1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 minimal-responses: no 11 rrset-roundrobin: no 12 13stub-zone: 14 name: "." 15 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 16CONFIG_END 17 18SCENARIO_BEGIN Test validator with blacklist for prime response 19; the data response needs a blacklist action as well, since it also 20; comes from an 'expired signatures' name server. 21 22; K.ROOT-SERVERS.NET. 23RANGE_BEGIN 0 100 24 ADDRESS 193.0.14.129 25ENTRY_BEGIN 26MATCH opcode qtype qname 27ADJUST copy_id 28REPLY QR NOERROR 29SECTION QUESTION 30. IN NS 31SECTION ANSWER 32. IN NS K.ROOT-SERVERS.NET. 33SECTION ADDITIONAL 34K.ROOT-SERVERS.NET. IN A 193.0.14.129 35ENTRY_END 36 37ENTRY_BEGIN 38MATCH opcode qtype qname 39ADJUST copy_id 40REPLY QR NOERROR 41SECTION QUESTION 42www.example.com. IN A 43SECTION AUTHORITY 44com. IN NS a.gtld-servers.net. 45SECTION ADDITIONAL 46a.gtld-servers.net. IN A 192.5.6.30 47ENTRY_END 48RANGE_END 49 50; a.gtld-servers.net. 51RANGE_BEGIN 0 100 52 ADDRESS 192.5.6.30 53ENTRY_BEGIN 54MATCH opcode qtype qname 55ADJUST copy_id 56REPLY QR NOERROR 57SECTION QUESTION 58com. IN NS 59SECTION ANSWER 60com. IN NS a.gtld-servers.net. 61SECTION ADDITIONAL 62a.gtld-servers.net. IN A 192.5.6.30 63ENTRY_END 64 65ENTRY_BEGIN 66MATCH opcode qtype qname 67ADJUST copy_id 68REPLY QR NOERROR 69SECTION QUESTION 70ns.blabla.com. IN A 71SECTION ANSWER 72ns.blabla.com. IN A 1.2.3.5 73ENTRY_END 74 75ENTRY_BEGIN 76MATCH opcode qtype qname 77ADJUST copy_id 78REPLY QR NOERROR 79SECTION QUESTION 80ns.blabla.com. IN AAAA 81SECTION AUTHORITY 82com. IN SOA com. com. 2009100100 28800 7200 604800 3600 83ENTRY_END 84 85ENTRY_BEGIN 86MATCH opcode subdomain 87ADJUST copy_id copy_query 88REPLY QR NOERROR 89SECTION QUESTION 90example.com. IN NS 91SECTION AUTHORITY 92example.com. IN NS ns.example.com. 93example.com. IN NS ns.blabla.com. 94SECTION ADDITIONAL 95ns.example.com. IN A 1.2.3.4 96; no ns.blabla.com, try that later 97ENTRY_END 98RANGE_END 99 100; ns.example.com. 101RANGE_BEGIN 0 100 102 ADDRESS 1.2.3.4 103ENTRY_BEGIN 104MATCH opcode qtype qname 105ADJUST copy_id 106REPLY QR NOERROR 107SECTION QUESTION 108example.com. IN NS 109SECTION ANSWER 110example.com. IN NS ns.example.com. 111example.com. IN NS ns.blabla.com. 112example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. AKJ3xUBdSrCiOFkYajsy93d+h06rewpbmBHItTkL8R/26rw57b1gCIg= ;{id = 2854} 113SECTION ADDITIONAL 114ns.example.com. IN A 1.2.3.4 115ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854} 116ENTRY_END 117 118ENTRY_BEGIN 119MATCH opcode qtype qname 120ADJUST copy_id 121REPLY QR NOERROR 122SECTION QUESTION 123ns.example.com. IN A 124SECTION ANSWER 125ns.example.com. IN A 1.2.3.4 126ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854} 127SECTION ADDITIONAL 128ENTRY_END 129 130ENTRY_BEGIN 131MATCH opcode qtype qname 132ADJUST copy_id 133REPLY QR NOERROR 134SECTION QUESTION 135ns.example.com. IN AAAA 136SECTION ANSWER 137SECTION ADDITIONAL 138ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A 139ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20030926134150 20030829134150 2854 example.com. ACFVLLBtuSX/1z3461tbOwDz9zTHe5S9DbVtwnSO1f2x06fYbMpzSDE= ;{id = 2854} 140ENTRY_END 141 142; response to DNSKEY priming query 143ENTRY_BEGIN 144MATCH opcode qtype qname 145ADJUST copy_id 146REPLY QR NOERROR 147SECTION QUESTION 148example.com. IN DNSKEY 149SECTION ANSWER 150example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 151example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20030926134150 20030829134150 2854 example.com. AG21xE8CFQzTq6XtHErg28b9EAmqPsoYCUcFPEAoAjFybM6AY4/bMOo= ;{id = 2854} 152SECTION AUTHORITY 153example.com. IN NS ns.example.com. 154example.com. IN NS ns.blabla.com. 155example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACiWu7zjBHqgEX3iUoOF7rfpOmIAHj1npKQ+XDIaNlmdkfJxoCwFl04= ;{id = 2854} 156SECTION ADDITIONAL 157ns.example.com. IN A 1.2.3.4 158ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. ACmAsKTf7hqDaYK8CQ7FL1cGYPW+blTCnzZGkExFtEUAGrHeze87o+A= ;{id = 2854} 159ENTRY_END 160 161; response to query of interest 162ENTRY_BEGIN 163MATCH opcode qtype qname 164ADJUST copy_id 165REPLY QR NOERROR 166SECTION QUESTION 167www.example.com. IN A 168SECTION ANSWER 169www.example.com. IN A 10.20.30.40 170www.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGj9kE8oW3OhOLhkmJ3HBaNIOpvGf3S8zSd5gWmhpxAMc5hh6cxZfpQ= ;{id = 2854} 171SECTION AUTHORITY 172example.com. IN NS ns.example.com. 173example.com. IN NS ns.blabla.com. 174example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACHETweBNPgbmRoNRdKvxuw4X9qNUUTEpSuwV+HhuiBE83gbB98asAc= ;{id = 2854} 175SECTION ADDITIONAL 176ns.example.com. IN A 1.2.3.4 177ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGvu9A/nGsbatxJCmnObioIhKg2Tm0Apr0eo+DO1kIDrAHco/bt/EdY= ;{id = 2854} 178ENTRY_END 179RANGE_END 180 181; ns.blabla.com. 182RANGE_BEGIN 0 100 183 ADDRESS 1.2.3.5 184ENTRY_BEGIN 185MATCH opcode qtype qname 186ADJUST copy_id 187REPLY QR NOERROR 188SECTION QUESTION 189example.com. IN NS 190SECTION ANSWER 191example.com. IN NS ns.example.com. 192example.com. IN NS ns.blabla.com. 193example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 194SECTION ADDITIONAL 195ns.example.com. IN A 1.2.3.4 196ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 197ENTRY_END 198 199ENTRY_BEGIN 200MATCH opcode qtype qname 201ADJUST copy_id 202REPLY QR NOERROR 203SECTION QUESTION 204ns.example.com. IN A 205SECTION ANSWER 206ns.example.com. IN A 1.2.3.4 207ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 208SECTION ADDITIONAL 209ENTRY_END 210 211ENTRY_BEGIN 212MATCH opcode qtype qname 213ADJUST copy_id 214REPLY QR NOERROR 215SECTION QUESTION 216ns.example.com. IN AAAA 217SECTION ANSWER 218SECTION ADDITIONAL 219ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A 220ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABhDNtJramb2a4R1SK5gb/CTYJybQts6mZ++z3kLiwsrUSZInA4ikeQ= ;{id = 2854} 221ENTRY_END 222 223; response to DNSKEY priming query 224ENTRY_BEGIN 225MATCH opcode qtype qname 226ADJUST copy_id 227REPLY QR NOERROR 228SECTION QUESTION 229example.com. IN DNSKEY 230SECTION ANSWER 231example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 232example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 233SECTION AUTHORITY 234example.com. IN NS ns.example.com. 235example.com. IN NS ns.blabla.com. 236example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 237SECTION ADDITIONAL 238ns.example.com. IN A 1.2.3.4 239ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 240ENTRY_END 241 242; response to query of interest 243ENTRY_BEGIN 244MATCH opcode qtype qname 245ADJUST copy_id 246REPLY QR NOERROR 247SECTION QUESTION 248www.example.com. IN A 249SECTION ANSWER 250www.example.com. IN A 10.20.30.40 251ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 252SECTION AUTHORITY 253example.com. IN NS ns.example.com. 254example.com. IN NS ns.blabla.com. 255example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 256SECTION ADDITIONAL 257ns.example.com. IN A 1.2.3.4 258www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 259ENTRY_END 260RANGE_END 261 262STEP 1 QUERY 263ENTRY_BEGIN 264REPLY RD DO 265SECTION QUESTION 266www.example.com. IN A 267ENTRY_END 268 269; recursion happens here. 270STEP 10 CHECK_ANSWER 271ENTRY_BEGIN 272MATCH all 273REPLY QR RD RA AD DO NOERROR 274SECTION QUESTION 275www.example.com. IN A 276SECTION ANSWER 277www.example.com. IN A 10.20.30.40 278www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 279SECTION AUTHORITY 280example.com. IN NS ns.example.com. 281example.com. IN NS ns.blabla.com. 282example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 283SECTION ADDITIONAL 284ns.example.com. IN A 1.2.3.4 285ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 286ENTRY_END 287 288; remove pending ns.blabla.com AAAA msg 289STEP 30 QUERY 290ENTRY_BEGIN 291REPLY RD DO CD 292SECTION QUESTION 293ns.blabla.com. IN AAAA 294ENTRY_END 295 296; recursion happens here. 297STEP 40 CHECK_ANSWER 298ENTRY_BEGIN 299MATCH all 300REPLY QR RD CD RA DO NOERROR 301SECTION QUESTION 302ns.blabla.com. IN AAAA 303SECTION ANSWER 304SECTION AUTHORITY 305com. IN SOA com. com. 2009100100 28800 7200 604800 3600 306ENTRY_END 307 308SCENARIO_END 309