Commit e4e5f26f authored by Ivana Krumlova's avatar Ivana Krumlova Committed by Petr Špaček

resolver: more tests from testbound

parent 1e2ab6f4
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
; config options
;server:
trust-anchor: "example.com. 3600 IN DS 63215 7 1 9B2A4B4CE971A6D1A2DFD23C03467F053F1D2D9C "
val-override-date: "20181130121809"
; target-fetch-policy: "0 0 0 0 0"
; fake-sha1: yes
;stub-zone:
; name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
query-minimization: off
CONFIG_END
SCENARIO_BEGIN Test dnssec-lame detection with anchor point that is ok.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN A
SECTION AUTHORITY
net. IN NS e.gtld-servers.net.
SECTION ADDITIONAL
e.gtld-servers.net. IN A 192.12.94.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN AAAA
SECTION AUTHORITY
net. IN NS e.gtld-servers.net.
SECTION ADDITIONAL
e.gtld-servers.net. IN A 192.12.94.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.55
ENTRY_END
RANGE_END
; e.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.12.94.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net. IN NS
SECTION ANSWER
net. IN NS e.gtld-servers.net.
SECTION ADDITIONAL
e.gtld-servers.net. IN A 192.12.94.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN A
SECTION AUTHORITY
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN AAAA
SECTION AUTHORITY
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.44
ENTRY_END
RANGE_END
; ns.example.net.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.44
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.example.net. IN A
SECTION ANSWER
ns.example.net. IN A 1.2.3.44
SECTION AUTHORITY
example.net. IN NS ns.example.net.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.example.net. IN AAAA
SECTION AUTHORITY
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. IN NS ns.example.net.
example.com. 3600 IN RRSIG NS 7 2 3600 20181230101809 20181130101809 63215 example.com. ldaJ3pZ4qtnwcT+SudZ4G05ye0+FbtGoXuAxjRUVef/nee+8pgMLtK1a 0j1Ejg3IAit/nUKD58Ccfuo45Qwf/BnJvKeKltksGhOSEw+yoqD+QOHN ByiphD1qsmaECbLHgXm/1Wmrp5kLm15HvErBJv1nGp6aALaHkao3tkl4 ZAY= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.55
ns.example.com. 3600 IN RRSIG A 7 3 3600 20181230101809 20181130101809 63215 example.com. dwaG446dWfL78qWJxkp9MO1SeV4xEt6MF3jYcpM6HGWgmn0peGy+zvzq TpeyMRCQFi52+MIGDPOnRtVVYpFnsUmH9dkoYGG+5ut9RUoyef4p7EsE BJncC/S5iMYaeEoU9yIwV/CZq/cdz465RroMKKJuI2NQW9gZn+MbFojY T3E= ;{id = 2854}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 7 AwEAAbeLIHEf7lEpCP1+GPvzCTJUDjUCMggHlkNWFbsT2xQsG3QVKInt h6KWLbfdgKp9RU1L5vyerphhEIsRwAGF/PZsIWc/kQsdXMWyiKcRwLHS l3JNydyTkl5oIhWu6SDaK51KWSaopxwhLZAtKWoQRKSRSdnlQg9B98sj ZWpAhm6V ;{id = 2854 (zsk), size = 1688b}
example.com. 3600 IN RRSIG DNSKEY 7 2 3600 20181230101809 20181130101809 63215 example.com. PxtUfqGNISnTuabiNbxdZcPABScYoElxSp6CC5TIN8MNkMCsq4mMKqHw ECFdHX+s4K9frWEOVZT0uSvJFsVdhomtOR6zfc1jcc4p+SuDlIRfrAEL jREika0hP04tPwzDnQzZbswJK9lpwAglTvH4OSjZhHUEMuelZxTF8GyA WMc= ;{id = 2854}
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
www.example.com. 3600 IN RRSIG A 7 3 3600 20181230101809 20181130101809 63215 example.com. gRONsGpAzHBTe8PKGcxPo9mmvZZNOjZC/4Xn/36WIe8VTf1T67KDPHuz zeYpkxT6x1Fc5JzBWPOTvL+leugJ2p4N0tFTnYWmu0gVcYqRCa4KX5Yz ek9wkGdDS9yTZhQFWXe0ckWulaZb5f9Hxq/UpE2LdnLSLwUcmRATefML TvE= ;{id = 2854}
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.example.com. IN AAAA
SECTION ANSWER
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.55
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.example.com. IN A
SECTION ANSWER
ns.example.com. IN A 1.2.3.55
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.example.com. IN AAAA
ENTRY_END
; the response is not lame at all.
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 7 AwEAAbeLIHEf7lEpCP1+GPvzCTJUDjUCMggHlkNWFbsT2xQsG3QVKInt h6KWLbfdgKp9RU1L5vyerphhEIsRwAGF/PZsIWc/kQsdXMWyiKcRwLHS l3JNydyTkl5oIhWu6SDaK51KWSaopxwhLZAtKWoQRKSRSdnlQg9B98sj ZWpAhm6V ;{id = 2854 (zsk), size = 1688b}
example.com. 3600 IN RRSIG DNSKEY 7 2 3600 20181230101809 20181130101809 63215 example.com. PxtUfqGNISnTuabiNbxdZcPABScYoElxSp6CC5TIN8MNkMCsq4mMKqHw ECFdHX+s4K9frWEOVZT0uSvJFsVdhomtOR6zfc1jcc4p+SuDlIRfrAEL jREika0hP04tPwzDnQzZbswJK9lpwAglTvH4OSjZhHUEMuelZxTF8GyA WMc= ;{id = 2854}
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. IN NS ns.example.net.
example.com. 3600 IN RRSIG NS 7 2 3600 20181230101809 20181130101809 63215 example.com. ldaJ3pZ4qtnwcT+SudZ4G05ye0+FbtGoXuAxjRUVef/nee+8pgMLtK1a 0j1Ejg3IAit/nUKD58Ccfuo45Qwf/BnJvKeKltksGhOSEw+yoqD+QOHN ByiphD1qsmaECbLHgXm/1Wmrp5kLm15HvErBJv1nGp6aALaHkao3tkl4 ZAY= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.55
ns.example.com. 3600 IN RRSIG A 7 3 3600 20181230101809 20181130101809 63215 example.com. dwaG446dWfL78qWJxkp9MO1SeV4xEt6MF3jYcpM6HGWgmn0peGy+zvzq TpeyMRCQFi52+MIGDPOnRtVVYpFnsUmH9dkoYGG+5ut9RUoyef4p7EsE BJncC/S5iMYaeEoU9yIwV/CZq/cdz465RroMKKJuI2NQW9gZn+MbFojY T3E= ;{id = 2854}
ENTRY_END
; response is not lame.
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
www.example.com. 3600 IN RRSIG A 7 3 3600 20181230101809 20181130101809 63215 example.com. gRONsGpAzHBTe8PKGcxPo9mmvZZNOjZC/4Xn/36WIe8VTf1T67KDPHuz zeYpkxT6x1Fc5JzBWPOTvL+leugJ2p4N0tFTnYWmu0gVcYqRCa4KX5Yz ek9wkGdDS9yTZhQFWXe0ckWulaZb5f9Hxq/UpE2LdnLSLwUcmRATefML TvE= ;{id = 2854}
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
www.example.com. 3600 IN RRSIG A 7 3 3600 20181230101809 20181130101809 63215 example.com. gRONsGpAzHBTe8PKGcxPo9mmvZZNOjZC/4Xn/36WIe8VTf1T67KDPHuz zeYpkxT6x1Fc5JzBWPOTvL+leugJ2p4N0tFTnYWmu0gVcYqRCa4KX5Yz ek9wkGdDS9yTZhQFWXe0ckWulaZb5f9Hxq/UpE2LdnLSLwUcmRATefML TvE= ;{id = 2854}
ENTRY_END
SCENARIO_END
This diff is collapsed.
This diff is collapsed.
; config options
; The island of trust is at example.com
;server:
trust-anchor: "example.com. 3600 IN DS 21485 7 1 D0AED7DEAE346B008881F31F9ABBB055DF94CBD5 "
val-override-date: "20181130121821"
; target-fetch-policy: "0 0 0 0 0"
; fake-sha1: yes
;stub-zone:
; name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
query-minimization: off
CONFIG_END
SCENARIO_BEGIN Test validator with cname-nxdomain for duplicate NSEC detection
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
cname.example.com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
cname.example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 7 2 3600 20181230101821 20181130101821 21485 example.com. cdC5PUdx8wOzA3Ffx0jI2KrGMpU0VmxM/Y7RpFM0JgCMO3aeYsGbtcpR pvS6i9sSFUTA3XNp0tiGqpS1iH07CJy67U0g1qKh/peHn07TWCrR9Kqy 0OXGlNfZQL4BG5i7hq0VXvUeBvyquMeTd0c6n/yni8DDFx0l95lvu5nr k5w= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 7 3 3600 20181230101821 20181130101821 21485 example.com. soIpMtGzUOKCj5F6RjqQxrrhSJwhWLv9plOIEfGyI9OLgTYaTYgqC1R9 /4IIVPjzk4mB5VJSLcLNN2/QP8Qa/gO/dIb5o6nnHKdfDS4IPpG6ikeM T9cS2EMJ0+5rI5nLTCIofvGmsYTtjMuT3ysJ8xM4/9p1A7yjd49Mrkeb JWo= ;{id = 2854}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 7 AwEAAdHIjtVPYHtA3eUV5xOLpXVDAxdm16vsbjbfA4zFA9h2i1snUhCo fZV3hnOzn6WGpJkn/K2FBioTbwqhtQgEKnAg4+wxr+FnE/D89hdTF3CJ av/DRtw5pOu7PK5LbVZWWE2ztmok57RoMr31ecQGJ3S/B2rCZDaEDbYg EK+MoKHZ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600 IN RRSIG DNSKEY 7 2 3600 20181230101821 20181130101821 21485 example.com. gHeTNDlfGHqlxNke2s0TIm4x6fFdV64FgkCyc9CVf+eR5gMqpnhkRBk5 DdDK1Gi5MO3XnbzRcUrC2Y+7i20M+nTA+KD9ZlQsXWszevLYJY3TJmnQ cz9d5hQJexrAx1+G0C78vDO6vWZNJz3J0LzvDQcmH23R3j9ow2wM1W7x f4k= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 7 2 3600 20181230101821 20181130101821 21485 example.com. cdC5PUdx8wOzA3Ffx0jI2KrGMpU0VmxM/Y7RpFM0JgCMO3aeYsGbtcpR pvS6i9sSFUTA3XNp0tiGqpS1iH07CJy67U0g1qKh/peHn07TWCrR9Kqy 0OXGlNfZQL4BG5i7hq0VXvUeBvyquMeTd0c6n/yni8DDFx0l95lvu5nr k5w= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 7 3 3600 20181230101821 20181130101821 21485 example.com. soIpMtGzUOKCj5F6RjqQxrrhSJwhWLv9plOIEfGyI9OLgTYaTYgqC1R9 /4IIVPjzk4mB5VJSLcLNN2/QP8Qa/gO/dIb5o6nnHKdfDS4IPpG6ikeM T9cS2EMJ0+5rI5nLTCIofvGmsYTtjMuT3ysJ8xM4/9p1A7yjd49Mrkeb JWo= ;{id = 2854}
ENTRY_END
; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NXDOMAIN
SECTION QUESTION
cname.example.com. IN A
SECTION ANSWER
cname.example.com. 3600 IN CNAME www.example.com.
cname.example.com. 3600 IN RRSIG CNAME 7 3 3600 20181230101821 20181130101821 21485 example.com. KSB4An66g0tVndlXTHPjpRzQmsM6TMvV54THQJmiPqiI9UNTQwIwgEPI zSG5lUZwqORK7h4fTStwAosDl+dKFtPWoiW3yV0XytaJqJBfB5eOr6/X 665Qp876He3ZhVBYfekFVZnO+amzv8oycjngPsSHxpMZ760HNFRSgacy bDc= ;{id = 2854}
SECTION AUTHORITY
; already includes the necessary NSECs
example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
example.com. 3600 IN RRSIG SOA 7 2 3600 20181230101821 20181130101821 21485 example.com. kvapB5PKSev/ZKLrVqexb3HPFftCrdE7a5fYzzAlSmW85Wzj4b7Pi3pU Jyh6W+9Wo7iTkT9NdBy93RgApoW38CHVh4/FiGJlbIs+cJFgpMfG1kdu Q2j3xn5P4TUlRX9PNtkjDdy13FqpiSMPHNU1ZdLq5oQ/wL2vNSsJ83zq ZZw= ;{id = 2854}
; wildcard denial
example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG
example.com. 3600 IN RRSIG NSEC 7 2 18000 20181230101821 20181130101821 21485 example.com. W4RWRKbmCTSKQZuIaDybI+dEwB+wKs24C9f5h01XRuhj9OKTEeomaHCN 4AsK+DdsU7Z6QBYedn+rbYjaCjbTQqztc7Qi8fAF/dw9wRG+WMdATnqD 0uJGRsQLzJmzjttKp64Njtgl4eiNuhOwYzsZpDANKwMv1Rlg7P7HVsZU T+g= ;{id = 2854}
; qname denial
wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG
wab.example.com. 3600 IN RRSIG NSEC 7 3 18000 20181230101821 20181130101821 21485 example.com. WFil25/HtvZtJ3QUa9toox+C+qcJOKJwcZ2ylTOlSJzJrJB99oTKN1ZW XLDIRHPX81TTEp0edigErhyLO+xna1+L96Ze4tN9nP/0+N7gzY3bhzmg sms/ojtjuqKSf0ac1ZAUU3aGSdA/rgBYfeTh/2wMaLcQC1BUBZFsztAs sUg= ;{id = 2854}
SECTION ADDITIONAL
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NXDOMAIN
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
SECTION AUTHORITY
example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
example.com. 3600 IN RRSIG SOA 7 2 3600 20181230101821 20181130101821 21485 example.com. kvapB5PKSev/ZKLrVqexb3HPFftCrdE7a5fYzzAlSmW85Wzj4b7Pi3pU Jyh6W+9Wo7iTkT9NdBy93RgApoW38CHVh4/FiGJlbIs+cJFgpMfG1kdu Q2j3xn5P4TUlRX9PNtkjDdy13FqpiSMPHNU1ZdLq5oQ/wL2vNSsJ83zq ZZw= ;{id = 2854}
; wildcard denial
example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG
example.com. 3600 IN RRSIG NSEC 7 2 18000 20181230101821 20181130101821 21485 example.com. W4RWRKbmCTSKQZuIaDybI+dEwB+wKs24C9f5h01XRuhj9OKTEeomaHCN 4AsK+DdsU7Z6QBYedn+rbYjaCjbTQqztc7Qi8fAF/dw9wRG+WMdATnqD 0uJGRsQLzJmzjttKp64Njtgl4eiNuhOwYzsZpDANKwMv1Rlg7P7HVsZU T+g= ;{id = 2854}
; qname denial
wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG
wab.example.com. 3600 IN RRSIG NSEC 7 3 18000 20181230101821 20181130101821 21485 example.com. WFil25/HtvZtJ3QUa9toox+C+qcJOKJwcZ2ylTOlSJzJrJB99oTKN1ZW XLDIRHPX81TTEp0edigErhyLO+xna1+L96Ze4tN9nP/0+N7gzY3bhzmg sms/ojtjuqKSf0ac1ZAUU3aGSdA/rgBYfeTh/2wMaLcQC1BUBZFsztAs sUg= ;{id = 2854}
SECTION ADDITIONAL
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
cname.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NXDOMAIN
SECTION QUESTION
cname.example.com. IN A
SECTION ANSWER
cname.example.com. 3600 IN CNAME www.example.com.
cname.example.com. 3600 IN RRSIG CNAME 7 3 3600 20181230101821 20181130101821 21485 example.com. KSB4An66g0tVndlXTHPjpRzQmsM6TMvV54THQJmiPqiI9UNTQwIwgEPI zSG5lUZwqORK7h4fTStwAosDl+dKFtPWoiW3yV0XytaJqJBfB5eOr6/X 665Qp876He3ZhVBYfekFVZnO+amzv8oycjngPsSHxpMZ760HNFRSgacy bDc= ;{id = 2854}
SECTION AUTHORITY
example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
example.com. 3600 IN RRSIG SOA 7 2 3600 20181230101821 20181130101821 21485 example.com. kvapB5PKSev/ZKLrVqexb3HPFftCrdE7a5fYzzAlSmW85Wzj4b7Pi3pU Jyh6W+9Wo7iTkT9NdBy93RgApoW38CHVh4/FiGJlbIs+cJFgpMfG1kdu Q2j3xn5P4TUlRX9PNtkjDdy13FqpiSMPHNU1ZdLq5oQ/wL2vNSsJ83zq ZZw= ;{id = 2854}
example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG
example.com. 3600 IN RRSIG NSEC 7 2 18000 20181230101821 20181130101821 21485 example.com. W4RWRKbmCTSKQZuIaDybI+dEwB+wKs24C9f5h01XRuhj9OKTEeomaHCN 4AsK+DdsU7Z6QBYedn+rbYjaCjbTQqztc7Qi8fAF/dw9wRG+WMdATnqD 0uJGRsQLzJmzjttKp64Njtgl4eiNuhOwYzsZpDANKwMv1Rlg7P7HVsZU T+g= ;{id = 2854}
wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG
wab.example.com. 3600 IN RRSIG NSEC 7 3 18000 20181230101821 20181130101821 21485 example.com. WFil25/HtvZtJ3QUa9toox+C+qcJOKJwcZ2ylTOlSJzJrJB99oTKN1ZW XLDIRHPX81TTEp0edigErhyLO+xna1+L96Ze4tN9nP/0+N7gzY3bhzmg sms/ojtjuqKSf0ac1ZAUU3aGSdA/rgBYfeTh/2wMaLcQC1BUBZFsztAs sUg= ;{id = 2854}
SECTION ADDITIONAL
ENTRY_END
SCENARIO_END
; config options
; The island of trust is at example.com
;server:
trust-anchor: "example.com. 3600 IN DS 6497 7 1 E91FB78CB1A0ADB57A05FC8B495EA748B24375AB "
trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AwEAAcpXb9Fxep3BvyNndHR3k28yz1zSqgGntKz60tQf8t2jm2l1F3LO 7Oc3FdllY/FS8VACyIZTbU4WiEfoOToHF6KX5mj8n82wJKkZLKx0w52x jrUbASX0sm2rEwwcjAsDkXSIGUkSm5b7SY5KvXpuwTYl7Ql1gxdTgqou vnSCK+99 ;{id = 30899 (zsk), size = 512b}"
val-override-date: "20181130121824"
; target-fetch-policy: "0 0 0 0 0"
; fake-sha1: yes
;stub-zone:
; name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
query-minimization: off
CONFIG_END
SCENARIO_BEGIN Test validator with a query for type cname
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN CNAME
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.net. IN CNAME
SECTION AUTHORITY
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net. IN NS
SECTION ANSWER
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN CNAME
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.net. IN A
SECTION AUTHORITY
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 7 2 3600 20181230101823 20181130101823 6497 example.com. ky4ZB/3l28EQx3cFbU4lWHNp5GI+Ca9S9z+M6kr9UqOkPk+bJN4VilR0 ng8u9D36mLzYJtWktdnrexcIGyba+c5dVul1yJYBQNxca1+Gdv0ObVb5 hhIAZ9psrKJglkAMTnsrokHgdDryfzII8mlZNWJCQHGPnIJLf583nYxe pks= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 7 3 3600 20181230101823 20181130101823 6497 example.com. kj86vWDY5SK8oz/F3sbJjU1sVfdRjD90zUGS7xB0TI31UVel6Ww7PB36 nyHddUcTQ3SEJOETsnub6x8ZtOhxd2kRgkORhz84EeN+1bnOQLpnpTXQ wY7yOXIgf1sY1JzWTIhxXUnDftvpn05Y/C3Srfou1uFnv/5V29P1Q0Or GN0= ;{id = 2854}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 7 AwEAAbosaUoM51nu1Bfb1SBXWBd5RLicFoYgKEoqBVkd0gpyTQV2hwLx wIhKx5m5hYBmy9MU8zT2vTaYsafTNhYABl4gzMjLV4h2gx6P3o0OCcBq Fl6xuYEzbdrbavedO3wSzGNk8tBhmtQW8hbBsbEkFBgZaM06Y4T5D89a Wroa46nh ;{id = 2854 (zsk), size = 1688b}
example.com. 3600 IN RRSIG DNSKEY 7 2 3600 20181230101823 20181130101823 6497 example.com. Iompwlf1+hL5mUrLLUTki8/zwt8CDLsLjAMyZfx4ojiTTR9y1uIDuJm+ qgSkS69OOVjaEw9ZaBRTZh7Km4xjLauZsRdBf6jFJeDttkDsASQDHG4T ooMAF/pNYjBK5+4YSJexbfr9KY1ICrBslJUKMFgVOdu5ICLZdon5kOBc wVo= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 7 2 3600 20181230101823 20181130101823 6497 example.com. ky4ZB/3l28EQx3cFbU4lWHNp5GI+Ca9S9z+M6kr9UqOkPk+bJN4VilR0 ng8u9D36mLzYJtWktdnrexcIGyba+c5dVul1yJYBQNxca1+Gdv0ObVb5 hhIAZ9psrKJglkAMTnsrokHgdDryfzII8mlZNWJCQHGPnIJLf583nYxe pks= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 7 3 3600 20181230101823 20181130101823 6497 example.com. kj86vWDY5SK8oz/F3sbJjU1sVfdRjD90zUGS7xB0TI31UVel6Ww7PB36 nyHddUcTQ3SEJOETsnub6x8ZtOhxd2kRgkORhz84EeN+1bnOQLpnpTXQ wY7yOXIgf1sY1JzWTIhxXUnDftvpn05Y/C3Srfou1uFnv/5V29P1Q0Or GN0= ;{id = 2854}
ENTRY_END
; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN CNAME
SECTION ANSWER
www.example.com. IN CNAME www.example.net.
www.example.com. 3600 IN RRSIG CNAME 7 3 3600 20181230101823 20181130101823 6497 example.com. QFHRboEy5RNC87lRlKaXgWDJFzQXl3GKED1G4xvCRl3BfSK3toI9ADRE ykjnW1XgmQ5YJrP9aQBHDognOrvJ6sMYArRsbH1HSWjyeYgWibhkZvwl JNzCdNhptCjTJw7fP7sc1XMqMO5REBzFmW7lWIgrzwRJhCLLQ1g7D+46 38U= ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
RANGE_END
; ns.example.net.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net. IN NS ns.example.net.
example.net. 3600 IN RRSIG NS 5 2 3600 20181230101823 20181130101823 31500 example.net. akNwK5ythyddy+MMl0/n3DPfIVGM31xj3TCE3xr9N6l0Ue9puoc2ad5U QwNUp0F+7DJABPnx8DKBsctPJSR4dSJ02s7IVAueLWjzUiBTE+NEioEC pfmzBaNqjt0JrdtZgwz5oCxfqovfnHC7sQTtnArlpMcmnTghuHKeWRaj yYQ= ;{id = 30899}
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ns.example.net. 3600 IN RRSIG A 5 3 3600 20181230101823 20181130101823 31500 example.net. gDeBSHmtmO4x9o4X7A9YLCAprLak7E79QR//ajPY+Ih2OAx1EKVK8ftJ 2ihAdt4IR80akLJizbGf/iCTRaSkUwYwCZB/nwRaxO0Z9cH1h3HENFSt WmM4GybIHk8Q6uC3Jowirenjfhm4EnR813FMLmrwYcxs5YbyN3kl7tqu PrY= ;{id = 30899}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN DNSKEY
SECTION ANSWER
example.net. 3600 IN DNSKEY 256 3 5 AwEAAcpXb9Fxep3BvyNndHR3k28yz1zSqgGntKz60tQf8t2jm2l1F3LO 7Oc3FdllY/FS8VACyIZTbU4WiEfoOToHF6KX5mj8n82wJKkZLKx0w52x jrUbASX0sm2rEwwcjAsDkXSIGUkSm5b7SY5KvXpuwTYl7Ql1gxdTgqou vnSCK+99 ;{id = 30899 (zsk), size = 512b}
example.net. 3600 IN RRSIG DNSKEY 5 2 3600 20181230101823 20181130101823 31500 example.net. p3olaCEfXPEmJR5JS9DrYRbzIrPWAE5VBVPRHCKZ1geQNjCgSTr956oI p64LHodGZRc5dUWA79DYdK1xNtUZIJVpw5CudQGn/c11QJRSdT57A7yZ G7ikneZrkJHMn5+fbJLPeLhxTOKjKRXAHiohG7jEH+2q70KfZCobQ0GX +e4= ;{id = 30899}
SECTION AUTHORITY
example.net. IN NS ns.example.net.
example.net. 3600 IN RRSIG NS 5 2 3600 20181230101823 20181130101823 31500 example.net. akNwK5ythyddy+MMl0/n3DPfIVGM31xj3TCE3xr9N6l0Ue9puoc2ad5U QwNUp0F+7DJABPnx8DKBsctPJSR4dSJ02s7IVAueLWjzUiBTE+NEioEC pfmzBaNqjt0JrdtZgwz5oCxfqovfnHC7sQTtnArlpMcmnTghuHKeWRaj yYQ= ;{id = 30899}
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ns.example.net. 3600 IN RRSIG A 5 3 3600 20181230101823 20181130101823 31500 example.net. gDeBSHmtmO4x9o4X7A9YLCAprLak7E79QR//ajPY+Ih2OAx1EKVK8ftJ 2ihAdt4IR80akLJizbGf/iCTRaSkUwYwCZB/nwRaxO0Z9cH1h3HENFSt WmM4GybIHk8Q6uC3Jowirenjfhm4EnR813FMLmrwYcxs5YbyN3kl7tqu PrY= ;{id = 30899}
ENTRY_END
; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.net. IN A
SECTION ANSWER
www.example.net. IN A 11.12.13.14
www.example.net. 3600 IN RRSIG A 5 3 3600 20181230101823 20181130101823 31500 example.net. J+nuJ0xEW3wgDh0lO6sVMfcY1NGvM9gtd3dV+nc2wBKmnGfeJfGDDcVq SibPV3NXo1N9vj3Cp8v0oT2e/vGzc20VpeWi7e24tchRL4DLnP8YvFjE P4pEoCv4J0pikYz3L2AdH0PYtpJR1KsweZbeDC3XgpPi/uqcGOLzs4gK JIE= ;{id = 30899}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN CNAME
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN CNAME
SECTION ANSWER
www.example.com. IN CNAME www.example.net.
www.example.com. 3600 IN RRSIG CNAME 7 3 3600 20181230101823 20181130101823 6497 example.com. QFHRboEy5RNC87lRlKaXgWDJFzQXl3GKED1G4xvCRl3BfSK3toI9ADRE ykjnW1XgmQ5YJrP9aQBHDognOrvJ6sMYArRsbH1HSWjyeYgWibhkZvwl JNzCdNhptCjTJw7fP7sc1XMqMO5REBzFmW7lWIgrzwRJhCLLQ1g7D+46 38U= ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
SCENARIO_END
; config options
; The island of trust is at example.com
;server:
trust-anchor: "example.com. 3600 IN DS 55850 7 1 B3DEDE56E5386B588339D978A1B173B8B10366B8 "
val-override-date: "20181130121844"
; target-fetch-policy: "0 0 0 0 0"
; fake-sha1: yes
;stub-zone:
; name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
query-minimization: off
CONFIG_END
SCENARIO_BEGIN Test validator with CNAME response to DS
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL