xref: /netbsd-src/external/bsd/unbound/dist/testdata/black_prime_entry.rpl (revision 2dd295436a0082eb4f8d294f4aa73c223413d0f2)
1; config options
2; The island of trust is at example.com
3server:
4	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5	val-override-date: "20070916134226"
6	target-fetch-policy: "0 0 0 0 0"
7	qname-minimisation: "no"
8	fake-sha1: yes
9	trust-anchor-signaling: no
10	ede: yes
11
12stub-zone:
13	name: "."
14	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
15CONFIG_END
16
17SCENARIO_BEGIN Test validator with blacklist prime gives bad key entry
18; the data response needs a blacklist action as well, since it also
19; comes from an 'expired signatures' name server.
20
21; K.ROOT-SERVERS.NET.
22RANGE_BEGIN 0 99
23	ADDRESS 193.0.14.129
24ENTRY_BEGIN
25MATCH opcode qtype qname
26ADJUST copy_id
27REPLY QR NOERROR
28SECTION QUESTION
29. IN NS
30SECTION ANSWER
31. IN NS	K.ROOT-SERVERS.NET.
32SECTION ADDITIONAL
33K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
34ENTRY_END
35
36ENTRY_BEGIN
37MATCH opcode qtype qname
38ADJUST copy_id
39REPLY QR NOERROR
40SECTION QUESTION
41www.example.com. IN A
42SECTION AUTHORITY
43com.	IN NS	a.gtld-servers.net.
44SECTION ADDITIONAL
45a.gtld-servers.net.	IN 	A	192.5.6.30
46ENTRY_END
47RANGE_END
48
49; a.gtld-servers.net.
50RANGE_BEGIN 0 99
51	ADDRESS 192.5.6.30
52ENTRY_BEGIN
53MATCH opcode qtype qname
54ADJUST copy_id
55REPLY QR NOERROR
56SECTION QUESTION
57com. IN NS
58SECTION ANSWER
59com.    IN NS   a.gtld-servers.net.
60SECTION ADDITIONAL
61a.gtld-servers.net.     IN      A       192.5.6.30
62ENTRY_END
63
64ENTRY_BEGIN
65MATCH opcode qtype qname
66ADJUST copy_id
67REPLY QR NOERROR
68SECTION QUESTION
69ns.blabla.com. IN A
70SECTION ANSWER
71ns.blabla.com. IN A 1.2.3.5
72ENTRY_END
73
74ENTRY_BEGIN
75MATCH opcode qtype qname
76ADJUST copy_id
77REPLY QR NOERROR
78SECTION QUESTION
79ns.blabla.com. IN AAAA
80SECTION AUTHORITY
81com. IN SOA com. com. 2009100100 28800 7200 604800 3600
82ENTRY_END
83
84ENTRY_BEGIN
85MATCH opcode subdomain
86ADJUST copy_id copy_query
87REPLY QR NOERROR
88SECTION QUESTION
89example.com. IN NS
90SECTION AUTHORITY
91example.com.	IN NS	ns.example.com.
92;example.com.	IN NS	ns.blabla.com.
93SECTION ADDITIONAL
94ns.example.com.		IN 	A	1.2.3.4
95; no ns.blabla.com, try that later
96ENTRY_END
97RANGE_END
98
99; ns.example.com.
100RANGE_BEGIN 0 99
101	ADDRESS 1.2.3.4
102ENTRY_BEGIN
103MATCH opcode qtype qname
104ADJUST copy_id
105REPLY QR NOERROR
106SECTION QUESTION
107example.com. IN NS
108SECTION ANSWER
109example.com.    IN NS   ns.example.com.
110example.com.    IN NS   ns.blabla.com.
111example.com.	3600	IN	RRSIG	NS 3 2 3600 20030926134150 20030829134150 2854 example.com. AKJ3xUBdSrCiOFkYajsy93d+h06rewpbmBHItTkL8R/26rw57b1gCIg= ;{id = 2854}
112SECTION ADDITIONAL
113ns.example.com.         IN      A       1.2.3.4
114ns.example.com.	3600	IN	RRSIG	A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854}
115ENTRY_END
116
117ENTRY_BEGIN
118MATCH opcode qtype qname
119ADJUST copy_id
120REPLY QR NOERROR
121SECTION QUESTION
122ns.example.com. IN A
123SECTION ANSWER
124ns.example.com.         IN      A       1.2.3.4
125ns.example.com.	3600	IN	RRSIG	A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854}
126SECTION ADDITIONAL
127ENTRY_END
128
129ENTRY_BEGIN
130MATCH opcode qtype qname
131ADJUST copy_id
132REPLY QR NOERROR
133SECTION QUESTION
134ns.example.com. IN AAAA
135SECTION ANSWER
136SECTION ADDITIONAL
137ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A
138ns.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20030926134150 20030829134150 2854 example.com. ACFVLLBtuSX/1z3461tbOwDz9zTHe5S9DbVtwnSO1f2x06fYbMpzSDE= ;{id = 2854}
139ENTRY_END
140
141; response to DNSKEY priming query
142ENTRY_BEGIN
143MATCH opcode qtype qname
144ADJUST copy_id
145REPLY QR NOERROR
146SECTION QUESTION
147example.com. IN DNSKEY
148SECTION ANSWER
149example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
150example.com.	3600	IN	RRSIG	DNSKEY 3 2 3600 20030926134150 20030829134150 2854 example.com. AG21xE8CFQzTq6XtHErg28b9EAmqPsoYCUcFPEAoAjFybM6AY4/bMOo= ;{id = 2854}
151SECTION AUTHORITY
152;example.com.    IN NS   ns.example.com.
153;example.com.    IN NS   ns.blabla.com.
154;example.com.	3600	IN	RRSIG	NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACiWu7zjBHqgEX3iUoOF7rfpOmIAHj1npKQ+XDIaNlmdkfJxoCwFl04= ;{id = 2854}
155SECTION ADDITIONAL
156;ns.example.com.		IN 	A	1.2.3.4
157;ns.example.com.	3600	IN	RRSIG	A 3 3 3600 20030926134150 20030829134150 2854 example.com. ACmAsKTf7hqDaYK8CQ7FL1cGYPW+blTCnzZGkExFtEUAGrHeze87o+A= ;{id = 2854}
158ENTRY_END
159
160; response to query of interest
161ENTRY_BEGIN
162MATCH opcode qtype qname
163ADJUST copy_id
164REPLY QR NOERROR
165SECTION QUESTION
166www.example.com. IN A
167SECTION ANSWER
168www.example.com. IN A	10.20.30.40
169www.example.com.	3600	IN	RRSIG	A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGj9kE8oW3OhOLhkmJ3HBaNIOpvGf3S8zSd5gWmhpxAMc5hh6cxZfpQ= ;{id = 2854}
170SECTION AUTHORITY
171;example.com.    IN NS   ns.example.com.
172;example.com.    IN NS   ns.blabla.com.
173;example.com.	3600	IN	RRSIG	NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACHETweBNPgbmRoNRdKvxuw4X9qNUUTEpSuwV+HhuiBE83gbB98asAc= ;{id = 2854}
174SECTION ADDITIONAL
175;ns.example.com.		IN 	A	1.2.3.4
176;ns.example.com.	3600	IN	RRSIG	A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGvu9A/nGsbatxJCmnObioIhKg2Tm0Apr0eo+DO1kIDrAHco/bt/EdY= ;{id = 2854}
177ENTRY_END
178RANGE_END
179
180; ns.blabla.com.
181RANGE_BEGIN 0 99
182	ADDRESS 1.2.3.5
183ENTRY_BEGIN
184MATCH opcode qtype qname
185ADJUST copy_id
186REPLY QR NOERROR
187SECTION QUESTION
188example.com. IN NS
189SECTION ANSWER
190example.com.    IN NS   ns.example.com.
191example.com.    IN NS   ns.blabla.com.
192example.com.	3600	IN	RRSIG	NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854}
193SECTION ADDITIONAL
194ns.example.com.         IN      A       1.2.3.4
195ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
196ENTRY_END
197
198ENTRY_BEGIN
199MATCH opcode qtype qname
200ADJUST copy_id
201REPLY QR NOERROR
202SECTION QUESTION
203ns.example.com. IN A
204SECTION ANSWER
205ns.example.com.         IN      A       1.2.3.4
206ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
207SECTION ADDITIONAL
208ENTRY_END
209
210ENTRY_BEGIN
211MATCH opcode qtype qname
212ADJUST copy_id
213REPLY QR NOERROR
214SECTION QUESTION
215ns.example.com. IN AAAA
216SECTION ANSWER
217SECTION ADDITIONAL
218ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A
219ns.example.com.	3600	IN	RRSIG	NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABhDNtJramb2a4R1SK5gb/CTYJybQts6mZ++z3kLiwsrUSZInA4ikeQ= ;{id = 2854}
220ENTRY_END
221
222; response to DNSKEY priming query
223ENTRY_BEGIN
224MATCH opcode qtype qname
225ADJUST copy_id
226REPLY QR NOERROR
227SECTION QUESTION
228example.com. IN DNSKEY
229SECTION ANSWER
230example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
231example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
232SECTION AUTHORITY
233example.com.    IN NS   ns.example.com.
234example.com.    IN NS   ns.blabla.com.
235example.com.	3600	IN	RRSIG	NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854}
236SECTION ADDITIONAL
237ns.example.com.		IN 	A	1.2.3.4
238ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
239ENTRY_END
240
241; response to query of interest
242ENTRY_BEGIN
243MATCH opcode qtype qname
244ADJUST copy_id
245REPLY QR NOERROR
246SECTION QUESTION
247www.example.com. IN A
248SECTION ANSWER
249www.example.com. IN A	10.20.30.40
250ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
251SECTION AUTHORITY
252example.com.    IN NS   ns.example.com.
253example.com.    IN NS   ns.blabla.com.
254example.com.	3600	IN	RRSIG	NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854}
255SECTION ADDITIONAL
256ns.example.com.		IN 	A	1.2.3.4
257www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
258ENTRY_END
259RANGE_END
260
261; ns.example.com.
262; later on, making sure DNSKEY primes give testbound failure.
263RANGE_BEGIN 100 200
264	ADDRESS 1.2.3.4
265ENTRY_BEGIN
266MATCH opcode qtype qname
267ADJUST copy_id
268REPLY QR NOERROR
269SECTION QUESTION
270ftp.example.com. IN A
271SECTION ANSWER
272ftp.example.com. IN A 10.20.33.33
273; very bad signature
274ftp.example.com.	3600	IN	RRSIG	A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854}
275ENTRY_END
276RANGE_END
277
278
279STEP 1 QUERY
280ENTRY_BEGIN
281REPLY RD DO
282SECTION QUESTION
283www.example.com. IN A
284ENTRY_END
285
286; recursion happens here.
287STEP 10 CHECK_ANSWER
288ENTRY_BEGIN
289MATCH all ede=7
290REPLY QR RD RA DO SERVFAIL
291SECTION QUESTION
292www.example.com. IN A
293ENTRY_END
294
295STEP 100 TIME_PASSES ELAPSE 10
296
297; second query should not result in going to the network.
298STEP 110 QUERY
299ENTRY_BEGIN
300REPLY RD DO
301SECTION QUESTION
302ftp.example.com. IN A
303ENTRY_END
304
305; recursion happens here.
306STEP 120 CHECK_ANSWER
307ENTRY_BEGIN
308MATCH all ede=7
309REPLY QR RD RA DO SERVFAIL
310SECTION QUESTION
311ftp.example.com. IN A
312ENTRY_END
313
314
315SCENARIO_END
316