1; config options 2server: 3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 4 val-override-date: "20070916134226" 5 target-fetch-policy: "0 0 0 0 0" 6 qname-minimisation: "no" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 10stub-zone: 11 name: "." 12 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 13 14CONFIG_END 15 16SCENARIO_BEGIN Test dnssec-lame detection with anchor point that is ok. 17 18; K.ROOT-SERVERS.NET. 19RANGE_BEGIN 0 100 20 ADDRESS 193.0.14.129 21ENTRY_BEGIN 22MATCH opcode qtype qname 23ADJUST copy_id 24REPLY QR NOERROR 25SECTION QUESTION 26. IN NS 27SECTION ANSWER 28. IN NS K.ROOT-SERVERS.NET. 29SECTION ADDITIONAL 30K.ROOT-SERVERS.NET. IN A 193.0.14.129 31ENTRY_END 32 33ENTRY_BEGIN 34MATCH opcode qtype qname 35ADJUST copy_id 36REPLY QR NOERROR 37SECTION QUESTION 38www.example.com. IN A 39SECTION AUTHORITY 40com. IN NS a.gtld-servers.net. 41SECTION ADDITIONAL 42a.gtld-servers.net. IN A 192.5.6.30 43ENTRY_END 44 45ENTRY_BEGIN 46MATCH opcode qtype qname 47ADJUST copy_id 48REPLY QR NOERROR 49SECTION QUESTION 50ns.example.net. IN A 51SECTION AUTHORITY 52net. IN NS e.gtld-servers.net. 53SECTION ADDITIONAL 54e.gtld-servers.net. IN A 192.12.94.30 55ENTRY_END 56 57ENTRY_BEGIN 58MATCH opcode qtype qname 59ADJUST copy_id 60REPLY QR NOERROR 61SECTION QUESTION 62ns.example.net. IN AAAA 63SECTION AUTHORITY 64net. IN NS e.gtld-servers.net. 65SECTION ADDITIONAL 66e.gtld-servers.net. IN A 192.12.94.30 67ENTRY_END 68RANGE_END 69 70; a.gtld-servers.net. 71RANGE_BEGIN 0 100 72 ADDRESS 192.5.6.30 73ENTRY_BEGIN 74MATCH opcode qtype qname 75ADJUST copy_id 76REPLY QR NOERROR 77SECTION QUESTION 78com. IN NS 79SECTION ANSWER 80com. IN NS a.gtld-servers.net. 81SECTION ADDITIONAL 82a.gtld-servers.net. IN A 192.5.6.30 83ENTRY_END 84 85ENTRY_BEGIN 86MATCH opcode qtype qname 87ADJUST copy_id 88REPLY QR NOERROR 89SECTION QUESTION 90www.example.com. IN A 91SECTION AUTHORITY 92example.com. IN NS ns.example.com. 93example.com. IN NS ns.example.net. 94SECTION ADDITIONAL 95ns.example.com. IN A 1.2.3.55 96ENTRY_END 97RANGE_END 98 99; e.gtld-servers.net. 100RANGE_BEGIN 0 100 101 ADDRESS 192.12.94.30 102ENTRY_BEGIN 103MATCH opcode qtype qname 104ADJUST copy_id 105REPLY QR NOERROR 106SECTION QUESTION 107net. IN NS 108SECTION ANSWER 109net. IN NS e.gtld-servers.net. 110SECTION ADDITIONAL 111e.gtld-servers.net. IN A 192.12.94.30 112ENTRY_END 113 114ENTRY_BEGIN 115MATCH opcode qtype qname 116ADJUST copy_id 117REPLY QR NOERROR 118SECTION QUESTION 119ns.example.net. IN A 120SECTION AUTHORITY 121example.net. IN NS ns.example.net. 122SECTION ADDITIONAL 123ns.example.net. IN A 1.2.3.44 124ENTRY_END 125 126ENTRY_BEGIN 127MATCH opcode qtype qname 128ADJUST copy_id 129REPLY QR NOERROR 130SECTION QUESTION 131ns.example.net. IN AAAA 132SECTION AUTHORITY 133example.net. IN NS ns.example.net. 134SECTION ADDITIONAL 135ns.example.net. IN A 1.2.3.44 136ENTRY_END 137RANGE_END 138 139; ns.example.net. 140RANGE_BEGIN 0 100 141 ADDRESS 1.2.3.44 142ENTRY_BEGIN 143MATCH opcode qtype qname 144ADJUST copy_id 145REPLY QR NOERROR 146SECTION QUESTION 147example.net. IN NS 148SECTION ANSWER 149example.net. IN NS ns.example.net. 150SECTION ADDITIONAL 151ns.example.net. IN A 1.2.3.44 152ENTRY_END 153 154ENTRY_BEGIN 155MATCH opcode qtype qname 156ADJUST copy_id 157REPLY QR AA NOERROR 158SECTION QUESTION 159ns.example.net. IN A 160SECTION ANSWER 161ns.example.net. IN A 1.2.3.44 162SECTION AUTHORITY 163example.net. IN NS ns.example.net. 164ENTRY_END 165 166ENTRY_BEGIN 167MATCH opcode qtype qname 168ADJUST copy_id 169REPLY QR AA NOERROR 170SECTION QUESTION 171ns.example.net. IN AAAA 172SECTION AUTHORITY 173example.net. IN NS ns.example.net. 174SECTION ADDITIONAL 175ns.example.net. IN A 1.2.3.44 176ENTRY_END 177 178ENTRY_BEGIN 179MATCH opcode qtype qname 180ADJUST copy_id 181REPLY QR NOERROR 182SECTION QUESTION 183example.com. IN NS 184SECTION ANSWER 185example.com. IN NS ns.example.com. 186example.com. IN NS ns.example.net. 187example.com. 3600 IN RRSIG NS 3 2 3600 20070926134802 20070829134802 2854 example.com. AJwwYIUGH7HgjehzPVkrVUFmFkSGGksGjUX+/zqpCOG9a/cgGC+n40I= ;{id = 2854} 188SECTION ADDITIONAL 189ns.example.com. IN A 1.2.3.55 190ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134802 20070829134802 2854 example.com. ABUu7ITHLl6vfuWzedIp03igXknUR1gYPBl8X6uIDrvraN1bjQJPXME= ;{id = 2854} 191ENTRY_END 192 193; response to DNSKEY priming query 194ENTRY_BEGIN 195MATCH opcode qtype qname 196ADJUST copy_id 197REPLY QR AA NOERROR 198SECTION QUESTION 199example.com. IN DNSKEY 200SECTION ANSWER 201example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 202example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 203ENTRY_END 204 205ENTRY_BEGIN 206MATCH opcode qtype qname 207ADJUST copy_id 208REPLY QR AA NOERROR 209SECTION QUESTION 210www.example.com. IN A 211SECTION ANSWER 212www.example.com. IN A 10.20.30.40 213www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 214ENTRY_END 215 216ENTRY_BEGIN 217MATCH opcode qtype qname 218ADJUST copy_id 219REPLY QR AA NOERROR 220SECTION QUESTION 221ns.example.com. IN AAAA 222SECTION ANSWER 223ENTRY_END 224RANGE_END 225 226; ns.example.com. 227RANGE_BEGIN 0 100 228 ADDRESS 1.2.3.55 229ENTRY_BEGIN 230MATCH opcode qtype qname 231ADJUST copy_id 232REPLY QR AA NOERROR 233SECTION QUESTION 234ns.example.com. IN A 235SECTION ANSWER 236ns.example.com. IN A 1.2.3.55 237ENTRY_END 238 239ENTRY_BEGIN 240MATCH opcode qtype qname 241ADJUST copy_id 242REPLY QR AA NOERROR 243SECTION QUESTION 244ns.example.com. IN AAAA 245ENTRY_END 246 247; the response is not lame at all. 248ENTRY_BEGIN 249MATCH opcode qtype qname 250ADJUST copy_id 251REPLY QR AA NOERROR 252SECTION QUESTION 253example.com. IN DNSKEY 254SECTION ANSWER 255example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 256example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 257ENTRY_END 258 259ENTRY_BEGIN 260MATCH opcode qtype qname 261ADJUST copy_id 262REPLY QR NOERROR 263SECTION QUESTION 264example.com. IN NS 265SECTION ANSWER 266example.com. IN NS ns.example.com. 267example.com. IN NS ns.example.net. 268example.com. 3600 IN RRSIG NS 3 2 3600 20070926134802 20070829134802 2854 example.com. AJwwYIUGH7HgjehzPVkrVUFmFkSGGksGjUX+/zqpCOG9a/cgGC+n40I= ;{id = 2854} 269SECTION ADDITIONAL 270ns.example.com. IN A 1.2.3.55 271ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134802 20070829134802 2854 example.com. ABUu7ITHLl6vfuWzedIp03igXknUR1gYPBl8X6uIDrvraN1bjQJPXME= ;{id = 2854} 272ENTRY_END 273 274; response is not lame. 275ENTRY_BEGIN 276MATCH opcode qtype qname 277ADJUST copy_id 278REPLY QR AA NOERROR 279SECTION QUESTION 280www.example.com. IN A 281SECTION ANSWER 282www.example.com. IN A 10.20.30.40 283www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 284ENTRY_END 285RANGE_END 286 287STEP 1 QUERY 288ENTRY_BEGIN 289REPLY RD DO 290SECTION QUESTION 291www.example.com. IN A 292ENTRY_END 293 294; recursion happens here. 295STEP 20 CHECK_ANSWER 296ENTRY_BEGIN 297MATCH all 298REPLY QR RD RA AD DO NOERROR 299SECTION QUESTION 300www.example.com. IN A 301SECTION ANSWER 302www.example.com. IN A 10.20.30.40 303www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 304ENTRY_END 305 306SCENARIO_END 307