1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 minimal-responses: no 11 12stub-zone: 13 name: "." 14 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 15CONFIG_END 16 17SCENARIO_BEGIN Test iterator with empty delegation for glue address 18; setup: 19; query for www.example.com. 20; needs example.com served by ns.example.net and ns.example.org 21; needs example.net served by ns.example.net and ns.example.org 22; needs example.org served by ns.example.net and ns.example.org 23; but the cache has all these NS rrsets, but not the addresses. 24; observed in the wild this was from the in-addr zone towards two 25; domains with such a setup. and high TTL NS, lower for A. 26 27; K.ROOT-SERVERS.NET. 28RANGE_BEGIN 0 100 29 ADDRESS 193.0.14.129 30ENTRY_BEGIN 31MATCH opcode qtype qname 32ADJUST copy_id 33REPLY QR NOERROR 34SECTION QUESTION 35. IN NS 36SECTION ANSWER 37. IN NS K.ROOT-SERVERS.NET. 38SECTION ADDITIONAL 39K.ROOT-SERVERS.NET. IN A 193.0.14.129 40ENTRY_END 41 42ENTRY_BEGIN 43MATCH opcode subdomain 44ADJUST copy_id copy_query 45REPLY QR NOERROR 46SECTION QUESTION 47com. IN A 48SECTION AUTHORITY 49com. IN NS a.gtld-servers.net. 50 51; sneak in some data into the cache to simulate partial data after timeouts 52; gets scrubbed away now .... 53example.com. NS ns.example.net. 54example.com. NS ns.example.org. 55example.net. NS ns.example.net. 56example.net. NS ns.example.org. 57example.org. NS ns.example.net. 58example.org. NS ns.example.org. 59 60SECTION ADDITIONAL 61a.gtld-servers.net. IN A 192.5.6.30 62ENTRY_END 63 64ENTRY_BEGIN 65MATCH opcode subdomain 66ADJUST copy_id copy_query 67REPLY QR NOERROR 68SECTION QUESTION 69net. IN A 70SECTION AUTHORITY 71net. IN NS a.gtld-servers.net. 72SECTION ADDITIONAL 73a.gtld-servers.net. IN A 192.5.6.30 74ENTRY_END 75 76ENTRY_BEGIN 77MATCH opcode subdomain 78ADJUST copy_id copy_query 79REPLY QR NOERROR 80SECTION QUESTION 81org. IN A 82SECTION AUTHORITY 83org. IN NS a.gtld-servers.net. 84SECTION ADDITIONAL 85a.gtld-servers.net. IN A 192.5.6.30 86ENTRY_END 87RANGE_END 88 89; a.gtld-servers.net. 90RANGE_BEGIN 0 100 91 ADDRESS 192.5.6.30 92; com zone 93ENTRY_BEGIN 94MATCH opcode qname 95ADJUST copy_id copy_query 96REPLY QR NOERROR 97SECTION QUESTION 98com. IN A 99SECTION ANSWER 100com. IN NS a.gtld-servers.net. 101SECTION ADDITIONAL 102a.gtld-servers.net. IN A 192.5.6.30 103ENTRY_END 104 105ENTRY_BEGIN 106MATCH opcode subdomain 107ADJUST copy_id copy_query 108REPLY QR NOERROR 109SECTION QUESTION 110example.com. IN A 111SECTION AUTHORITY 112example.com. NS ns.example.net. 113example.com. NS ns.example.org. 114SECTION ADDITIONAL 115; no glue! 116ENTRY_END 117 118; net zone 119ENTRY_BEGIN 120MATCH opcode qname 121ADJUST copy_id copy_query 122REPLY QR NOERROR 123SECTION QUESTION 124net. IN A 125SECTION ANSWER 126net. IN NS a.gtld-servers.net. 127SECTION ADDITIONAL 128a.gtld-servers.net. IN A 192.5.6.30 129ENTRY_END 130 131ENTRY_BEGIN 132MATCH opcode qname 133ADJUST copy_id copy_query 134REPLY QR NOERROR 135SECTION QUESTION 136a.gtld-servers.net. IN AAAA 137SECTION ANSWER 138ENTRY_END 139 140ENTRY_BEGIN 141MATCH opcode qname 142ADJUST copy_id copy_query 143REPLY QR NOERROR 144SECTION QUESTION 145ns.example.net. IN A 146SECTION AUTHORITY 147example.net. NS ns.example.net. 148example.net. NS ns.example.org. 149SECTION ADDITIONAL 150ns.example.net. IN A 1.2.3.4 151ENTRY_END 152 153; org zone 154ENTRY_BEGIN 155MATCH opcode qname 156ADJUST copy_id copy_query 157REPLY QR NOERROR 158SECTION QUESTION 159org. IN A 160SECTION ANSWER 161org. IN NS a.gtld-servers.net. 162SECTION ADDITIONAL 163a.gtld-servers.net. IN A 192.5.6.30 164ENTRY_END 165 166ENTRY_BEGIN 167MATCH opcode qname 168ADJUST copy_id copy_query 169REPLY QR NOERROR 170SECTION QUESTION 171ns.example.org. IN A 172SECTION AUTHORITY 173example.org. NS ns.example.net. 174example.org. NS ns.example.org. 175SECTION ADDITIONAL 176ns.example.org. IN A 1.2.3.5 177ENTRY_END 178RANGE_END 179 180; ns.example.net. 181RANGE_BEGIN 0 100 182 ADDRESS 1.2.3.4 183; example.org. zone 184ENTRY_BEGIN 185MATCH opcode qname 186ADJUST copy_id copy_query 187REPLY QR NOERROR 188SECTION QUESTION 189example.org. IN NS 190SECTION ANSWER 191example.org. NS ns.example.net. 192example.org. NS ns.example.org. 193SECTION ADDITIONAL 194ns.example.org. IN A 1.2.3.5 195ENTRY_END 196 197ENTRY_BEGIN 198MATCH opcode qtype qname 199ADJUST copy_id 200REPLY QR AA NOERROR 201SECTION QUESTION 202ns.example.org. IN A 203SECTION ANSWER 204ns.example.org. IN A 1.2.3.5 205ENTRY_END 206 207ENTRY_BEGIN 208MATCH opcode qtype qname 209ADJUST copy_id 210REPLY QR AA NOERROR 211SECTION QUESTION 212ns.example.org. IN AAAA 213SECTION ANSWER 214ENTRY_END 215 216; example.net. zone 217ENTRY_BEGIN 218MATCH opcode qname 219ADJUST copy_id copy_query 220REPLY QR NOERROR 221SECTION QUESTION 222example.net. IN NS 223SECTION ANSWER 224example.net. NS ns.example.net. 225example.net. NS ns.example.org. 226SECTION ADDITIONAL 227ns.example.net. IN A 1.2.3.4 228ENTRY_END 229 230ENTRY_BEGIN 231MATCH opcode qtype qname 232ADJUST copy_id 233REPLY QR AA NOERROR 234SECTION QUESTION 235ns.example.net. IN A 236SECTION ANSWER 237ns.example.net. IN A 1.2.3.4 238ENTRY_END 239 240ENTRY_BEGIN 241MATCH opcode qtype qname 242ADJUST copy_id 243REPLY QR AA NOERROR 244SECTION QUESTION 245ns.example.net. IN AAAA 246SECTION ANSWER 247ENTRY_END 248 249; example.com. zone 250ENTRY_BEGIN 251MATCH opcode qtype qname 252ADJUST copy_id 253REPLY QR NOERROR 254SECTION QUESTION 255example.com. IN NS 256SECTION ANSWER 257example.com. IN NS ns.example.com. 258example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 259SECTION ADDITIONAL 260ns.example.com. IN A 1.2.3.4 261ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 262ENTRY_END 263 264ENTRY_BEGIN 265MATCH opcode qtype qname 266ADJUST copy_id 267REPLY QR NOERROR 268SECTION QUESTION 269ns.example.com. IN AAAA 270SECTION ANSWER 271; bogus message. 272ENTRY_END 273 274; response to DNSKEY priming query 275ENTRY_BEGIN 276MATCH opcode qtype qname 277ADJUST copy_id 278REPLY QR NOERROR 279SECTION QUESTION 280example.com. IN DNSKEY 281SECTION ANSWER 282example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 283example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 284SECTION AUTHORITY 285example.com. IN NS ns.example.com. 286example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 287SECTION ADDITIONAL 288ns.example.com. IN A 1.2.3.4 289ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 290ENTRY_END 291 292; response to query of interest 293ENTRY_BEGIN 294MATCH opcode qtype qname 295ADJUST copy_id 296REPLY QR NOERROR 297SECTION QUESTION 298www.example.com. IN A 299SECTION ANSWER 300www.example.com. IN A 10.20.30.40 301ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 302SECTION AUTHORITY 303example.com. IN NS ns.example.com. 304example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 305SECTION ADDITIONAL 306ns.example.com. IN A 1.2.3.4 307www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 308ENTRY_END 309RANGE_END 310 311; ns.example.org. 312RANGE_BEGIN 0 100 313 ADDRESS 1.2.3.5 314 315; example.org. zone 316ENTRY_BEGIN 317MATCH opcode qname 318ADJUST copy_id copy_query 319REPLY QR NOERROR 320SECTION QUESTION 321example.org. IN NS 322SECTION ANSWER 323example.org. NS ns.example.net. 324example.org. NS ns.example.org. 325SECTION ADDITIONAL 326ns.example.org. IN A 1.2.3.5 327ENTRY_END 328 329ENTRY_BEGIN 330MATCH opcode qtype qname 331ADJUST copy_id 332REPLY QR AA NOERROR 333SECTION QUESTION 334ns.example.org. IN A 335SECTION ANSWER 336ns.example.org. IN A 1.2.3.5 337ENTRY_END 338 339ENTRY_BEGIN 340MATCH opcode qtype qname 341ADJUST copy_id 342REPLY QR AA NOERROR 343SECTION QUESTION 344ns.example.org. IN AAAA 345SECTION ANSWER 346ENTRY_END 347 348; example.net. zone 349ENTRY_BEGIN 350MATCH opcode qname 351ADJUST copy_id copy_query 352REPLY QR NOERROR 353SECTION QUESTION 354example.net. IN NS 355SECTION ANSWER 356example.net. NS ns.example.net. 357example.net. NS ns.example.org. 358SECTION ADDITIONAL 359ns.example.net. IN A 1.2.3.4 360ENTRY_END 361 362ENTRY_BEGIN 363MATCH opcode qtype qname 364ADJUST copy_id 365REPLY QR AA NOERROR 366SECTION QUESTION 367ns.example.net. IN A 368SECTION ANSWER 369ns.example.net. IN A 1.2.3.4 370ENTRY_END 371 372ENTRY_BEGIN 373MATCH opcode qtype qname 374ADJUST copy_id 375REPLY QR AA NOERROR 376SECTION QUESTION 377ns.example.net. IN AAAA 378SECTION ANSWER 379ENTRY_END 380 381; example.com. zone 382ENTRY_BEGIN 383MATCH opcode qtype qname 384ADJUST copy_id 385REPLY QR NOERROR 386SECTION QUESTION 387example.com. IN NS 388SECTION ANSWER 389example.com. IN NS ns.example.com. 390example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 391SECTION ADDITIONAL 392ns.example.com. IN A 1.2.3.4 393ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 394ENTRY_END 395 396; response to DNSKEY priming query 397ENTRY_BEGIN 398MATCH opcode qtype qname 399ADJUST copy_id 400REPLY QR NOERROR 401SECTION QUESTION 402example.com. IN DNSKEY 403SECTION ANSWER 404example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 405example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 406SECTION AUTHORITY 407example.com. IN NS ns.example.com. 408example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 409SECTION ADDITIONAL 410ns.example.com. IN A 1.2.3.4 411ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 412ENTRY_END 413 414; response to query of interest 415ENTRY_BEGIN 416MATCH opcode qtype qname 417ADJUST copy_id 418REPLY QR NOERROR 419SECTION QUESTION 420www.example.com. IN A 421SECTION ANSWER 422www.example.com. IN A 10.20.30.40 423ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 424SECTION AUTHORITY 425example.com. IN NS ns.example.com. 426example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 427SECTION ADDITIONAL 428ns.example.com. IN A 1.2.3.4 429www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 430ENTRY_END 431RANGE_END 432 433STEP 1 QUERY 434ENTRY_BEGIN 435REPLY RD DO 436SECTION QUESTION 437www.example.com. IN A 438ENTRY_END 439 440; recursion happens here. 441STEP 10 CHECK_ANSWER 442ENTRY_BEGIN 443MATCH all 444REPLY QR RD RA AD DO NOERROR 445SECTION QUESTION 446www.example.com. IN A 447SECTION ANSWER 448www.example.com. IN A 10.20.30.40 449www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 450SECTION AUTHORITY 451example.com. IN NS ns.example.com. 452example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 453SECTION ADDITIONAL 454ns.example.com. IN A 1.2.3.4 455ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 456ENTRY_END 457 458; make sure glue fetch is done. 459STEP 11 QUERY 460ENTRY_BEGIN 461REPLY RD 462SECTION QUESTION 463ns.example.net. IN AAAA 464ENTRY_END 465 466STEP 12 CHECK_ANSWER 467ENTRY_BEGIN 468MATCH all 469REPLY QR RD RA NOERROR 470SECTION QUESTION 471ns.example.net. IN AAAA 472SECTION ANSWER 473SECTION AUTHORITY 474SECTION ADDITIONAL 475ENTRY_END 476 477; make sure NS fetch is done. 478STEP 14 QUERY 479ENTRY_BEGIN 480REPLY RD 481SECTION QUESTION 482example.org. IN NS 483ENTRY_END 484 485STEP 15 CHECK_ANSWER 486ENTRY_BEGIN 487MATCH ; none 488REPLY QR RD RA NOERROR 489SECTION QUESTION 490ns.example.net. IN AAAA 491SECTION ANSWER 492SECTION AUTHORITY 493SECTION ADDITIONAL 494ENTRY_END 495 496 497SCENARIO_END 498