1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 8stub-zone: 9 name: "." 10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 11CONFIG_END 12 13SCENARIO_BEGIN Test validator with empty nonterminals on the trust chain. 14 15; K.ROOT-SERVERS.NET. 16RANGE_BEGIN 0 100 17 ADDRESS 193.0.14.129 18ENTRY_BEGIN 19MATCH opcode qtype qname 20ADJUST copy_id 21REPLY QR NOERROR 22SECTION QUESTION 23. IN NS 24SECTION ANSWER 25. IN NS K.ROOT-SERVERS.NET. 26SECTION ADDITIONAL 27K.ROOT-SERVERS.NET. IN A 193.0.14.129 28ENTRY_END 29 30ENTRY_BEGIN 31MATCH opcode qtype qname 32ADJUST copy_id 33REPLY QR NOERROR 34SECTION QUESTION 35328.0.0.194.example.com. IN A 36SECTION AUTHORITY 37com. IN NS a.gtld-servers.net. 38SECTION ADDITIONAL 39a.gtld-servers.net. IN A 192.5.6.30 40ENTRY_END 41RANGE_END 42 43; a.gtld-servers.net. 44RANGE_BEGIN 0 100 45 ADDRESS 192.5.6.30 46ENTRY_BEGIN 47MATCH opcode qtype qname 48ADJUST copy_id 49REPLY QR NOERROR 50SECTION QUESTION 51com. IN NS 52SECTION ANSWER 53com. IN NS a.gtld-servers.net. 54SECTION ADDITIONAL 55a.gtld-servers.net. IN A 192.5.6.30 56ENTRY_END 57 58ENTRY_BEGIN 59MATCH opcode qtype qname 60ADJUST copy_id 61REPLY QR NOERROR 62SECTION QUESTION 63328.0.0.194.example.com. IN A 64SECTION AUTHORITY 65example.com. IN NS ns.example.com. 66SECTION ADDITIONAL 67ns.example.com. IN A 1.2.3.4 68ENTRY_END 69RANGE_END 70 71; ns.example.com. 72RANGE_BEGIN 0 100 73 ADDRESS 1.2.3.4 74ENTRY_BEGIN 75MATCH opcode qtype qname 76ADJUST copy_id 77REPLY QR NOERROR 78SECTION QUESTION 79example.com. IN NS 80SECTION ANSWER 81example.com. IN NS ns.example.com. 82example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 83SECTION ADDITIONAL 84ns.example.com. IN A 1.2.3.4 85ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 86ENTRY_END 87 88; response to DNSKEY priming query 89ENTRY_BEGIN 90MATCH opcode qtype qname 91ADJUST copy_id 92REPLY QR NOERROR 93SECTION QUESTION 94example.com. IN DNSKEY 95SECTION ANSWER 96example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 97example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 98SECTION AUTHORITY 99example.com. IN NS ns.example.com. 100example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 101SECTION ADDITIONAL 102ns.example.com. IN A 1.2.3.4 103ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 104ENTRY_END 105 106; responses to DS empty nonterminal queries. 107ENTRY_BEGIN 108MATCH opcode qtype qname 109ADJUST copy_id 110REPLY QR AA NOERROR 111SECTION QUESTION 112194.example.com. IN DS 113SECTION AUTHORITY 114example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200 115example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854} 116 117; This NSEC proves the NOERROR/NODATA case. 118194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC 119194.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854} 120 121ENTRY_END 122 123ENTRY_BEGIN 124MATCH opcode qtype qname 125ADJUST copy_id 126; this should be NOERROR. 127REPLY QR AA NOERROR 128SECTION QUESTION 1290.194.example.com. IN DS 130SECTION AUTHORITY 131example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200 132example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854} 133 134; This NSEC proves the NOERROR/NODATA case. 135194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC 136194.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854} 137 138ENTRY_END 139 140; response for delegation to sub zone. 141ENTRY_BEGIN 142MATCH opcode qtype qname 143ADJUST copy_id 144REPLY QR NOERROR 145SECTION QUESTION 146328.0.0.194.example.com. IN A 147SECTION ANSWER 148SECTION AUTHORITY 1490.0.194.example.com. IN NS ns.sub.example.com. 1500.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c 1510.0.194.example.com. 3600 IN RRSIG DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854} 152SECTION ADDITIONAL 153ns.sub.example.com. IN A 1.2.3.6 154ENTRY_END 155 156; response for delegation to sub zone 157ENTRY_BEGIN 158MATCH opcode qtype qname 159ADJUST copy_id 160REPLY QR NOERROR 161SECTION QUESTION 1620.0.194.example.com. IN DNSKEY 163SECTION ANSWER 164SECTION AUTHORITY 1650.0.194.example.com. IN NS ns.sub.example.com. 1660.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c 1670.0.194.example.com. 3600 IN RRSIG DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854} 168SECTION ADDITIONAL 169ns.sub.example.com. IN A 1.2.3.6 170ENTRY_END 171RANGE_END 172 173; ns.sub.example.com. for zone 0.0.194.example.com. 174RANGE_BEGIN 0 100 175 ADDRESS 1.2.3.6 176ENTRY_BEGIN 177MATCH opcode qtype qname 178ADJUST copy_id 179REPLY QR NOERROR 180SECTION QUESTION 1810.0.194.example.com. IN NS 182SECTION ANSWER 1830.0.194.example.com. IN NS ns.sub.example.com. 1840.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899} 185SECTION ADDITIONAL 186ns.sub.example.com. IN A 1.2.3.6 187ENTRY_END 188 189 190; response to DNSKEY priming query 191; 0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c 192ENTRY_BEGIN 193MATCH opcode qtype qname 194ADJUST copy_id 195REPLY QR NOERROR 196SECTION QUESTION 1970.0.194.example.com. IN DNSKEY 198SECTION ANSWER 1990.0.194.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 2000.0.194.example.com. 3600 IN RRSIG DNSKEY 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. fSmc7ef6NwbDXC0o4wPc/aa8LakW5ZJwEZ4xPYl3tTZKmPNM7hPXskl1tFlvst9Va4u37F62v+16trprHb+SCQ== ;{id = 30899} 201SECTION AUTHORITY 2020.0.194.example.com. IN NS ns.sub.example.com. 2030.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899} 204SECTION ADDITIONAL 205ns.sub.example.com. IN A 1.2.3.6 206ENTRY_END 207 208; response to query of interest 209ENTRY_BEGIN 210MATCH opcode qtype qname 211ADJUST copy_id 212REPLY QR NOERROR 213SECTION QUESTION 214328.0.0.194.example.com. IN A 215SECTION ANSWER 216328.0.0.194.example.com. IN A 11.11.11.11 217328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899} 218SECTION AUTHORITY 219SECTION ADDITIONAL 220ENTRY_END 221RANGE_END 222 223STEP 1 QUERY 224ENTRY_BEGIN 225REPLY RD DO 226SECTION QUESTION 227328.0.0.194.example.com. IN A 228ENTRY_END 229 230; recursion happens here. 231STEP 10 CHECK_ANSWER 232ENTRY_BEGIN 233MATCH all 234REPLY QR RD RA AD DO NOERROR 235SECTION QUESTION 236328.0.0.194.example.com. IN A 237SECTION ANSWER 238328.0.0.194.example.com. 3600 IN A 11.11.11.11 239328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899} 240SECTION AUTHORITY 241SECTION ADDITIONAL 242ENTRY_END 243 244SCENARIO_END 245