xref: /netbsd-src/external/bsd/unbound/dist/testdata/autotrust_probefailsig.rpl (revision 8feb0f0b7eaff0608f8350bbfa3098827b4bb91b) 
1; config options
2server:
3	target-fetch-policy: "0 0 0 0 0"
4	log-time-ascii: yes
5	fake-sha1: yes
6	trust-anchor-signaling: no
7	ede: yes
8
9stub-zone:
10	name: "."
11	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
12AUTOTRUST_FILE example.com
13; autotrust trust anchor file
14;;id: example.com. 1
15;;last_queried: 1258962400 ;;Mon Nov 23 07:46:40 2009
16;;last_success: 1258962400 ;;Mon Nov 23 07:46:40 2009
17;;next_probe_time: 1258967360 ;;Mon Nov 23 09:09:20 2009
18;;query_failed: 0
19;;query_interval: 5400
20;;retry_time: 3600
21example.com.    10800   IN      DNSKEY  257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 07:46:40 2009
22example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 07:46:40 2009
23AUTOTRUST_END
24CONFIG_END
25
26SCENARIO_BEGIN Test autotrust with probe signature failure
27
28; K-ROOT
29RANGE_BEGIN 0 100
30	ADDRESS 193.0.14.129
31ENTRY_BEGIN
32MATCH opcode qname qtype
33ADJUST copy_id copy_query
34REPLY QR AA
35SECTION QUESTION
36. IN NS
37SECTION ANSWER
38. IN NS k.root-servers.net.
39SECTION ADDITIONAL
40k.root-servers.net IN A 193.0.14.129
41ENTRY_END
42
43ENTRY_BEGIN
44MATCH opcode subdomain
45ADJUST copy_id copy_query
46REPLY QR
47SECTION QUESTION
48com. IN NS
49SECTION AUTHORITY
50com. IN NS a.gtld-servers.net.
51SECTION ADDITIONAL
52a.gtld-servers.net. IN A 192.5.6.30
53ENTRY_END
54RANGE_END
55
56; a.gtld-servers.net.
57RANGE_BEGIN 0 100
58	ADDRESS 192.5.6.30
59ENTRY_BEGIN
60MATCH opcode subdomain
61ADJUST copy_id copy_query
62REPLY QR
63SECTION QUESTION
64example.com. IN NS
65SECTION AUTHORITY
66example.com. IN NS ns.example.com.
67SECTION ADDITIONAL
68ns.example.com. IN A 1.2.3.4
69ENTRY_END
70RANGE_END
71
72; ns.example.com.
73RANGE_BEGIN 0 100
74	ADDRESS 1.2.3.4
75ENTRY_BEGIN
76MATCH opcode qname qtype
77ADJUST copy_id
78REPLY QR AA SERVFAIL
79SECTION QUESTION
80ns.example.com. IN AAAA
81SECTION ANSWER
82ENTRY_END
83
84ENTRY_BEGIN
85MATCH opcode qname qtype
86ADJUST copy_id
87REPLY QR AA
88SECTION QUESTION
89example.com. IN DNSKEY
90SECTION ANSWER
91
92; revoked keys
93example.com.    10800   IN      DNSKEY  385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b}
94example.com.	10800	IN	DNSKEY	385 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16614 (ksk), size = 512b}
95; signatures
96; were edited from 20091124111500 20091018111500 to make them fail.
97example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090101011500 20090101011500 55710 example.com. zOSlB1iwtlP2lum1RK0WoDQrMVj0JKwk2E5Mu1okzV38hAx3Xm9IGMK6WrNkVVLmx4OkhYmdPVA95jVsFpwLMw== ;{id = 55710}
98example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090101011500 20090101011500 16614 example.com. qP49cCYP3lvNnLBYty/JxAwHqBIGjpup5zQ7qpjPnaZpBb/TlpOhY17LBZrqD86VvBbEVz5tkxC9UrCy85ePDQ== ;{id = 16614}
99
100ENTRY_END
101
102ENTRY_BEGIN
103MATCH opcode qtype qname
104ADJUST copy_id copy_query
105REPLY QR
106SECTION QUESTION
107www.example.com. IN A
108SECTION ANSWER
109www.example.com. IN A 10.20.30.40
110ENTRY_END
111
112ENTRY_BEGIN
113MATCH opcode qname qtype
114ADJUST copy_id
115REPLY QR AA REFUSED
116SECTION QUESTION
117ns.example.com. IN A
118ENTRY_END
119
120ENTRY_BEGIN
121MATCH opcode qname qtype
122ADJUST copy_id
123REPLY QR AA REFUSED
124SECTION QUESTION
125ns.example.com. IN AAAA
126ENTRY_END
127RANGE_END
128
129; set date/time to Mon Nov 23 09:46:40 2009
130STEP 5 TIME_PASSES EVAL ${1258962400 + 7200}
131STEP 6 TRAFFIC   ; do the probe
132STEP 7 ASSIGN t0 = ${time}
133STEP 8 ASSIGN probe0 = ${range 3200 ${timeout} 3600}
134STEP 9 ASSIGN tp = ${1258962400}
135
136; the auto probing should have been done now.
137STEP 11 CHECK_AUTOTRUST example.com
138FILE_BEGIN
139; autotrust trust anchor file
140;;id: example.com. 1
141;;last_queried: ${$t0} ;;${ctime $t0}
142;;last_success: 1258962400 ;;Mon Nov 23 07:46:40 2009
143;;next_probe_time: ${$t0+$probe0} ;;${ctime $t0+$probe0}
144;;query_failed: 6
145;;query_interval: 5400
146;;retry_time: 3600
147example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 07:46:40 2009
148example.com.	10800	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 07:46:40 2009
149FILE_END
150
151STEP 20 QUERY
152ENTRY_BEGIN
153REPLY RD DO
154SECTION QUESTION
155www.example.com. IN A
156ENTRY_END
157
158STEP 30 CHECK_ANSWER
159ENTRY_BEGIN
160MATCH all ede=6
161REPLY QR RD RA DO SERVFAIL
162SECTION QUESTION
163www.example.com. IN A
164SECTION ANSWER
165ENTRY_END
166
167SCENARIO_END
168