xref: /netbsd-src/external/bsd/unbound/dist/testdata/iter_dnsseclame_ds.rpl (revision c38e7cc395b1472a774ff828e46123de44c628e9) 
1; config options
2server:
3	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	val-override-date: "20070916134226"
5	fake-sha1: yes
6	trust-anchor-signaling: no
7
8stub-zone:
9	name: "."
10	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
11
12CONFIG_END
13
14SCENARIO_BEGIN Test dnssec-lame detection at ds point.
15
16; K.ROOT-SERVERS.NET.
17RANGE_BEGIN 0 100
18	ADDRESS 193.0.14.129
19ENTRY_BEGIN
20MATCH opcode qtype qname
21ADJUST copy_id
22REPLY QR NOERROR
23SECTION QUESTION
24. IN NS
25SECTION ANSWER
26. IN NS	K.ROOT-SERVERS.NET.
27SECTION ADDITIONAL
28K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
29ENTRY_END
30
31ENTRY_BEGIN
32MATCH opcode subdomain
33ADJUST copy_id copy_query
34REPLY QR NOERROR
35SECTION QUESTION
36com. IN A
37SECTION AUTHORITY
38com.	IN NS	a.gtld-servers.net.
39SECTION ADDITIONAL
40a.gtld-servers.net.	IN 	A	192.5.6.30
41ENTRY_END
42
43ENTRY_BEGIN
44MATCH opcode subdomain
45ADJUST copy_id copy_query
46REPLY QR NOERROR
47SECTION QUESTION
48net. IN A
49SECTION AUTHORITY
50net.	IN NS	e.gtld-servers.net.
51SECTION ADDITIONAL
52e.gtld-servers.net.	IN 	A	192.12.94.30
53ENTRY_END
54
55ENTRY_BEGIN
56MATCH opcode qtype qname
57ADJUST copy_id
58REPLY QR NOERROR
59SECTION QUESTION
60ns.example.net. IN AAAA
61SECTION AUTHORITY
62net.	IN NS	e.gtld-servers.net.
63SECTION ADDITIONAL
64e.gtld-servers.net.	IN 	A	192.12.94.30
65ENTRY_END
66RANGE_END
67
68; a.gtld-servers.net.
69RANGE_BEGIN 0 100
70	ADDRESS 192.5.6.30
71ENTRY_BEGIN
72MATCH opcode qtype qname
73ADJUST copy_id
74REPLY QR NOERROR
75SECTION QUESTION
76com. IN NS
77SECTION ANSWER
78com.	IN NS	a.gtld-servers.net.
79SECTION ADDITIONAL
80a.gtld-servers.net.	IN 	A	192.5.6.30
81ENTRY_END
82
83ENTRY_BEGIN
84MATCH opcode subdomain
85ADJUST copy_id copy_query
86REPLY QR NOERROR
87SECTION QUESTION
88example.com. IN A
89SECTION AUTHORITY
90example.com.	IN NS	ns.example.com.
91SECTION ADDITIONAL
92ns.example.com. IN A	1.2.3.55
93ENTRY_END
94RANGE_END
95
96; e.gtld-servers.net.
97RANGE_BEGIN 0 100
98	ADDRESS 192.12.94.30
99ENTRY_BEGIN
100MATCH opcode qtype qname
101ADJUST copy_id
102REPLY QR NOERROR
103SECTION QUESTION
104net. IN NS
105SECTION ANSWER
106net.	IN NS	e.gtld-servers.net.
107SECTION ADDITIONAL
108e.gtld-servers.net.	IN 	A	192.12.94.30
109ENTRY_END
110
111ENTRY_BEGIN
112MATCH opcode qtype qname
113ADJUST copy_id
114REPLY QR AA NOERROR
115SECTION QUESTION
116e.gtld-servers.net. IN AAAA
117SECTION ANSWER
118ENTRY_END
119
120ENTRY_BEGIN
121MATCH opcode qtype qname
122ADJUST copy_id
123REPLY QR AA NOERROR
124SECTION QUESTION
125a.gtld-servers.net. IN AAAA
126SECTION ANSWER
127ENTRY_END
128
129ENTRY_BEGIN
130MATCH opcode qtype qname
131ADJUST copy_id
132REPLY QR NOERROR
133SECTION QUESTION
134ns.example.net. IN A
135SECTION AUTHORITY
136example.net.	IN NS	ns.example.net.
137SECTION ADDITIONAL
138ns.example.net.		IN 	A	1.2.3.44
139ENTRY_END
140
141ENTRY_BEGIN
142MATCH opcode qtype qname
143ADJUST copy_id
144REPLY QR NOERROR
145SECTION QUESTION
146ns.example.net. IN AAAA
147SECTION AUTHORITY
148example.net.	IN NS	ns.example.net.
149SECTION ADDITIONAL
150ns.example.net.		IN 	A	1.2.3.44
151ENTRY_END
152RANGE_END
153
154; ns.example.net.
155RANGE_BEGIN 0 100
156	ADDRESS 1.2.3.44
157ENTRY_BEGIN
158MATCH opcode qtype qname
159ADJUST copy_id
160REPLY QR NOERROR
161SECTION QUESTION
162example.net. IN NS
163SECTION ANSWER
164example.net.	IN NS	ns.example.net.
165SECTION ADDITIONAL
166ns.example.net.		IN 	A	1.2.3.44
167ENTRY_END
168
169ENTRY_BEGIN
170MATCH opcode qtype qname
171ADJUST copy_id
172REPLY QR AA NOERROR
173SECTION QUESTION
174ns.example.net. IN A
175SECTION ANSWER
176ns.example.net. IN A	1.2.3.44
177SECTION AUTHORITY
178example.net.	IN NS	ns.example.net.
179ENTRY_END
180
181ENTRY_BEGIN
182MATCH opcode qtype qname
183ADJUST copy_id
184REPLY QR AA NOERROR
185SECTION QUESTION
186ns.example.net. IN AAAA
187SECTION AUTHORITY
188example.net.	IN NS	ns.example.net.
189SECTION ADDITIONAL
190ns.example.net. IN A	1.2.3.44
191ENTRY_END
192
193; response to DNSKEY priming query
194; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
195ENTRY_BEGIN
196MATCH opcode qtype qname
197ADJUST copy_id
198REPLY QR AA NOERROR
199SECTION QUESTION
200sub.example.com. IN DNSKEY
201SECTION ANSWER
202sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
203sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
204SECTION AUTHORITY
205; no NS set. not needed for this test.
206SECTION ADDITIONAL
207ns.sub.example.com. IN A 1.2.3.6
208ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
209ENTRY_END
210
211ENTRY_BEGIN
212MATCH opcode qtype qname
213ADJUST copy_id
214REPLY QR AA NOERROR
215SECTION QUESTION
216sub.example.com. IN NS
217SECTION ANSWER
218sub.example.com. IN NS ns.sub.example.com.
219sub.example.com. IN NS ns.example.net.
220sub.example.com.	3600	IN	RRSIG	NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
221SECTION ADDITIONAL
222ns.sub.example.com. IN A 1.2.3.6
223ns.sub.example.com.	3600	IN	RRSIG	A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
224ENTRY_END
225
226; response to query of interest
227ENTRY_BEGIN
228MATCH opcode qtype qname
229ADJUST copy_id
230REPLY QR AA NOERROR
231SECTION QUESTION
232www.sub.example.com. IN A
233SECTION ANSWER
234www.sub.example.com. IN A       11.11.11.11
235www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
236SECTION AUTHORITY
237SECTION ADDITIONAL
238ENTRY_END
239
240ENTRY_BEGIN
241MATCH opcode qtype qname
242ADJUST copy_id
243REPLY QR AA NOERROR
244SECTION QUESTION
245ns.sub.example.com. IN AAAA
246SECTION ANSWER
247ENTRY_END
248RANGE_END
249
250; ns.example.com.
251RANGE_BEGIN 0 100
252	ADDRESS 1.2.3.55
253ENTRY_BEGIN
254MATCH opcode qtype qname
255ADJUST copy_id
256REPLY QR NOERROR
257SECTION QUESTION
258example.com. IN NS
259SECTION ANSWER
260example.com.	IN NS	ns.example.com.
261SECTION ADDITIONAL
262ns.example.com. IN A	1.2.3.55
263ENTRY_END
264
265ENTRY_BEGIN
266MATCH opcode qtype qname
267ADJUST copy_id
268REPLY QR AA NOERROR
269SECTION QUESTION
270ns.example.com. IN A
271SECTION ANSWER
272ns.example.com. IN A	1.2.3.55
273ENTRY_END
274
275ENTRY_BEGIN
276MATCH opcode qtype qname
277ADJUST copy_id
278REPLY QR AA NOERROR
279SECTION QUESTION
280ns.example.com. IN AAAA
281ENTRY_END
282
283; fine DNSKEY response.
284ENTRY_BEGIN
285MATCH opcode qtype qname
286ADJUST copy_id
287REPLY QR AA NOERROR
288SECTION QUESTION
289example.com. IN DNSKEY
290SECTION ANSWER
291example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
292example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
293SECTION AUTHORITY
294example.com.    IN NS   ns.example.com.
295example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
296ENTRY_END
297
298
299; correct delegation with DS
300ENTRY_BEGIN
301MATCH opcode subdomain
302ADJUST copy_id copy_query
303REPLY QR AA NOERROR
304SECTION QUESTION
305sub.example.com. IN A
306SECTION ANSWER
307SECTION AUTHORITY
308sub.example.com. IN NS ns.sub.example.com.
309sub.example.com. IN NS ns.example.net.
310sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
311sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
312SECTION ADDITIONAL
313ns.sub.example.com. IN A 1.2.3.6
314ENTRY_END
315
316; response for delegation to sub.example.com.
317ENTRY_BEGIN
318MATCH opcode qtype qname
319ADJUST copy_id
320REPLY QR NOERROR
321SECTION QUESTION
322sub.example.com. IN DNSKEY
323SECTION ANSWER
324SECTION AUTHORITY
325sub.example.com. IN NS ns.sub.example.com.
326sub.example.com. IN NS ns.example.net.
327sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
328sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
329SECTION ADDITIONAL
330ns.sub.example.com. IN A 1.2.3.6
331ENTRY_END
332RANGE_END
333
334; This server is DNSSEC LAME!
335; ns.sub.example.com.
336RANGE_BEGIN 0 100
337        ADDRESS 1.2.3.6
338
339ENTRY_BEGIN
340MATCH opcode qtype qname
341ADJUST copy_id
342REPLY QR AA NOERROR
343SECTION QUESTION
344sub.example.com. IN NS
345SECTION ANSWER
346sub.example.com. IN NS ns.sub.example.com.
347sub.example.com. IN NS ns.example.net.
348SECTION ADDITIONAL
349ns.sub.example.com. IN A 1.2.3.6
350ENTRY_END
351
352
353; response to DNSKEY priming query
354; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
355ENTRY_BEGIN
356MATCH opcode qtype qname
357ADJUST copy_id
358REPLY QR AA NOERROR
359SECTION QUESTION
360sub.example.com. IN DNSKEY
361SECTION ANSWER
362sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
363SECTION AUTHORITY
364sub.example.com. IN     NS ns.sub.example.com.
365sub.example.com. IN     NS ns.example.net.
366SECTION ADDITIONAL
367ns.sub.example.com. IN A 1.2.3.6
368ENTRY_END
369
370ENTRY_BEGIN
371MATCH opcode qtype qname
372ADJUST copy_id
373REPLY QR AA NOERROR
374SECTION QUESTION
375ns.sub.example.com. IN AAAA
376SECTION ANSWER
377ENTRY_END
378
379; response to query of interest
380ENTRY_BEGIN
381MATCH opcode qtype qname
382ADJUST copy_id
383REPLY QR AA NOERROR
384SECTION QUESTION
385www.sub.example.com. IN A
386SECTION ANSWER
387www.sub.example.com. IN A       11.11.11.11
388SECTION AUTHORITY
389; dnssec-lameness detection depends on this information
390sub.example.com. IN     NS ns.sub.example.com.
391sub.example.com. IN     NS ns.example.net.
392SECTION ADDITIONAL
393ns.sub.example.com. IN A 1.2.3.6
394ENTRY_END
395RANGE_END
396
397
398STEP 1 QUERY
399ENTRY_BEGIN
400REPLY RD DO
401SECTION QUESTION
402www.sub.example.com. IN A
403ENTRY_END
404
405; recursion happens here.
406STEP 20 CHECK_ANSWER
407ENTRY_BEGIN
408MATCH all
409REPLY QR RD RA AD DO NOERROR
410SECTION QUESTION
411www.sub.example.com. IN A
412SECTION ANSWER
413www.sub.example.com. IN A       11.11.11.11
414www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
415ENTRY_END
416SCENARIO_END
417