1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 minimal-responses: no 11 rrset-roundrobin: no 12 13stub-zone: 14 name: "." 15 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 16CONFIG_END 17 18SCENARIO_BEGIN Test validator with blacklist for data response 19 20; K.ROOT-SERVERS.NET. 21RANGE_BEGIN 0 100 22 ADDRESS 193.0.14.129 23ENTRY_BEGIN 24MATCH opcode qtype qname 25ADJUST copy_id 26REPLY QR NOERROR 27SECTION QUESTION 28. IN NS 29SECTION ANSWER 30. IN NS K.ROOT-SERVERS.NET. 31SECTION ADDITIONAL 32K.ROOT-SERVERS.NET. IN A 193.0.14.129 33ENTRY_END 34 35ENTRY_BEGIN 36MATCH opcode qtype qname 37ADJUST copy_id 38REPLY QR NOERROR 39SECTION QUESTION 40www.example.com. IN A 41SECTION AUTHORITY 42com. IN NS a.gtld-servers.net. 43SECTION ADDITIONAL 44a.gtld-servers.net. IN A 192.5.6.30 45ENTRY_END 46RANGE_END 47 48; a.gtld-servers.net. 49RANGE_BEGIN 0 100 50 ADDRESS 192.5.6.30 51ENTRY_BEGIN 52MATCH opcode qtype qname 53ADJUST copy_id 54REPLY QR NOERROR 55SECTION QUESTION 56com. IN NS 57SECTION ANSWER 58com. IN NS a.gtld-servers.net. 59SECTION ADDITIONAL 60a.gtld-servers.net. IN A 192.5.6.30 61ENTRY_END 62 63ENTRY_BEGIN 64MATCH opcode qtype qname 65ADJUST copy_id 66REPLY QR NOERROR 67SECTION QUESTION 68ns.blabla.com. IN A 69SECTION ANSWER 70ns.blabla.com. IN A 1.2.3.5 71ENTRY_END 72 73ENTRY_BEGIN 74MATCH opcode qtype qname 75ADJUST copy_id 76REPLY QR NOERROR 77SECTION QUESTION 78ns.blabla.com. IN AAAA 79SECTION AUTHORITY 80com. IN SOA com. com. 2009100100 28800 7200 604800 3600 81ENTRY_END 82 83ENTRY_BEGIN 84MATCH opcode subdomain 85ADJUST copy_id copy_query 86REPLY QR NOERROR 87SECTION QUESTION 88example.com. IN NS 89SECTION AUTHORITY 90example.com. IN NS ns.example.com. 91example.com. IN NS ns.blabla.com. 92SECTION ADDITIONAL 93ns.example.com. IN A 1.2.3.4 94; no ns.blabla.com, try that later 95ENTRY_END 96RANGE_END 97 98; ns.example.com. 99RANGE_BEGIN 0 100 100 ADDRESS 1.2.3.4 101ENTRY_BEGIN 102MATCH opcode qtype qname 103ADJUST copy_id 104REPLY QR NOERROR 105SECTION QUESTION 106example.com. IN NS 107SECTION ANSWER 108example.com. IN NS ns.example.com. 109example.com. IN NS ns.blabla.com. 110example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. AKJ3xUBdSrCiOFkYajsy93d+h06rewpbmBHItTkL8R/26rw57b1gCIg= ;{id = 2854} 111SECTION ADDITIONAL 112ns.example.com. IN A 1.2.3.4 113ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854} 114ENTRY_END 115 116ENTRY_BEGIN 117MATCH opcode qtype qname 118ADJUST copy_id 119REPLY QR NOERROR 120SECTION QUESTION 121ns.example.com. IN A 122SECTION ANSWER 123ns.example.com. IN A 1.2.3.4 124ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854} 125SECTION ADDITIONAL 126ENTRY_END 127 128ENTRY_BEGIN 129MATCH opcode qtype qname 130ADJUST copy_id 131REPLY QR NOERROR 132SECTION QUESTION 133ns.example.com. IN AAAA 134SECTION ANSWER 135SECTION ADDITIONAL 136ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A 137ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20030926134150 20030829134150 2854 example.com. ACFVLLBtuSX/1z3461tbOwDz9zTHe5S9DbVtwnSO1f2x06fYbMpzSDE= ;{id = 2854} 138ENTRY_END 139 140; response to DNSKEY priming query 141ENTRY_BEGIN 142MATCH opcode qtype qname 143ADJUST copy_id 144REPLY QR NOERROR 145SECTION QUESTION 146example.com. IN DNSKEY 147SECTION ANSWER 148example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 149; make priming query succeed 150example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 151;example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20030926134150 20030829134150 2854 example.com. AG21xE8CFQzTq6XtHErg28b9EAmqPsoYCUcFPEAoAjFybM6AY4/bMOo= ;{id = 2854} 152SECTION AUTHORITY 153;example.com. IN NS ns.example.com. 154;example.com. IN NS ns.blabla.com. 155;example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACiWu7zjBHqgEX3iUoOF7rfpOmIAHj1npKQ+XDIaNlmdkfJxoCwFl04= ;{id = 2854} 156SECTION ADDITIONAL 157;ns.example.com. IN A 1.2.3.4 158;ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. ACmAsKTf7hqDaYK8CQ7FL1cGYPW+blTCnzZGkExFtEUAGrHeze87o+A= ;{id = 2854} 159ENTRY_END 160 161; response to query of interest 162ENTRY_BEGIN 163MATCH opcode qtype qname 164ADJUST copy_id 165REPLY QR NOERROR 166SECTION QUESTION 167www.example.com. IN A 168SECTION ANSWER 169www.example.com. IN A 10.20.30.40 170www.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGj9kE8oW3OhOLhkmJ3HBaNIOpvGf3S8zSd5gWmhpxAMc5hh6cxZfpQ= ;{id = 2854} 171SECTION AUTHORITY 172example.com. IN NS ns.example.com. 173example.com. IN NS ns.blabla.com. 174example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACHETweBNPgbmRoNRdKvxuw4X9qNUUTEpSuwV+HhuiBE83gbB98asAc= ;{id = 2854} 175SECTION ADDITIONAL 176ns.example.com. IN A 1.2.3.4 177ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGvu9A/nGsbatxJCmnObioIhKg2Tm0Apr0eo+DO1kIDrAHco/bt/EdY= ;{id = 2854} 178ENTRY_END 179RANGE_END 180 181; ns.blabla.com. 182RANGE_BEGIN 0 100 183 ADDRESS 1.2.3.5 184ENTRY_BEGIN 185MATCH opcode qtype qname 186ADJUST copy_id 187REPLY QR NOERROR 188SECTION QUESTION 189example.com. IN NS 190SECTION ANSWER 191example.com. IN NS ns.example.com. 192example.com. IN NS ns.blabla.com. 193example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 194SECTION ADDITIONAL 195ns.example.com. IN A 1.2.3.4 196ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 197ENTRY_END 198 199ENTRY_BEGIN 200MATCH opcode qtype qname 201ADJUST copy_id 202REPLY QR NOERROR 203SECTION QUESTION 204ns.example.com. IN A 205SECTION ANSWER 206ns.example.com. IN A 1.2.3.4 207ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 208SECTION ADDITIONAL 209ENTRY_END 210 211ENTRY_BEGIN 212MATCH opcode qtype qname 213ADJUST copy_id 214REPLY QR NOERROR 215SECTION QUESTION 216ns.example.com. IN AAAA 217SECTION ANSWER 218SECTION ADDITIONAL 219ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A 220ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABhDNtJramb2a4R1SK5gb/CTYJybQts6mZ++z3kLiwsrUSZInA4ikeQ= ;{id = 2854} 221ENTRY_END 222 223; response to DNSKEY priming query 224ENTRY_BEGIN 225MATCH opcode qtype qname 226ADJUST copy_id 227REPLY QR NOERROR 228SECTION QUESTION 229example.com. IN DNSKEY 230SECTION ANSWER 231example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 232example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 233SECTION AUTHORITY 234example.com. IN NS ns.example.com. 235example.com. IN NS ns.blabla.com. 236example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 237SECTION ADDITIONAL 238ns.example.com. IN A 1.2.3.4 239ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 240ENTRY_END 241 242; response to query of interest 243ENTRY_BEGIN 244MATCH opcode qtype qname 245ADJUST copy_id 246REPLY QR NOERROR 247SECTION QUESTION 248www.example.com. IN A 249SECTION ANSWER 250www.example.com. IN A 10.20.30.40 251ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 252SECTION AUTHORITY 253example.com. IN NS ns.example.com. 254example.com. IN NS ns.blabla.com. 255example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 256SECTION ADDITIONAL 257ns.example.com. IN A 1.2.3.4 258www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 259ENTRY_END 260RANGE_END 261 262STEP 1 QUERY 263ENTRY_BEGIN 264REPLY RD DO 265SECTION QUESTION 266www.example.com. IN A 267ENTRY_END 268 269; recursion happens here. 270STEP 10 CHECK_ANSWER 271ENTRY_BEGIN 272MATCH all 273REPLY QR RD RA AD DO NOERROR 274SECTION QUESTION 275www.example.com. IN A 276SECTION ANSWER 277www.example.com. IN A 10.20.30.40 278www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 279SECTION AUTHORITY 280example.com. IN NS ns.example.com. 281example.com. IN NS ns.blabla.com. 282example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 283SECTION ADDITIONAL 284ns.example.com. IN A 1.2.3.4 285ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 286ENTRY_END 287 288; remove pending ns.blabla.com AAAA msg 289STEP 30 QUERY 290ENTRY_BEGIN 291REPLY RD DO CD 292SECTION QUESTION 293ns.blabla.com. IN AAAA 294ENTRY_END 295 296; recursion happens here. 297STEP 40 CHECK_ANSWER 298ENTRY_BEGIN 299MATCH all 300REPLY QR RD CD RA DO NOERROR 301SECTION QUESTION 302ns.blabla.com. IN AAAA 303SECTION ANSWER 304SECTION AUTHORITY 305com. IN SOA com. com. 2009100100 28800 7200 604800 3600 306ENTRY_END 307 308SCENARIO_END 309