1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" 6 val-override-date: "20070916134226" 7 target-fetch-policy: "0 0 0 0 0" 8 qname-minimisation: "no" 9 fake-sha1: yes 10 trust-anchor-signaling: no 11 ede: yes 12 access-control: 127.0.0.0/8 allow_snoop 13 14stub-zone: 15 name: "." 16 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 17CONFIG_END 18 19SCENARIO_BEGIN Test validator with cname to nodata 20 21; K.ROOT-SERVERS.NET. 22RANGE_BEGIN 0 100 23 ADDRESS 193.0.14.129 24ENTRY_BEGIN 25MATCH opcode qtype qname 26ADJUST copy_id 27REPLY QR NOERROR 28SECTION QUESTION 29. IN NS 30SECTION ANSWER 31. IN NS K.ROOT-SERVERS.NET. 32SECTION ADDITIONAL 33K.ROOT-SERVERS.NET. IN A 193.0.14.129 34ENTRY_END 35 36ENTRY_BEGIN 37MATCH opcode qtype qname 38ADJUST copy_id 39REPLY QR NOERROR 40SECTION QUESTION 41www.example.com. IN A 42SECTION AUTHORITY 43com. IN NS a.gtld-servers.net. 44SECTION ADDITIONAL 45a.gtld-servers.net. IN A 192.5.6.30 46ENTRY_END 47 48ENTRY_BEGIN 49MATCH opcode qtype qname 50ADJUST copy_id 51REPLY QR NOERROR 52SECTION QUESTION 53www.example.net. IN A 54SECTION AUTHORITY 55net. IN NS a.gtld-servers.net. 56SECTION ADDITIONAL 57a.gtld-servers.net. IN A 192.5.6.30 58ENTRY_END 59RANGE_END 60 61; a.gtld-servers.net. 62RANGE_BEGIN 0 100 63 ADDRESS 192.5.6.30 64ENTRY_BEGIN 65MATCH opcode qtype qname 66ADJUST copy_id 67REPLY QR NOERROR 68SECTION QUESTION 69com. IN NS 70SECTION ANSWER 71com. IN NS a.gtld-servers.net. 72SECTION ADDITIONAL 73a.gtld-servers.net. IN A 192.5.6.30 74ENTRY_END 75 76ENTRY_BEGIN 77MATCH opcode qtype qname 78ADJUST copy_id 79REPLY QR NOERROR 80SECTION QUESTION 81net. IN NS 82SECTION ANSWER 83net. IN NS a.gtld-servers.net. 84SECTION ADDITIONAL 85a.gtld-servers.net. IN A 192.5.6.30 86ENTRY_END 87 88ENTRY_BEGIN 89MATCH opcode qtype qname 90ADJUST copy_id 91REPLY QR NOERROR 92SECTION QUESTION 93www.example.com. IN A 94SECTION AUTHORITY 95example.com. IN NS ns.example.com. 96SECTION ADDITIONAL 97ns.example.com. IN A 1.2.3.4 98ENTRY_END 99ENTRY_BEGIN 100MATCH opcode qtype qname 101ADJUST copy_id 102REPLY QR NOERROR 103SECTION QUESTION 104www.example.net. IN A 105SECTION AUTHORITY 106example.net. IN NS ns.example.net. 107SECTION ADDITIONAL 108ns.example.net. IN A 1.2.3.5 109ENTRY_END 110RANGE_END 111 112; ns.example.com. 113RANGE_BEGIN 0 100 114 ADDRESS 1.2.3.4 115ENTRY_BEGIN 116MATCH opcode qtype qname 117ADJUST copy_id 118REPLY QR NOERROR 119SECTION QUESTION 120example.com. IN NS 121SECTION ANSWER 122example.com. IN NS ns.example.com. 123example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 124SECTION ADDITIONAL 125ns.example.com. IN A 1.2.3.4 126ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 127ENTRY_END 128 129; response to DNSKEY priming query 130ENTRY_BEGIN 131MATCH opcode qtype qname 132ADJUST copy_id 133REPLY QR NOERROR 134SECTION QUESTION 135example.com. IN DNSKEY 136SECTION ANSWER 137example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 138example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 139SECTION AUTHORITY 140example.com. IN NS ns.example.com. 141example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 142SECTION ADDITIONAL 143ns.example.com. IN A 1.2.3.4 144ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 145ENTRY_END 146 147ENTRY_BEGIN 148MATCH opcode qtype qname 149ADJUST copy_id 150REPLY QR AA NOERROR 151SECTION QUESTION 152ns.example.com. IN AAAA 153SECTION ANSWER 154SECTION AUTHORITY 155example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 156example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. AI+pFL3opyI/Mx3pCwnULbwc99bqXrJjRp4ds1lIBPN9X/Pia3wQdkM= 157; NSEC here ... 158SECTION ADDITIONAL 159ENTRY_END 160 161; response to query of interest 162ENTRY_BEGIN 163MATCH opcode qtype qname 164ADJUST copy_id 165REPLY QR NOERROR 166SECTION QUESTION 167www.example.com. IN A 168SECTION ANSWER 169www.example.com. 3600 IN CNAME www.example.net. 170www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} 171SECTION AUTHORITY 172SECTION ADDITIONAL 173ENTRY_END 174RANGE_END 175 176; ns.example.net. 177RANGE_BEGIN 0 100 178 ADDRESS 1.2.3.5 179ENTRY_BEGIN 180MATCH opcode qtype qname 181ADJUST copy_id 182REPLY QR NOERROR 183SECTION QUESTION 184example.net. IN NS 185SECTION ANSWER 186example.net. IN NS ns.example.net. 187example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 188SECTION ADDITIONAL 189ns.example.net. IN A 1.2.3.5 190ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 191ENTRY_END 192 193; response to DNSKEY priming query 194ENTRY_BEGIN 195MATCH opcode qtype qname 196ADJUST copy_id 197REPLY QR NOERROR 198SECTION QUESTION 199example.net. IN DNSKEY 200SECTION ANSWER 201example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 202example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} 203SECTION AUTHORITY 204example.net. IN NS ns.example.net. 205example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 206SECTION ADDITIONAL 207ns.example.net. IN A 1.2.3.5 208ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 209ENTRY_END 210 211ENTRY_BEGIN 212MATCH opcode qtype qname 213ADJUST copy_id 214REPLY QR AA NOERROR 215SECTION QUESTION 216ns.example.net. IN AAAA 217SECTION ANSWER 218SECTION AUTHORITY 219example.net. IN NS ns.example.net. 220example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 221; NSEC here 222SECTION ADDITIONAL 223ENTRY_END 224 225; response to query of interest 226ENTRY_BEGIN 227MATCH opcode qtype qname 228ADJUST copy_id 229REPLY QR NOERROR 230SECTION QUESTION 231www.example.net. IN A 232SECTION ANSWER 233SECTION AUTHORITY 234example.net. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 235;example.net. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.net. ADNbj4XoTESBEkbFri3OG7SujbOUAoyrxPNHbULhxbvbB48Y0YAwvNY= 236;www.example.net. IN NSEC example.net. MX NSEC RRSIG 237;www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} 238SECTION ADDITIONAL 239ENTRY_END 240 241ENTRY_BEGIN 242MATCH opcode qtype qname 243ADJUST copy_id 244REPLY QR NOERROR 245SECTION QUESTION 246www.example.net. IN DS 247SECTION ANSWER 248SECTION AUTHORITY 249www.example.net. IN NSEC example.net. MX NSEC RRSIG 250www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} 251SECTION ADDITIONAL 252ENTRY_END 253RANGE_END 254 255STEP 1 QUERY 256ENTRY_BEGIN 257REPLY RD DO 258SECTION QUESTION 259www.example.com. IN A 260ENTRY_END 261 262; recursion happens here. 263STEP 10 CHECK_ANSWER 264ENTRY_BEGIN 265MATCH all ede=10 266REPLY QR RD RA DO SERVFAIL 267SECTION QUESTION 268www.example.com. IN A 269SECTION ANSWER 270ENTRY_END 271 272; Redo the query without RD to check EDE caching. 273STEP 11 QUERY 274ENTRY_BEGIN 275REPLY DO 276SECTION QUESTION 277www.example.com. IN A 278ENTRY_END 279 280STEP 12 CHECK_ANSWER 281ENTRY_BEGIN 282MATCH all ede=10 283REPLY QR RA DO SERVFAIL 284SECTION QUESTION 285www.example.com. IN A 286SECTION ANSWER 287ENTRY_END 288 289SCENARIO_END 290