1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 minimal-responses: no 11 12stub-zone: 13 name: "." 14 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 15CONFIG_END 16 17SCENARIO_BEGIN Test iterator with empty delegation for glue address 18; setup: 19; query for www.example.com. 20; needs example.com served by ns.example.net and ns.example.org 21; needs example.net served by ns.example.net and ns.example.org 22; needs example.org served by ns.example.net and ns.example.org 23; but the cache has all these NS rrsets, but not the addresses. 24; observed in the wild this was from the in-addr zone towards two 25; domains with such a setup. and high TTL NS, lower for A. 26 27; K.ROOT-SERVERS.NET. 28RANGE_BEGIN 0 100 29 ADDRESS 193.0.14.129 30ENTRY_BEGIN 31MATCH opcode qtype qname 32ADJUST copy_id 33REPLY QR NOERROR 34SECTION QUESTION 35. IN NS 36SECTION ANSWER 37. IN NS K.ROOT-SERVERS.NET. 38SECTION ADDITIONAL 39K.ROOT-SERVERS.NET. IN A 193.0.14.129 40ENTRY_END 41 42ENTRY_BEGIN 43MATCH opcode subdomain 44ADJUST copy_id copy_query 45REPLY QR NOERROR 46SECTION QUESTION 47com. IN A 48SECTION AUTHORITY 49com. IN NS a.gtld-servers.net. 50 51; sneak in some data into the cache to simulate partial data after timeouts 52; gets scrubbed away now .... 53example.com. NS ns.example.net. 54example.com. NS ns.example.org. 55example.net. NS ns.example.net. 56example.net. NS ns.example.org. 57example.org. NS ns.example.net. 58example.org. NS ns.example.org. 59 60SECTION ADDITIONAL 61a.gtld-servers.net. IN A 192.5.6.30 62ENTRY_END 63 64ENTRY_BEGIN 65MATCH opcode subdomain 66ADJUST copy_id copy_query 67REPLY QR NOERROR 68SECTION QUESTION 69net. IN A 70SECTION AUTHORITY 71net. IN NS a.gtld-servers.net. 72SECTION ADDITIONAL 73a.gtld-servers.net. IN A 192.5.6.30 74ENTRY_END 75 76ENTRY_BEGIN 77MATCH opcode subdomain 78ADJUST copy_id copy_query 79REPLY QR NOERROR 80SECTION QUESTION 81org. IN A 82SECTION AUTHORITY 83org. IN NS a.gtld-servers.net. 84SECTION ADDITIONAL 85a.gtld-servers.net. IN A 192.5.6.30 86ENTRY_END 87RANGE_END 88 89; a.gtld-servers.net. 90RANGE_BEGIN 0 100 91 ADDRESS 192.5.6.30 92; com zone 93ENTRY_BEGIN 94MATCH opcode qname 95ADJUST copy_id copy_query 96REPLY QR NOERROR 97SECTION QUESTION 98com. IN A 99SECTION ANSWER 100com. IN NS a.gtld-servers.net. 101SECTION ADDITIONAL 102a.gtld-servers.net. IN A 192.5.6.30 103ENTRY_END 104 105ENTRY_BEGIN 106MATCH opcode subdomain 107ADJUST copy_id copy_query 108REPLY QR NOERROR 109SECTION QUESTION 110example.com. IN A 111SECTION AUTHORITY 112example.com. NS ns.example.net. 113example.com. NS ns.example.org. 114SECTION ADDITIONAL 115; no glue! 116ENTRY_END 117 118; net zone 119ENTRY_BEGIN 120MATCH opcode qname 121ADJUST copy_id copy_query 122REPLY QR NOERROR 123SECTION QUESTION 124net. IN A 125SECTION ANSWER 126net. IN NS a.gtld-servers.net. 127SECTION ADDITIONAL 128a.gtld-servers.net. IN A 192.5.6.30 129ENTRY_END 130 131ENTRY_BEGIN 132MATCH opcode qname 133ADJUST copy_id copy_query 134REPLY QR NOERROR 135SECTION QUESTION 136a.gtld-servers.net. IN AAAA 137SECTION ANSWER 138SECTION AUTHORITY 139net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 140ENTRY_END 141 142ENTRY_BEGIN 143MATCH opcode qname 144ADJUST copy_id copy_query 145REPLY QR NOERROR 146SECTION QUESTION 147ns.example.net. IN A 148SECTION AUTHORITY 149example.net. NS ns.example.net. 150example.net. NS ns.example.org. 151SECTION ADDITIONAL 152ns.example.net. IN A 1.2.3.4 153ENTRY_END 154 155; org zone 156ENTRY_BEGIN 157MATCH opcode qname 158ADJUST copy_id copy_query 159REPLY QR NOERROR 160SECTION QUESTION 161org. IN A 162SECTION ANSWER 163org. IN NS a.gtld-servers.net. 164SECTION ADDITIONAL 165a.gtld-servers.net. IN A 192.5.6.30 166ENTRY_END 167 168ENTRY_BEGIN 169MATCH opcode subdomain 170ADJUST copy_id copy_query 171REPLY QR NOERROR 172SECTION QUESTION 173example.org. IN A 174SECTION AUTHORITY 175example.org. NS ns.example.net. 176example.org. NS ns.example.org. 177SECTION ADDITIONAL 178ns.example.org. IN A 1.2.3.5 179ENTRY_END 180RANGE_END 181 182; ns.example.net. 183RANGE_BEGIN 0 100 184 ADDRESS 1.2.3.4 185; example.org. zone 186ENTRY_BEGIN 187MATCH opcode qname 188ADJUST copy_id copy_query 189REPLY QR NOERROR 190SECTION QUESTION 191example.org. IN NS 192SECTION ANSWER 193example.org. NS ns.example.net. 194example.org. NS ns.example.org. 195SECTION ADDITIONAL 196ns.example.org. IN A 1.2.3.5 197ENTRY_END 198 199ENTRY_BEGIN 200MATCH opcode qtype qname 201ADJUST copy_id 202REPLY QR AA NOERROR 203SECTION QUESTION 204ns.example.org. IN A 205SECTION ANSWER 206ns.example.org. IN A 1.2.3.5 207ENTRY_END 208 209ENTRY_BEGIN 210MATCH opcode qtype qname 211ADJUST copy_id 212REPLY QR AA NOERROR 213SECTION QUESTION 214ns.example.org. IN AAAA 215SECTION ANSWER 216SECTION AUTHORITY 217example.org. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 218ENTRY_END 219 220; example.net. zone 221ENTRY_BEGIN 222MATCH opcode qname 223ADJUST copy_id copy_query 224REPLY QR NOERROR 225SECTION QUESTION 226example.net. IN NS 227SECTION ANSWER 228example.net. NS ns.example.net. 229example.net. NS ns.example.org. 230SECTION ADDITIONAL 231ns.example.net. IN A 1.2.3.4 232ENTRY_END 233 234ENTRY_BEGIN 235MATCH opcode qtype qname 236ADJUST copy_id 237REPLY QR AA NOERROR 238SECTION QUESTION 239ns.example.net. IN A 240SECTION ANSWER 241ns.example.net. IN A 1.2.3.4 242ENTRY_END 243 244ENTRY_BEGIN 245MATCH opcode qtype qname 246ADJUST copy_id 247REPLY QR AA NOERROR 248SECTION QUESTION 249ns.example.net. IN AAAA 250SECTION ANSWER 251SECTION AUTHORITY 252example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 253ENTRY_END 254 255; example.com. zone 256ENTRY_BEGIN 257MATCH opcode qtype qname 258ADJUST copy_id 259REPLY QR NOERROR 260SECTION QUESTION 261example.com. IN NS 262SECTION ANSWER 263example.com. IN NS ns.example.com. 264example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 265SECTION ADDITIONAL 266ns.example.com. IN A 1.2.3.4 267ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 268ENTRY_END 269 270ENTRY_BEGIN 271MATCH opcode qtype qname 272ADJUST copy_id 273REPLY QR NOERROR 274SECTION QUESTION 275ns.example.com. IN AAAA 276SECTION ANSWER 277SECTION AUTHORITY 278example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 279example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= 280ENTRY_END 281 282; response to DNSKEY priming query 283ENTRY_BEGIN 284MATCH opcode qtype qname 285ADJUST copy_id 286REPLY QR NOERROR 287SECTION QUESTION 288example.com. IN DNSKEY 289SECTION ANSWER 290example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 291example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 292SECTION AUTHORITY 293example.com. IN NS ns.example.com. 294example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 295SECTION ADDITIONAL 296ns.example.com. IN A 1.2.3.4 297ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 298ENTRY_END 299 300; response to query of interest 301ENTRY_BEGIN 302MATCH opcode qtype qname 303ADJUST copy_id 304REPLY QR NOERROR 305SECTION QUESTION 306www.example.com. IN A 307SECTION ANSWER 308www.example.com. IN A 10.20.30.40 309ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 310SECTION AUTHORITY 311example.com. IN NS ns.example.com. 312example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 313SECTION ADDITIONAL 314ns.example.com. IN A 1.2.3.4 315www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 316ENTRY_END 317RANGE_END 318 319; ns.example.org. 320RANGE_BEGIN 0 100 321 ADDRESS 1.2.3.5 322 323; example.org. zone 324ENTRY_BEGIN 325MATCH opcode qname 326ADJUST copy_id copy_query 327REPLY QR NOERROR 328SECTION QUESTION 329example.org. IN NS 330SECTION ANSWER 331example.org. NS ns.example.net. 332example.org. NS ns.example.org. 333SECTION ADDITIONAL 334ns.example.org. IN A 1.2.3.5 335ENTRY_END 336 337ENTRY_BEGIN 338MATCH opcode qtype qname 339ADJUST copy_id 340REPLY QR AA NOERROR 341SECTION QUESTION 342ns.example.org. IN A 343SECTION ANSWER 344ns.example.org. IN A 1.2.3.5 345ENTRY_END 346 347ENTRY_BEGIN 348MATCH opcode qtype qname 349ADJUST copy_id 350REPLY QR AA NOERROR 351SECTION QUESTION 352ns.example.org. IN AAAA 353SECTION ANSWER 354SECTION AUTHORITY 355example.org. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 356ENTRY_END 357 358; example.net. zone 359ENTRY_BEGIN 360MATCH opcode qname 361ADJUST copy_id copy_query 362REPLY QR NOERROR 363SECTION QUESTION 364example.net. IN NS 365SECTION ANSWER 366example.net. NS ns.example.net. 367example.net. NS ns.example.org. 368SECTION ADDITIONAL 369ns.example.net. IN A 1.2.3.4 370ENTRY_END 371 372ENTRY_BEGIN 373MATCH opcode qtype qname 374ADJUST copy_id 375REPLY QR AA NOERROR 376SECTION QUESTION 377ns.example.net. IN A 378SECTION ANSWER 379ns.example.net. IN A 1.2.3.4 380ENTRY_END 381 382ENTRY_BEGIN 383MATCH opcode qtype qname 384ADJUST copy_id 385REPLY QR AA NOERROR 386SECTION QUESTION 387ns.example.net. IN AAAA 388SECTION ANSWER 389SECTION AUTHORITY 390example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 391ENTRY_END 392 393; example.com. zone 394ENTRY_BEGIN 395MATCH opcode qtype qname 396ADJUST copy_id 397REPLY QR NOERROR 398SECTION QUESTION 399example.com. IN NS 400SECTION ANSWER 401example.com. IN NS ns.example.com. 402example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 403SECTION ADDITIONAL 404ns.example.com. IN A 1.2.3.4 405ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 406ENTRY_END 407 408; response to DNSKEY priming query 409ENTRY_BEGIN 410MATCH opcode qtype qname 411ADJUST copy_id 412REPLY QR NOERROR 413SECTION QUESTION 414example.com. IN DNSKEY 415SECTION ANSWER 416example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 417example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 418SECTION AUTHORITY 419example.com. IN NS ns.example.com. 420example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 421SECTION ADDITIONAL 422ns.example.com. IN A 1.2.3.4 423ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 424ENTRY_END 425 426; response to query of interest 427ENTRY_BEGIN 428MATCH opcode qtype qname 429ADJUST copy_id 430REPLY QR NOERROR 431SECTION QUESTION 432www.example.com. IN A 433SECTION ANSWER 434www.example.com. IN A 10.20.30.40 435ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 436SECTION AUTHORITY 437example.com. IN NS ns.example.com. 438example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 439SECTION ADDITIONAL 440ns.example.com. IN A 1.2.3.4 441www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 442ENTRY_END 443RANGE_END 444 445STEP 1 QUERY 446ENTRY_BEGIN 447REPLY RD DO 448SECTION QUESTION 449www.example.com. IN A 450ENTRY_END 451 452; recursion happens here. 453STEP 10 CHECK_ANSWER 454ENTRY_BEGIN 455MATCH all 456REPLY QR RD RA AD DO NOERROR 457SECTION QUESTION 458www.example.com. IN A 459SECTION ANSWER 460www.example.com. IN A 10.20.30.40 461www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 462SECTION AUTHORITY 463example.com. IN NS ns.example.com. 464example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 465SECTION ADDITIONAL 466ns.example.com. IN A 1.2.3.4 467ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 468ENTRY_END 469 470; make sure glue fetch is done. 471STEP 11 QUERY 472ENTRY_BEGIN 473REPLY RD 474SECTION QUESTION 475ns.example.net. IN AAAA 476ENTRY_END 477 478STEP 12 CHECK_ANSWER 479ENTRY_BEGIN 480MATCH all 481REPLY QR RD RA NOERROR 482SECTION QUESTION 483ns.example.net. IN AAAA 484SECTION ANSWER 485SECTION AUTHORITY 486example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 487SECTION ADDITIONAL 488ENTRY_END 489 490; make sure NS fetch is done. 491STEP 14 QUERY 492ENTRY_BEGIN 493REPLY RD 494SECTION QUESTION 495example.org. IN NS 496ENTRY_END 497 498STEP 15 CHECK_ANSWER 499ENTRY_BEGIN 500MATCH ; none 501REPLY QR RD RA NOERROR 502SECTION QUESTION 503ns.example.net. IN AAAA 504SECTION ANSWER 505SECTION AUTHORITY 506example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 507SECTION ADDITIONAL 508ENTRY_END 509 510 511SCENARIO_END 512