1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" 6 val-override-date: "20070916134226" 7 target-fetch-policy: "0 0 0 0 0" 8 9stub-zone: 10 name: "." 11 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 12CONFIG_END 13 14SCENARIO_BEGIN Test validator with a cname to positive wildcard without proof 15 16; K.ROOT-SERVERS.NET. 17RANGE_BEGIN 0 100 18 ADDRESS 193.0.14.129 19ENTRY_BEGIN 20MATCH opcode qtype qname 21ADJUST copy_id 22REPLY QR NOERROR 23SECTION QUESTION 24. IN NS 25SECTION ANSWER 26. IN NS K.ROOT-SERVERS.NET. 27SECTION ADDITIONAL 28K.ROOT-SERVERS.NET. IN A 193.0.14.129 29ENTRY_END 30 31ENTRY_BEGIN 32MATCH opcode qtype qname 33ADJUST copy_id 34REPLY QR NOERROR 35SECTION QUESTION 36www.example.com. IN A 37SECTION AUTHORITY 38com. IN NS a.gtld-servers.net. 39SECTION ADDITIONAL 40a.gtld-servers.net. IN A 192.5.6.30 41ENTRY_END 42 43ENTRY_BEGIN 44MATCH opcode qtype qname 45ADJUST copy_id 46REPLY QR NOERROR 47SECTION QUESTION 48www.example.net. IN A 49SECTION AUTHORITY 50net. IN NS a.gtld-servers.net. 51SECTION ADDITIONAL 52a.gtld-servers.net. IN A 192.5.6.30 53ENTRY_END 54RANGE_END 55 56; a.gtld-servers.net. 57RANGE_BEGIN 0 100 58 ADDRESS 192.5.6.30 59ENTRY_BEGIN 60MATCH opcode qtype qname 61ADJUST copy_id 62REPLY QR NOERROR 63SECTION QUESTION 64com. IN NS 65SECTION ANSWER 66com. IN NS a.gtld-servers.net. 67SECTION ADDITIONAL 68a.gtld-servers.net. IN A 192.5.6.30 69ENTRY_END 70 71ENTRY_BEGIN 72MATCH opcode qtype qname 73ADJUST copy_id 74REPLY QR NOERROR 75SECTION QUESTION 76net. IN NS 77SECTION ANSWER 78net. IN NS a.gtld-servers.net. 79SECTION ADDITIONAL 80a.gtld-servers.net. IN A 192.5.6.30 81ENTRY_END 82 83ENTRY_BEGIN 84MATCH opcode subdomain 85ADJUST copy_id copy_query 86REPLY QR NOERROR 87SECTION QUESTION 88example.com. IN A 89SECTION AUTHORITY 90example.com. IN NS ns.example.com. 91SECTION ADDITIONAL 92ns.example.com. IN A 1.2.3.4 93ENTRY_END 94ENTRY_BEGIN 95MATCH opcode subdomain 96ADJUST copy_id copy_query 97REPLY QR NOERROR 98SECTION QUESTION 99example.net. IN A 100SECTION AUTHORITY 101example.net. IN NS ns.example.net. 102SECTION ADDITIONAL 103ns.example.net. IN A 1.2.3.5 104ENTRY_END 105RANGE_END 106 107; ns.example.com. 108RANGE_BEGIN 0 100 109 ADDRESS 1.2.3.4 110ENTRY_BEGIN 111MATCH opcode qtype qname 112ADJUST copy_id 113REPLY QR NOERROR 114SECTION QUESTION 115example.com. IN NS 116SECTION ANSWER 117example.com. IN NS ns.example.com. 118example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 119SECTION ADDITIONAL 120ns.example.com. IN A 1.2.3.4 121ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 122ENTRY_END 123 124; response to DNSKEY priming query 125ENTRY_BEGIN 126MATCH opcode qtype qname 127ADJUST copy_id 128REPLY QR NOERROR 129SECTION QUESTION 130example.com. IN DNSKEY 131SECTION ANSWER 132example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 133example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 134SECTION AUTHORITY 135example.com. IN NS ns.example.com. 136example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 137SECTION ADDITIONAL 138ns.example.com. IN A 1.2.3.4 139ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 140ENTRY_END 141 142; response to query of interest 143ENTRY_BEGIN 144MATCH opcode qtype qname 145ADJUST copy_id 146REPLY QR NOERROR 147SECTION QUESTION 148www.example.com. IN A 149SECTION ANSWER 150www.example.com. IN CNAME www.example.net. 151www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} 152SECTION AUTHORITY 153SECTION ADDITIONAL 154ENTRY_END 155 156ENTRY_BEGIN 157MATCH opcode qname qtype 158ADJUST copy_id 159REPLY QR AA REFUSED 160SECTION QUESTION 161ns.example.com. IN AAAA 162ENTRY_END 163 164ENTRY_BEGIN 165MATCH opcode qname qtype 166ADJUST copy_id 167REPLY QR AA REFUSED 168SECTION QUESTION 169ns.example.com. IN A 170ENTRY_END 171RANGE_END 172 173; ns.example.net. 174RANGE_BEGIN 0 100 175 ADDRESS 1.2.3.5 176ENTRY_BEGIN 177MATCH opcode qtype qname 178ADJUST copy_id 179REPLY QR NOERROR 180SECTION QUESTION 181example.net. IN NS 182SECTION ANSWER 183example.net. IN NS ns.example.net. 184example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 185SECTION ADDITIONAL 186ns.example.net. IN A 1.2.3.5 187ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 188ENTRY_END 189 190; response to DNSKEY priming query 191ENTRY_BEGIN 192MATCH opcode qtype qname 193ADJUST copy_id 194REPLY QR NOERROR 195SECTION QUESTION 196example.net. IN DNSKEY 197SECTION ANSWER 198example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 199example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} 200SECTION AUTHORITY 201example.net. IN NS ns.example.net. 202example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 203SECTION ADDITIONAL 204ns.example.net. IN A 1.2.3.5 205ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 206ENTRY_END 207 208; response to query of interest 209ENTRY_BEGIN 210MATCH opcode qtype qname 211ADJUST copy_id 212REPLY QR NOERROR 213SECTION QUESTION 214www.example.net. IN A 215SECTION ANSWER 216; from *.example.net. 217www.example.net. IN A 11.12.13.14 218www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899} 219SECTION AUTHORITY 220; missing proof 221;wab.example.net IN NSEC wzz.example.net. A NSEC RRSIG 222;wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} 223SECTION ADDITIONAL 224ENTRY_END 225 226ENTRY_BEGIN 227MATCH opcode qname qtype 228ADJUST copy_id 229REPLY QR AA REFUSED 230SECTION QUESTION 231ns.example.net. IN A 232ENTRY_END 233 234ENTRY_BEGIN 235MATCH opcode qname qtype 236ADJUST copy_id 237REPLY QR AA REFUSED 238SECTION QUESTION 239ns.example.net. IN AAAA 240ENTRY_END 241RANGE_END 242 243STEP 1 QUERY 244ENTRY_BEGIN 245REPLY RD DO 246SECTION QUESTION 247www.example.com. IN A 248ENTRY_END 249 250; recursion happens here. 251STEP 10 CHECK_ANSWER 252ENTRY_BEGIN 253MATCH all 254REPLY QR RD RA DO SERVFAIL 255SECTION QUESTION 256www.example.com. IN A 257SECTION ANSWER 258SECTION AUTHORITY 259SECTION ADDITIONAL 260ENTRY_END 261 262SCENARIO_END 263