val_nsec3_b5_wcnodata_nonc.rpl 4.61 KB
Newer Older
1
; config options
2
;server:
3 4
        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
	val-override-date: "20120420235959"
5
;	target-fetch-policy: "0 0 0 0 0"
6
	query-minimization: off
7

8 9
;stub-zone:
;	name: "."
10 11 12 13 14 15 16 17 18 19
	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without nc.

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129 
ENTRY_BEGIN
MATCH opcode qtype qname
20
ADJUST copy_id copy_query
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS	K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example. IN A
SECTION AUTHORITY
example.	IN NS	ns1.example.
; leave out to make unbound take ns1
;example.	IN NS	ns2.example.
SECTION ADDITIONAL
ns1.example.	IN A 192.0.2.1
; leave out to make unbound take ns1
;ns2.example.	IN A 192.0.2.2
ENTRY_END
RANGE_END

; ns1.example.
RANGE_BEGIN 0 100
	ADDRESS 192.0.2.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR REFUSED
SECTION QUESTION
ns1.example. IN A
SECTION ANSWER
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR REFUSED
SECTION QUESTION
ns1.example. IN AAAA
SECTION ANSWER
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR REFUSED
SECTION QUESTION
example. IN NS
SECTION ANSWER
ENTRY_END

; response to DNSKEY priming query

ENTRY_BEGIN
MATCH opcode qtype qname
81
ADJUST copy_id copy_query
82 83 84 85 86 87 88 89 90 91 92
REPLY QR NOERROR
SECTION QUESTION
example. IN DNSKEY
SECTION ANSWER
example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
93
ADJUST copy_id copy_query
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122
REPLY QR AA DO NOERROR
SECTION QUESTION
a.z.w.example.      IN AAAA
SECTION ANSWER
SECTION AUTHORITY
example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )

;; NSEC3 RR that matches the closest encloser (w.example)
;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )

;; NSEC3 RR that covers the "next closer" name (z.w.example)
;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )

;; NSEC3 RR that matches a wildcard at the closest encloser.
;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )

SECTION ADDITIONAL
ENTRY_END

; catch glue queries
ENTRY_BEGIN
MATCH opcode qtype qname
123
ADJUST copy_id copy_query
124 125 126 127 128 129 130 131 132
REPLY QR AA DO NOERROR
SECTION QUESTION
ns2.example. IN      A
SECTION ANSWER
; nothing to make sure the ns1 server is used for queries.
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
133
ADJUST copy_id copy_query
134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165
REPLY QR AA DO NOERROR
SECTION QUESTION
ns2.example. IN      AAAA
SECTION ANSWER
; nothing to make sure the ns1 server is used for queries.
ENTRY_END


RANGE_END

STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.z.w.example.      IN AAAA
ENTRY_END

; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
;MATCH all
;do not compare authority
MATCH opcode qname flags rcode question answer additional
REPLY QR RD RA SERVFAIL
SECTION QUESTION
a.z.w.example.      IN AAAA
SECTION ANSWER
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END

SCENARIO_END