1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" 6 val-override-date: "20070916134226" 7 target-fetch-policy: "0 0 0 0 0" 8 qname-minimisation: "no" 9 fake-sha1: yes 10 trust-anchor-signaling: no 11 ede: yes 12 13stub-zone: 14 name: "." 15 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 16CONFIG_END 17 18SCENARIO_BEGIN Test validator with a cname to positive wildcard without proof 19 20; K.ROOT-SERVERS.NET. 21RANGE_BEGIN 0 100 22 ADDRESS 193.0.14.129 23ENTRY_BEGIN 24MATCH opcode qtype qname 25ADJUST copy_id 26REPLY QR NOERROR 27SECTION QUESTION 28. IN NS 29SECTION ANSWER 30. IN NS K.ROOT-SERVERS.NET. 31SECTION ADDITIONAL 32K.ROOT-SERVERS.NET. IN A 193.0.14.129 33ENTRY_END 34 35ENTRY_BEGIN 36MATCH opcode qtype qname 37ADJUST copy_id 38REPLY QR NOERROR 39SECTION QUESTION 40www.example.com. IN A 41SECTION AUTHORITY 42com. IN NS a.gtld-servers.net. 43SECTION ADDITIONAL 44a.gtld-servers.net. IN A 192.5.6.30 45ENTRY_END 46 47ENTRY_BEGIN 48MATCH opcode qtype qname 49ADJUST copy_id 50REPLY QR NOERROR 51SECTION QUESTION 52www.example.net. IN A 53SECTION AUTHORITY 54net. IN NS a.gtld-servers.net. 55SECTION ADDITIONAL 56a.gtld-servers.net. IN A 192.5.6.30 57ENTRY_END 58RANGE_END 59 60; a.gtld-servers.net. 61RANGE_BEGIN 0 100 62 ADDRESS 192.5.6.30 63ENTRY_BEGIN 64MATCH opcode qtype qname 65ADJUST copy_id 66REPLY QR NOERROR 67SECTION QUESTION 68com. IN NS 69SECTION ANSWER 70com. IN NS a.gtld-servers.net. 71SECTION ADDITIONAL 72a.gtld-servers.net. IN A 192.5.6.30 73ENTRY_END 74 75ENTRY_BEGIN 76MATCH opcode qtype qname 77ADJUST copy_id 78REPLY QR NOERROR 79SECTION QUESTION 80net. IN NS 81SECTION ANSWER 82net. IN NS a.gtld-servers.net. 83SECTION ADDITIONAL 84a.gtld-servers.net. IN A 192.5.6.30 85ENTRY_END 86 87ENTRY_BEGIN 88MATCH opcode subdomain 89ADJUST copy_id copy_query 90REPLY QR NOERROR 91SECTION QUESTION 92example.com. IN A 93SECTION AUTHORITY 94example.com. IN NS ns.example.com. 95SECTION ADDITIONAL 96ns.example.com. IN A 1.2.3.4 97ENTRY_END 98ENTRY_BEGIN 99MATCH opcode subdomain 100ADJUST copy_id copy_query 101REPLY QR NOERROR 102SECTION QUESTION 103example.net. IN A 104SECTION AUTHORITY 105example.net. IN NS ns.example.net. 106SECTION ADDITIONAL 107ns.example.net. IN A 1.2.3.5 108ENTRY_END 109RANGE_END 110 111; ns.example.com. 112RANGE_BEGIN 0 100 113 ADDRESS 1.2.3.4 114ENTRY_BEGIN 115MATCH opcode qtype qname 116ADJUST copy_id 117REPLY QR NOERROR 118SECTION QUESTION 119example.com. IN NS 120SECTION ANSWER 121example.com. IN NS ns.example.com. 122example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 123SECTION ADDITIONAL 124ns.example.com. IN A 1.2.3.4 125ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 126ENTRY_END 127 128; response to DNSKEY priming query 129ENTRY_BEGIN 130MATCH opcode qtype qname 131ADJUST copy_id 132REPLY QR NOERROR 133SECTION QUESTION 134example.com. IN DNSKEY 135SECTION ANSWER 136example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 137example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 138SECTION AUTHORITY 139example.com. IN NS ns.example.com. 140example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 141SECTION ADDITIONAL 142ns.example.com. IN A 1.2.3.4 143ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 144ENTRY_END 145 146; response to query of interest 147ENTRY_BEGIN 148MATCH opcode qtype qname 149ADJUST copy_id 150REPLY QR NOERROR 151SECTION QUESTION 152www.example.com. IN A 153SECTION ANSWER 154www.example.com. IN CNAME www.example.net. 155www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} 156SECTION AUTHORITY 157SECTION ADDITIONAL 158ENTRY_END 159 160ENTRY_BEGIN 161MATCH opcode qname qtype 162ADJUST copy_id 163REPLY QR AA REFUSED 164SECTION QUESTION 165ns.example.com. IN AAAA 166ENTRY_END 167 168ENTRY_BEGIN 169MATCH opcode qname qtype 170ADJUST copy_id 171REPLY QR AA REFUSED 172SECTION QUESTION 173ns.example.com. IN A 174ENTRY_END 175RANGE_END 176 177; ns.example.net. 178RANGE_BEGIN 0 100 179 ADDRESS 1.2.3.5 180ENTRY_BEGIN 181MATCH opcode qtype qname 182ADJUST copy_id 183REPLY QR NOERROR 184SECTION QUESTION 185example.net. IN NS 186SECTION ANSWER 187example.net. IN NS ns.example.net. 188example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 189SECTION ADDITIONAL 190ns.example.net. IN A 1.2.3.5 191ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 192ENTRY_END 193 194; response to DNSKEY priming query 195ENTRY_BEGIN 196MATCH opcode qtype qname 197ADJUST copy_id 198REPLY QR NOERROR 199SECTION QUESTION 200example.net. IN DNSKEY 201SECTION ANSWER 202example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 203example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} 204SECTION AUTHORITY 205example.net. IN NS ns.example.net. 206example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 207SECTION ADDITIONAL 208ns.example.net. IN A 1.2.3.5 209ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 210ENTRY_END 211 212; response to query of interest 213ENTRY_BEGIN 214MATCH opcode qtype qname 215ADJUST copy_id 216REPLY QR NOERROR 217SECTION QUESTION 218www.example.net. IN A 219SECTION ANSWER 220; from *.example.net. 221www.example.net. IN A 11.12.13.14 222www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899} 223SECTION AUTHORITY 224; missing proof 225;wab.example.net IN NSEC wzz.example.net. A NSEC RRSIG 226;wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} 227SECTION ADDITIONAL 228ENTRY_END 229 230ENTRY_BEGIN 231MATCH opcode qname qtype 232ADJUST copy_id 233REPLY QR AA REFUSED 234SECTION QUESTION 235ns.example.net. IN A 236ENTRY_END 237 238ENTRY_BEGIN 239MATCH opcode qname qtype 240ADJUST copy_id 241REPLY QR AA REFUSED 242SECTION QUESTION 243ns.example.net. IN AAAA 244ENTRY_END 245RANGE_END 246 247STEP 1 QUERY 248ENTRY_BEGIN 249REPLY RD DO 250SECTION QUESTION 251www.example.com. IN A 252ENTRY_END 253 254; recursion happens here. 255STEP 10 CHECK_ANSWER 256ENTRY_BEGIN 257MATCH all ede=6 258REPLY QR RD RA DO SERVFAIL 259SECTION QUESTION 260www.example.com. IN A 261SECTION ANSWER 262ENTRY_END 263 264SCENARIO_END 265