xref: /netbsd-src/external/bsd/unbound/dist/testdata/iter_dnsseclame_ds_ok.rpl (revision 7bdf38e5b7a28439665f2fdeff81e36913eef7dd) 
1; config options
2server:
3	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4	val-override-date: "20070916134226"
5	target-fetch-policy: "0 0 0 0 0"
6	qname-minimisation: "no"
7	fake-sha1: yes
8	trust-anchor-signaling: no
9
10stub-zone:
11	name: "."
12	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
13
14CONFIG_END
15
16SCENARIO_BEGIN Test dnssec-lame detection at ds point, which is ok.
17
18; K.ROOT-SERVERS.NET.
19RANGE_BEGIN 0 100
20	ADDRESS 193.0.14.129
21ENTRY_BEGIN
22MATCH opcode qtype qname
23ADJUST copy_id
24REPLY QR NOERROR
25SECTION QUESTION
26. IN NS
27SECTION ANSWER
28. IN NS	K.ROOT-SERVERS.NET.
29SECTION ADDITIONAL
30K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
31ENTRY_END
32
33ENTRY_BEGIN
34MATCH opcode qtype qname
35ADJUST copy_id
36REPLY QR NOERROR
37SECTION QUESTION
38www.sub.example.com. IN A
39SECTION AUTHORITY
40com.	IN NS	a.gtld-servers.net.
41SECTION ADDITIONAL
42a.gtld-servers.net.	IN 	A	192.5.6.30
43ENTRY_END
44
45ENTRY_BEGIN
46MATCH opcode qtype qname
47ADJUST copy_id
48REPLY QR NOERROR
49SECTION QUESTION
50ns.example.net. IN A
51SECTION AUTHORITY
52net.	IN NS	e.gtld-servers.net.
53SECTION ADDITIONAL
54e.gtld-servers.net.	IN 	A	192.12.94.30
55ENTRY_END
56
57ENTRY_BEGIN
58MATCH opcode qtype qname
59ADJUST copy_id
60REPLY QR NOERROR
61SECTION QUESTION
62ns.example.net. IN AAAA
63SECTION AUTHORITY
64net.	IN NS	e.gtld-servers.net.
65SECTION ADDITIONAL
66e.gtld-servers.net.	IN 	A	192.12.94.30
67ENTRY_END
68
69RANGE_END
70
71; a.gtld-servers.net.
72RANGE_BEGIN 0 100
73	ADDRESS 192.5.6.30
74ENTRY_BEGIN
75MATCH opcode qtype qname
76ADJUST copy_id
77REPLY QR AA NOERROR
78SECTION QUESTION
79com. IN NS
80SECTION ANSWER
81com.	IN NS	a.gtld-servers.net.
82SECTION ADDITIONAL
83a.gtld-servers.net.	IN 	A	192.5.6.30
84ENTRY_END
85
86ENTRY_BEGIN
87MATCH opcode qtype qname
88ADJUST copy_id
89REPLY QR NOERROR
90SECTION QUESTION
91www.sub.example.com. IN A
92SECTION AUTHORITY
93example.com.	IN NS	ns.example.com.
94SECTION ADDITIONAL
95ns.example.com. IN A	1.2.3.55
96ENTRY_END
97RANGE_END
98
99; e.gtld-servers.net.
100RANGE_BEGIN 0 100
101	ADDRESS 192.12.94.30
102ENTRY_BEGIN
103MATCH opcode qtype qname
104ADJUST copy_id
105REPLY QR NOERROR
106SECTION QUESTION
107net. IN NS
108SECTION ANSWER
109net.	IN NS	e.gtld-servers.net.
110SECTION ADDITIONAL
111e.gtld-servers.net.	IN 	A	192.12.94.30
112ENTRY_END
113
114ENTRY_BEGIN
115MATCH opcode qtype qname
116ADJUST copy_id
117REPLY QR NOERROR
118SECTION QUESTION
119ns.example.net. IN A
120SECTION AUTHORITY
121example.net.	IN NS	ns.example.net.
122SECTION ADDITIONAL
123ns.example.net.		IN 	A	1.2.3.44
124ENTRY_END
125
126ENTRY_BEGIN
127MATCH opcode qtype qname
128ADJUST copy_id
129REPLY QR NOERROR
130SECTION QUESTION
131ns.example.net. IN AAAA
132SECTION AUTHORITY
133example.net.	IN NS	ns.example.net.
134SECTION ADDITIONAL
135ns.example.net.		IN 	A	1.2.3.44
136ENTRY_END
137RANGE_END
138
139; ns.example.net.
140RANGE_BEGIN 0 100
141	ADDRESS 1.2.3.44
142ENTRY_BEGIN
143MATCH opcode qtype qname
144ADJUST copy_id
145REPLY QR NOERROR
146SECTION QUESTION
147example.net. IN NS
148SECTION ANSWER
149example.net.	IN NS	ns.example.net.
150SECTION ADDITIONAL
151ns.example.net.		IN 	A	1.2.3.44
152ENTRY_END
153
154ENTRY_BEGIN
155MATCH opcode qtype qname
156ADJUST copy_id
157REPLY QR AA NOERROR
158SECTION QUESTION
159ns.example.net. IN A
160SECTION ANSWER
161ns.example.net. IN A	1.2.3.44
162SECTION AUTHORITY
163example.net.	IN NS	ns.example.net.
164ENTRY_END
165
166ENTRY_BEGIN
167MATCH opcode qtype qname
168ADJUST copy_id
169REPLY QR AA NOERROR
170SECTION QUESTION
171ns.example.net. IN AAAA
172SECTION AUTHORITY
173example.net.	IN NS	ns.example.net.
174SECTION ADDITIONAL
175ns.example.net. IN A	1.2.3.44
176ENTRY_END
177
178; response to DNSKEY priming query
179; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
180ENTRY_BEGIN
181MATCH opcode qtype qname
182ADJUST copy_id
183REPLY QR AA NOERROR
184SECTION QUESTION
185sub.example.com. IN DNSKEY
186SECTION ANSWER
187sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
188sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
189SECTION AUTHORITY
190; no NS set. not needed for this test.
191SECTION ADDITIONAL
192ns.sub.example.com. IN A 1.2.3.6
193ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
194ENTRY_END
195
196; response to query of interest
197ENTRY_BEGIN
198MATCH opcode qtype qname
199ADJUST copy_id
200REPLY QR AA NOERROR
201SECTION QUESTION
202www.sub.example.com. IN A
203SECTION ANSWER
204www.sub.example.com. IN A       11.11.11.11
205www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
206SECTION AUTHORITY
207SECTION ADDITIONAL
208ENTRY_END
209RANGE_END
210
211; ns.example.com.
212RANGE_BEGIN 0 100
213	ADDRESS 1.2.3.55
214ENTRY_BEGIN
215MATCH opcode qtype qname
216ADJUST copy_id
217REPLY QR NOERROR
218SECTION QUESTION
219example.com. IN NS
220SECTION ANSWER
221example.com.	IN NS	ns.example.com.
222SECTION ADDITIONAL
223ns.example.com. IN A	1.2.3.55
224ENTRY_END
225
226ENTRY_BEGIN
227MATCH opcode qtype qname
228ADJUST copy_id
229REPLY QR AA NOERROR
230SECTION QUESTION
231ns.example.com. IN A
232SECTION ANSWER
233ns.example.com. IN A	1.2.3.55
234ENTRY_END
235
236ENTRY_BEGIN
237MATCH opcode qtype qname
238ADJUST copy_id
239REPLY QR AA NOERROR
240SECTION QUESTION
241ns.example.com. IN AAAA
242ENTRY_END
243
244; fine DNSKEY response.
245ENTRY_BEGIN
246MATCH opcode qtype qname
247ADJUST copy_id
248REPLY QR AA NOERROR
249SECTION QUESTION
250example.com. IN DNSKEY
251SECTION ANSWER
252example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
253example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
254SECTION AUTHORITY
255example.com.    IN NS   ns.example.com.
256example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
257ENTRY_END
258
259; correct delegation with DS
260ENTRY_BEGIN
261MATCH opcode qtype qname
262ADJUST copy_id
263REPLY QR AA NOERROR
264SECTION QUESTION
265www.sub.example.com. IN A
266SECTION ANSWER
267SECTION AUTHORITY
268sub.example.com. IN NS ns.sub.example.com.
269sub.example.com. IN NS ns.example.net.
270sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
271sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
272SECTION ADDITIONAL
273ns.sub.example.com. IN A 1.2.3.6
274ENTRY_END
275
276; response for delegation to sub.example.com.
277ENTRY_BEGIN
278MATCH opcode qtype qname
279ADJUST copy_id
280REPLY QR NOERROR
281SECTION QUESTION
282sub.example.com. IN DNSKEY
283SECTION ANSWER
284SECTION AUTHORITY
285sub.example.com. IN NS ns.sub.example.com.
286sub.example.com. IN NS ns.example.net.
287sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
288sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
289SECTION ADDITIONAL
290ns.sub.example.com. IN A 1.2.3.6
291ENTRY_END
292RANGE_END
293
294; server is not DNSSEC lame.
295; ns.sub.example.com.
296RANGE_BEGIN 0 100
297        ADDRESS 1.2.3.6
298
299ENTRY_BEGIN
300MATCH opcode qtype qname
301ADJUST copy_id
302REPLY QR NOERROR
303SECTION QUESTION
304sub.example.com. IN NS
305SECTION ANSWER
306sub.example.com. IN NS ns.sub.example.com.
307sub.example.com. IN NS ns.example.net.
308sub.example.com.	3600	IN	RRSIG	NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
309SECTION ADDITIONAL
310ns.sub.example.com. IN A 1.2.3.6
311ns.sub.example.com.	3600	IN	RRSIG	A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
312ENTRY_END
313
314; response to DNSKEY priming query
315; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
316ENTRY_BEGIN
317MATCH opcode qtype qname
318ADJUST copy_id
319REPLY QR AA NOERROR
320SECTION QUESTION
321sub.example.com. IN DNSKEY
322SECTION ANSWER
323sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
324sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
325ENTRY_END
326
327; response to query of interest
328ENTRY_BEGIN
329MATCH opcode qtype qname
330ADJUST copy_id
331REPLY QR AA NOERROR
332SECTION QUESTION
333www.sub.example.com. IN A
334SECTION ANSWER
335www.sub.example.com. IN A       11.11.11.11
336www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
337ENTRY_END
338
339ENTRY_BEGIN
340MATCH opcode qtype qname
341ADJUST copy_id
342REPLY QR AA NOERROR
343SECTION QUESTION
344ns.sub.example.com. IN AAAA
345SECTION ANSWER
346ENTRY_END
347RANGE_END
348
349
350
351STEP 1 QUERY
352ENTRY_BEGIN
353REPLY RD DO
354SECTION QUESTION
355www.sub.example.com. IN A
356ENTRY_END
357
358; recursion happens here.
359STEP 20 CHECK_ANSWER
360ENTRY_BEGIN
361MATCH all
362REPLY QR RD RA AD DO NOERROR
363SECTION QUESTION
364www.sub.example.com. IN A
365SECTION ANSWER
366www.sub.example.com. IN A       11.11.11.11
367www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
368ENTRY_END
369
370SCENARIO_END
371