1; config options 2server: 3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 4 trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 minimal-responses: no 11 12stub-zone: 13 name: "." 14 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 15CONFIG_END 16 17SCENARIO_BEGIN Test scrub of secure DNAME in answer section 18 19RANGE_BEGIN 0 100 20; all addresses 21ENTRY_BEGIN 22MATCH opcode qtype qname 23ADJUST copy_id 24REPLY QR AA NOERROR 25SECTION QUESTION 26. IN NS 27SECTION ANSWER 28. IN NS K.ROOT-SERVERS.NET. 29SECTION ADDITIONAL 30K.ROOT-SERVERS.NET. IN A 193.0.14.129 31ENTRY_END 32 33; ENTRY_BEGIN 34; MATCH opcode qtype qname 35; ADJUST copy_id 36; REPLY QR NOERROR 37; SECTION QUESTION 38; x.y.example.com. IN A 39; SECTION AUTHORITY 40; com. IN NS a.gtld-servers.net. 41; SECTION ADDITIONAL 42; a.gtld-servers.net. IN A 192.5.6.30 43; ENTRY_END 44 45ENTRY_BEGIN 46MATCH opcode qtype qname 47ADJUST copy_id 48REPLY QR NOERROR 49SECTION QUESTION 50com. IN NS 51SECTION ANSWER 52com. IN NS a.gtld-servers.net. 53SECTION ADDITIONAL 54a.gtld-servers.net. IN A 192.5.6.30 55ENTRY_END 56 57; ENTRY_BEGIN 58; MATCH opcode qtype qname 59; ADJUST copy_id 60; REPLY QR NOERROR 61; SECTION QUESTION 62; x.y.example.com. IN A 63; SECTION AUTHORITY 64; example.com. IN NS ns1.example.com. 65; SECTION ADDITIONAL 66; ns1.example.com. IN A 168.192.2.2 67; ENTRY_END 68 69ENTRY_BEGIN 70MATCH opcode qtype qname 71ADJUST copy_id 72REPLY QR AA NOERROR 73SECTION QUESTION 74x.y.example.com. IN A 75SECTION ANSWER 76y.example.com. DNAME z.example.com. 77y.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. ALCQdkXflwgQVKCFeYgCAx3ipuoPsGJVZjNeUriXE4nd94h50zJWDJ4= ;{id = 2854} 78x.y.example.com. IN CNAME x.z.example.com. 79x.z.example.com. IN A 10.20.30.0 80SECTION AUTHORITY 81example.com. IN NS ns1.example.com. 82example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AA3IkI13XbKFU5NSqBVA9oM1WiyEKCy4DYFOAdihDf6uHps9lce3kEc= ;{id = 2854} 83SECTION ADDITIONAL 84ns1.example.com. IN A 168.192.2.2 85ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AKcUlwrSz2xYKnQ7b7oMblRa0rKjfUNT900bIkGjLKLWDUGc8mKZE2M= ;{id = 2854} 86ENTRY_END 87 88ENTRY_BEGIN 89MATCH opcode qtype qname 90ADJUST copy_id 91REPLY QR AA NOERROR 92SECTION QUESTION 93x.z.example.com. IN A 94SECTION ANSWER 95x.z.example.com. IN A 10.20.30.40 96x.z.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 example.com. ADZ12PiZGEjVUyLLYkct/SBE2WT4D5IkMOKdcl0dzQ0XRAC5y/0bS7A= ;{id = 2854} 97SECTION AUTHORITY 98example.com. IN NS ns1.example.com. 99example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854} 100SECTION ADDITIONAL 101ns1.example.com. IN A 168.192.2.2 102ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854} 103ENTRY_END 104 105ENTRY_BEGIN 106MATCH opcode qtype qname 107ADJUST copy_id 108REPLY QR NOERROR 109SECTION QUESTION 110example.com. IN NS 111SECTION ANSWER 112example.com. IN NS ns1.example.com. 113example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ACHcJehLt4Hz+rAdxMPE96o7HJAEFohFXbxrKYlG+0WLfYAvH2nxU8k= ;{id = 2854} 114SECTION ADDITIONAL 115ns1.example.com. IN A 168.192.2.2 116ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AInP69g8uR1n/aRg4gmGu8UoM+zZYgjOqbNN2IvOxw3bk/q+g05jKg0= ;{id = 2854} 117ENTRY_END 118 119ENTRY_BEGIN 120MATCH opcode qtype qname 121ADJUST copy_id 122REPLY QR AA NOERROR 123SECTION QUESTION 124example.com. IN DNSKEY 125SECTION ANSWER 126example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 127example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 128SECTION AUTHORITY 129SECTION ADDITIONAL 130ENTRY_END 131 132 133RANGE_END 134 135STEP 10 QUERY 136ENTRY_BEGIN 137REPLY RD DO 138SECTION QUESTION 139x.y.example.com. IN A 140ENTRY_END 141 142; answer to first query (simply puts DNAME in cache) 143STEP 90 CHECK_ANSWER 144ENTRY_BEGIN 145MATCH all 146REPLY QR RD RA AD DO 147SECTION QUESTION 148x.y.example.com. IN A 149SECTION ANSWER 150y.example.com. DNAME z.example.com. 151y.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. ALCQdkXflwgQVKCFeYgCAx3ipuoPsGJVZjNeUriXE4nd94h50zJWDJ4= ;{id = 2854} 152x.y.example.com. IN CNAME x.z.example.com. 153x.z.example.com. IN A 10.20.30.40 154x.z.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 example.com. ADZ12PiZGEjVUyLLYkct/SBE2WT4D5IkMOKdcl0dzQ0XRAC5y/0bS7A= ;{id = 2854} 155SECTION AUTHORITY 156example.com. IN NS ns1.example.com. 157example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854} 158SECTION ADDITIONAL 159ns1.example.com. IN A 168.192.2.2 160ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854} 161ENTRY_END 162 163; now, DNAME is secure and can be used from cache. 164; new query 165STEP 200 QUERY 166ENTRY_BEGIN 167REPLY RD DO 168SECTION QUESTION 169other.y.example.com. IN A 170ENTRY_END 171 172STEP 230 CHECK_OUT_QUERY 173ENTRY_BEGIN 174MATCH qname qtype opcode 175SECTION QUESTION 176other.z.example.com. IN A 177ENTRY_END 178STEP 240 REPLY 179ENTRY_BEGIN 180MATCH opcode qtype qname 181ADJUST copy_id 182REPLY QR AA NOERROR 183SECTION QUESTION 184other.z.example.com. IN A 185SECTION ANSWER 186other.z.example.com. IN A 50.60.70.80 187other.z.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 example.com. AAp6G89oAvkyAaeF2d35AJNlzMhedGo0Bcppl0IOyF3HRzoc51vjJoU= ;{id = 2854} 188SECTION AUTHORITY 189example.com. IN NS ns1.example.com. 190example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854} 191SECTION ADDITIONAL 192ns1.example.com. IN A 168.192.2.2 193ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854} 194ENTRY_END 195 196STEP 250 CHECK_ANSWER 197ENTRY_BEGIN 198MATCH all 199REPLY QR RD RA AD DO 200SECTION QUESTION 201other.y.example.com. IN A 202SECTION ANSWER 203y.example.com. DNAME z.example.com. 204y.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. ALCQdkXflwgQVKCFeYgCAx3ipuoPsGJVZjNeUriXE4nd94h50zJWDJ4= ;{id = 2854} 205other.y.example.com. IN CNAME other.z.example.com. 206other.z.example.com. IN A 50.60.70.80 207other.z.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 example.com. AAp6G89oAvkyAaeF2d35AJNlzMhedGo0Bcppl0IOyF3HRzoc51vjJoU= ;{id = 2854} 208SECTION AUTHORITY 209example.com. IN NS ns1.example.com. 210example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854} 211SECTION ADDITIONAL 212ns1.example.com. IN A 168.192.2.2 213ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854} 214ENTRY_END 215 216SCENARIO_END 217