xref: /netbsd-src/external/bsd/unbound/dist/testdata/auth_zonemd_insecure.rpl (revision 4f645668ed707e1f969c546666f8c8e45e6f8888) 
1; config options
2server:
3	target-fetch-policy: "0 0 0 0 0"
4	trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
5	trust-anchor-signaling: no
6	val-override-date: 20201020135527
7
8auth-zone:
9	name: "example.com."
10	## zonefile (or none).
11	## zonefile: "example.com.zone"
12	## master by IP address or hostname
13	## can list multiple masters, each on one line.
14	## master:
15	## url for http fetch
16	## url:
17	## queries from downstream clients get authoritative answers.
18	## for-downstream: yes
19	for-downstream: no
20	## queries are used to fetch authoritative answers from this zone,
21	## instead of unbound itself sending queries there.
22	## for-upstream: yes
23	for-upstream: yes
24	## on failures with for-upstream, fallback to sending queries to
25	## the authority servers
26	## fallback-enabled: no
27	zonemd-check: yes
28
29	## this line generates zonefile: \n"/tmp/xxx.example.com"\n
30	zonefile:
31TEMPFILE_NAME example.com
32	## this is the inline file /tmp/xxx.example.com
33	## the tempfiles are deleted when the testrun is over.
34TEMPFILE_CONTENTS example.com
35example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
36example.com. IN NS ns.example.com.
37example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
38www.example.com. IN A 127.0.0.1
39ns.example.com. IN A 127.0.0.1
40bar.example.com. IN A 1.2.3.4
41ding.example.com. IN A 1.2.3.4
42foo.example.com. IN A 1.2.3.4
43TEMPFILE_END
44
45stub-zone:
46	name: "."
47	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
48CONFIG_END
49
50SCENARIO_BEGIN Test authority zone with ZONEMD that is securely insecure
51; the trust anchor finds an online delegation with an insecure DS referral.
52
53; K.ROOT-SERVERS.NET.
54RANGE_BEGIN 0 100
55	ADDRESS 193.0.14.129
56ENTRY_BEGIN
57MATCH opcode qtype qname
58ADJUST copy_id
59REPLY QR NOERROR
60SECTION QUESTION
61. IN NS
62SECTION ANSWER
63. IN NS	K.ROOT-SERVERS.NET.
64SECTION ADDITIONAL
65K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
66ENTRY_END
67
68ENTRY_BEGIN
69MATCH opcode subdomain
70ADJUST copy_id copy_query
71REPLY QR NOERROR
72SECTION QUESTION
73com. IN NS
74SECTION AUTHORITY
75com.	IN NS	a.gtld-servers.net.
76SECTION ADDITIONAL
77a.gtld-servers.net.	IN 	A	192.5.6.30
78ENTRY_END
79RANGE_END
80
81; a.gtld-servers.net.
82RANGE_BEGIN 0 100
83	ADDRESS 192.5.6.30
84ENTRY_BEGIN
85MATCH opcode qtype qname
86ADJUST copy_id
87REPLY QR NOERROR
88SECTION QUESTION
89com. IN NS
90SECTION ANSWER
91com.	IN NS	a.gtld-servers.net.
92SECTION ADDITIONAL
93a.gtld-servers.net.	IN 	A	192.5.6.30
94ENTRY_END
95
96ENTRY_BEGIN
97MATCH opcode qname qtype
98ADJUST copy_id
99REPLY QR AA NOERROR
100SECTION QUESTION
101example.com. IN DS
102SECTION AUTHORITY
103com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400
104com.	3600	IN	RRSIG	SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM=
105example.com. IN NSEC foo.com. NS RRSIG
106example.com.	3600	IN	RRSIG	NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
107ENTRY_END
108
109ENTRY_BEGIN
110MATCH opcode subdomain
111ADJUST copy_id copy_query
112REPLY QR NOERROR
113SECTION QUESTION
114example.com. IN NS
115SECTION AUTHORITY
116example.com.	IN NS	ns.example.com.
117example.com. IN NSEC foo.com. NS RRSIG
118example.com.	3600	IN	RRSIG	NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
119SECTION ADDITIONAL
120ns.example.com. IN A 1.2.3.44
121ENTRY_END
122
123ENTRY_BEGIN
124MATCH opcode qtype qname
125ADJUST copy_id
126REPLY QR AA NOERROR
127SECTION QUESTION
128com. IN DNSKEY
129SECTION ANSWER
130com.	3600	IN	DNSKEY	257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
131com.	3600	IN	RRSIG	DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
132SECTION ADDITIONAL
133ENTRY_END
134
135RANGE_END
136
137; ns.example.net.
138RANGE_BEGIN 0 100
139	ADDRESS 1.2.3.44
140ENTRY_BEGIN
141MATCH opcode qtype qname
142ADJUST copy_id
143REPLY QR NOERROR
144SECTION QUESTION
145example.net. IN NS
146SECTION ANSWER
147example.net.	IN NS	ns.example.net.
148SECTION ADDITIONAL
149ns.example.net.		IN 	A	1.2.3.44
150ENTRY_END
151
152ENTRY_BEGIN
153MATCH opcode qtype qname
154ADJUST copy_id
155REPLY QR NOERROR
156SECTION QUESTION
157ns.example.net. IN A
158SECTION ANSWER
159ns.example.net. IN A	1.2.3.44
160SECTION AUTHORITY
161example.net.	IN NS	ns.example.net.
162ENTRY_END
163
164ENTRY_BEGIN
165MATCH opcode qtype qname
166ADJUST copy_id
167REPLY QR NOERROR
168SECTION QUESTION
169ns.example.net. IN AAAA
170SECTION AUTHORITY
171example.net.	IN NS	ns.example.net.
172SECTION ADDITIONAL
173www.example.net. IN A	1.2.3.44
174ENTRY_END
175
176ENTRY_BEGIN
177MATCH opcode qtype qname
178ADJUST copy_id
179REPLY QR NOERROR
180SECTION QUESTION
181example.com. IN NS
182SECTION ANSWER
183example.com.	IN NS	ns.example.net.
184ENTRY_END
185
186ENTRY_BEGIN
187MATCH opcode qtype qname
188ADJUST copy_id
189REPLY QR NOERROR
190SECTION QUESTION
191www.example.com. IN A
192SECTION ANSWER
193www.example.com. IN A	10.20.30.40
194ENTRY_END
195RANGE_END
196
197STEP 1 QUERY
198ENTRY_BEGIN
199REPLY RD
200SECTION QUESTION
201www.example.com. IN A
202ENTRY_END
203
204; recursion happens here.
205STEP 20 CHECK_ANSWER
206ENTRY_BEGIN
207MATCH all
208REPLY QR RD RA NOERROR
209SECTION QUESTION
210www.example.com. IN A
211SECTION ANSWER
212www.example.com. IN A	127.0.0.1
213ENTRY_END
214
215SCENARIO_END
216