xref: /netbsd-src/external/bsd/unbound/dist/testdata/val_cnameinsectopos.rpl (revision cef8759bd76c1b621f8eab8faa6f208faabc2e15) 
1; config options
2; The island of trust is at example.com
3server:
4	;trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5	trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
6	val-override-date: "20070916134226"
7	target-fetch-policy: "0 0 0 0 0"
8	qname-minimisation: "no"
9	fake-sha1: yes
10	trust-anchor-signaling: no
11
12stub-zone:
13	name: "."
14	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
15CONFIG_END
16
17SCENARIO_BEGIN Test validator with an insecure cname to positive cached
18
19; K.ROOT-SERVERS.NET.
20RANGE_BEGIN 0 100
21	ADDRESS 193.0.14.129
22ENTRY_BEGIN
23MATCH opcode qtype qname
24ADJUST copy_id
25REPLY QR NOERROR
26SECTION QUESTION
27. IN NS
28SECTION ANSWER
29. IN NS	K.ROOT-SERVERS.NET.
30SECTION ADDITIONAL
31K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
32ENTRY_END
33
34ENTRY_BEGIN
35MATCH opcode qtype qname
36ADJUST copy_id
37REPLY QR NOERROR
38SECTION QUESTION
39www.example.com. IN A
40SECTION AUTHORITY
41com.	IN NS	a.gtld-servers.net.
42SECTION ADDITIONAL
43a.gtld-servers.net.	IN 	A	192.5.6.30
44ENTRY_END
45
46ENTRY_BEGIN
47MATCH opcode qtype qname
48ADJUST copy_id
49REPLY QR NOERROR
50SECTION QUESTION
51www.example.net. IN A
52SECTION AUTHORITY
53net.	IN NS	a.gtld-servers.net.
54SECTION ADDITIONAL
55a.gtld-servers.net.	IN 	A	192.5.6.30
56ENTRY_END
57RANGE_END
58
59; a.gtld-servers.net.
60RANGE_BEGIN 0 100
61	ADDRESS 192.5.6.30
62ENTRY_BEGIN
63MATCH opcode qtype qname
64ADJUST copy_id
65REPLY QR NOERROR
66SECTION QUESTION
67com. IN NS
68SECTION ANSWER
69com.    IN NS   a.gtld-servers.net.
70SECTION ADDITIONAL
71a.gtld-servers.net.     IN      A       192.5.6.30
72ENTRY_END
73
74ENTRY_BEGIN
75MATCH opcode qtype qname
76ADJUST copy_id
77REPLY QR NOERROR
78SECTION QUESTION
79net. IN NS
80SECTION ANSWER
81net.    IN NS   a.gtld-servers.net.
82SECTION ADDITIONAL
83a.gtld-servers.net.     IN      A       192.5.6.30
84ENTRY_END
85
86ENTRY_BEGIN
87MATCH opcode qtype qname
88ADJUST copy_id
89REPLY QR NOERROR
90SECTION QUESTION
91www.example.com. IN A
92SECTION AUTHORITY
93example.com.	IN NS	ns.example.com.
94SECTION ADDITIONAL
95ns.example.com.		IN 	A	1.2.3.4
96ENTRY_END
97ENTRY_BEGIN
98MATCH opcode qtype qname
99ADJUST copy_id
100REPLY QR NOERROR
101SECTION QUESTION
102www.example.net. IN A
103SECTION AUTHORITY
104example.net.	IN NS	ns.example.net.
105SECTION ADDITIONAL
106ns.example.net.		IN 	A	1.2.3.5
107ENTRY_END
108RANGE_END
109
110; ns.example.com.
111RANGE_BEGIN 0 100
112	ADDRESS 1.2.3.4
113ENTRY_BEGIN
114MATCH opcode qtype qname
115ADJUST copy_id
116REPLY QR NOERROR
117SECTION QUESTION
118example.com. IN NS
119SECTION ANSWER
120example.com.    IN NS   ns.example.com.
121example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
122SECTION ADDITIONAL
123ns.example.com.         IN      A       1.2.3.4
124ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
125ENTRY_END
126
127; response to DNSKEY priming query
128ENTRY_BEGIN
129MATCH opcode qtype qname
130ADJUST copy_id
131REPLY QR NOERROR
132SECTION QUESTION
133example.com. IN DNSKEY
134SECTION ANSWER
135example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
136example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
137SECTION AUTHORITY
138example.com.	IN NS	ns.example.com.
139example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
140SECTION ADDITIONAL
141ns.example.com.		IN 	A	1.2.3.4
142ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
143ENTRY_END
144
145; response to query of interest
146ENTRY_BEGIN
147MATCH opcode qtype qname
148ADJUST copy_id
149REPLY QR NOERROR
150SECTION QUESTION
151www.example.com. IN A
152SECTION ANSWER
153www.example.com. IN	CNAME	www.example.net.
154www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
155SECTION AUTHORITY
156SECTION ADDITIONAL
157ENTRY_END
158
159ENTRY_BEGIN
160MATCH opcode qtype qname
161ADJUST copy_id
162REPLY QR AA NOERROR
163SECTION QUESTION
164insecure.example.com. IN A
165SECTION ANSWER
166insecure.example.com. IN	CNAME	www.example.net.
167SECTION AUTHORITY
168SECTION ADDITIONAL
169ENTRY_END
170RANGE_END
171
172; ns.example.net.
173RANGE_BEGIN 0 100
174	ADDRESS 1.2.3.5
175ENTRY_BEGIN
176MATCH opcode qtype qname
177ADJUST copy_id
178REPLY QR NOERROR
179SECTION QUESTION
180example.net. IN NS
181SECTION ANSWER
182example.net.	IN NS	ns.example.net.
183example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
184SECTION ADDITIONAL
185ns.example.net.		IN 	A	1.2.3.5
186ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
187ENTRY_END
188
189; response to DNSKEY priming query
190ENTRY_BEGIN
191MATCH opcode qtype qname
192ADJUST copy_id
193REPLY QR NOERROR
194SECTION QUESTION
195example.net. IN DNSKEY
196SECTION ANSWER
197example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
198example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
199SECTION AUTHORITY
200example.net.	IN NS	ns.example.net.
201example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
202SECTION ADDITIONAL
203ns.example.net.		IN 	A	1.2.3.5
204ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
205ENTRY_END
206
207; response to query of interest
208ENTRY_BEGIN
209MATCH opcode qtype qname
210ADJUST copy_id
211REPLY QR NOERROR
212SECTION QUESTION
213www.example.net. IN A
214SECTION ANSWER
215www.example.net. IN	A	11.12.13.14
216www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
217SECTION AUTHORITY
218SECTION ADDITIONAL
219ENTRY_END
220RANGE_END
221
222STEP 1 QUERY
223ENTRY_BEGIN
224REPLY RD DO
225SECTION QUESTION
226www.example.com. IN A
227ENTRY_END
228
229; recursion happens here.
230STEP 10 CHECK_ANSWER
231ENTRY_BEGIN
232MATCH all
233REPLY QR RD RA DO NOERROR
234SECTION QUESTION
235www.example.com. IN A
236SECTION ANSWER
237www.example.com. IN	CNAME	www.example.net.
238www.example.com.        3600    IN      RRSIG   CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854}
239www.example.net. IN	A	11.12.13.14
240www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
241SECTION AUTHORITY
242SECTION ADDITIONAL
243ENTRY_END
244
245
246; Get www.example.net validated in the cache.
247STEP 30 QUERY
248ENTRY_BEGIN
249REPLY RD DO
250SECTION QUESTION
251www.example.net. IN A
252ENTRY_END
253
254; recursion happens here.
255STEP 40 CHECK_ANSWER
256ENTRY_BEGIN
257MATCH all
258REPLY QR RD RA AD DO NOERROR
259SECTION QUESTION
260www.example.net. IN A
261SECTION ANSWER
262www.example.net. IN	A	11.12.13.14
263www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
264SECTION AUTHORITY
265SECTION ADDITIONAL
266ENTRY_END
267
268
269; reference the cache object
270STEP 50 QUERY
271ENTRY_BEGIN
272REPLY RD DO
273SECTION QUESTION
274insecure.example.com. IN A
275ENTRY_END
276
277STEP 60 CHECK_ANSWER
278ENTRY_BEGIN
279MATCH all
280REPLY QR RD RA DO NOERROR
281SECTION QUESTION
282insecure.example.com. IN A
283SECTION ANSWER
284insecure.example.com. IN	CNAME	www.example.net.
285www.example.net. IN	A	11.12.13.14
286www.example.net.        3600    IN      RRSIG   A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
287SECTION AUTHORITY
288SECTION ADDITIONAL
289ENTRY_END
290
291
292SCENARIO_END
293