | |
101 | SECTION QUESTION | |
102 | example.net. IN A | |
103 | SECTION AUTHORITY | |
104 | example.net. IN NS ns.example.net. | |
105 | SECTION ADDITIONAL | |
106 | ns.example.net. IN A 1.2.3.5 | |
107 | ENTRY_END | |
108 | RANGE_END | |
109 | ||
110 | ; ns.example.com. | |
111 | RANGE_BEGIN 0 100 | |
112 | ADDRESS 1.2.3.4 | |
113 | ENTRY_BEGIN | |
114 | MATCH opcode qtype qname | |
115 | ADJUST copy_id | |
116 | REPLY QR NOERROR | |
117 | SECTION QUESTION | |
118 | example.com. IN NS | |
119 | SECTION ANSWER | |
120 | example.com. IN NS ns.example.com. | |
121 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
122 | SECTION ADDITIONAL | |
123 | ns.example.com. IN A 1.2.3.4 | |
124 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
125 | ENTRY_END | |
126 | ||
127 | ; response to DNSKEY priming query | |
128 | ENTRY_BEGIN | |
129 | MATCH opcode qtype qname | |
130 | ADJUST copy_id | |
131 | REPLY QR NOERROR | |
132 | SECTION QUESTION | |
133 | example.com. IN DNSKEY | |
134 | SECTION ANSWER | |
135 | example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} | |
136 | example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} | |
137 | SECTION AUTHORITY | |
138 | example.com. IN NS ns.example.com. | |
139 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
140 | SECTION ADDITIONAL | |
141 | ns.example.com. IN A 1.2.3.4 | |
142 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
143 | ENTRY_END | |
144 | ||
145 | ; DLV query | |
146 | ENTRY_BEGIN | |
147 | MATCH opcode qtype qname | |
148 | ADJUST copy_id | |
149 | REPLY QR NOERROR | |
150 | SECTION QUESTION | |
151 | example.net.example.com. IN DLV | |
152 | SECTION ANSWER | |
153 | ; algo 208 is unknown | |
154 | example.net.example.com. 3600 IN DLV 30899 208 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix | |
155 | example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. AFBU1dN/KstcLfQQzy7ZKvPq+2hQg7D6QynqgwI3f8envPQGj782/NA= ;{id = 2854} | |
156 | ;example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix | |
157 | ;example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} | |
158 | SECTION AUTHORITY | |
159 | example.com. IN NS ns.example.com. | |
160 | example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} | |
161 | SECTION ADDITIONAL | |
162 | ns.example.com. IN A 1.2.3.4 | |
163 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
164 | ENTRY_END | |
165 | ||
166 | ENTRY_BEGIN | |
167 | MATCH opcode qtype qname | |
168 | ADJUST copy_id | |
169 | REPLY QR NOERROR | |
170 | SECTION QUESTION | |
171 | net.example.com. IN DLV | |
172 | SECTION ANSWER | |
173 | SECTION AUTHORITY | |
174 | example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 | |
175 | example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} | |
176 | example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC | |
177 | example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} | |
178 | ENTRY_END | |
179 | ||
180 | ENTRY_BEGIN | |
181 | MATCH opcode qtype qname | |
182 | ADJUST copy_id | |
183 | REPLY QR NXDOMAIN | |
184 | SECTION QUESTION | |
185 | com.example.com. IN DLV | |
186 | SECTION ANSWER | |
187 | SECTION AUTHORITY | |
188 | example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 | |
189 | example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} | |
190 | example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC | |
191 | example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} | |
192 | ENTRY_END | |
193 | ||
194 | RANGE_END | |
195 | ||
196 | ; ns.example.net. | |
197 | RANGE_BEGIN 0 100 | |
198 | ADDRESS 1.2.3.5 | |
199 | ; DS RR is | |
200 | ; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix | |
201 | ; DNSKEY prime query | |
202 | ENTRY_BEGIN | |
203 | MATCH opcode qtype qname | |
204 | ADJUST copy_id | |
205 | REPLY QR NOERROR | |
206 | SECTION QUESTION | |
207 | example.net. IN DNSKEY | |
208 | SECTION ANSWER | |
209 | example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} | |
210 | example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} | |
211 | SECTION AUTHORITY | |
212 | example.net. IN NS ns.example.net. | |
213 | example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} | |
214 | SECTION ADDITIONAL | |
215 | ns.example.net. IN A 1.2.3.5 | |
216 | ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} | |
217 | ENTRY_END | |
218 | ||
219 | ; NS query | |
220 | ENTRY_BEGIN | |
221 | MATCH opcode qtype qname | |
222 | ADJUST copy_id | |
223 | REPLY QR NOERROR | |
224 | SECTION QUESTION | |
225 | example.net. IN NS | |
226 | SECTION ANSWER | |
227 | example.net. IN NS ns.example.net. | |
228 | example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} | |
229 | SECTION ADDITIONAL | |
230 | ns.example.net. IN A 1.2.3.5 | |
231 | ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} | |
232 | ENTRY_END | |
233 | ||
234 | ; www.example.net query | |
235 | ENTRY_BEGIN | |
236 | MATCH opcode qtype qname | |
237 | ADJUST copy_id | |
238 | REPLY QR NOERROR | |
239 | SECTION QUESTION | |
240 | www.example.net. IN A | |
241 | SECTION ANSWER | |
242 | www.example.net. 3600 IN A 10.20.30.40 | |
243 | www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} | |
244 | SECTION AUTHORITY | |
245 | example.net. IN NS ns.example.net. | |
246 | example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} | |
247 | SECTION ADDITIONAL | |
248 | ns.example.net. IN A 1.2.3.5 | |
249 | ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} | |
250 | ENTRY_END | |
251 | ||
252 | ||
253 | RANGE_END | |
254 | ||
255 | STEP 1 QUERY | |
256 | ENTRY_BEGIN | |
257 | REPLY RD DO | |
258 | SECTION QUESTION | |
259 | www.example.net. IN A | |
260 | ENTRY_END | |
261 | ||
262 | ; recursion happens here. | |
263 | STEP 10 CHECK_ANSWER | |
264 | ENTRY_BEGIN | |
265 | MATCH all | |
266 | REPLY QR RD RA DO NOERROR | |
267 | SECTION QUESTION | |
268 | www.example.net. IN A | |
269 | SECTION ANSWER | |
270 | www.example.net. 3600 IN A 10.20.30.40 | |
271 | www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} | |
272 | SECTION AUTHORITY | |
273 | example.net. IN NS ns.example.net. | |
274 | example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} | |
275 | SECTION ADDITIONAL | |
276 | ns.example.net. IN A 1.2.3.5 | |
277 | ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} | |
278 | ENTRY_END | |
279 | ||
280 | SCENARIO_END |