]> git.saurik.com Git - apple/network_cmds.git/blob - unbound/testdata/val_ans_nx.rpl
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-596.100.2.tar.gz
[apple/network_cmds.git] / unbound / testdata / val_ans_nx.rpl
1 ; config options
2 ; The island of trust is at example.com
3 server:
4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5 val-override-date: "20070916134226"
6 target-fetch-policy: "0 0 0 0 0"
7
8 stub-zone:
9 name: "."
10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
11 CONFIG_END
12
13 SCENARIO_BEGIN Test validator with DS nodata as nxdomain on trust chain
14 ; This is a bug in ANS 2.8.1.0 where it gives an NXDOMAIN instead of
15 ; NOERROR for an empty nonterminal DS query. The proof for this NXDOMAIN
16 ; is the NSEC that proves emptynonterminal.
17
18 ; K.ROOT-SERVERS.NET.
19 RANGE_BEGIN 0 100
20 ADDRESS 193.0.14.129
21 ENTRY_BEGIN
22 MATCH opcode qtype qname
23 ADJUST copy_id
24 REPLY QR NOERROR
25 SECTION QUESTION
26 . IN NS
27 SECTION ANSWER
28 . IN NS K.ROOT-SERVERS.NET.
29 SECTION ADDITIONAL
30 K.ROOT-SERVERS.NET. IN A 193.0.14.129
31 ENTRY_END
32
33 ENTRY_BEGIN
34 MATCH opcode qtype qname
35 ADJUST copy_id
36 REPLY QR NOERROR
37 SECTION QUESTION
38 328.0.0.194.example.com. IN A
39 SECTION AUTHORITY
40 com. IN NS a.gtld-servers.net.
41 SECTION ADDITIONAL
42 a.gtld-servers.net. IN A 192.5.6.30
43 ENTRY_END
44 RANGE_END
45
46 ; a.gtld-servers.net.
47 RANGE_BEGIN 0 100
48 ADDRESS 192.5.6.30
49 ENTRY_BEGIN
50 MATCH opcode qtype qname
51 ADJUST copy_id
52 REPLY QR NOERROR
53 SECTION QUESTION
54 com. IN NS
55 SECTION ANSWER
56 com. IN NS a.gtld-servers.net.
57 SECTION ADDITIONAL
58 a.gtld-servers.net. IN A 192.5.6.30
59 ENTRY_END
60
61 ENTRY_BEGIN
62 MATCH opcode qtype qname
63 ADJUST copy_id
64 REPLY QR NOERROR
65 SECTION QUESTION
66 328.0.0.194.example.com. IN A
67 SECTION AUTHORITY
68 example.com. IN NS ns.example.com.
69 SECTION ADDITIONAL
70 ns.example.com. IN A 1.2.3.4
71 ENTRY_END
72 RANGE_END
73
74 ; ns.example.com.
75 RANGE_BEGIN 0 100
76 ADDRESS 1.2.3.4
77 ENTRY_BEGIN
78 MATCH opcode qtype qname
79 ADJUST copy_id
80 REPLY QR NOERROR
81 SECTION QUESTION
82 example.com. IN NS
83 SECTION ANSWER
84 example.com. IN NS ns.example.com.
85 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
86 SECTION ADDITIONAL
87 ns.example.com. IN A 1.2.3.4
88 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
89 ENTRY_END
90
91 ; response to DNSKEY priming query
92 ENTRY_BEGIN
93 MATCH opcode qtype qname
94 ADJUST copy_id
95 REPLY QR NOERROR
96 SECTION QUESTION
97 example.com. IN DNSKEY
98 SECTION ANSWER
99 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
100 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
101 SECTION AUTHORITY
102 example.com. IN NS ns.example.com.
103 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
104 SECTION ADDITIONAL
105 ns.example.com. IN A 1.2.3.4
106 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
107 ENTRY_END
108
109 ; responses to DS empty nonterminal queries.
110 ENTRY_BEGIN
111 MATCH opcode qtype qname
112 ADJUST copy_id
113 REPLY QR AA NOERROR
114 SECTION QUESTION
115 194.example.com. IN DS
116 SECTION AUTHORITY
117 example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
118 example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
119
120 ; This NSEC proves the NOERROR/NODATA case.
121 194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
122 194.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
123
124 ENTRY_END
125
126 ENTRY_BEGIN
127 MATCH opcode qtype qname
128 ADJUST copy_id
129 ; Bad NXDOMAIN response, this should be NOERROR.
130 REPLY QR AA NXDOMAIN
131 SECTION QUESTION
132 0.194.example.com. IN DS
133 SECTION AUTHORITY
134 example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200
135 example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854}
136
137 ; This NSEC proves the NOERROR/NODATA case.
138 194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC
139 194.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854}
140
141 ENTRY_END
142
143 ; response for delegation to sub zone.
144 ENTRY_BEGIN
145 MATCH opcode qtype qname
146 ADJUST copy_id
147 REPLY QR NOERROR
148 SECTION QUESTION
149 328.0.0.194.example.com. IN A
150 SECTION ANSWER
151 SECTION AUTHORITY
152 0.0.194.example.com. IN NS ns.sub.example.com.
153 0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
154 0.0.194.example.com. 3600 IN RRSIG DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
155 SECTION ADDITIONAL
156 ns.sub.example.com. IN A 1.2.3.6
157 ENTRY_END
158
159 ; response for delegation to sub zone
160 ENTRY_BEGIN
161 MATCH opcode qtype qname
162 ADJUST copy_id
163 REPLY QR NOERROR
164 SECTION QUESTION
165 0.0.194.example.com. IN DNSKEY
166 SECTION ANSWER
167 SECTION AUTHORITY
168 0.0.194.example.com. IN NS ns.sub.example.com.
169 0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
170 0.0.194.example.com. 3600 IN RRSIG DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854}
171 SECTION ADDITIONAL
172 ns.sub.example.com. IN A 1.2.3.6
173 ENTRY_END
174 RANGE_END
175
176 ; ns.sub.example.com. for zone 0.0.194.example.com.
177 RANGE_BEGIN 0 100
178 ADDRESS 1.2.3.6
179 ENTRY_BEGIN
180 MATCH opcode qtype qname
181 ADJUST copy_id
182 REPLY QR NOERROR
183 SECTION QUESTION
184 0.0.194.example.com. IN NS
185 SECTION ANSWER
186 0.0.194.example.com. IN NS ns.sub.example.com.
187 0.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
188 SECTION ADDITIONAL
189 ns.sub.example.com. IN A 1.2.3.6
190 ENTRY_END
191
192 ; response to DNSKEY priming query
193 ; 0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c
194 ENTRY_BEGIN
195 MATCH opcode qtype qname
196 ADJUST copy_id
197 REPLY QR NOERROR
198 SECTION QUESTION
199 0.0.194.example.com. IN DNSKEY
200 SECTION ANSWER
201 0.0.194.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
202 0.0.194.example.com. 3600 IN RRSIG DNSKEY 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. fSmc7ef6NwbDXC0o4wPc/aa8LakW5ZJwEZ4xPYl3tTZKmPNM7hPXskl1tFlvst9Va4u37F62v+16trprHb+SCQ== ;{id = 30899}
203 SECTION AUTHORITY
204 0.0.194.example.com. IN NS ns.sub.example.com.
205 0.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899}
206 SECTION ADDITIONAL
207 ns.sub.example.com. IN A 1.2.3.6
208 ENTRY_END
209
210 ; response to query of interest
211 ENTRY_BEGIN
212 MATCH opcode qtype qname
213 ADJUST copy_id
214 REPLY QR NOERROR
215 SECTION QUESTION
216 328.0.0.194.example.com. IN A
217 SECTION ANSWER
218 328.0.0.194.example.com. IN A 11.11.11.11
219 328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
220 SECTION AUTHORITY
221 SECTION ADDITIONAL
222 ENTRY_END
223 RANGE_END
224
225 STEP 1 QUERY
226 ENTRY_BEGIN
227 REPLY RD DO
228 SECTION QUESTION
229 328.0.0.194.example.com. IN A
230 ENTRY_END
231
232 ; recursion happens here.
233 STEP 10 CHECK_ANSWER
234 ENTRY_BEGIN
235 MATCH all
236 REPLY QR RD RA AD DO NOERROR
237 SECTION QUESTION
238 328.0.0.194.example.com. IN A
239 SECTION ANSWER
240 328.0.0.194.example.com. 3600 IN A 11.11.11.11
241 328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
242 SECTION AUTHORITY
243 SECTION ADDITIONAL
244 ENTRY_END
245
246 SCENARIO_END
mirror of network_cmds