xref: /netbsd-src/external/bsd/unbound/dist/testdata/val_anchor_nx.rpl (revision 7cd94d692f099dff0c03996f61fd7a476e40159b) 
1; config options
2; The island of trust is at example.com
3server:
4	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5	trust-anchor: "sub.example.com.    3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3"
6	val-override-date: "20070916134226"
7	target-fetch-policy: "0 0 0 0 0"
8	qname-minimisation: "no"
9	fake-sha1: yes
10	trust-anchor-signaling: no
11
12stub-zone:
13	name: "."
14	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
15CONFIG_END
16
17SCENARIO_BEGIN Test validator with secure proof of trust anchor nxdomain
18
19; K.ROOT-SERVERS.NET.
20RANGE_BEGIN 0 100
21	ADDRESS 193.0.14.129
22ENTRY_BEGIN
23MATCH opcode qtype qname
24ADJUST copy_id
25REPLY QR NOERROR
26SECTION QUESTION
27. IN NS
28SECTION ANSWER
29. IN NS	K.ROOT-SERVERS.NET.
30SECTION ADDITIONAL
31K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
32ENTRY_END
33
34ENTRY_BEGIN
35MATCH opcode qtype qname
36ADJUST copy_id
37REPLY QR NOERROR
38SECTION QUESTION
39www.sub.example.com. IN A
40SECTION AUTHORITY
41com.	IN NS	a.gtld-servers.net.
42SECTION ADDITIONAL
43a.gtld-servers.net.	IN 	A	192.5.6.30
44ENTRY_END
45RANGE_END
46
47; a.gtld-servers.net.
48RANGE_BEGIN 0 100
49	ADDRESS 192.5.6.30
50ENTRY_BEGIN
51MATCH opcode qtype qname
52ADJUST copy_id
53REPLY QR NOERROR
54SECTION QUESTION
55com. IN NS
56SECTION ANSWER
57com.    IN NS   a.gtld-servers.net.
58SECTION ADDITIONAL
59a.gtld-servers.net.     IN      A       192.5.6.30
60ENTRY_END
61
62ENTRY_BEGIN
63MATCH opcode qtype qname
64ADJUST copy_id
65REPLY QR NOERROR
66SECTION QUESTION
67www.sub.example.com. IN A
68SECTION AUTHORITY
69example.com.	IN NS	ns.example.com.
70SECTION ADDITIONAL
71ns.example.com.		IN 	A	1.2.3.4
72ENTRY_END
73RANGE_END
74
75; ns.example.com.
76RANGE_BEGIN 0 100
77	ADDRESS 1.2.3.4
78ENTRY_BEGIN
79MATCH opcode qtype qname
80ADJUST copy_id
81REPLY QR NOERROR
82SECTION QUESTION
83example.com. IN NS
84SECTION ANSWER
85example.com.    IN NS   ns.example.com.
86example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
87SECTION ADDITIONAL
88ns.example.com.         IN      A       1.2.3.4
89ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
90ENTRY_END
91
92; response to DNSKEY priming query
93ENTRY_BEGIN
94MATCH opcode qtype qname
95ADJUST copy_id
96REPLY QR NOERROR
97SECTION QUESTION
98example.com. IN DNSKEY
99SECTION ANSWER
100example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
101example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
102SECTION AUTHORITY
103example.com.	IN NS	ns.example.com.
104example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
105SECTION ADDITIONAL
106ns.example.com.		IN 	A	1.2.3.4
107ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
108ENTRY_END
109
110; response for sub.example.com.
111ENTRY_BEGIN
112MATCH opcode qtype qname
113ADJUST copy_id
114REPLY QR NXDOMAIN
115SECTION QUESTION
116www.sub.example.com. IN A
117SECTION AUTHORITY
118example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
119example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
120blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
121blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
122example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
123example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
124ENTRY_END
125
126ENTRY_BEGIN
127MATCH opcode qtype qname
128ADJUST copy_id
129REPLY QR NXDOMAIN
130SECTION QUESTION
131www.sub.example.com. IN DS
132SECTION AUTHORITY
133example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
134example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
135blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
136blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
137example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
138example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
139ENTRY_END
140
141ENTRY_BEGIN
142MATCH opcode qtype qname
143ADJUST copy_id
144REPLY QR NXDOMAIN
145SECTION QUESTION
146sub.example.com. IN DNSKEY
147SECTION AUTHORITY
148example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
149example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
150blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
151blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
152example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
153example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
154ENTRY_END
155RANGE_END
156
157; ns.sub.example.com.
158RANGE_BEGIN 0 100
159	ADDRESS 1.2.3.6
160
161; response to DNSKEY priming query
162; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
163ENTRY_BEGIN
164MATCH opcode qtype qname
165ADJUST copy_id
166REPLY QR NOERROR
167SECTION QUESTION
168sub.example.com. IN DNSKEY
169SECTION ANSWER
170sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
171sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
172SECTION AUTHORITY
173sub.example.com. IN	NS ns.sub.example.com.
174sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
175SECTION ADDITIONAL
176ns.sub.example.com. IN A 1.2.3.6
177ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
178ENTRY_END
179
180; response to query of interest
181ENTRY_BEGIN
182MATCH opcode qtype qname
183ADJUST copy_id
184REPLY QR NOERROR
185SECTION QUESTION
186www.sub.example.com. IN A
187SECTION ANSWER
188www.sub.example.com. IN A	11.11.11.11
189www.sub.example.com.    3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
190SECTION AUTHORITY
191SECTION ADDITIONAL
192ENTRY_END
193RANGE_END
194
195STEP 1 QUERY
196ENTRY_BEGIN
197REPLY RD DO
198SECTION QUESTION
199www.sub.example.com. IN A
200ENTRY_END
201
202; recursion happens here.
203STEP 10 CHECK_ANSWER
204ENTRY_BEGIN
205MATCH all
206REPLY QR RD RA AD DO NXDOMAIN
207SECTION QUESTION
208www.sub.example.com. IN A
209SECTION ANSWER
210SECTION AUTHORITY
211example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
212example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
213blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
214blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
215example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
216example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
217SECTION ADDITIONAL
218ENTRY_END
219
220SCENARIO_END
221