1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 8stub-zone: 9 name: "." 10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 11CONFIG_END 12 13SCENARIO_BEGIN Test validator with unsigned delegation with no NS bit in NSEC 14 15; K.ROOT-SERVERS.NET. 16RANGE_BEGIN 0 100 17 ADDRESS 193.0.14.129 18ENTRY_BEGIN 19MATCH opcode qtype qname 20ADJUST copy_id 21REPLY QR NOERROR 22SECTION QUESTION 23. IN NS 24SECTION ANSWER 25. IN NS K.ROOT-SERVERS.NET. 26SECTION ADDITIONAL 27K.ROOT-SERVERS.NET. IN A 193.0.14.129 28ENTRY_END 29 30ENTRY_BEGIN 31MATCH opcode subdomain 32ADJUST copy_id copy_query 33REPLY QR NOERROR 34SECTION QUESTION 35com. IN A 36SECTION AUTHORITY 37com. IN NS a.gtld-servers.net. 38SECTION ADDITIONAL 39a.gtld-servers.net. IN A 192.5.6.30 40ENTRY_END 41RANGE_END 42 43; a.gtld-servers.net. 44RANGE_BEGIN 0 100 45 ADDRESS 192.5.6.30 46ENTRY_BEGIN 47MATCH opcode qtype qname 48ADJUST copy_id 49REPLY QR NOERROR 50SECTION QUESTION 51com. IN NS 52SECTION ANSWER 53com. IN NS a.gtld-servers.net. 54SECTION ADDITIONAL 55a.gtld-servers.net. IN A 192.5.6.30 56ENTRY_END 57 58ENTRY_BEGIN 59MATCH opcode subdomain 60ADJUST copy_id copy_query 61REPLY QR NOERROR 62SECTION QUESTION 63example.com. IN A 64SECTION AUTHORITY 65example.com. IN NS ns.example.com. 66SECTION ADDITIONAL 67ns.example.com. IN A 1.2.3.4 68ENTRY_END 69 70ENTRY_BEGIN 71MATCH opcode qtype qname 72ADJUST copy_id 73REPLY QR AA NOERROR 74SECTION QUESTION 75ns.example.com. IN AAAA 76SECTION ANSWER 77ENTRY_END 78RANGE_END 79 80; ns.example.com. 81RANGE_BEGIN 0 100 82 ADDRESS 1.2.3.4 83ENTRY_BEGIN 84MATCH opcode qtype qname 85ADJUST copy_id 86REPLY QR NOERROR 87SECTION QUESTION 88ns.example.com. IN AAAA 89SECTION ANSWER 90SECTION AUTHORITY 91example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 92example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 93SECTION ADDITIONAL 94ENTRY_END 95 96ENTRY_BEGIN 97MATCH opcode qtype qname 98ADJUST copy_id 99REPLY QR NOERROR 100SECTION QUESTION 101ns3.example.com. IN AAAA 102SECTION ANSWER 103SECTION AUTHORITY 104example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 105example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 106SECTION ADDITIONAL 107ENTRY_END 108 109ENTRY_BEGIN 110MATCH opcode qtype qname 111ADJUST copy_id 112REPLY QR NOERROR 113SECTION QUESTION 114ns.example.com. IN A 115SECTION ANSWER 116ns.example.com. IN A 1.2.3.4 117ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 118SECTION AUTHORITY 119example.com. IN NS ns.example.com. 120example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 121SECTION ADDITIONAL 122ENTRY_END 123 124ENTRY_BEGIN 125MATCH opcode qtype qname 126ADJUST copy_id 127REPLY QR NOERROR 128SECTION QUESTION 129example.com. IN NS 130SECTION ANSWER 131example.com. IN NS ns.example.com. 132example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 133SECTION ADDITIONAL 134ns.example.com. IN A 1.2.3.4 135ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 136ENTRY_END 137 138; response to DNSKEY priming query 139ENTRY_BEGIN 140MATCH opcode qtype qname 141ADJUST copy_id 142REPLY QR NOERROR 143SECTION QUESTION 144example.com. IN DNSKEY 145SECTION ANSWER 146example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 147example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 148SECTION AUTHORITY 149example.com. IN NS ns.example.com. 150example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 151SECTION ADDITIONAL 152ns.example.com. IN A 1.2.3.4 153ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 154ENTRY_END 155 156; response to query of interest 157ENTRY_BEGIN 158MATCH opcode qtype qname 159ADJUST copy_id 160REPLY QR AA NOERROR 161SECTION QUESTION 162foo.www.example.com. IN A 163SECTION ANSWER 164foo.www.example.com. IN A 1.2.3.4 165; unsigned, no delegation. 166ENTRY_END 167 168; DS query 169ENTRY_BEGIN 170MATCH opcode qtype qname 171ADJUST copy_id 172REPLY QR AA NOERROR 173SECTION QUESTION 174www.example.com. IN DS 175SECTION ANSWER 176SECTION AUTHORITY 177; NSEC3 here: 1 0 1 1234 178; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b. 179h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT 180h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= 181 182;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC 183;www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI= 184example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 185example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 186SECTION ADDITIONAL 187ENTRY_END 188 189; DS query for foo.www.example.com returns the referral without record. 190ENTRY_BEGIN 191MATCH opcode qtype qname 192ADJUST copy_id 193REPLY QR AA NOERROR 194SECTION QUESTION 195foo.www.example.com. IN DS 196SECTION ANSWER 197SECTION AUTHORITY 198mipf0g23547qunto04vboegh9vadsrpo.example.com. IN NSEC3 1 0 1 1234 mipf0g23547qunto04vboegh9vadsrpq TXT 199mipf0g23547qunto04vboegh9vadsrpo.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ADc6JrdKuTmIJe4sAjpKZSUZKdHdfhmREk2F5A5cftU9053b0/3ILQM= 200 201example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 202example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 203 204 205;www.example.com. IN NS ns3.example.com. 206;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT 207;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= 208;SECTION ADDITIONAL 209;ns3.example.com. IN A 1.2.3.5 210 211 212; NSEC3 here: 1 0 1 1234 213; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b. 214; *.www.example.com. -> cg2lpgpr8k7ck69h7bqu3od9pkht2o79. 215; foo.www.example.com. -> mipf0g23547qunto04vboegh9vadsrpo. 216 217;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT 218;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= 219;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com. IN NSEC3 1 0 1 1234 cg2lpgpr8k7ck69h7bqu3od9pkht2o89 TXT 220;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ACzxBHMyDB5tTrXijboPSsB0ws1lJe3/B62QNAMcZv7l9DYNDEDKsXY= 221;mipf0g23547qunto04vboegh9vadsrph.example.com. IN NSEC3 1 0 1 1234 mipf0g23547qunto04vboegh9vadsrpp TXT 222;mipf0g23547qunto04vboegh9vadsrph.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AG2B7lrIVtBgg+WIt0yNYekGDBKkY7xkKfI0GLQ8q3brGy/+jubxba0= 223 224;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC 225;www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI= 226 227;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 228;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 229SECTION ADDITIONAL 230ENTRY_END 231 232RANGE_END 233 234; ns3.example.com. 235RANGE_BEGIN 0 100 236 ADDRESS 1.2.3.5 237ENTRY_BEGIN 238MATCH opcode qtype qname 239ADJUST copy_id 240REPLY QR NOERROR 241SECTION QUESTION 242foo.www.example.com. IN DS 243SECTION ANSWER 244SECTION AUTHORITY 245foo.www.example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 246SECTION ADDITIONAL 247ENTRY_END 248RANGE_END 249 250 251STEP 1 QUERY 252ENTRY_BEGIN 253REPLY RD DO 254SECTION QUESTION 255foo.www.example.com. IN A 256ENTRY_END 257 258; recursion happens here. 259STEP 10 CHECK_ANSWER 260ENTRY_BEGIN 261MATCH all 262REPLY QR RD RA DO SERVFAIL 263SECTION QUESTION 264foo.www.example.com. IN A 265SECTION ANSWER 266ENTRY_END 267 268SCENARIO_END 269