1; config options 2server: 3 target-fetch-policy: "0 0 0 0 0" 4 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" 5 trust-anchor-signaling: no 6 val-override-date: 20201020135527 7 8auth-zone: 9 name: "example.com." 10 ## zonefile (or none). 11 ## zonefile: "example.com.zone" 12 ## master by IP address or hostname 13 ## can list multiple masters, each on one line. 14 ## master: 15 ## url for http fetch 16 ## url: 17 ## queries from downstream clients get authoritative answers. 18 ## for-downstream: yes 19 for-downstream: no 20 ## queries are used to fetch authoritative answers from this zone, 21 ## instead of unbound itself sending queries there. 22 ## for-upstream: yes 23 for-upstream: yes 24 ## on failures with for-upstream, fallback to sending queries to 25 ## the authority servers 26 ## fallback-enabled: no 27 zonemd-check: yes 28 29 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n 30 zonefile: 31TEMPFILE_NAME example.com 32 ## this is the inline file /tmp/xxx.example.com 33 ## the tempfiles are deleted when the testrun is over. 34TEMPFILE_CONTENTS example.com 35example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 36example.com. IN NS ns.example.com. 37example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 38www.example.com. IN A 127.0.0.1 39ns.example.com. IN A 127.0.0.1 40bar.example.com. IN A 1.2.3.4 41ding.example.com. IN A 1.2.3.4 42foo.example.com. IN A 1.2.3.4 43TEMPFILE_END 44 45stub-zone: 46 name: "." 47 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 48CONFIG_END 49 50SCENARIO_BEGIN Test authority zone with ZONEMD that lacks a DNSKEY 51; the zone has no DNSSEC, but the trust anchor requires it. 52 53; K.ROOT-SERVERS.NET. 54RANGE_BEGIN 0 100 55 ADDRESS 193.0.14.129 56ENTRY_BEGIN 57MATCH opcode qtype qname 58ADJUST copy_id 59REPLY QR NOERROR 60SECTION QUESTION 61. IN NS 62SECTION ANSWER 63. IN NS K.ROOT-SERVERS.NET. 64SECTION ADDITIONAL 65K.ROOT-SERVERS.NET. IN A 193.0.14.129 66ENTRY_END 67 68ENTRY_BEGIN 69MATCH opcode subdomain 70ADJUST copy_id copy_query 71REPLY QR NOERROR 72SECTION QUESTION 73com. IN NS 74SECTION AUTHORITY 75com. IN NS a.gtld-servers.net. 76SECTION ADDITIONAL 77a.gtld-servers.net. IN A 192.5.6.30 78ENTRY_END 79RANGE_END 80 81; a.gtld-servers.net. 82RANGE_BEGIN 0 100 83 ADDRESS 192.5.6.30 84ENTRY_BEGIN 85MATCH opcode qtype qname 86ADJUST copy_id 87REPLY QR NOERROR 88SECTION QUESTION 89com. IN NS 90SECTION ANSWER 91com. IN NS a.gtld-servers.net. 92SECTION ADDITIONAL 93a.gtld-servers.net. IN A 192.5.6.30 94ENTRY_END 95 96ENTRY_BEGIN 97MATCH opcode qname qtype 98ADJUST copy_id 99REPLY QR AA NOERROR 100SECTION QUESTION 101example.com. IN DS 102SECTION ANSWER 103example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af 104example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= 105ENTRY_END 106 107ENTRY_BEGIN 108MATCH opcode subdomain 109ADJUST copy_id copy_query 110REPLY QR NOERROR 111SECTION QUESTION 112example.com. IN NS 113SECTION AUTHORITY 114example.com. IN NS ns.example.com. 115example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af 116example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= 117SECTION ADDITIONAL 118ns.example.com. IN A 1.2.3.44 119ENTRY_END 120 121ENTRY_BEGIN 122MATCH opcode qtype qname 123ADJUST copy_id 124REPLY QR AA NOERROR 125SECTION QUESTION 126com. IN DNSKEY 127SECTION ANSWER 128com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} 129com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= 130SECTION ADDITIONAL 131ENTRY_END 132 133RANGE_END 134 135; ns.example.net. 136RANGE_BEGIN 0 100 137 ADDRESS 1.2.3.44 138ENTRY_BEGIN 139MATCH opcode qtype qname 140ADJUST copy_id 141REPLY QR NOERROR 142SECTION QUESTION 143example.net. IN NS 144SECTION ANSWER 145example.net. IN NS ns.example.net. 146SECTION ADDITIONAL 147ns.example.net. IN A 1.2.3.44 148ENTRY_END 149 150ENTRY_BEGIN 151MATCH opcode qtype qname 152ADJUST copy_id 153REPLY QR NOERROR 154SECTION QUESTION 155ns.example.net. IN A 156SECTION ANSWER 157ns.example.net. IN A 1.2.3.44 158SECTION AUTHORITY 159example.net. IN NS ns.example.net. 160ENTRY_END 161 162ENTRY_BEGIN 163MATCH opcode qtype qname 164ADJUST copy_id 165REPLY QR NOERROR 166SECTION QUESTION 167ns.example.net. IN AAAA 168SECTION AUTHORITY 169example.net. IN NS ns.example.net. 170SECTION ADDITIONAL 171www.example.net. IN A 1.2.3.44 172ENTRY_END 173 174ENTRY_BEGIN 175MATCH opcode qtype qname 176ADJUST copy_id 177REPLY QR NOERROR 178SECTION QUESTION 179example.com. IN NS 180SECTION ANSWER 181example.com. IN NS ns.example.net. 182ENTRY_END 183 184ENTRY_BEGIN 185MATCH opcode qtype qname 186ADJUST copy_id 187REPLY QR NOERROR 188SECTION QUESTION 189www.example.com. IN A 190SECTION ANSWER 191www.example.com. IN A 10.20.30.40 192ENTRY_END 193RANGE_END 194 195STEP 1 QUERY 196ENTRY_BEGIN 197REPLY RD 198SECTION QUESTION 199www.example.com. IN A 200ENTRY_END 201 202; recursion happens here. 203STEP 20 CHECK_ANSWER 204ENTRY_BEGIN 205MATCH all 206REPLY QR RD RA SERVFAIL 207SECTION QUESTION 208www.example.com. IN A 209SECTION ANSWER 210ENTRY_END 211 212SCENARIO_END 213