1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 8stub-zone: 9 name: "." 10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 11CONFIG_END 12 13SCENARIO_BEGIN Test validator with CNAME response to DS 14 15; K.ROOT-SERVERS.NET. 16RANGE_BEGIN 0 100 17 ADDRESS 193.0.14.129 18ENTRY_BEGIN 19MATCH opcode qtype qname 20ADJUST copy_id 21REPLY QR NOERROR 22SECTION QUESTION 23. IN NS 24SECTION ANSWER 25. IN NS K.ROOT-SERVERS.NET. 26SECTION ADDITIONAL 27K.ROOT-SERVERS.NET. IN A 193.0.14.129 28ENTRY_END 29 30ENTRY_BEGIN 31MATCH opcode qtype qname 32ADJUST copy_id 33REPLY QR NOERROR 34SECTION QUESTION 35www.example.com. IN A 36SECTION AUTHORITY 37com. IN NS a.gtld-servers.net. 38SECTION ADDITIONAL 39a.gtld-servers.net. IN A 192.5.6.30 40ENTRY_END 41RANGE_END 42 43; a.gtld-servers.net. 44RANGE_BEGIN 0 100 45 ADDRESS 192.5.6.30 46ENTRY_BEGIN 47MATCH opcode qtype qname 48ADJUST copy_id 49REPLY QR NOERROR 50SECTION QUESTION 51com. IN NS 52SECTION ANSWER 53com. IN NS a.gtld-servers.net. 54SECTION ADDITIONAL 55a.gtld-servers.net. IN A 192.5.6.30 56ENTRY_END 57 58ENTRY_BEGIN 59MATCH opcode qtype qname 60ADJUST copy_id 61REPLY QR NOERROR 62SECTION QUESTION 63www.example.com. IN A 64SECTION AUTHORITY 65example.com. IN NS ns.example.com. 66SECTION ADDITIONAL 67ns.example.com. IN A 1.2.3.4 68ENTRY_END 69 70ENTRY_BEGIN 71MATCH opcode qtype qname 72ADJUST copy_id 73REPLY QR AA NOERROR 74SECTION QUESTION 75ns.example.com. IN AAAA 76SECTION ANSWER 77ENTRY_END 78RANGE_END 79 80; ns.example.com. 81RANGE_BEGIN 0 100 82 ADDRESS 1.2.3.4 83ENTRY_BEGIN 84MATCH opcode qtype qname 85ADJUST copy_id 86REPLY QR NOERROR 87SECTION QUESTION 88ns.example.com. IN AAAA 89SECTION ANSWER 90; not legal NOERROR/NODATA response, but leniently accepted (not validated) 91SECTION AUTHORITY 92example.com. IN NS ns.example.com. 93example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 94SECTION ADDITIONAL 95ns.example.com. IN A 1.2.3.4 96ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 97ENTRY_END 98 99ENTRY_BEGIN 100MATCH opcode qtype qname 101ADJUST copy_id 102REPLY QR NOERROR 103SECTION QUESTION 104example.com. IN NS 105SECTION ANSWER 106example.com. IN NS ns.example.com. 107example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 108SECTION ADDITIONAL 109ns.example.com. IN A 1.2.3.4 110ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 111ENTRY_END 112 113; response to DNSKEY priming query 114ENTRY_BEGIN 115MATCH opcode qtype qname 116ADJUST copy_id 117REPLY QR NOERROR 118SECTION QUESTION 119example.com. IN DNSKEY 120SECTION ANSWER 121example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 122example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 123SECTION AUTHORITY 124example.com. IN NS ns.example.com. 125example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 126SECTION ADDITIONAL 127ns.example.com. IN A 1.2.3.4 128ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 129ENTRY_END 130 131; response to query of interest 132ENTRY_BEGIN 133MATCH opcode qtype qname 134ADJUST copy_id 135REPLY QR AA NOERROR 136SECTION QUESTION 137www.example.com. IN A 138SECTION ANSWER 139; nothing here, not even NSECs 140SECTION AUTHORITY 141example.com. IN NS ns.example.com. 142example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 143SECTION ADDITIONAL 144ENTRY_END 145 146; DS query 147ENTRY_BEGIN 148MATCH opcode qtype qname 149ADJUST copy_id 150REPLY QR AA NOERROR 151SECTION QUESTION 152www.example.com. IN DS 153SECTION ANSWER 154www.example.com. IN CNAME zzz.example.com. 155www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854} 156;*.example.com. IN CNAME zzz.example.com. 157;*.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854} 158 159SECTION AUTHORITY 160*.example.com. IN NSEC zzz.example.com. CNAME RRSIG NSEC 161*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AJxl2TXciyhbKqSakVNtjlt8Bbkco02zpl5RlY88iqVmSa6ts+/guU4= ;{id = 2854} 162zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC 163zzz.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854} 164example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 165example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 166SECTION ADDITIONAL 167ENTRY_END 168 169ENTRY_BEGIN 170MATCH opcode qtype qname 171ADJUST copy_id 172REPLY QR AA NOERROR 173SECTION QUESTION 174zzz.example.com. IN DS 175SECTION ANSWER 176SECTION AUTHORITY 177zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC 178zzz.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854} 179example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 180example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 181SECTION ADDITIONAL 182ENTRY_END 183RANGE_END 184 185STEP 1 QUERY 186ENTRY_BEGIN 187REPLY RD DO 188SECTION QUESTION 189www.example.com. IN A 190ENTRY_END 191 192; recursion happens here. 193STEP 10 CHECK_ANSWER 194ENTRY_BEGIN 195MATCH all 196REPLY QR RD RA DO SERVFAIL 197SECTION QUESTION 198www.example.com. IN A 199SECTION ANSWER 200ENTRY_END 201 202SCENARIO_END 203