1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" 6 val-override-date: "20070916134226" 7 target-fetch-policy: "0 0 0 0 0" 8 9stub-zone: 10 name: "." 11 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 12CONFIG_END 13 14SCENARIO_BEGIN Test validator with cname to nodata 15 16; K.ROOT-SERVERS.NET. 17RANGE_BEGIN 0 100 18 ADDRESS 193.0.14.129 19ENTRY_BEGIN 20MATCH opcode qtype qname 21ADJUST copy_id 22REPLY QR NOERROR 23SECTION QUESTION 24. IN NS 25SECTION ANSWER 26. IN NS K.ROOT-SERVERS.NET. 27SECTION ADDITIONAL 28K.ROOT-SERVERS.NET. IN A 193.0.14.129 29ENTRY_END 30 31ENTRY_BEGIN 32MATCH opcode qtype qname 33ADJUST copy_id 34REPLY QR NOERROR 35SECTION QUESTION 36www.example.com. IN A 37SECTION AUTHORITY 38com. IN NS a.gtld-servers.net. 39SECTION ADDITIONAL 40a.gtld-servers.net. IN A 192.5.6.30 41ENTRY_END 42 43ENTRY_BEGIN 44MATCH opcode qtype qname 45ADJUST copy_id 46REPLY QR NOERROR 47SECTION QUESTION 48www.example.net. IN A 49SECTION AUTHORITY 50net. IN NS a.gtld-servers.net. 51SECTION ADDITIONAL 52a.gtld-servers.net. IN A 192.5.6.30 53ENTRY_END 54RANGE_END 55 56; a.gtld-servers.net. 57RANGE_BEGIN 0 100 58 ADDRESS 192.5.6.30 59ENTRY_BEGIN 60MATCH opcode qtype qname 61ADJUST copy_id 62REPLY QR NOERROR 63SECTION QUESTION 64com. IN NS 65SECTION ANSWER 66com. IN NS a.gtld-servers.net. 67SECTION ADDITIONAL 68a.gtld-servers.net. IN A 192.5.6.30 69ENTRY_END 70 71ENTRY_BEGIN 72MATCH opcode qtype qname 73ADJUST copy_id 74REPLY QR NOERROR 75SECTION QUESTION 76net. IN NS 77SECTION ANSWER 78net. IN NS a.gtld-servers.net. 79SECTION ADDITIONAL 80a.gtld-servers.net. IN A 192.5.6.30 81ENTRY_END 82 83ENTRY_BEGIN 84MATCH opcode qtype qname 85ADJUST copy_id 86REPLY QR NOERROR 87SECTION QUESTION 88www.example.com. IN A 89SECTION AUTHORITY 90example.com. IN NS ns.example.com. 91SECTION ADDITIONAL 92ns.example.com. IN A 1.2.3.4 93ENTRY_END 94ENTRY_BEGIN 95MATCH opcode qtype qname 96ADJUST copy_id 97REPLY QR NOERROR 98SECTION QUESTION 99www.example.net. IN A 100SECTION AUTHORITY 101example.net. IN NS ns.example.net. 102SECTION ADDITIONAL 103ns.example.net. IN A 1.2.3.5 104ENTRY_END 105RANGE_END 106 107; ns.example.com. 108RANGE_BEGIN 0 100 109 ADDRESS 1.2.3.4 110ENTRY_BEGIN 111MATCH opcode qtype qname 112ADJUST copy_id 113REPLY QR NOERROR 114SECTION QUESTION 115example.com. IN NS 116SECTION ANSWER 117example.com. IN NS ns.example.com. 118example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 119SECTION ADDITIONAL 120ns.example.com. IN A 1.2.3.4 121ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 122ENTRY_END 123 124; response to DNSKEY priming query 125ENTRY_BEGIN 126MATCH opcode qtype qname 127ADJUST copy_id 128REPLY QR NOERROR 129SECTION QUESTION 130example.com. IN DNSKEY 131SECTION ANSWER 132example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 133example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 134SECTION AUTHORITY 135example.com. IN NS ns.example.com. 136example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 137SECTION ADDITIONAL 138ns.example.com. IN A 1.2.3.4 139ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 140ENTRY_END 141 142ENTRY_BEGIN 143MATCH opcode qtype qname 144ADJUST copy_id 145REPLY QR NOERROR 146SECTION QUESTION 147ns.example.com. IN AAAA 148SECTION ANSWER 149SECTION AUTHORITY 150; NSEC here ... 151SECTION ADDITIONAL 152ENTRY_END 153 154; response to query of interest 155ENTRY_BEGIN 156MATCH opcode qtype qname 157ADJUST copy_id 158REPLY QR NOERROR 159SECTION QUESTION 160www.example.com. IN A 161SECTION ANSWER 162www.example.com. 3600 IN CNAME www.example.net. 163www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} 164SECTION AUTHORITY 165SECTION ADDITIONAL 166ENTRY_END 167RANGE_END 168 169; ns.example.net. 170RANGE_BEGIN 0 100 171 ADDRESS 1.2.3.5 172ENTRY_BEGIN 173MATCH opcode qtype qname 174ADJUST copy_id 175REPLY QR NOERROR 176SECTION QUESTION 177example.net. IN NS 178SECTION ANSWER 179example.net. IN NS ns.example.net. 180example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 181SECTION ADDITIONAL 182ns.example.net. IN A 1.2.3.5 183ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 184ENTRY_END 185 186; response to DNSKEY priming query 187ENTRY_BEGIN 188MATCH opcode qtype qname 189ADJUST copy_id 190REPLY QR NOERROR 191SECTION QUESTION 192example.net. IN DNSKEY 193SECTION ANSWER 194example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 195example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} 196SECTION AUTHORITY 197example.net. IN NS ns.example.net. 198example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 199SECTION ADDITIONAL 200ns.example.net. IN A 1.2.3.5 201ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 202ENTRY_END 203 204ENTRY_BEGIN 205MATCH opcode qtype qname 206ADJUST copy_id 207REPLY QR NOERROR 208SECTION QUESTION 209ns.example.net. IN AAAA 210SECTION ANSWER 211SECTION AUTHORITY 212; NSEC here 213SECTION ADDITIONAL 214ENTRY_END 215 216; response to query of interest 217ENTRY_BEGIN 218MATCH opcode qtype qname 219ADJUST copy_id 220REPLY QR NOERROR 221SECTION QUESTION 222www.example.net. IN A 223SECTION ANSWER 224SECTION AUTHORITY 225;www.example.net. IN NSEC example.net. MX NSEC RRSIG 226;www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} 227SECTION ADDITIONAL 228ENTRY_END 229 230ENTRY_BEGIN 231MATCH opcode qtype qname 232ADJUST copy_id 233REPLY QR NOERROR 234SECTION QUESTION 235www.example.net. IN DS 236SECTION ANSWER 237SECTION AUTHORITY 238www.example.net. IN NSEC example.net. MX NSEC RRSIG 239www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} 240SECTION ADDITIONAL 241ENTRY_END 242RANGE_END 243 244STEP 1 QUERY 245ENTRY_BEGIN 246REPLY RD DO 247SECTION QUESTION 248www.example.com. IN A 249ENTRY_END 250 251; recursion happens here. 252STEP 10 CHECK_ANSWER 253ENTRY_BEGIN 254MATCH all 255REPLY QR RD RA DO SERVFAIL 256SECTION QUESTION 257www.example.com. IN A 258SECTION ANSWER 259SECTION ADDITIONAL 260ENTRY_END 261 262SCENARIO_END 263