xref: /netbsd-src/external/bsd/unbound/dist/testdata/val_cnametocloser.rpl (revision 501cd18a74d52bfcca7d9e7e3b0d472bbc870558) 
1; config options
2server:
3	trust-anchor: "example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512"
4	trust-anchor: "a.b.example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8="
5	val-override-date: "20091113091234"
6
7forward-zone:
8	name: "."
9	forward-addr: 192.0.2.1
10CONFIG_END
11
12SCENARIO_BEGIN Test validator with CNAME to closer anchor under optout.
13
14RANGE_BEGIN 0 100
15	ADDRESS 192.0.2.1
16ENTRY_BEGIN
17MATCH opcode qtype qname
18ADJUST copy_id
19REPLY QR NOERROR
20SECTION QUESTION
21www.example.com. IN AAAA
22SECTION ANSWER
23www.example.com. IN CNAME www.a.b.example.com.
24www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899}
25
26SECTION AUTHORITY
27;; nsec3param 1 1 1 d399eaab
28; example.com. -> l0c0e5lac37ai0lpij31sj699hkktdmb.
29; b.example.com. -> 1lq6sb4omkd2vgj0l8lro2cbie223hco.
30;; closest encloser: example.com.
31l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. IN NSEC3 1 1 1 d399eaab l0c0e5lac37ai0lpij31sj699hkktdmc SOA NS DNSKEY NSEC3PARAM RRSIG
32l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.	3600	IN	RRSIG	NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899}
33
34;; nextcloser is:  b.example.com. ; under optout range.
35; disproof of DS using the optout range.
361lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. IN NSEC3 1 1 1 d399eaab 1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG
371lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.	3600	IN	RRSIG	NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899}
38
39ENTRY_END
40
41ENTRY_BEGIN
42MATCH opcode qtype qname
43ADJUST copy_id
44REPLY QR NOERROR
45SECTION QUESTION
46www.a.b.example.com. IN AAAA
47SECTION ANSWER
48SECTION AUTHORITY
49; NSEC that proves there is no AAAA record
50www.a.b.example.com. IN NSEC zzz.a.b.example.com. A NSEC RRSIG MX
51www.a.b.example.com.	3600	IN	RRSIG	NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486}
52ENTRY_END
53
54ENTRY_BEGIN
55MATCH opcode qtype qname
56ADJUST copy_id
57REPLY QR NOERROR
58SECTION QUESTION
59example.com. IN DNSKEY
60SECTION ANSWER
61example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
62example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091213091234 20091111091234 30899 example.com. hc+1QLqhy6lcfgH95k6eabsXrYsdH2oTLqDu6BjHYrmLi0kX4ZDiOI+syhIcGw9+hRqW1j8t+lsHvzvi7BgcXg== ;{id = 30899}
63ENTRY_END
64
65ENTRY_BEGIN
66MATCH opcode qtype qname
67ADJUST copy_id
68REPLY QR NOERROR
69SECTION QUESTION
70a.b.example.com. IN DNSKEY
71SECTION ANSWER
72a.b.example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b}
73a.b.example.com.	3600	IN	RRSIG	DNSKEY 5 4 3600 20091213091234 20091111091234 16486 a.b.example.com. kPftbF2Rut5h2Sc2k/gp27XS+4I9WQ/EYa5NJOnqfJZqpw/es7GuLyWAAZyvNhBDIUEenXtZ8k1H8F8poKdNXw== ;{id = 16486}
74ENTRY_END
75
76RANGE_END
77
78STEP 1 QUERY
79ENTRY_BEGIN
80REPLY RD DO
81SECTION QUESTION
82www.example.com. IN AAAA
83ENTRY_END
84; recursion happens here.
85STEP 10 CHECK_ANSWER
86ENTRY_BEGIN
87MATCH all
88REPLY QR RD RA AD DO NOERROR
89SECTION QUESTION
90www.example.com. IN AAAA
91SECTION ANSWER
92www.example.com. IN CNAME www.a.b.example.com.
93www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899}
94SECTION AUTHORITY
95l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.   3600    IN      NSEC3   1 1 1 d399eaab  l0c0e5lac37ai0lpij31sj699hkktdmc NS SOA RRSIG DNSKEY NSEC3PARAM  ; flags: optout
96l0c0e5lac37ai0lpij31sj699hkktdmb.example.com.   3600    IN      RRSIG   NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899}
971lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.   3600    IN      NSEC3   1 1 1 d399eaab  1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG  ; flags: optout
981lq4sb4omkd2vgj0l8lro2cbie223hco.example.com.   3600    IN      RRSIG   NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899}
99www.a.b.example.com.    3600    IN      NSEC    zzz.a.b.example.com. A MX RRSIG NSEC
100www.a.b.example.com.    3600    IN      RRSIG   NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486}
101ENTRY_END
102
103SCENARIO_END
104