val_nsec3_b4_wild.rpl 6.05 KB
Newer Older
1
; config options
2
;server:
3 4
        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
	val-override-date: "20120420235959"
5
;	target-fetch-policy: "0 0 0 0 0"
6
	query-minimization: off
7

8 9
;stub-zone:
;	name: "."
10 11 12 13 14 15 16 17 18 19
	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test validator NSEC3 B.4 wildcard expansion.

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129 
ENTRY_BEGIN
MATCH opcode qtype qname
20
ADJUST copy_id copy_query
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS	K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
. IN A
SECTION AUTHORITY
example.	IN NS	ns1.example.
; leave out to make unbound take ns1
;example.	IN NS	ns2.example.
SECTION ADDITIONAL
ns1.example.	IN A 192.0.2.1
; leave out to make unbound take ns1
;ns2.example.	IN A 192.0.2.2
ENTRY_END
RANGE_END

; ns1.example.
RANGE_BEGIN 0 100
	ADDRESS 192.0.2.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR REFUSED
SECTION QUESTION
example. IN NS
SECTION ANSWER
ENTRY_END

; response to DNSKEY priming query

ENTRY_BEGIN
MATCH opcode qtype qname
63
ADJUST copy_id copy_query
64 65 66 67 68 69 70 71 72 73 74
REPLY QR NOERROR
SECTION QUESTION
example. IN DNSKEY
SECTION ANSWER
example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
75
ADJUST copy_id copy_query
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
REPLY QR AA DO NOERROR
SECTION QUESTION
a.z.w.example. IN MX
SECTION ANSWER
a.z.w.example. MX      1 ai.example.
a.z.w.example. RRSIG   MX 7 2 3600 20150420235959 20051021000000 ( 40430 example.  CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== )
SECTION AUTHORITY
;; NSEC3 RR that covers the "next closer" name (z.w.example)
;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )

SECTION ADDITIONAL
ai.example.    A       192.0.2.9
ai.example.    RRSIG   A 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== )
ai.example.    AAAA    2001:db8:0:0:0:0:f00:baa9
ai.example.    RRSIG   AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example.  LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== )
ENTRY_END

; catch glue queries
ENTRY_BEGIN
MATCH opcode qtype qname
98
ADJUST copy_id copy_query
99 100 101 102 103 104 105 106 107
REPLY QR AA DO NOERROR
SECTION QUESTION
ns2.example. IN      A
SECTION ANSWER
; nothing to make sure the ns1 server is used for queries.
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
108
ADJUST copy_id copy_query
109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
REPLY QR AA DO NOERROR
SECTION QUESTION
ns2.example. IN      AAAA
SECTION ANSWER
; nothing to make sure the ns1 server is used for queries.
ENTRY_END


RANGE_END

STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
a.z.w.example. IN MX
ENTRY_END

; recursion happens here.
127
; answer has no AD since NSEC3 has optout
128 129
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
130
MATCH opcode qname flags rcode question answer
131
REPLY QR RD RA DO NOERROR
132 133 134 135 136
SECTION QUESTION
a.z.w.example. IN MX
SECTION ANSWER
a.z.w.example. MX      1 ai.example.
a.z.w.example. RRSIG   MX 7 2 3600 20150420235959 20051021000000 ( 40430 example.  CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== )
137 138 139 140 141 142 143 144
; SECTION AUTHORITY
; q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
; q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
; SECTION ADDITIONAL
; ai.example.    A       192.0.2.9
; ai.example.    RRSIG   A 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== )
; ai.example.    AAAA    2001:db8:0:0:0:0:f00:baa9
; ai.example.    RRSIG   AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example.  LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== )
145
ENTRY_END
146 147 148 149 150 151 152 153 154 155 156

; check for cached answer
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
a.z.w.example. IN MX
ENTRY_END

STEP 30 CHECK_ANSWER
ENTRY_BEGIN
157
MATCH opcode qname flags rcode question answer
158
REPLY QR RD RA DO NOERROR
159 160 161 162 163
SECTION QUESTION
a.z.w.example. IN MX
SECTION ANSWER
a.z.w.example. MX      1 ai.example.
a.z.w.example. RRSIG   MX 7 2 3600 20150420235959 20051021000000 ( 40430 example.  CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== )
164 165 166 167 168 169 170 171
; SECTION AUTHORITY
; q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
; q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
; SECTION ADDITIONAL
; ai.example.    A       192.0.2.9
; ai.example.    RRSIG   A 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== )
; ai.example.    AAAA    2001:db8:0:0:0:0:f00:baa9
; ai.example.    RRSIG   AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example.  LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== )
172 173
ENTRY_END

174
SCENARIO_END