1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 ede: yes 11 12stub-zone: 13 name: "." 14 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 15CONFIG_END 16 17SCENARIO_BEGIN Test validator with CNAME response to DS 18 19; K.ROOT-SERVERS.NET. 20RANGE_BEGIN 0 100 21 ADDRESS 193.0.14.129 22ENTRY_BEGIN 23MATCH opcode qtype qname 24ADJUST copy_id 25REPLY QR NOERROR 26SECTION QUESTION 27. IN NS 28SECTION ANSWER 29. IN NS K.ROOT-SERVERS.NET. 30SECTION ADDITIONAL 31K.ROOT-SERVERS.NET. IN A 193.0.14.129 32ENTRY_END 33 34ENTRY_BEGIN 35MATCH opcode qtype qname 36ADJUST copy_id 37REPLY QR NOERROR 38SECTION QUESTION 39www.example.com. IN A 40SECTION AUTHORITY 41com. IN NS a.gtld-servers.net. 42SECTION ADDITIONAL 43a.gtld-servers.net. IN A 192.5.6.30 44ENTRY_END 45RANGE_END 46 47; a.gtld-servers.net. 48RANGE_BEGIN 0 100 49 ADDRESS 192.5.6.30 50ENTRY_BEGIN 51MATCH opcode qtype qname 52ADJUST copy_id 53REPLY QR NOERROR 54SECTION QUESTION 55com. IN NS 56SECTION ANSWER 57com. IN NS a.gtld-servers.net. 58SECTION ADDITIONAL 59a.gtld-servers.net. IN A 192.5.6.30 60ENTRY_END 61 62ENTRY_BEGIN 63MATCH opcode qtype qname 64ADJUST copy_id 65REPLY QR NOERROR 66SECTION QUESTION 67www.example.com. IN A 68SECTION AUTHORITY 69example.com. IN NS ns.example.com. 70SECTION ADDITIONAL 71ns.example.com. IN A 1.2.3.4 72ENTRY_END 73 74ENTRY_BEGIN 75MATCH opcode qtype qname 76ADJUST copy_id 77REPLY QR AA NOERROR 78SECTION QUESTION 79ns.example.com. IN AAAA 80SECTION ANSWER 81ENTRY_END 82RANGE_END 83 84; ns.example.com. 85RANGE_BEGIN 0 100 86 ADDRESS 1.2.3.4 87ENTRY_BEGIN 88MATCH opcode qtype qname 89ADJUST copy_id 90REPLY QR NOERROR 91SECTION QUESTION 92ns.example.com. IN AAAA 93SECTION ANSWER 94; not legal NOERROR/NODATA response, but leniently accepted (not validated) 95SECTION AUTHORITY 96example.com. IN NS ns.example.com. 97example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 98SECTION ADDITIONAL 99ns.example.com. IN A 1.2.3.4 100ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 101ENTRY_END 102 103ENTRY_BEGIN 104MATCH opcode qtype qname 105ADJUST copy_id 106REPLY QR NOERROR 107SECTION QUESTION 108example.com. IN NS 109SECTION ANSWER 110example.com. IN NS ns.example.com. 111example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 112SECTION ADDITIONAL 113ns.example.com. IN A 1.2.3.4 114ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 115ENTRY_END 116 117; response to DNSKEY priming query 118ENTRY_BEGIN 119MATCH opcode qtype qname 120ADJUST copy_id 121REPLY QR NOERROR 122SECTION QUESTION 123example.com. IN DNSKEY 124SECTION ANSWER 125example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 126example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 127SECTION AUTHORITY 128example.com. IN NS ns.example.com. 129example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 130SECTION ADDITIONAL 131ns.example.com. IN A 1.2.3.4 132ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 133ENTRY_END 134 135; response to query of interest 136ENTRY_BEGIN 137MATCH opcode qtype qname 138ADJUST copy_id 139REPLY QR AA NOERROR 140SECTION QUESTION 141www.example.com. IN A 142SECTION ANSWER 143; nothing here, not even NSECs 144SECTION AUTHORITY 145example.com. IN NS ns.example.com. 146example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 147SECTION ADDITIONAL 148ENTRY_END 149 150; DS query 151ENTRY_BEGIN 152MATCH opcode qtype qname 153ADJUST copy_id 154REPLY QR AA NOERROR 155SECTION QUESTION 156www.example.com. IN DS 157SECTION ANSWER 158www.example.com. IN CNAME zzz.example.com. 159www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854} 160;*.example.com. IN CNAME zzz.example.com. 161;*.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854} 162 163SECTION AUTHORITY 164*.example.com. IN NSEC zzz.example.com. CNAME RRSIG NSEC 165*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AJxl2TXciyhbKqSakVNtjlt8Bbkco02zpl5RlY88iqVmSa6ts+/guU4= ;{id = 2854} 166zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC 167zzz.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854} 168example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 169example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 170SECTION ADDITIONAL 171ENTRY_END 172 173ENTRY_BEGIN 174MATCH opcode qtype qname 175ADJUST copy_id 176REPLY QR AA NOERROR 177SECTION QUESTION 178zzz.example.com. IN DS 179SECTION ANSWER 180SECTION AUTHORITY 181zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC 182zzz.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854} 183example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 184example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 185SECTION ADDITIONAL 186ENTRY_END 187RANGE_END 188 189STEP 1 QUERY 190ENTRY_BEGIN 191REPLY RD DO 192SECTION QUESTION 193www.example.com. IN A 194ENTRY_END 195 196; recursion happens here. 197STEP 10 CHECK_ANSWER 198ENTRY_BEGIN 199MATCH all ede=10 200REPLY QR RD RA DO SERVFAIL 201SECTION QUESTION 202www.example.com. IN A 203ENTRY_END 204 205SCENARIO_END 206