1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 ede: yes 11 access-control: 127.0.0.0/8 allow_snoop 12 13stub-zone: 14 name: "." 15 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 16CONFIG_END 17 18SCENARIO_BEGIN Test validator with CNAME response to DS 19 20; K.ROOT-SERVERS.NET. 21RANGE_BEGIN 0 100 22 ADDRESS 193.0.14.129 23ENTRY_BEGIN 24MATCH opcode qtype qname 25ADJUST copy_id 26REPLY QR NOERROR 27SECTION QUESTION 28. IN NS 29SECTION ANSWER 30. IN NS K.ROOT-SERVERS.NET. 31SECTION ADDITIONAL 32K.ROOT-SERVERS.NET. IN A 193.0.14.129 33ENTRY_END 34 35ENTRY_BEGIN 36MATCH opcode qtype qname 37ADJUST copy_id 38REPLY QR NOERROR 39SECTION QUESTION 40www.example.com. IN A 41SECTION AUTHORITY 42com. IN NS a.gtld-servers.net. 43SECTION ADDITIONAL 44a.gtld-servers.net. IN A 192.5.6.30 45ENTRY_END 46RANGE_END 47 48; a.gtld-servers.net. 49RANGE_BEGIN 0 100 50 ADDRESS 192.5.6.30 51ENTRY_BEGIN 52MATCH opcode qtype qname 53ADJUST copy_id 54REPLY QR NOERROR 55SECTION QUESTION 56com. IN NS 57SECTION ANSWER 58com. IN NS a.gtld-servers.net. 59SECTION ADDITIONAL 60a.gtld-servers.net. IN A 192.5.6.30 61ENTRY_END 62 63ENTRY_BEGIN 64MATCH opcode qtype qname 65ADJUST copy_id 66REPLY QR NOERROR 67SECTION QUESTION 68www.example.com. IN A 69SECTION AUTHORITY 70example.com. IN NS ns.example.com. 71SECTION ADDITIONAL 72ns.example.com. IN A 1.2.3.4 73ENTRY_END 74 75ENTRY_BEGIN 76MATCH opcode qtype qname 77ADJUST copy_id 78REPLY QR AA NOERROR 79SECTION QUESTION 80ns.example.com. IN AAAA 81SECTION ANSWER 82SECTION AUTHORITY 83com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 84ENTRY_END 85RANGE_END 86 87; ns.example.com. 88RANGE_BEGIN 0 100 89 ADDRESS 1.2.3.4 90ENTRY_BEGIN 91MATCH opcode qtype qname 92ADJUST copy_id 93REPLY QR NOERROR 94SECTION QUESTION 95ns.example.com. IN AAAA 96SECTION ANSWER 97; not legal NOERROR/NODATA response, but leniently accepted (not validated) 98SECTION AUTHORITY 99example.com. IN NS ns.example.com. 100example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 101SECTION ADDITIONAL 102ns.example.com. IN A 1.2.3.4 103ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 104ENTRY_END 105 106ENTRY_BEGIN 107MATCH opcode qtype qname 108ADJUST copy_id 109REPLY QR NOERROR 110SECTION QUESTION 111example.com. IN NS 112SECTION ANSWER 113example.com. IN NS ns.example.com. 114example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 115SECTION ADDITIONAL 116ns.example.com. IN A 1.2.3.4 117ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 118ENTRY_END 119 120; response to DNSKEY priming query 121ENTRY_BEGIN 122MATCH opcode qtype qname 123ADJUST copy_id 124REPLY QR NOERROR 125SECTION QUESTION 126example.com. IN DNSKEY 127SECTION ANSWER 128example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 129example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 130SECTION AUTHORITY 131example.com. IN NS ns.example.com. 132example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 133SECTION ADDITIONAL 134ns.example.com. IN A 1.2.3.4 135ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 136ENTRY_END 137 138; response to query of interest 139ENTRY_BEGIN 140MATCH opcode qtype qname 141ADJUST copy_id 142REPLY QR AA NOERROR 143SECTION QUESTION 144www.example.com. IN A 145SECTION ANSWER 146; nothing here, not even NSECs 147SECTION AUTHORITY 148example.com. IN NS ns.example.com. 149example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 150SECTION ADDITIONAL 151ENTRY_END 152 153; DS query 154ENTRY_BEGIN 155MATCH opcode qtype qname 156ADJUST copy_id 157REPLY QR AA NOERROR 158SECTION QUESTION 159www.example.com. IN DS 160SECTION ANSWER 161www.example.com. IN CNAME zzz.example.com. 162www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854} 163;*.example.com. IN CNAME zzz.example.com. 164;*.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854} 165 166SECTION AUTHORITY 167*.example.com. IN NSEC zzz.example.com. CNAME RRSIG NSEC 168*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AJxl2TXciyhbKqSakVNtjlt8Bbkco02zpl5RlY88iqVmSa6ts+/guU4= ;{id = 2854} 169zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC 170zzz.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854} 171example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 172example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 173SECTION ADDITIONAL 174ENTRY_END 175 176ENTRY_BEGIN 177MATCH opcode qtype qname 178ADJUST copy_id 179REPLY QR AA NOERROR 180SECTION QUESTION 181zzz.example.com. IN DS 182SECTION ANSWER 183SECTION AUTHORITY 184zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC 185zzz.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854} 186example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 187example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 188SECTION ADDITIONAL 189ENTRY_END 190RANGE_END 191 192STEP 1 QUERY 193ENTRY_BEGIN 194REPLY RD DO 195SECTION QUESTION 196www.example.com. IN A 197ENTRY_END 198 199; recursion happens here. 200STEP 10 CHECK_ANSWER 201ENTRY_BEGIN 202MATCH all ede=10 203REPLY QR RD RA DO SERVFAIL 204SECTION QUESTION 205www.example.com. IN A 206ENTRY_END 207 208; Redo the query without RD to check EDE caching. 209STEP 11 QUERY 210ENTRY_BEGIN 211REPLY DO 212SECTION QUESTION 213www.example.com. IN A 214ENTRY_END 215 216STEP 12 CHECK_ANSWER 217ENTRY_BEGIN 218MATCH all ede=10 219REPLY QR RA DO SERVFAIL 220SECTION QUESTION 221www.example.com. IN A 222ENTRY_END 223 224SCENARIO_END 225