1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" 6 val-override-date: "20070916134226" 7 target-fetch-policy: "0 0 0 0 0" 8 9stub-zone: 10 name: "." 11 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 12CONFIG_END 13 14SCENARIO_BEGIN Test validator with a wildcarded dname 15 16; K.ROOT-SERVERS.NET. 17RANGE_BEGIN 0 100 18 ADDRESS 193.0.14.129 19ENTRY_BEGIN 20MATCH opcode qtype qname 21ADJUST copy_id 22REPLY QR NOERROR 23SECTION QUESTION 24. IN NS 25SECTION ANSWER 26. IN NS K.ROOT-SERVERS.NET. 27SECTION ADDITIONAL 28K.ROOT-SERVERS.NET. IN A 193.0.14.129 29ENTRY_END 30 31ENTRY_BEGIN 32MATCH opcode qtype qname 33ADJUST copy_id 34REPLY QR NOERROR 35SECTION QUESTION 36www.sub.example.com. IN A 37SECTION AUTHORITY 38com. IN NS a.gtld-servers.net. 39SECTION ADDITIONAL 40a.gtld-servers.net. IN A 192.5.6.30 41ENTRY_END 42 43ENTRY_BEGIN 44MATCH opcode qtype qname 45ADJUST copy_id 46REPLY QR NOERROR 47SECTION QUESTION 48www.example.net. IN A 49SECTION AUTHORITY 50net. IN NS a.gtld-servers.net. 51SECTION ADDITIONAL 52a.gtld-servers.net. IN A 192.5.6.30 53ENTRY_END 54RANGE_END 55 56; a.gtld-servers.net. 57RANGE_BEGIN 0 100 58 ADDRESS 192.5.6.30 59ENTRY_BEGIN 60MATCH opcode qtype qname 61ADJUST copy_id 62REPLY QR NOERROR 63SECTION QUESTION 64com. IN NS 65SECTION ANSWER 66com. IN NS a.gtld-servers.net. 67SECTION ADDITIONAL 68a.gtld-servers.net. IN A 192.5.6.30 69ENTRY_END 70 71ENTRY_BEGIN 72MATCH opcode qtype qname 73ADJUST copy_id 74REPLY QR NOERROR 75SECTION QUESTION 76net. IN NS 77SECTION ANSWER 78net. IN NS a.gtld-servers.net. 79SECTION ADDITIONAL 80a.gtld-servers.net. IN A 192.5.6.30 81ENTRY_END 82 83ENTRY_BEGIN 84MATCH opcode subdomain 85ADJUST copy_id copy_query 86REPLY QR NOERROR 87SECTION QUESTION 88example.com. IN A 89SECTION AUTHORITY 90example.com. IN NS ns.example.com. 91SECTION ADDITIONAL 92ns.example.com. IN A 1.2.3.4 93ENTRY_END 94ENTRY_BEGIN 95MATCH opcode subdomain 96ADJUST copy_id copy_query 97REPLY QR NOERROR 98SECTION QUESTION 99example.net. IN A 100SECTION AUTHORITY 101example.net. IN NS ns.example.net. 102SECTION ADDITIONAL 103ns.example.net. IN A 1.2.3.5 104ENTRY_END 105RANGE_END 106 107; ns.example.com. 108RANGE_BEGIN 0 100 109 ADDRESS 1.2.3.4 110ENTRY_BEGIN 111MATCH opcode qtype qname 112ADJUST copy_id 113REPLY QR AA REFUSED 114SECTION QUESTION 115ns.example.com. IN AAAA 116ENTRY_END 117 118ENTRY_BEGIN 119MATCH opcode qtype qname 120ADJUST copy_id 121REPLY QR AA REFUSED 122SECTION QUESTION 123ns.example.com. IN A 124ENTRY_END 125 126ENTRY_BEGIN 127MATCH opcode qtype qname 128ADJUST copy_id 129REPLY QR NOERROR 130SECTION QUESTION 131example.com. IN NS 132SECTION ANSWER 133example.com. IN NS ns.example.com. 134example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 135SECTION ADDITIONAL 136ns.example.com. IN A 1.2.3.4 137ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 138ENTRY_END 139 140; response to DNSKEY priming query 141ENTRY_BEGIN 142MATCH opcode qtype qname 143ADJUST copy_id 144REPLY QR NOERROR 145SECTION QUESTION 146example.com. IN DNSKEY 147SECTION ANSWER 148example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 149example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 150SECTION AUTHORITY 151example.com. IN NS ns.example.com. 152example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 153SECTION ADDITIONAL 154ns.example.com. IN A 1.2.3.4 155ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 156ENTRY_END 157 158; response to query of interest 159ENTRY_BEGIN 160MATCH opcode qtype qname 161ADJUST copy_id 162REPLY QR NOERROR 163SECTION QUESTION 164www.sub.example.com. IN A 165SECTION ANSWER 166; *.example.com. IN DNAME example.net. 167sub.example.com. IN DNAME example.net. 168sub.example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFEyO+NY3QgAf/cF0mmZhsj3TqgoGAhRqJhHoCd+aA1FbBp16WGfk1HmeIg== ;{id = 2854} 169; unsigned CNAME; one interpretation of the wildcarded DNAME expansion 170www.sub.example.com. IN CNAME www.example.net. 171SECTION AUTHORITY 172; prove original does not exist 173ns.example.com. IN NSEC www.example.com. A RRSIG NSEC 174ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCCqvDUT+jMCvfm7OHL2IDY75JDmQIUfOtDiiyeSiwjuq3i3OuLnVRyoJ8= ;{id = 2854} 175SECTION ADDITIONAL 176ENTRY_END 177RANGE_END 178 179; ns.example.net. 180RANGE_BEGIN 0 100 181 ADDRESS 1.2.3.5 182ENTRY_BEGIN 183MATCH opcode qtype qname 184ADJUST copy_id 185REPLY QR AA REFUSED 186SECTION QUESTION 187ns.example.net. IN AAAA 188ENTRY_END 189 190ENTRY_BEGIN 191MATCH opcode qtype qname 192ADJUST copy_id 193REPLY QR AA REFUSED 194SECTION QUESTION 195ns.example.net. IN A 196ENTRY_END 197 198ENTRY_BEGIN 199MATCH opcode qtype qname 200ADJUST copy_id 201REPLY QR NOERROR 202SECTION QUESTION 203example.net. IN NS 204SECTION ANSWER 205example.net. IN NS ns.example.net. 206example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 207SECTION ADDITIONAL 208ns.example.net. IN A 1.2.3.5 209ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 210ENTRY_END 211 212; response to DNSKEY priming query 213ENTRY_BEGIN 214MATCH opcode qtype qname 215ADJUST copy_id 216REPLY QR NOERROR 217SECTION QUESTION 218example.net. IN DNSKEY 219SECTION ANSWER 220example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 221example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} 222SECTION AUTHORITY 223example.net. IN NS ns.example.net. 224example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 225SECTION ADDITIONAL 226ns.example.net. IN A 1.2.3.5 227ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 228ENTRY_END 229 230; response to query of interest 231ENTRY_BEGIN 232MATCH opcode qtype qname 233ADJUST copy_id 234REPLY QR NOERROR 235SECTION QUESTION 236www.example.net. IN A 237SECTION ANSWER 238; from *.example.net. 239www.example.net. IN A 11.12.13.14 240www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} 241SECTION AUTHORITY 242SECTION ADDITIONAL 243ENTRY_END 244RANGE_END 245 246STEP 1 QUERY 247ENTRY_BEGIN 248REPLY RD DO 249SECTION QUESTION 250www.sub.example.com. IN A 251ENTRY_END 252 253; recursion happens here. 254STEP 10 CHECK_ANSWER 255ENTRY_BEGIN 256MATCH all 257REPLY QR RD RA DO SERVFAIL 258SECTION QUESTION 259www.sub.example.com. IN A 260SECTION ANSWER 261SECTION AUTHORITY 262SECTION ADDITIONAL 263ENTRY_END 264 265SCENARIO_END 266