xref: /netbsd-src/external/bsd/unbound/dist/testdata/autotrust_init_sigs.rpl (revision f42d8de7d1744f0ae38eedac13b4320e5351d1d6) 
1; config options
2server:
3	target-fetch-policy: "0 0 0 0 0"
4	log-time-ascii: yes
5	fake-sha1: yes
6	trust-anchor-signaling: no
7	minimal-responses: no
8stub-zone:
9	name: "."
10	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
11; initial content (say from dig example.com DNSKEY > example.com.key)
12AUTOTRUST_FILE example.com
13example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
14example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
15example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20070926134150 20070829134150 55582 example.com. sT5Se0rwBm0oAOcrX37oidl3zxK9QwvgAyOH+08Jq3V8KS4iPehBjNqXi9OITLgos4dHU/up4Z1BwgwTNYJIgg== ;{id = 55582}
16example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20070926134150 20070829134150 30899 example.com. DnrdGYsSAjAX1z93FQvPL8eX66uS9ip7A21gPTkvGBDwDoNB8JTNdRlEyWeXlipatbcQoZeG8mo87Wgp9eT/PA== ;{id = 30899}
17AUTOTRUST_END
18CONFIG_END
19
20SCENARIO_BEGIN Test autotrust with initial trust anchor with RRSIGs
21
22; K-ROOT
23RANGE_BEGIN 0 100
24	ADDRESS 193.0.14.129
25ENTRY_BEGIN
26MATCH opcode qname qtype
27ADJUST copy_id copy_query
28REPLY QR AA
29SECTION QUESTION
30. IN NS
31SECTION ANSWER
32. IN NS k.root-servers.net.
33SECTION ADDITIONAL
34k.root-servers.net IN A 193.0.14.129
35ENTRY_END
36
37ENTRY_BEGIN
38MATCH opcode subdomain
39ADJUST copy_id copy_query
40REPLY QR
41SECTION QUESTION
42com. IN NS
43SECTION AUTHORITY
44com. IN NS a.gtld-servers.net.
45SECTION ADDITIONAL
46a.gtld-servers.net. IN A 192.5.6.30
47ENTRY_END
48RANGE_END
49
50; a.gtld-servers.net.
51RANGE_BEGIN 0 100
52	ADDRESS 192.5.6.30
53ENTRY_BEGIN
54MATCH opcode subdomain
55ADJUST copy_id copy_query
56REPLY QR
57SECTION QUESTION
58example.com. IN NS
59SECTION AUTHORITY
60example.com. IN NS ns.example.com.
61SECTION ADDITIONAL
62ns.example.com. IN A 1.2.3.4
63ENTRY_END
64RANGE_END
65
66; ns.example.com.
67RANGE_BEGIN 0 100
68	ADDRESS 1.2.3.4
69ENTRY_BEGIN
70MATCH opcode qname qtype
71ADJUST copy_id
72REPLY QR AA
73SECTION QUESTION
74www.example.com. IN A
75SECTION ANSWER
76www.example.com.	3600	IN	A	10.20.30.40
77www.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
78SECTION AUTHORITY
79example.com.	3600	IN	NS	ns.example.com.
80example.com.	3600	IN	RRSIG	NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
81SECTION ADDITIONAL
82ns.example.com.	3600	IN	A	1.2.3.4
83ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
84ENTRY_END
85
86ENTRY_BEGIN
87MATCH opcode qname qtype
88ADJUST copy_id
89REPLY QR AA
90SECTION QUESTION
91example.com. IN DNSKEY
92SECTION ANSWER
93; KSK 1
94example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
95; ZSK 1
96example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (ksk), size = 512b}
97; signatures
98example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
99example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
100
101ENTRY_END
102RANGE_END
103
104; set date/time to Aug 24 07:46:40  (2009).
105STEP 5 TIME_PASSES ELAPSE 1251100000
106STEP 6 ASSIGN t0 = ${time}
107; get probe time and check it. 4800 is about 10% less than 5400. And more than
108; the 3600 that a failure timeout would have.
109STEP 7 ASSIGN probe = ${range 4800 ${timeout} 5400}
110
111
112; the auto probing should have been done now.
113STEP 8 CHECK_AUTOTRUST example.com
114FILE_BEGIN
115; autotrust trust anchor file
116;;id: example.com. 1
117;;last_queried: 1251100000 ;;Mon Aug 24 07:46:40 2009
118;;last_success: 1251100000 ;;Mon Aug 24 07:46:40 2009
119;;next_probe_time: ${$t0 + $probe} ;;${ctime $t0 + $probe}
120;;query_failed: 0
121;;query_interval: 5400
122;;retry_time: 3600
123example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 07:46:40 2009
124FILE_END
125
126
127STEP 10 QUERY
128ENTRY_BEGIN
129REPLY RD DO
130SECTION QUESTION
131www.example.com. IN A
132ENTRY_END
133
134STEP 20 CHECK_ANSWER
135ENTRY_BEGIN
136MATCH all
137REPLY QR RD RA AD DO NOERROR
138SECTION QUESTION
139www.example.com. IN A
140SECTION ANSWER
141www.example.com.	3600	IN	A	10.20.30.40
142www.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
143SECTION AUTHORITY
144example.com.	3600	IN	NS	ns.example.com.
145example.com.	3600	IN	RRSIG	NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
146SECTION ADDITIONAL
147ns.example.com.	3600	IN	A	1.2.3.4
148ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
149ENTRY_END
150
151; The autotrust anchor was probed due to the query.
152
153STEP 30 CHECK_AUTOTRUST example.com
154FILE_BEGIN
155; autotrust trust anchor file
156;;id: example.com. 1
157;;last_queried: 1251100000 ;;Mon Aug 24 07:46:40 2009
158;;last_success: 1251100000 ;;Mon Aug 24 07:46:40 2009
159;;next_probe_time: ${$t0 + $probe} ;;${ctime $t0 + $probe}
160;;query_failed: 0
161;;query_interval: 5400
162;;retry_time: 3600
163example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 07:46:40 2009
164FILE_END
165
166; wait and see if autotrust probes (the unchanged) domain again.
167STEP 40 TIME_PASSES EVAL ${$probe}
168
169STEP 50 TRAFFIC
170
171STEP 65 ASSIGN probe2 = ${range 4800 ${timeout} 5400}
172
173STEP 70 CHECK_AUTOTRUST example.com
174FILE_BEGIN
175; autotrust trust anchor file
176;;id: example.com. 1
177;;last_queried: ${time} ;;${ctime ${time}}
178;;last_success: ${time} ;;${ctime ${time}}
179;;next_probe_time: ${$t0 + $probe + $probe2} ;;${ctime $t0 + $probe + $probe2}
180;;query_failed: 0
181;;query_interval: 5400
182;;retry_time: 3600
183example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 07:46:40 2009
184FILE_END
185
186SCENARIO_END
187