xref: /netbsd-src/external/bsd/unbound/dist/testdata/autotrust_init_fail.rpl (revision 91f7d55fb697b5e0475da4718fa34c3a3ebeac85) 
1; config options
2server:
3	target-fetch-policy: "0 0 0 0 0"
4	log-time-ascii: yes
5	fake-sha1: yes
6	trust-anchor-signaling: no
7	ede: yes
8	access-control: 127.0.0.0/8 allow_snoop
9
10stub-zone:
11	name: "."
12	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
13; initial content (say from dig example.com DNSKEY > example.com.key)
14AUTOTRUST_FILE example.com
15example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
16example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
17AUTOTRUST_END
18CONFIG_END
19
20SCENARIO_BEGIN Test autotrust with failed initial trust anchor
21
22; K-ROOT
23RANGE_BEGIN 0 100
24	ADDRESS 193.0.14.129
25ENTRY_BEGIN
26MATCH opcode qname qtype
27ADJUST copy_id copy_query
28REPLY QR AA
29SECTION QUESTION
30. IN NS
31SECTION ANSWER
32. IN NS k.root-servers.net.
33SECTION ADDITIONAL
34k.root-servers.net IN A 193.0.14.129
35ENTRY_END
36
37ENTRY_BEGIN
38MATCH opcode subdomain
39ADJUST copy_id copy_query
40REPLY QR
41SECTION QUESTION
42com. IN NS
43SECTION AUTHORITY
44com. IN NS a.gtld-servers.net.
45SECTION ADDITIONAL
46a.gtld-servers.net. IN A 192.5.6.30
47ENTRY_END
48RANGE_END
49
50; a.gtld-servers.net.
51RANGE_BEGIN 0 100
52	ADDRESS 192.5.6.30
53ENTRY_BEGIN
54MATCH opcode subdomain
55ADJUST copy_id copy_query
56REPLY QR
57SECTION QUESTION
58example.com. IN NS
59SECTION AUTHORITY
60example.com. IN NS ns.example.com.
61SECTION ADDITIONAL
62ns.example.com. IN A 1.2.3.4
63ENTRY_END
64RANGE_END
65
66; ns.example.com.
67RANGE_BEGIN 0 100
68	ADDRESS 1.2.3.4
69ENTRY_BEGIN
70MATCH opcode qname qtype
71ADJUST copy_id
72REPLY QR AA
73SECTION QUESTION
74ns.example.com. IN AAAA
75SECTION ANSWER
76ns.example.com. IN NSEC nugget.example.com. A NSEC RRSIG
77ns.example.com.	3600	IN	RRSIG	NSEC 5 3 3600 20090924111500 20090821111500 30899 example.com. WRUQ5d5aBO5AXbvnfCd0AWfKGvQIuAjT2qydGkUIaLZaiP4nj+JdquEy1nGvBwYQ9gWyP7b6C6UGrUnVcNBpcw== ;{id = 30899}
78SECTION AUTHORITY
79example.com.	3600	IN	NS	ns.example.com.
80example.com.	3600	IN	RRSIG	NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
81SECTION ADDITIONAL
82ENTRY_END
83
84ENTRY_BEGIN
85MATCH opcode qname qtype
86ADJUST copy_id
87REPLY QR AA
88SECTION QUESTION
89ns.example.com. IN A
90SECTION ANSWER
91ns.example.com.	3600	IN	A	1.2.3.4
92ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
93SECTION AUTHORITY
94example.com.	3600	IN	NS	ns.example.com.
95example.com.	3600	IN	RRSIG	NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
96SECTION ADDITIONAL
97ENTRY_END
98
99ENTRY_BEGIN
100MATCH opcode qname qtype
101ADJUST copy_id
102REPLY QR AA
103SECTION QUESTION
104www.example.com. IN A
105SECTION ANSWER
106www.example.com.	3600	IN	A	10.20.30.40
107www.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
108SECTION AUTHORITY
109example.com.	3600	IN	NS	ns.example.com.
110example.com.	3600	IN	RRSIG	NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
111SECTION ADDITIONAL
112ns.example.com.	3600	IN	A	1.2.3.4
113ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
114ENTRY_END
115
116ENTRY_BEGIN
117MATCH opcode qname qtype
118ADJUST copy_id
119REPLY QR AA SERVFAIL
120SECTION QUESTION
121example.com. IN DNSKEY
122SECTION ANSWER
123; KSK 1
124example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
125; ZSK 1
126example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (ksk), size = 512b}
127; signatures
128example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
129example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
130
131ENTRY_END
132RANGE_END
133
134; set date/time to Aug 24 07:46:40  (2009).
135STEP 5 TIME_PASSES ELAPSE 1251100000
136STEP 6 ASSIGN t0 = ${time}
137STEP 7 ASSIGN probe = ${range 3200 ${timeout} 3600}
138
139; the auto probing should have been done now.
140STEP 8 CHECK_AUTOTRUST example.com
141FILE_BEGIN
142example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
143example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
144FILE_END
145
146
147STEP 10 QUERY
148ENTRY_BEGIN
149REPLY RD DO
150SECTION QUESTION
151www.example.com. IN A
152ENTRY_END
153
154STEP 20 CHECK_ANSWER
155ENTRY_BEGIN
156MATCH all ede=9
157REPLY QR RD RA DO SERVFAIL
158SECTION QUESTION
159www.example.com. IN A
160SECTION ANSWER
161ENTRY_END
162
163; Redo the query without RD to check EDE caching.
164STEP 21 QUERY
165ENTRY_BEGIN
166REPLY DO
167SECTION QUESTION
168www.example.com. IN A
169ENTRY_END
170
171STEP 22 CHECK_ANSWER
172ENTRY_BEGIN
173MATCH all ede=9
174REPLY QR RA DO SERVFAIL
175SECTION QUESTION
176www.example.com. IN A
177SECTION ANSWER
178ENTRY_END
179
180; The autotrust anchor was probed due to the query.
181
182STEP 30 CHECK_AUTOTRUST example.com
183FILE_BEGIN
184example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
185example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
186FILE_END
187
188; wait and see if autotrust probes (the unchanged) domain again.
189STEP 40 TIME_PASSES EVAL ${$probe}
190
191STEP 50 TRAFFIC
192
193STEP 65 ASSIGN probe2 = ${range 3200 ${timeout} 3600}
194
195STEP 70 CHECK_AUTOTRUST example.com
196FILE_BEGIN
197example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
198example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
199FILE_END
200
201SCENARIO_END
202