1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 11stub-zone: 12 name: "." 13 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 14CONFIG_END 15 16SCENARIO_BEGIN Test validator with CNAME response to DS in chain of trust 17; the CNAME is at a nonempty nonterminal name in the parent zone. 18 19; K.ROOT-SERVERS.NET. 20RANGE_BEGIN 0 100 21 ADDRESS 193.0.14.129 22ENTRY_BEGIN 23MATCH opcode qtype qname 24ADJUST copy_id 25REPLY QR NOERROR 26SECTION QUESTION 27. IN NS 28SECTION ANSWER 29. IN NS K.ROOT-SERVERS.NET. 30SECTION ADDITIONAL 31K.ROOT-SERVERS.NET. IN A 193.0.14.129 32ENTRY_END 33 34ENTRY_BEGIN 35MATCH opcode subdomain 36ADJUST copy_id copy_query 37REPLY QR NOERROR 38SECTION QUESTION 39com. IN A 40SECTION AUTHORITY 41com. IN NS a.gtld-servers.net. 42SECTION ADDITIONAL 43a.gtld-servers.net. IN A 192.5.6.30 44ENTRY_END 45 46ENTRY_BEGIN 47MATCH opcode subdomain 48ADJUST copy_id copy_query 49REPLY QR NOERROR 50SECTION QUESTION 51net. IN A 52SECTION AUTHORITY 53net. IN NS a.gtld-servers.net. 54SECTION ADDITIONAL 55a.gtld-servers.net. IN A 192.5.6.30 56ENTRY_END 57RANGE_END 58 59; a.gtld-servers.net. 60RANGE_BEGIN 0 100 61 ADDRESS 192.5.6.30 62ENTRY_BEGIN 63MATCH opcode qtype qname 64ADJUST copy_id 65REPLY QR NOERROR 66SECTION QUESTION 67com. IN NS 68SECTION ANSWER 69com. IN NS a.gtld-servers.net. 70SECTION ADDITIONAL 71a.gtld-servers.net. IN A 192.5.6.30 72ENTRY_END 73 74ENTRY_BEGIN 75MATCH opcode subdomain 76ADJUST copy_id copy_query 77REPLY QR NOERROR 78SECTION QUESTION 79example.com. IN A 80SECTION AUTHORITY 81example.com. IN NS ns.example.com. 82SECTION ADDITIONAL 83ns.example.com. IN A 1.2.3.4 84ENTRY_END 85 86ENTRY_BEGIN 87MATCH opcode qtype qname 88ADJUST copy_id 89REPLY QR AA NOERROR 90SECTION QUESTION 91ns.example.com. IN AAAA 92SECTION ANSWER 93ENTRY_END 94 95ENTRY_BEGIN 96MATCH opcode subdomain 97ADJUST copy_id copy_query 98REPLY QR AA NOERROR 99SECTION QUESTION 100example.net. IN A 101SECTION AUTHORITY 102example.net. IN NS ns.example.net. 103SECTION ADDITIONAL 104ns.example.net. IN A 1.2.3.6 105ENTRY_END 106 107RANGE_END 108 109; ns.example.com. 110RANGE_BEGIN 0 100 111 ADDRESS 1.2.3.4 112ENTRY_BEGIN 113MATCH opcode qtype qname 114ADJUST copy_id 115REPLY QR NOERROR 116SECTION QUESTION 117ns.example.com. IN AAAA 118SECTION ANSWER 119; not legal NOERROR/NODATA response, but leniently accepted (not validated) 120SECTION AUTHORITY 121example.com. IN NS ns.example.com. 122example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 123;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 124;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} 125SECTION ADDITIONAL 126ns.example.com. IN A 1.2.3.4 127ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 128ENTRY_END 129 130ENTRY_BEGIN 131MATCH opcode qtype qname 132ADJUST copy_id 133REPLY QR NOERROR 134SECTION QUESTION 135example.com. IN NS 136SECTION ANSWER 137example.com. IN NS ns.example.com. 138example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 139SECTION ADDITIONAL 140ns.example.com. IN A 1.2.3.4 141ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 142ENTRY_END 143 144; response to DNSKEY priming query 145ENTRY_BEGIN 146MATCH opcode qtype qname 147ADJUST copy_id 148REPLY QR NOERROR 149SECTION QUESTION 150example.com. IN DNSKEY 151SECTION ANSWER 152example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 153example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 154SECTION AUTHORITY 155example.com. IN NS ns.example.com. 156example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 157SECTION ADDITIONAL 158ns.example.com. IN A 1.2.3.4 159ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 160ENTRY_END 161 162; response to DS query for a.example.com, a CNAME 163ENTRY_BEGIN 164MATCH opcode qtype qname 165ADJUST copy_id 166REPLY QR AA NOERROR 167SECTION QUESTION 168a.example.com. IN DS 169SECTION ANSWER 170a.example.com. IN CNAME zzz.example.net. 171a.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKM6/j6yowuwqbazKzi4fEsavcLwXo3PjglhH9KD68ANZOrdN9y1ZCc= 172SECTION AUTHORITY 173SECTION ADDITIONAL 174ENTRY_END 175 176; response to DS query for sub.a.example.com. 177ENTRY_BEGIN 178MATCH opcode qtype qname 179ADJUST copy_id 180REPLY QR AA NOERROR 181SECTION QUESTION 182sub.a.example.com. IN DS 183SECTION ANSWER 184sub.a.example.com. 3600 IN DS 57024 7 1 e54100bff773a794854808694c5d217267a53649 185sub.a.example.com. 3600 IN RRSIG DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw= 186SECTION AUTHORITY 187SECTION ADDITIONAL 188ENTRY_END 189 190; delegation down 191ENTRY_BEGIN 192MATCH opcode subdomain 193ADJUST copy_id copy_query 194REPLY QR NOERROR 195SECTION QUESTION 196sub.a.example.com. IN NS 197SECTION ANSWER 198SECTION AUTHORITY 199sub.a.example.com. 3600 IN DS 57024 7 1 e54100bff773a794854808694c5d217267a53649 200sub.a.example.com. 3600 IN RRSIG DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw= 201sub.a.example.com. IN NS ns.sub.a.example.com. 202SECTION ADDITIONAL 203ns.sub.a.example.com. IN A 1.2.3.5 204ENTRY_END 205RANGE_END 206 207; ns.sub.a.example.com. 208RANGE_BEGIN 0 100 209 ADDRESS 1.2.3.5 210 211; DNSKEY query 212ENTRY_BEGIN 213MATCH opcode qtype qname 214ADJUST copy_id 215REPLY QR AA NOERROR 216SECTION QUESTION 217sub.a.example.com. IN DNSKEY 218SECTION ANSWER 219sub.a.example.com. 3600 IN DNSKEY 257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b} 220sub.a.example.com. 3600 IN RRSIG DNSKEY 7 4 3600 20070926134150 20070829134150 57024 sub.a.example.com. TB3rkkPBD/ESQR9WBpfq2aV+2howI+EJq2+om2EI6PiemQOdpN6ovLvKwCILb0LOsTEFfPpAvRCOuDzRC24sJqBgWpZ4xLxMTcQJ8hMvv7rIUfZotDPO2JYNHSRmpeQLuDGA6P+AtJLYIr7yfOltJmJ0aCJxy3Fm9RQxJxHVbEQ= 221SECTION AUTHORITY 222SECTION ADDITIONAL 223ENTRY_END 224 225; query of interest 226ENTRY_BEGIN 227MATCH opcode qtype qname 228ADJUST copy_id 229REPLY QR AA NOERROR 230SECTION QUESTION 231www.sub.a.example.com. IN A 232SECTION ANSWER 233www.sub.a.example.com. IN A 10.20.30.40 234www.sub.a.example.com. 3600 IN RRSIG A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA= 235SECTION AUTHORITY 236SECTION ADDITIONAL 237ENTRY_END 238 239RANGE_END 240 241; ns.example.net. 242RANGE_BEGIN 0 100 243 ADDRESS 1.2.3.6 244 245ENTRY_BEGIN 246MATCH opcode qtype qname 247ADJUST copy_id 248REPLY QR AA NOERROR 249SECTION QUESTION 250zzz.example.net. IN DS 251SECTION ANSWER 252SECTION AUTHORITY 253example.net. IN SOA root. host. 1 2 3 4 5 254SECTION ADDITIONAL 255ENTRY_END 256RANGE_END 257 258 259STEP 1 QUERY 260ENTRY_BEGIN 261REPLY RD DO 262SECTION QUESTION 263www.sub.a.example.com. IN A 264ENTRY_END 265 266; recursion happens here. 267STEP 10 CHECK_ANSWER 268ENTRY_BEGIN 269MATCH all 270REPLY QR RD RA AD DO NOERROR 271SECTION QUESTION 272www.sub.a.example.com. IN A 273SECTION ANSWER 274www.sub.a.example.com. 3600 IN A 10.20.30.40 275www.sub.a.example.com. 3600 IN RRSIG A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA= 276ENTRY_END 277 278SCENARIO_END 279