1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 8stub-zone: 9 name: "." 10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 11CONFIG_END 12 13SCENARIO_BEGIN Test validator with blacklist for data response 14 15; K.ROOT-SERVERS.NET. 16RANGE_BEGIN 0 100 17 ADDRESS 193.0.14.129 18ENTRY_BEGIN 19MATCH opcode qtype qname 20ADJUST copy_id 21REPLY QR NOERROR 22SECTION QUESTION 23. IN NS 24SECTION ANSWER 25. IN NS K.ROOT-SERVERS.NET. 26SECTION ADDITIONAL 27K.ROOT-SERVERS.NET. IN A 193.0.14.129 28ENTRY_END 29 30ENTRY_BEGIN 31MATCH opcode qtype qname 32ADJUST copy_id 33REPLY QR NOERROR 34SECTION QUESTION 35www.example.com. IN A 36SECTION AUTHORITY 37com. IN NS a.gtld-servers.net. 38SECTION ADDITIONAL 39a.gtld-servers.net. IN A 192.5.6.30 40ENTRY_END 41RANGE_END 42 43; a.gtld-servers.net. 44RANGE_BEGIN 0 100 45 ADDRESS 192.5.6.30 46ENTRY_BEGIN 47MATCH opcode qtype qname 48ADJUST copy_id 49REPLY QR NOERROR 50SECTION QUESTION 51com. IN NS 52SECTION ANSWER 53com. IN NS a.gtld-servers.net. 54SECTION ADDITIONAL 55a.gtld-servers.net. IN A 192.5.6.30 56ENTRY_END 57 58ENTRY_BEGIN 59MATCH opcode qtype qname 60ADJUST copy_id 61REPLY QR NOERROR 62SECTION QUESTION 63ns.blabla.com. IN A 64SECTION ANSWER 65ns.blabla.com. IN A 1.2.3.5 66ENTRY_END 67 68ENTRY_BEGIN 69MATCH opcode qtype qname 70ADJUST copy_id 71REPLY QR NOERROR 72SECTION QUESTION 73ns.blabla.com. IN AAAA 74SECTION AUTHORITY 75com. IN SOA com. com. 2009100100 28800 7200 604800 3600 76ENTRY_END 77 78ENTRY_BEGIN 79MATCH opcode subdomain 80ADJUST copy_id copy_query 81REPLY QR NOERROR 82SECTION QUESTION 83example.com. IN NS 84SECTION AUTHORITY 85example.com. IN NS ns.example.com. 86example.com. IN NS ns.blabla.com. 87SECTION ADDITIONAL 88ns.example.com. IN A 1.2.3.4 89; no ns.blabla.com, try that later 90ENTRY_END 91RANGE_END 92 93; ns.example.com. 94RANGE_BEGIN 0 100 95 ADDRESS 1.2.3.4 96ENTRY_BEGIN 97MATCH opcode qtype qname 98ADJUST copy_id 99REPLY QR NOERROR 100SECTION QUESTION 101example.com. IN NS 102SECTION ANSWER 103example.com. IN NS ns.example.com. 104example.com. IN NS ns.blabla.com. 105example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. AKJ3xUBdSrCiOFkYajsy93d+h06rewpbmBHItTkL8R/26rw57b1gCIg= ;{id = 2854} 106SECTION ADDITIONAL 107ns.example.com. IN A 1.2.3.4 108ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854} 109ENTRY_END 110 111ENTRY_BEGIN 112MATCH opcode qtype qname 113ADJUST copy_id 114REPLY QR NOERROR 115SECTION QUESTION 116ns.example.com. IN A 117SECTION ANSWER 118ns.example.com. IN A 1.2.3.4 119ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854} 120SECTION ADDITIONAL 121ENTRY_END 122 123ENTRY_BEGIN 124MATCH opcode qtype qname 125ADJUST copy_id 126REPLY QR NOERROR 127SECTION QUESTION 128ns.example.com. IN AAAA 129SECTION ANSWER 130SECTION ADDITIONAL 131ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A 132ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20030926134150 20030829134150 2854 example.com. ACFVLLBtuSX/1z3461tbOwDz9zTHe5S9DbVtwnSO1f2x06fYbMpzSDE= ;{id = 2854} 133ENTRY_END 134 135; response to DNSKEY priming query 136ENTRY_BEGIN 137MATCH opcode qtype qname 138ADJUST copy_id 139REPLY QR NOERROR 140SECTION QUESTION 141example.com. IN DNSKEY 142SECTION ANSWER 143example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 144; make priming query succeed 145example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 146;example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20030926134150 20030829134150 2854 example.com. AG21xE8CFQzTq6XtHErg28b9EAmqPsoYCUcFPEAoAjFybM6AY4/bMOo= ;{id = 2854} 147SECTION AUTHORITY 148;example.com. IN NS ns.example.com. 149;example.com. IN NS ns.blabla.com. 150;example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACiWu7zjBHqgEX3iUoOF7rfpOmIAHj1npKQ+XDIaNlmdkfJxoCwFl04= ;{id = 2854} 151SECTION ADDITIONAL 152;ns.example.com. IN A 1.2.3.4 153;ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. ACmAsKTf7hqDaYK8CQ7FL1cGYPW+blTCnzZGkExFtEUAGrHeze87o+A= ;{id = 2854} 154ENTRY_END 155 156; response to query of interest 157ENTRY_BEGIN 158MATCH opcode qtype qname 159ADJUST copy_id 160REPLY QR NOERROR 161SECTION QUESTION 162www.example.com. IN A 163SECTION ANSWER 164www.example.com. IN A 10.20.30.40 165www.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGj9kE8oW3OhOLhkmJ3HBaNIOpvGf3S8zSd5gWmhpxAMc5hh6cxZfpQ= ;{id = 2854} 166SECTION AUTHORITY 167example.com. IN NS ns.example.com. 168example.com. IN NS ns.blabla.com. 169example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACHETweBNPgbmRoNRdKvxuw4X9qNUUTEpSuwV+HhuiBE83gbB98asAc= ;{id = 2854} 170SECTION ADDITIONAL 171ns.example.com. IN A 1.2.3.4 172ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGvu9A/nGsbatxJCmnObioIhKg2Tm0Apr0eo+DO1kIDrAHco/bt/EdY= ;{id = 2854} 173ENTRY_END 174RANGE_END 175 176; ns.blabla.com. 177RANGE_BEGIN 0 100 178 ADDRESS 1.2.3.5 179ENTRY_BEGIN 180MATCH opcode qtype qname 181ADJUST copy_id 182REPLY QR NOERROR 183SECTION QUESTION 184example.com. IN NS 185SECTION ANSWER 186example.com. IN NS ns.example.com. 187example.com. IN NS ns.blabla.com. 188example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 189SECTION ADDITIONAL 190ns.example.com. IN A 1.2.3.4 191ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 192ENTRY_END 193 194ENTRY_BEGIN 195MATCH opcode qtype qname 196ADJUST copy_id 197REPLY QR NOERROR 198SECTION QUESTION 199ns.example.com. IN A 200SECTION ANSWER 201ns.example.com. IN A 1.2.3.4 202ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 203SECTION ADDITIONAL 204ENTRY_END 205 206ENTRY_BEGIN 207MATCH opcode qtype qname 208ADJUST copy_id 209REPLY QR NOERROR 210SECTION QUESTION 211ns.example.com. IN AAAA 212SECTION ANSWER 213SECTION ADDITIONAL 214ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A 215ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABhDNtJramb2a4R1SK5gb/CTYJybQts6mZ++z3kLiwsrUSZInA4ikeQ= ;{id = 2854} 216ENTRY_END 217 218; response to DNSKEY priming query 219ENTRY_BEGIN 220MATCH opcode qtype qname 221ADJUST copy_id 222REPLY QR NOERROR 223SECTION QUESTION 224example.com. IN DNSKEY 225SECTION ANSWER 226example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 227example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 228SECTION AUTHORITY 229example.com. IN NS ns.example.com. 230example.com. IN NS ns.blabla.com. 231example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 232SECTION ADDITIONAL 233ns.example.com. IN A 1.2.3.4 234ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 235ENTRY_END 236 237; response to query of interest 238ENTRY_BEGIN 239MATCH opcode qtype qname 240ADJUST copy_id 241REPLY QR NOERROR 242SECTION QUESTION 243www.example.com. IN A 244SECTION ANSWER 245www.example.com. IN A 10.20.30.40 246ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 247SECTION AUTHORITY 248example.com. IN NS ns.example.com. 249example.com. IN NS ns.blabla.com. 250example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 251SECTION ADDITIONAL 252ns.example.com. IN A 1.2.3.4 253www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 254ENTRY_END 255RANGE_END 256 257STEP 1 QUERY 258ENTRY_BEGIN 259REPLY RD DO 260SECTION QUESTION 261www.example.com. IN A 262ENTRY_END 263 264; recursion happens here. 265STEP 10 CHECK_ANSWER 266ENTRY_BEGIN 267MATCH all 268REPLY QR RD RA AD DO NOERROR 269SECTION QUESTION 270www.example.com. IN A 271SECTION ANSWER 272www.example.com. IN A 10.20.30.40 273www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 274SECTION AUTHORITY 275example.com. IN NS ns.example.com. 276example.com. IN NS ns.blabla.com. 277example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 278SECTION ADDITIONAL 279ns.example.com. IN A 1.2.3.4 280ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 281ENTRY_END 282 283; remove pending ns.blabla.com AAAA msg 284STEP 30 QUERY 285ENTRY_BEGIN 286REPLY RD DO CD 287SECTION QUESTION 288ns.blabla.com. IN AAAA 289ENTRY_END 290 291; recursion happens here. 292STEP 40 CHECK_ANSWER 293ENTRY_BEGIN 294MATCH all 295REPLY QR RD CD RA DO NOERROR 296SECTION QUESTION 297ns.blabla.com. IN AAAA 298SECTION ANSWER 299SECTION AUTHORITY 300com. IN SOA com. com. 2009100100 28800 7200 604800 3600 301ENTRY_END 302 303SCENARIO_END 304