xref: /netbsd-src/external/bsd/unbound/dist/testdata/iter_dnsseclame_ds.rpl (revision 501cd18a74d52bfcca7d9e7e3b0d472bbc870558) 
1; config options
2server:
3	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	val-override-date: "20070916134226"
5
6stub-zone:
7	name: "."
8	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
9
10CONFIG_END
11
12SCENARIO_BEGIN Test dnssec-lame detection at ds point.
13
14; K.ROOT-SERVERS.NET.
15RANGE_BEGIN 0 100
16	ADDRESS 193.0.14.129
17ENTRY_BEGIN
18MATCH opcode qtype qname
19ADJUST copy_id
20REPLY QR NOERROR
21SECTION QUESTION
22. IN NS
23SECTION ANSWER
24. IN NS	K.ROOT-SERVERS.NET.
25SECTION ADDITIONAL
26K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
27ENTRY_END
28
29ENTRY_BEGIN
30MATCH opcode subdomain
31ADJUST copy_id copy_query
32REPLY QR NOERROR
33SECTION QUESTION
34com. IN A
35SECTION AUTHORITY
36com.	IN NS	a.gtld-servers.net.
37SECTION ADDITIONAL
38a.gtld-servers.net.	IN 	A	192.5.6.30
39ENTRY_END
40
41ENTRY_BEGIN
42MATCH opcode subdomain
43ADJUST copy_id copy_query
44REPLY QR NOERROR
45SECTION QUESTION
46net. IN A
47SECTION AUTHORITY
48net.	IN NS	e.gtld-servers.net.
49SECTION ADDITIONAL
50e.gtld-servers.net.	IN 	A	192.12.94.30
51ENTRY_END
52
53ENTRY_BEGIN
54MATCH opcode qtype qname
55ADJUST copy_id
56REPLY QR NOERROR
57SECTION QUESTION
58ns.example.net. IN AAAA
59SECTION AUTHORITY
60net.	IN NS	e.gtld-servers.net.
61SECTION ADDITIONAL
62e.gtld-servers.net.	IN 	A	192.12.94.30
63ENTRY_END
64RANGE_END
65
66; a.gtld-servers.net.
67RANGE_BEGIN 0 100
68	ADDRESS 192.5.6.30
69ENTRY_BEGIN
70MATCH opcode qtype qname
71ADJUST copy_id
72REPLY QR NOERROR
73SECTION QUESTION
74com. IN NS
75SECTION ANSWER
76com.	IN NS	a.gtld-servers.net.
77SECTION ADDITIONAL
78a.gtld-servers.net.	IN 	A	192.5.6.30
79ENTRY_END
80
81ENTRY_BEGIN
82MATCH opcode subdomain
83ADJUST copy_id copy_query
84REPLY QR NOERROR
85SECTION QUESTION
86example.com. IN A
87SECTION AUTHORITY
88example.com.	IN NS	ns.example.com.
89SECTION ADDITIONAL
90ns.example.com. IN A	1.2.3.55
91ENTRY_END
92RANGE_END
93
94; e.gtld-servers.net.
95RANGE_BEGIN 0 100
96	ADDRESS 192.12.94.30
97ENTRY_BEGIN
98MATCH opcode qtype qname
99ADJUST copy_id
100REPLY QR NOERROR
101SECTION QUESTION
102net. IN NS
103SECTION ANSWER
104net.	IN NS	e.gtld-servers.net.
105SECTION ADDITIONAL
106e.gtld-servers.net.	IN 	A	192.12.94.30
107ENTRY_END
108
109ENTRY_BEGIN
110MATCH opcode qtype qname
111ADJUST copy_id
112REPLY QR AA NOERROR
113SECTION QUESTION
114e.gtld-servers.net. IN AAAA
115SECTION ANSWER
116ENTRY_END
117
118ENTRY_BEGIN
119MATCH opcode qtype qname
120ADJUST copy_id
121REPLY QR AA NOERROR
122SECTION QUESTION
123a.gtld-servers.net. IN AAAA
124SECTION ANSWER
125ENTRY_END
126
127ENTRY_BEGIN
128MATCH opcode qtype qname
129ADJUST copy_id
130REPLY QR NOERROR
131SECTION QUESTION
132ns.example.net. IN A
133SECTION AUTHORITY
134example.net.	IN NS	ns.example.net.
135SECTION ADDITIONAL
136ns.example.net.		IN 	A	1.2.3.44
137ENTRY_END
138
139ENTRY_BEGIN
140MATCH opcode qtype qname
141ADJUST copy_id
142REPLY QR NOERROR
143SECTION QUESTION
144ns.example.net. IN AAAA
145SECTION AUTHORITY
146example.net.	IN NS	ns.example.net.
147SECTION ADDITIONAL
148ns.example.net.		IN 	A	1.2.3.44
149ENTRY_END
150RANGE_END
151
152; ns.example.net.
153RANGE_BEGIN 0 100
154	ADDRESS 1.2.3.44
155ENTRY_BEGIN
156MATCH opcode qtype qname
157ADJUST copy_id
158REPLY QR NOERROR
159SECTION QUESTION
160example.net. IN NS
161SECTION ANSWER
162example.net.	IN NS	ns.example.net.
163SECTION ADDITIONAL
164ns.example.net.		IN 	A	1.2.3.44
165ENTRY_END
166
167ENTRY_BEGIN
168MATCH opcode qtype qname
169ADJUST copy_id
170REPLY QR AA NOERROR
171SECTION QUESTION
172ns.example.net. IN A
173SECTION ANSWER
174ns.example.net. IN A	1.2.3.44
175SECTION AUTHORITY
176example.net.	IN NS	ns.example.net.
177ENTRY_END
178
179ENTRY_BEGIN
180MATCH opcode qtype qname
181ADJUST copy_id
182REPLY QR AA NOERROR
183SECTION QUESTION
184ns.example.net. IN AAAA
185SECTION AUTHORITY
186example.net.	IN NS	ns.example.net.
187SECTION ADDITIONAL
188ns.example.net. IN A	1.2.3.44
189ENTRY_END
190
191; response to DNSKEY priming query
192; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
193ENTRY_BEGIN
194MATCH opcode qtype qname
195ADJUST copy_id
196REPLY QR AA NOERROR
197SECTION QUESTION
198sub.example.com. IN DNSKEY
199SECTION ANSWER
200sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
201sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
202SECTION AUTHORITY
203; no NS set. not needed for this test.
204SECTION ADDITIONAL
205ns.sub.example.com. IN A 1.2.3.6
206ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
207ENTRY_END
208
209ENTRY_BEGIN
210MATCH opcode qtype qname
211ADJUST copy_id
212REPLY QR AA NOERROR
213SECTION QUESTION
214sub.example.com. IN NS
215SECTION ANSWER
216sub.example.com. IN NS ns.sub.example.com.
217sub.example.com. IN NS ns.example.net.
218sub.example.com.	3600	IN	RRSIG	NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
219SECTION ADDITIONAL
220ns.sub.example.com. IN A 1.2.3.6
221ns.sub.example.com.	3600	IN	RRSIG	A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
222ENTRY_END
223
224; response to query of interest
225ENTRY_BEGIN
226MATCH opcode qtype qname
227ADJUST copy_id
228REPLY QR AA NOERROR
229SECTION QUESTION
230www.sub.example.com. IN A
231SECTION ANSWER
232www.sub.example.com. IN A       11.11.11.11
233www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
234SECTION AUTHORITY
235SECTION ADDITIONAL
236ENTRY_END
237
238ENTRY_BEGIN
239MATCH opcode qtype qname
240ADJUST copy_id
241REPLY QR AA NOERROR
242SECTION QUESTION
243ns.sub.example.com. IN AAAA
244SECTION ANSWER
245ENTRY_END
246RANGE_END
247
248; ns.example.com.
249RANGE_BEGIN 0 100
250	ADDRESS 1.2.3.55
251ENTRY_BEGIN
252MATCH opcode qtype qname
253ADJUST copy_id
254REPLY QR NOERROR
255SECTION QUESTION
256example.com. IN NS
257SECTION ANSWER
258example.com.	IN NS	ns.example.com.
259SECTION ADDITIONAL
260ns.example.com. IN A	1.2.3.55
261ENTRY_END
262
263ENTRY_BEGIN
264MATCH opcode qtype qname
265ADJUST copy_id
266REPLY QR AA NOERROR
267SECTION QUESTION
268ns.example.com. IN A
269SECTION ANSWER
270ns.example.com. IN A	1.2.3.55
271ENTRY_END
272
273ENTRY_BEGIN
274MATCH opcode qtype qname
275ADJUST copy_id
276REPLY QR AA NOERROR
277SECTION QUESTION
278ns.example.com. IN AAAA
279ENTRY_END
280
281; fine DNSKEY response.
282ENTRY_BEGIN
283MATCH opcode qtype qname
284ADJUST copy_id
285REPLY QR AA NOERROR
286SECTION QUESTION
287example.com. IN DNSKEY
288SECTION ANSWER
289example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
290example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
291SECTION AUTHORITY
292example.com.    IN NS   ns.example.com.
293example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
294ENTRY_END
295
296
297; correct delegation with DS
298ENTRY_BEGIN
299MATCH opcode subdomain
300ADJUST copy_id copy_query
301REPLY QR AA NOERROR
302SECTION QUESTION
303sub.example.com. IN A
304SECTION ANSWER
305SECTION AUTHORITY
306sub.example.com. IN NS ns.sub.example.com.
307sub.example.com. IN NS ns.example.net.
308sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
309sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
310SECTION ADDITIONAL
311ns.sub.example.com. IN A 1.2.3.6
312ENTRY_END
313
314; response for delegation to sub.example.com.
315ENTRY_BEGIN
316MATCH opcode qtype qname
317ADJUST copy_id
318REPLY QR NOERROR
319SECTION QUESTION
320sub.example.com. IN DNSKEY
321SECTION ANSWER
322SECTION AUTHORITY
323sub.example.com. IN NS ns.sub.example.com.
324sub.example.com. IN NS ns.example.net.
325sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
326sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
327SECTION ADDITIONAL
328ns.sub.example.com. IN A 1.2.3.6
329ENTRY_END
330RANGE_END
331
332; This server is DNSSEC LAME!
333; ns.sub.example.com.
334RANGE_BEGIN 0 100
335        ADDRESS 1.2.3.6
336
337ENTRY_BEGIN
338MATCH opcode qtype qname
339ADJUST copy_id
340REPLY QR AA NOERROR
341SECTION QUESTION
342sub.example.com. IN NS
343SECTION ANSWER
344sub.example.com. IN NS ns.sub.example.com.
345sub.example.com. IN NS ns.example.net.
346SECTION ADDITIONAL
347ns.sub.example.com. IN A 1.2.3.6
348ENTRY_END
349
350
351; response to DNSKEY priming query
352; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
353ENTRY_BEGIN
354MATCH opcode qtype qname
355ADJUST copy_id
356REPLY QR AA NOERROR
357SECTION QUESTION
358sub.example.com. IN DNSKEY
359SECTION ANSWER
360sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
361SECTION AUTHORITY
362sub.example.com. IN     NS ns.sub.example.com.
363sub.example.com. IN     NS ns.example.net.
364SECTION ADDITIONAL
365ns.sub.example.com. IN A 1.2.3.6
366ENTRY_END
367
368ENTRY_BEGIN
369MATCH opcode qtype qname
370ADJUST copy_id
371REPLY QR AA NOERROR
372SECTION QUESTION
373ns.sub.example.com. IN AAAA
374SECTION ANSWER
375ENTRY_END
376
377; response to query of interest
378ENTRY_BEGIN
379MATCH opcode qtype qname
380ADJUST copy_id
381REPLY QR AA NOERROR
382SECTION QUESTION
383www.sub.example.com. IN A
384SECTION ANSWER
385www.sub.example.com. IN A       11.11.11.11
386SECTION AUTHORITY
387; dnssec-lameness detection depends on this information
388sub.example.com. IN     NS ns.sub.example.com.
389sub.example.com. IN     NS ns.example.net.
390SECTION ADDITIONAL
391ns.sub.example.com. IN A 1.2.3.6
392ENTRY_END
393RANGE_END
394
395
396STEP 1 QUERY
397ENTRY_BEGIN
398REPLY RD DO
399SECTION QUESTION
400www.sub.example.com. IN A
401ENTRY_END
402
403; recursion happens here.
404STEP 20 CHECK_ANSWER
405ENTRY_BEGIN
406MATCH all
407REPLY QR RD RA AD DO NOERROR
408SECTION QUESTION
409www.sub.example.com. IN A
410SECTION ANSWER
411www.sub.example.com. IN A       11.11.11.11
412www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
413ENTRY_END
414SCENARIO_END
415