1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 10stub-zone: 11 name: "." 12 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 13CONFIG_END 14 15SCENARIO_BEGIN Test DS lookup after key prime is done. 16 17; K.ROOT-SERVERS.NET. 18RANGE_BEGIN 0 100 19 ADDRESS 193.0.14.129 20ENTRY_BEGIN 21MATCH opcode qtype qname 22ADJUST copy_id 23REPLY QR NOERROR 24SECTION QUESTION 25. IN NS 26SECTION ANSWER 27. IN NS K.ROOT-SERVERS.NET. 28SECTION ADDITIONAL 29K.ROOT-SERVERS.NET. IN A 193.0.14.129 30ENTRY_END 31 32ENTRY_BEGIN 33MATCH opcode qtype qname 34ADJUST copy_id 35REPLY QR NOERROR 36SECTION QUESTION 37www.example.com. IN A 38SECTION AUTHORITY 39com. IN NS a.gtld-servers.net. 40SECTION ADDITIONAL 41a.gtld-servers.net. IN A 192.5.6.30 42ENTRY_END 43RANGE_END 44 45; a.gtld-servers.net. 46RANGE_BEGIN 0 100 47 ADDRESS 192.5.6.30 48ENTRY_BEGIN 49MATCH opcode qtype qname 50ADJUST copy_id 51REPLY QR NOERROR 52SECTION QUESTION 53com. IN NS 54SECTION ANSWER 55com. IN NS a.gtld-servers.net. 56SECTION ADDITIONAL 57a.gtld-servers.net. IN A 192.5.6.30 58ENTRY_END 59 60ENTRY_BEGIN 61MATCH opcode qtype qname 62ADJUST copy_id 63REPLY QR NOERROR 64SECTION QUESTION 65www.example.com. IN A 66SECTION AUTHORITY 67example.com. IN NS ns.example.com. 68SECTION ADDITIONAL 69ns.example.com. IN A 1.2.3.4 70ENTRY_END 71 72ENTRY_BEGIN 73MATCH opcode qtype qname 74ADJUST copy_id 75REPLY QR NOERROR 76SECTION QUESTION 77example.com. IN DS 78SECTION AUTHORITY 79com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400 80ENTRY_END 81RANGE_END 82 83; ns.example.com. 84RANGE_BEGIN 0 100 85 ADDRESS 1.2.3.4 86ENTRY_BEGIN 87MATCH opcode qtype qname 88ADJUST copy_id 89REPLY QR NOERROR 90SECTION QUESTION 91example.com. IN NS 92SECTION ANSWER 93example.com. IN NS ns.example.com. 94example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 95SECTION ADDITIONAL 96ns.example.com. IN A 1.2.3.4 97ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 98ENTRY_END 99 100; response to DNSKEY priming query 101ENTRY_BEGIN 102MATCH opcode qtype qname 103ADJUST copy_id 104REPLY QR NOERROR 105SECTION QUESTION 106example.com. IN DNSKEY 107SECTION ANSWER 108example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 109example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 110SECTION AUTHORITY 111example.com. IN NS ns.example.com. 112example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 113SECTION ADDITIONAL 114ns.example.com. IN A 1.2.3.4 115ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 116ENTRY_END 117 118; response to query of interest 119ENTRY_BEGIN 120MATCH opcode qtype qname 121ADJUST copy_id 122REPLY QR NOERROR 123SECTION QUESTION 124www.example.com. IN A 125SECTION ANSWER 126www.example.com. IN A 10.20.30.40 127ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 128SECTION AUTHORITY 129example.com. IN NS ns.example.com. 130example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 131SECTION ADDITIONAL 132ns.example.com. IN A 1.2.3.4 133www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 134ENTRY_END 135RANGE_END 136 137STEP 1 QUERY 138ENTRY_BEGIN 139REPLY RD DO 140SECTION QUESTION 141www.example.com. IN A 142ENTRY_END 143 144; recursion happens here. 145STEP 10 CHECK_ANSWER 146ENTRY_BEGIN 147MATCH all 148REPLY QR RD RA AD DO NOERROR 149SECTION QUESTION 150www.example.com. IN A 151SECTION ANSWER 152www.example.com. IN A 10.20.30.40 153www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 154SECTION AUTHORITY 155example.com. IN NS ns.example.com. 156example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 157SECTION ADDITIONAL 158ns.example.com. IN A 1.2.3.4 159ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 160ENTRY_END 161 162STEP 20 QUERY 163ENTRY_BEGIN 164REPLY RD DO 165SECTION QUESTION 166example.com. IN DS 167ENTRY_END 168 169STEP 30 CHECK_ANSWER 170ENTRY_BEGIN 171MATCH all 172REPLY QR RD RA DO NOERROR 173SECTION QUESTION 174example.com. IN DS 175SECTION AUTHORITY 176com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400 177ENTRY_END 178 179SCENARIO_END 180