]> git.saurik.com Git - apple/network_cmds.git/blob - unbound/testdata/val_unsec_cname.rpl
projects / apple / network_cmds.git / blob
? search:


c532da5ee000b9802d148cc4e529ace68ee2d5aa
[apple/network_cmds.git] / unbound / testdata / val_unsec_cname.rpl
1 ; config options
2 ; The island of trust is at example.com
3 server:
4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5 val-override-date: "20070916134226"
6 target-fetch-policy: "0 0 0 0 0"
7
8 stub-zone:
9 name: "."
10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
11 CONFIG_END
12
13 SCENARIO_BEGIN Test validator with DS, unsec, cname sequence.
14
15 ; K.ROOT-SERVERS.NET.
16 RANGE_BEGIN 0 100
17 ADDRESS 193.0.14.129
18 ENTRY_BEGIN
19 MATCH opcode qtype qname
20 ADJUST copy_id
21 REPLY QR NOERROR
22 SECTION QUESTION
23 . IN NS
24 SECTION ANSWER
25 . IN NS K.ROOT-SERVERS.NET.
26 SECTION ADDITIONAL
27 K.ROOT-SERVERS.NET. IN A 193.0.14.129
28 ENTRY_END
29
30 ENTRY_BEGIN
31 MATCH opcode qtype qname
32 ADJUST copy_id
33 REPLY QR NOERROR
34 SECTION QUESTION
35 a.b.sub.example.com. IN A
36 SECTION AUTHORITY
37 com. IN NS a.gtld-servers.net.
38 SECTION ADDITIONAL
39 a.gtld-servers.net. IN A 192.5.6.30
40 ENTRY_END
41 RANGE_END
42
43 ; a.gtld-servers.net.
44 RANGE_BEGIN 0 100
45 ADDRESS 192.5.6.30
46 ENTRY_BEGIN
47 MATCH opcode qtype qname
48 ADJUST copy_id
49 REPLY QR NOERROR
50 SECTION QUESTION
51 com. IN NS
52 SECTION ANSWER
53 com. IN NS a.gtld-servers.net.
54 SECTION ADDITIONAL
55 a.gtld-servers.net. IN A 192.5.6.30
56 ENTRY_END
57
58 ENTRY_BEGIN
59 MATCH opcode qtype qname
60 ADJUST copy_id
61 REPLY QR NOERROR
62 SECTION QUESTION
63 a.b.sub.example.com. IN A
64 SECTION AUTHORITY
65 example.com. IN NS ns.example.com.
66 SECTION ADDITIONAL
67 ns.example.com. IN A 1.2.3.4
68 ENTRY_END
69 RANGE_END
70
71 ; ns.example.com.
72 RANGE_BEGIN 0 100
73 ADDRESS 1.2.3.4
74 ENTRY_BEGIN
75 MATCH opcode qtype qname
76 ADJUST copy_id
77 REPLY QR NOERROR
78 SECTION QUESTION
79 example.com. IN NS
80 SECTION ANSWER
81 example.com. IN NS ns.example.com.
82 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
83 SECTION ADDITIONAL
84 ns.example.com. IN A 1.2.3.4
85 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
86 ENTRY_END
87
88 ; response to DNSKEY priming query
89 ENTRY_BEGIN
90 MATCH opcode qtype qname
91 ADJUST copy_id
92 REPLY QR NOERROR
93 SECTION QUESTION
94 example.com. IN DNSKEY
95 SECTION ANSWER
96 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
97 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
98 SECTION AUTHORITY
99 example.com. IN NS ns.example.com.
100 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
101 SECTION ADDITIONAL
102 ns.example.com. IN A 1.2.3.4
103 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
104 ENTRY_END
105
106 ; response for delegation to c.example.com.
107 ENTRY_BEGIN
108 MATCH opcode qtype qname
109 ADJUST copy_id
110 REPLY QR NOERROR
111 SECTION QUESTION
112 c.c.example.com. IN A
113 SECTION ANSWER
114 SECTION AUTHORITY
115 c.example.com. IN NS ns.c.example.com.
116 c.example.com. IN NSEC d.example.com. NS RRSIG NSEC
117 c.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDQ1xBqQ8Yxy7d7MbfAOg9g+dInHAhUAgP2w61bvME+hLWFiNg42Ny02/vo= ;{id = 2854}
118 SECTION ADDITIONAL
119 ns.c.example.com. IN A 1.2.3.8
120 ENTRY_END
121
122 ENTRY_BEGIN
123 MATCH opcode qtype qname
124 ADJUST copy_id
125 REPLY QR AA NOERROR
126 SECTION QUESTION
127 c.example.com. IN DS
128 SECTION ANSWER
129 SECTION AUTHORITY
130 c.example.com. IN NSEC d.example.com. NS RRSIG NSEC
131 c.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDQ1xBqQ8Yxy7d7MbfAOg9g+dInHAhUAgP2w61bvME+hLWFiNg42Ny02/vo= ;{id = 2854}
132 SECTION ADDITIONAL
133 ENTRY_END
134
135 ; response for delegation to sub.example.com.
136 ENTRY_BEGIN
137 MATCH opcode qtype qname
138 ADJUST copy_id
139 REPLY QR NOERROR
140 SECTION QUESTION
141 a.b.sub.example.com. IN A
142 SECTION ANSWER
143 SECTION AUTHORITY
144 sub.example.com. IN NS ns.sub.example.com.
145 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
146 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
147 SECTION ADDITIONAL
148 ns.sub.example.com. IN A 1.2.3.6
149 ENTRY_END
150
151 ; response for delegation to sub.example.com.
152 ENTRY_BEGIN
153 MATCH opcode qtype qname
154 ADJUST copy_id
155 REPLY QR NOERROR
156 SECTION QUESTION
157 sub.example.com. IN DNSKEY
158 SECTION ANSWER
159 SECTION AUTHORITY
160 sub.example.com. IN NS ns.sub.example.com.
161 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
162 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
163 SECTION ADDITIONAL
164 ns.sub.example.com. IN A 1.2.3.6
165 ENTRY_END
166 RANGE_END
167
168 ; ns.sub.example.com.
169 RANGE_BEGIN 0 100
170 ADDRESS 1.2.3.6
171 ENTRY_BEGIN
172 MATCH opcode qtype qname
173 ADJUST copy_id
174 REPLY QR NOERROR
175 SECTION QUESTION
176 sub.example.com. IN NS
177 SECTION ANSWER
178 sub.example.com. IN NS ns.sub.example.com.
179 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
180 SECTION ADDITIONAL
181 ns.sub.example.com. IN A 1.2.3.6
182 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
183 ENTRY_END
184
185 ; response to DNSKEY priming query
186 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
187 ENTRY_BEGIN
188 MATCH opcode qtype qname
189 ADJUST copy_id
190 REPLY QR NOERROR
191 SECTION QUESTION
192 sub.example.com. IN DNSKEY
193 SECTION ANSWER
194 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
195 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
196 SECTION AUTHORITY
197 sub.example.com. IN NS ns.sub.example.com.
198 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
199 SECTION ADDITIONAL
200 ns.sub.example.com. IN A 1.2.3.6
201 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
202 ENTRY_END
203
204 ; response to query of interest
205 ; another delegation, validated unsecure.
206 ENTRY_BEGIN
207 MATCH opcode qtype qname
208 ADJUST copy_id
209 REPLY QR NOERROR
210 SECTION QUESTION
211 a.b.sub.example.com. IN A
212 SECTION ANSWER
213 SECTION AUTHORITY
214 b.sub.example.com. IN NS ns.b.sub.example.com.
215 b.sub.example.com. IN NSEC c.sub.example.com. NS NSEC RRSIG
216 b.sub.example.com. 3600 IN RRSIG NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. KPdURTUrbQvc6OXtDZaH3+14uO2qPUPIFO86aTNZ/Ujy3d2RMSB7fkSSulDO6QDSBEUhr9WgbQr0/YoljCBirA== ;{id = 30899}
217 SECTION ADDITIONAL
218 ns.b.sub.example.com. IN A 1.2.3.7
219 ENTRY_END
220
221 ; b DS query.
222 ENTRY_BEGIN
223 MATCH opcode qtype qname
224 ADJUST copy_id
225 REPLY QR AA NOERROR
226 SECTION QUESTION
227 b.sub.example.com. IN DS
228 SECTION AUTHORITY
229 b.sub.example.com. IN NSEC c.sub.example.com. NS NSEC RRSIG
230 b.sub.example.com. 3600 IN RRSIG NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. KPdURTUrbQvc6OXtDZaH3+14uO2qPUPIFO86aTNZ/Ujy3d2RMSB7fkSSulDO6QDSBEUhr9WgbQr0/YoljCBirA== ;{id = 30899}
231 ENTRY_END
232 RANGE_END
233
234 ; server ns.b.sub.example.com.
235 RANGE_BEGIN 0 100
236 ADDRESS 1.2.3.7
237 ENTRY_BEGIN
238 MATCH opcode qtype qname
239 ADJUST copy_id
240 REPLY QR AA NOERROR
241 SECTION QUESTION
242 b.sub.example.com. IN NS
243 SECTION ANSWER
244 b.sub.example.com. IN NS ns.b.sub.example.com.
245 SECTION ADDITIONAL
246 ns.b.sub.example.com. IN A 1.2.3.7
247 ENTRY_END
248
249 ENTRY_BEGIN
250 ; query of interest, give a cname to another unsecure zone.
251 MATCH opcode qtype qname
252 ADJUST copy_id
253 REPLY QR AA NOERROR
254 SECTION QUESTION
255 a.b.sub.example.com. IN A
256 SECTION ANSWER
257 a.b.sub.example.com. IN CNAME c.c.example.com.
258 ENTRY_END
259
260 ENTRY_BEGIN
261 MATCH opcode qtype qname
262 ADJUST copy_id
263 REPLY QR AA NOERROR
264 SECTION QUESTION
265 a.b.sub.example.com. IN DS
266 SECTION AUTHORITY
267 b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7
268 ENTRY_END
269 RANGE_END
270
271 ; server ns.c.example.com.
272 RANGE_BEGIN 0 100
273 ADDRESS 1.2.3.8
274 ENTRY_BEGIN
275 MATCH opcode qtype qname
276 ADJUST copy_id
277 REPLY QR AA NOERROR
278 SECTION QUESTION
279 c.sub.example.com. IN NS
280 SECTION ANSWER
281 c.sub.example.com. IN NS ns.c.sub.example.com.
282 SECTION ADDITIONAL
283 ns.c.sub.example.com. IN A 1.2.3.8
284 ENTRY_END
285
286 ENTRY_BEGIN
287 MATCH opcode qtype qname
288 ADJUST copy_id
289 REPLY QR NOERROR
290 SECTION QUESTION
291 c.example.com. IN NS
292 SECTION ANSWER
293 c.example.com. IN NS ns.c.example.com.
294 SECTION ADDITIONAL
295 ns.c.example.com. IN A 1.2.3.8
296 ENTRY_END
297
298 ENTRY_BEGIN
299 MATCH opcode qtype qname
300 ADJUST copy_id
301 REPLY QR AA NOERROR
302 SECTION QUESTION
303 c.c.example.com. IN A
304 SECTION ANSWER
305 c.c.example.com. IN A 11.11.11.11
306 ENTRY_END
307
308 ENTRY_BEGIN
309 MATCH opcode qtype qname
310 ADJUST copy_id
311 REPLY QR AA NOERROR
312 SECTION QUESTION
313 c.c.example.com. IN DS
314 SECTION AUTHORITY
315 c.example.com. IN SOA C-EXAMPLE. c-example. 1 2 3 4 5
316 ENTRY_END
317 RANGE_END
318
319 STEP 1 QUERY
320 ENTRY_BEGIN
321 REPLY RD DO
322 SECTION QUESTION
323 a.b.sub.example.com. IN A
324 ENTRY_END
325
326 ; recursion happens here.
327 STEP 10 CHECK_ANSWER
328 ENTRY_BEGIN
329 MATCH all
330 REPLY QR RD RA DO NOERROR
331 SECTION QUESTION
332 a.b.sub.example.com. IN A
333 SECTION ANSWER
334 a.b.sub.example.com. IN CNAME c.c.example.com.
335 c.c.example.com. 3600 IN A 11.11.11.11
336 SECTION AUTHORITY
337 SECTION ADDITIONAL
338 ENTRY_END
339
340 ; test that a DS query does not get CNAME redirected, but instead
341 ; asked to the right server that has to respond to it.
342 STEP 20 QUERY
343 ENTRY_BEGIN
344 REPLY RD DO
345 SECTION QUESTION
346 a.b.sub.example.com. IN DS
347 ENTRY_END
348
349 STEP 30 CHECK_ANSWER
350 ENTRY_BEGIN
351 MATCH all
352 REPLY QR RD RA DO NOERROR
353 SECTION QUESTION
354 a.b.sub.example.com. IN DS
355 SECTION AUTHORITY
356 b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7
357 ENTRY_END
358
359 SCENARIO_END
mirror of network_cmds