1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" 6 val-override-date: "20070916134226" 7 target-fetch-policy: "0 0 0 0 0" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 11stub-zone: 12 name: "." 13 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 14CONFIG_END 15 16SCENARIO_BEGIN Test validator with a wildcarded dname 17 18; K.ROOT-SERVERS.NET. 19RANGE_BEGIN 0 100 20 ADDRESS 193.0.14.129 21ENTRY_BEGIN 22MATCH opcode qtype qname 23ADJUST copy_id 24REPLY QR NOERROR 25SECTION QUESTION 26. IN NS 27SECTION ANSWER 28. IN NS K.ROOT-SERVERS.NET. 29SECTION ADDITIONAL 30K.ROOT-SERVERS.NET. IN A 193.0.14.129 31ENTRY_END 32 33ENTRY_BEGIN 34MATCH opcode qtype qname 35ADJUST copy_id 36REPLY QR NOERROR 37SECTION QUESTION 38www.sub.example.com. IN A 39SECTION AUTHORITY 40com. IN NS a.gtld-servers.net. 41SECTION ADDITIONAL 42a.gtld-servers.net. IN A 192.5.6.30 43ENTRY_END 44 45ENTRY_BEGIN 46MATCH opcode qtype qname 47ADJUST copy_id 48REPLY QR NOERROR 49SECTION QUESTION 50www.example.net. IN A 51SECTION AUTHORITY 52net. IN NS a.gtld-servers.net. 53SECTION ADDITIONAL 54a.gtld-servers.net. IN A 192.5.6.30 55ENTRY_END 56RANGE_END 57 58; a.gtld-servers.net. 59RANGE_BEGIN 0 100 60 ADDRESS 192.5.6.30 61ENTRY_BEGIN 62MATCH opcode qtype qname 63ADJUST copy_id 64REPLY QR NOERROR 65SECTION QUESTION 66com. IN NS 67SECTION ANSWER 68com. IN NS a.gtld-servers.net. 69SECTION ADDITIONAL 70a.gtld-servers.net. IN A 192.5.6.30 71ENTRY_END 72 73ENTRY_BEGIN 74MATCH opcode qtype qname 75ADJUST copy_id 76REPLY QR NOERROR 77SECTION QUESTION 78net. IN NS 79SECTION ANSWER 80net. IN NS a.gtld-servers.net. 81SECTION ADDITIONAL 82a.gtld-servers.net. IN A 192.5.6.30 83ENTRY_END 84 85ENTRY_BEGIN 86MATCH opcode subdomain 87ADJUST copy_id copy_query 88REPLY QR NOERROR 89SECTION QUESTION 90example.com. IN A 91SECTION AUTHORITY 92example.com. IN NS ns.example.com. 93SECTION ADDITIONAL 94ns.example.com. IN A 1.2.3.4 95ENTRY_END 96ENTRY_BEGIN 97MATCH opcode subdomain 98ADJUST copy_id copy_query 99REPLY QR NOERROR 100SECTION QUESTION 101example.net. IN A 102SECTION AUTHORITY 103example.net. IN NS ns.example.net. 104SECTION ADDITIONAL 105ns.example.net. IN A 1.2.3.5 106ENTRY_END 107RANGE_END 108 109; ns.example.com. 110RANGE_BEGIN 0 100 111 ADDRESS 1.2.3.4 112ENTRY_BEGIN 113MATCH opcode qtype qname 114ADJUST copy_id 115REPLY QR AA REFUSED 116SECTION QUESTION 117ns.example.com. IN AAAA 118ENTRY_END 119 120ENTRY_BEGIN 121MATCH opcode qtype qname 122ADJUST copy_id 123REPLY QR AA REFUSED 124SECTION QUESTION 125ns.example.com. IN A 126ENTRY_END 127 128ENTRY_BEGIN 129MATCH opcode qtype qname 130ADJUST copy_id 131REPLY QR NOERROR 132SECTION QUESTION 133example.com. IN NS 134SECTION ANSWER 135example.com. IN NS ns.example.com. 136example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 137SECTION ADDITIONAL 138ns.example.com. IN A 1.2.3.4 139ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 140ENTRY_END 141 142; response to DNSKEY priming query 143ENTRY_BEGIN 144MATCH opcode qtype qname 145ADJUST copy_id 146REPLY QR NOERROR 147SECTION QUESTION 148example.com. IN DNSKEY 149SECTION ANSWER 150example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 151example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 152SECTION AUTHORITY 153example.com. IN NS ns.example.com. 154example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 155SECTION ADDITIONAL 156ns.example.com. IN A 1.2.3.4 157ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 158ENTRY_END 159 160; response to query of interest 161ENTRY_BEGIN 162MATCH opcode qtype qname 163ADJUST copy_id 164REPLY QR NOERROR 165SECTION QUESTION 166www.sub.example.com. IN A 167SECTION ANSWER 168; *.example.com. IN DNAME example.net. 169sub.example.com. IN DNAME example.net. 170sub.example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFEyO+NY3QgAf/cF0mmZhsj3TqgoGAhRqJhHoCd+aA1FbBp16WGfk1HmeIg== ;{id = 2854} 171; unsigned CNAME; one interpretation of the wildcarded DNAME expansion 172www.sub.example.com. IN CNAME www.example.net. 173SECTION AUTHORITY 174; prove original does not exist 175ns.example.com. IN NSEC www.example.com. A RRSIG NSEC 176ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCCqvDUT+jMCvfm7OHL2IDY75JDmQIUfOtDiiyeSiwjuq3i3OuLnVRyoJ8= ;{id = 2854} 177SECTION ADDITIONAL 178ENTRY_END 179RANGE_END 180 181; ns.example.net. 182RANGE_BEGIN 0 100 183 ADDRESS 1.2.3.5 184ENTRY_BEGIN 185MATCH opcode qtype qname 186ADJUST copy_id 187REPLY QR AA REFUSED 188SECTION QUESTION 189ns.example.net. IN AAAA 190ENTRY_END 191 192ENTRY_BEGIN 193MATCH opcode qtype qname 194ADJUST copy_id 195REPLY QR AA REFUSED 196SECTION QUESTION 197ns.example.net. IN A 198ENTRY_END 199 200ENTRY_BEGIN 201MATCH opcode qtype qname 202ADJUST copy_id 203REPLY QR NOERROR 204SECTION QUESTION 205example.net. IN NS 206SECTION ANSWER 207example.net. IN NS ns.example.net. 208example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 209SECTION ADDITIONAL 210ns.example.net. IN A 1.2.3.5 211ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 212ENTRY_END 213 214; response to DNSKEY priming query 215ENTRY_BEGIN 216MATCH opcode qtype qname 217ADJUST copy_id 218REPLY QR NOERROR 219SECTION QUESTION 220example.net. IN DNSKEY 221SECTION ANSWER 222example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 223example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} 224SECTION AUTHORITY 225example.net. IN NS ns.example.net. 226example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 227SECTION ADDITIONAL 228ns.example.net. IN A 1.2.3.5 229ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 230ENTRY_END 231 232; response to query of interest 233ENTRY_BEGIN 234MATCH opcode qtype qname 235ADJUST copy_id 236REPLY QR NOERROR 237SECTION QUESTION 238www.example.net. IN A 239SECTION ANSWER 240; from *.example.net. 241www.example.net. IN A 11.12.13.14 242www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} 243SECTION AUTHORITY 244SECTION ADDITIONAL 245ENTRY_END 246RANGE_END 247 248STEP 1 QUERY 249ENTRY_BEGIN 250REPLY RD DO 251SECTION QUESTION 252www.sub.example.com. IN A 253ENTRY_END 254 255; recursion happens here. 256STEP 10 CHECK_ANSWER 257ENTRY_BEGIN 258MATCH all 259REPLY QR RD RA DO SERVFAIL 260SECTION QUESTION 261www.sub.example.com. IN A 262SECTION ANSWER 263SECTION AUTHORITY 264SECTION ADDITIONAL 265ENTRY_END 266 267SCENARIO_END 268