1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 11stub-zone: 12 name: "." 13 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 14CONFIG_END 15 16SCENARIO_BEGIN Test validator with unsigned delegation with no NS bit in NSEC 17 18; K.ROOT-SERVERS.NET. 19RANGE_BEGIN 0 100 20 ADDRESS 193.0.14.129 21ENTRY_BEGIN 22MATCH opcode qtype qname 23ADJUST copy_id 24REPLY QR NOERROR 25SECTION QUESTION 26. IN NS 27SECTION ANSWER 28. IN NS K.ROOT-SERVERS.NET. 29SECTION ADDITIONAL 30K.ROOT-SERVERS.NET. IN A 193.0.14.129 31ENTRY_END 32 33ENTRY_BEGIN 34MATCH opcode subdomain 35ADJUST copy_id copy_query 36REPLY QR NOERROR 37SECTION QUESTION 38com. IN A 39SECTION AUTHORITY 40com. IN NS a.gtld-servers.net. 41SECTION ADDITIONAL 42a.gtld-servers.net. IN A 192.5.6.30 43ENTRY_END 44RANGE_END 45 46; a.gtld-servers.net. 47RANGE_BEGIN 0 100 48 ADDRESS 192.5.6.30 49ENTRY_BEGIN 50MATCH opcode qtype qname 51ADJUST copy_id 52REPLY QR NOERROR 53SECTION QUESTION 54com. IN NS 55SECTION ANSWER 56com. IN NS a.gtld-servers.net. 57SECTION ADDITIONAL 58a.gtld-servers.net. IN A 192.5.6.30 59ENTRY_END 60 61ENTRY_BEGIN 62MATCH opcode subdomain 63ADJUST copy_id copy_query 64REPLY QR NOERROR 65SECTION QUESTION 66example.com. IN A 67SECTION AUTHORITY 68example.com. IN NS ns.example.com. 69SECTION ADDITIONAL 70ns.example.com. IN A 1.2.3.4 71ENTRY_END 72 73ENTRY_BEGIN 74MATCH opcode qtype qname 75ADJUST copy_id 76REPLY QR AA NOERROR 77SECTION QUESTION 78ns.example.com. IN AAAA 79SECTION ANSWER 80ENTRY_END 81RANGE_END 82 83; ns.example.com. 84RANGE_BEGIN 0 100 85 ADDRESS 1.2.3.4 86ENTRY_BEGIN 87MATCH opcode qtype qname 88ADJUST copy_id 89REPLY QR NOERROR 90SECTION QUESTION 91ns.example.com. IN AAAA 92SECTION ANSWER 93SECTION AUTHORITY 94example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 95example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 96SECTION ADDITIONAL 97ENTRY_END 98 99ENTRY_BEGIN 100MATCH opcode qtype qname 101ADJUST copy_id 102REPLY QR NOERROR 103SECTION QUESTION 104ns3.example.com. IN AAAA 105SECTION ANSWER 106SECTION AUTHORITY 107example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 108example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 109SECTION ADDITIONAL 110ENTRY_END 111 112ENTRY_BEGIN 113MATCH opcode qtype qname 114ADJUST copy_id 115REPLY QR NOERROR 116SECTION QUESTION 117ns.example.com. IN A 118SECTION ANSWER 119ns.example.com. IN A 1.2.3.4 120ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 121SECTION AUTHORITY 122example.com. IN NS ns.example.com. 123example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 124SECTION ADDITIONAL 125ENTRY_END 126 127ENTRY_BEGIN 128MATCH opcode qtype qname 129ADJUST copy_id 130REPLY QR NOERROR 131SECTION QUESTION 132example.com. IN NS 133SECTION ANSWER 134example.com. IN NS ns.example.com. 135example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 136SECTION ADDITIONAL 137ns.example.com. IN A 1.2.3.4 138ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 139ENTRY_END 140 141; response to DNSKEY priming query 142ENTRY_BEGIN 143MATCH opcode qtype qname 144ADJUST copy_id 145REPLY QR NOERROR 146SECTION QUESTION 147example.com. IN DNSKEY 148SECTION ANSWER 149example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 150example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 151SECTION AUTHORITY 152example.com. IN NS ns.example.com. 153example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 154SECTION ADDITIONAL 155ns.example.com. IN A 1.2.3.4 156ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 157ENTRY_END 158 159; response to query of interest 160ENTRY_BEGIN 161MATCH opcode qtype qname 162ADJUST copy_id 163REPLY QR AA NOERROR 164SECTION QUESTION 165foo.www.example.com. IN A 166SECTION ANSWER 167foo.www.example.com. IN A 1.2.3.4 168; unsigned, no delegation. 169ENTRY_END 170 171; DS query 172ENTRY_BEGIN 173MATCH opcode qtype qname 174ADJUST copy_id 175REPLY QR AA NOERROR 176SECTION QUESTION 177www.example.com. IN DS 178SECTION ANSWER 179SECTION AUTHORITY 180; NSEC3 here: 1 0 1 1234 181; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b. 182h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT 183h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= 184 185;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC 186;www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI= 187example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 188example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 189SECTION ADDITIONAL 190ENTRY_END 191 192; DS query for foo.www.example.com returns the referral without record. 193ENTRY_BEGIN 194MATCH opcode qtype qname 195ADJUST copy_id 196REPLY QR AA NOERROR 197SECTION QUESTION 198foo.www.example.com. IN DS 199SECTION ANSWER 200SECTION AUTHORITY 201mipf0g23547qunto04vboegh9vadsrpo.example.com. IN NSEC3 1 0 1 1234 mipf0g23547qunto04vboegh9vadsrpq TXT 202mipf0g23547qunto04vboegh9vadsrpo.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ADc6JrdKuTmIJe4sAjpKZSUZKdHdfhmREk2F5A5cftU9053b0/3ILQM= 203 204example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 205example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 206 207 208;www.example.com. IN NS ns3.example.com. 209;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT 210;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= 211;SECTION ADDITIONAL 212;ns3.example.com. IN A 1.2.3.5 213 214 215; NSEC3 here: 1 0 1 1234 216; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b. 217; *.www.example.com. -> cg2lpgpr8k7ck69h7bqu3od9pkht2o79. 218; foo.www.example.com. -> mipf0g23547qunto04vboegh9vadsrpo. 219 220;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT 221;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= 222;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com. IN NSEC3 1 0 1 1234 cg2lpgpr8k7ck69h7bqu3od9pkht2o89 TXT 223;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ACzxBHMyDB5tTrXijboPSsB0ws1lJe3/B62QNAMcZv7l9DYNDEDKsXY= 224;mipf0g23547qunto04vboegh9vadsrph.example.com. IN NSEC3 1 0 1 1234 mipf0g23547qunto04vboegh9vadsrpp TXT 225;mipf0g23547qunto04vboegh9vadsrph.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AG2B7lrIVtBgg+WIt0yNYekGDBKkY7xkKfI0GLQ8q3brGy/+jubxba0= 226 227;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC 228;www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI= 229 230;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 231;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 232SECTION ADDITIONAL 233ENTRY_END 234 235RANGE_END 236 237; ns3.example.com. 238RANGE_BEGIN 0 100 239 ADDRESS 1.2.3.5 240ENTRY_BEGIN 241MATCH opcode qtype qname 242ADJUST copy_id 243REPLY QR NOERROR 244SECTION QUESTION 245foo.www.example.com. IN DS 246SECTION ANSWER 247SECTION AUTHORITY 248foo.www.example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 249SECTION ADDITIONAL 250ENTRY_END 251RANGE_END 252 253 254STEP 1 QUERY 255ENTRY_BEGIN 256REPLY RD DO 257SECTION QUESTION 258foo.www.example.com. IN A 259ENTRY_END 260 261; recursion happens here. 262STEP 10 CHECK_ANSWER 263ENTRY_BEGIN 264MATCH all 265REPLY QR RD RA DO SERVFAIL 266SECTION QUESTION 267foo.www.example.com. IN A 268SECTION ANSWER 269ENTRY_END 270 271SCENARIO_END 272