1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 minimal-responses: no 11 nsid: "ascii_hopsa kidee" 12 ede: yes 13 access-control: 127.0.0.0/8 allow_snoop 14 15stub-zone: 16 name: "." 17 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 18CONFIG_END 19 20SCENARIO_BEGIN Test for NSID in SERVFAIL response due to DNSSEC bogus 21 22; K.ROOT-SERVERS.NET. 23RANGE_BEGIN 0 100 24 ADDRESS 193.0.14.129 25ENTRY_BEGIN 26MATCH opcode qtype qname 27ADJUST copy_id 28REPLY QR NOERROR 29SECTION QUESTION 30. IN NS 31SECTION ANSWER 32. IN NS K.ROOT-SERVERS.NET. 33SECTION ADDITIONAL 34K.ROOT-SERVERS.NET. IN A 193.0.14.129 35ENTRY_END 36 37ENTRY_BEGIN 38MATCH opcode qtype qname 39ADJUST copy_id 40REPLY QR NOERROR 41SECTION QUESTION 42www.example.com. IN A 43SECTION AUTHORITY 44com. IN NS a.gtld-servers.net. 45SECTION ADDITIONAL 46a.gtld-servers.net. IN A 192.5.6.30 47ENTRY_END 48RANGE_END 49 50; a.gtld-servers.net. 51RANGE_BEGIN 0 100 52 ADDRESS 192.5.6.30 53ENTRY_BEGIN 54MATCH opcode qtype qname 55ADJUST copy_id 56REPLY QR NOERROR 57SECTION QUESTION 58com. IN NS 59SECTION ANSWER 60com. IN NS a.gtld-servers.net. 61SECTION ADDITIONAL 62a.gtld-servers.net. IN A 192.5.6.30 63ENTRY_END 64 65ENTRY_BEGIN 66MATCH opcode qtype qname 67ADJUST copy_id 68REPLY QR NOERROR 69SECTION QUESTION 70www.example.com. IN A 71SECTION AUTHORITY 72example.com. IN NS ns.example.com. 73SECTION ADDITIONAL 74ns.example.com. IN A 1.2.3.4 75ENTRY_END 76RANGE_END 77 78; ns.example.com. 79RANGE_BEGIN 0 100 80 ADDRESS 1.2.3.4 81ENTRY_BEGIN 82MATCH opcode qtype qname 83ADJUST copy_id 84REPLY QR NOERROR 85SECTION QUESTION 86example.com. IN NS 87SECTION ANSWER 88example.com. IN NS ns.example.com. 89example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 90SECTION ADDITIONAL 91ns.example.com. IN A 1.2.3.4 92ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 93ENTRY_END 94 95; response to DNSKEY priming query 96ENTRY_BEGIN 97MATCH opcode qtype qname 98ADJUST copy_id 99REPLY QR NOERROR 100SECTION QUESTION 101example.com. IN DNSKEY 102SECTION ANSWER 103example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 104example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 105SECTION AUTHORITY 106example.com. IN NS ns.example.com. 107example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 108SECTION ADDITIONAL 109ns.example.com. IN A 1.2.3.4 110ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 111ENTRY_END 112 113; nodata for ns.example.com AAAA 114ENTRY_BEGIN 115MATCH opcode qtype qname 116ADJUST copy_id 117REPLY QR AA NOERROR 118SECTION QUESTION 119ns.example.com. IN AAAA 120SECTION ANSWER 121SECTION AUTHORITY 122example.com. 3600 IN SOA ns.example.com. root.example.com. 4 1440 0 3600 604800 3600 123example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= 124SECTION ADDITIONAL 125ENTRY_END 126 127 128; response to query of interest 129ENTRY_BEGIN 130MATCH opcode qtype qname 131ADJUST copy_id 132REPLY QR NOERROR 133SECTION QUESTION 134www.example.com. IN A 135SECTION ANSWER 136www.example.com. IN A 10.20.30.40 137;good signature 138;www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 139;missing 140www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2855 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= 141SECTION AUTHORITY 142example.com. IN NS ns.example.com. 143example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 144SECTION ADDITIONAL 145ns.example.com. IN A 1.2.3.4 146ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 147ENTRY_END 148RANGE_END 149 150STEP 1 QUERY 151ENTRY_BEGIN 152REPLY RD DO 153SECTION QUESTION 154www.example.com. IN A 155SECTION ADDITIONAL 156 HEX_EDNSDATA_BEGIN 157 00 03 ; Opcode NSID (3) 158 00 00 ; Length 0 159 HEX_EDNSDATA_END 160ENTRY_END 161 162; recursion happens here. 163STEP 10 CHECK_ANSWER 164ENTRY_BEGIN 165MATCH all ede=9 166REPLY QR RD RA DO SERVFAIL 167SECTION QUESTION 168www.example.com. IN A 169SECTION ANSWER 170SECTION ADDITIONAL 171 HEX_EDNSDATA_BEGIN 172 00 03 ; Opcode NSID (3) 173 00 0b ; Length 11 174 68 6F 70 73 61 20 ; "hopsa " 175 6B 69 64 65 65 ; "kidee" 176 HEX_EDNSDATA_END 177ENTRY_END 178 179; Redo the query without RD to check EDE caching. 180STEP 11 QUERY 181ENTRY_BEGIN 182REPLY DO 183SECTION QUESTION 184www.example.com. IN A 185SECTION ADDITIONAL 186 HEX_EDNSDATA_BEGIN 187 00 03 ; Opcode NSID (3) 188 00 00 ; Length 0 189 HEX_EDNSDATA_END 190ENTRY_END 191 192STEP 12 CHECK_ANSWER 193ENTRY_BEGIN 194MATCH all ede=9 195REPLY QR RA DO SERVFAIL 196SECTION QUESTION 197www.example.com. IN A 198SECTION ANSWER 199SECTION ADDITIONAL 200 HEX_EDNSDATA_BEGIN 201 00 03 ; Opcode NSID (3) 202 00 0b ; Length 11 203 68 6F 70 73 61 20 ; "hopsa " 204 6B 69 64 65 65 ; "kidee" 205 HEX_EDNSDATA_END 206ENTRY_END 207 208SCENARIO_END 209