1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 10stub-zone: 11 name: "." 12 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 13CONFIG_END 14 15SCENARIO_BEGIN Test validator with GOST DS digest 16 17; K.ROOT-SERVERS.NET. 18RANGE_BEGIN 0 100 19 ADDRESS 193.0.14.129 20ENTRY_BEGIN 21MATCH opcode qtype qname 22ADJUST copy_id 23REPLY QR NOERROR 24SECTION QUESTION 25. IN NS 26SECTION ANSWER 27. IN NS K.ROOT-SERVERS.NET. 28SECTION ADDITIONAL 29K.ROOT-SERVERS.NET. IN A 193.0.14.129 30ENTRY_END 31 32ENTRY_BEGIN 33MATCH opcode qtype qname 34ADJUST copy_id 35REPLY QR NOERROR 36SECTION QUESTION 37www.sub.example.com. IN A 38SECTION AUTHORITY 39com. IN NS a.gtld-servers.net. 40SECTION ADDITIONAL 41a.gtld-servers.net. IN A 192.5.6.30 42ENTRY_END 43RANGE_END 44 45; a.gtld-servers.net. 46RANGE_BEGIN 0 100 47 ADDRESS 192.5.6.30 48ENTRY_BEGIN 49MATCH opcode qtype qname 50ADJUST copy_id 51REPLY QR NOERROR 52SECTION QUESTION 53com. IN NS 54SECTION ANSWER 55com. IN NS a.gtld-servers.net. 56SECTION ADDITIONAL 57a.gtld-servers.net. IN A 192.5.6.30 58ENTRY_END 59 60ENTRY_BEGIN 61MATCH opcode qtype qname 62ADJUST copy_id 63REPLY QR NOERROR 64SECTION QUESTION 65www.sub.example.com. IN A 66SECTION AUTHORITY 67example.com. IN NS ns.example.com. 68SECTION ADDITIONAL 69ns.example.com. IN A 1.2.3.4 70ENTRY_END 71RANGE_END 72 73; ns.example.com. 74RANGE_BEGIN 0 100 75 ADDRESS 1.2.3.4 76ENTRY_BEGIN 77MATCH opcode qtype qname 78ADJUST copy_id 79REPLY QR NOERROR 80SECTION QUESTION 81example.com. IN NS 82SECTION ANSWER 83example.com. IN NS ns.example.com. 84example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 85SECTION ADDITIONAL 86ns.example.com. IN A 1.2.3.4 87ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 88ENTRY_END 89 90; response to DNSKEY priming query 91ENTRY_BEGIN 92MATCH opcode qtype qname 93ADJUST copy_id 94REPLY QR NOERROR 95SECTION QUESTION 96example.com. IN DNSKEY 97SECTION ANSWER 98example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 99example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 100SECTION AUTHORITY 101example.com. IN NS ns.example.com. 102example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 103SECTION ADDITIONAL 104ns.example.com. IN A 1.2.3.4 105ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 106ENTRY_END 107 108; response for delegation to sub.example.com. 109ENTRY_BEGIN 110MATCH opcode subdomain 111ADJUST copy_id copy_query 112REPLY QR NOERROR 113SECTION QUESTION 114sub.example.com. IN A 115SECTION ANSWER 116SECTION AUTHORITY 117sub.example.com. IN NS ns.sub.example.com. 118 119; GOST DS for sub.example.com. 120sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx 121 122; SHA DS for sub.example.com. 123;sub.example.com. 3600 IN DS 60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax 124;sub.example.com. 3600 IN DS 60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex 125 126sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADwjiGkzrz8RPRJ6LAB37cNEQxTXSaR6Stu/GwGvcQ7KVGH/Qw76ktI= ;{id = 2854} 127 128SECTION ADDITIONAL 129ns.sub.example.com. IN A 1.2.3.6 130ENTRY_END 131 132RANGE_END 133 134; ns.sub.example.com. 135RANGE_BEGIN 0 100 136 ADDRESS 1.2.3.6 137ENTRY_BEGIN 138MATCH opcode qtype qname 139ADJUST copy_id 140REPLY QR NOERROR 141SECTION QUESTION 142sub.example.com. IN NS 143SECTION ANSWER 144sub.example.com. IN NS ns.sub.example.com. 145sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. LAgerMKnwGgapo7tDs2jV8kjA+RminByvkR6qHineRDv4SYbRdDlCtYcFR4CoYo9aigLPej1WBmaZjFV+/7AVA== ;{id = 60385} 146SECTION ADDITIONAL 147ns.sub.example.com. IN A 1.2.3.6 148ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. qYVQEwiVNWwRRoDJxK3c3LaXtfvOm/YzOEzXbN2MxPHZXHaa2nCzWLsILNstot/wTAbrk4wNcT16gKxF5JguNw== ;{id = 60385} 149ENTRY_END 150 151; response to DNSKEY priming query 152ENTRY_BEGIN 153MATCH opcode qtype qname 154ADJUST copy_id 155REPLY QR NOERROR 156SECTION QUESTION 157sub.example.com. IN DNSKEY 158SECTION ANSWER 159sub.example.com. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b} 160sub.example.com. 3600 IN RRSIG DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385} 161SECTION AUTHORITY 162sub.example.com. IN NS ns.sub.example.com. 163sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 3y6qmOn5GIytQQtXmdhkyL0+8Um7uNzOA0m0CkWFtzN81T98jHdGcCGNC3CIGMyhKaWKqPlOoSwIfm55fa4qRA== ;{id = 60385} 164 165SECTION ADDITIONAL 166ns.sub.example.com. IN A 1.2.3.6 167ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. VS97UxG9Kn7DIYFCnBDJQ3n7sQ+aYF42/cU6s8jF1Y4nHSorKPFa0KHn0WVmaW33hA+Vs4BWTvJ1/JOpbiJskA== ;{id = 60385} 168 169ENTRY_END 170 171; response to query of interest 172ENTRY_BEGIN 173MATCH opcode qtype qname 174ADJUST copy_id 175REPLY QR NOERROR 176SECTION QUESTION 177www.sub.example.com. IN A 178SECTION ANSWER 179www.sub.example.com. IN A 11.11.11.11 180www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385} 181 182SECTION AUTHORITY 183SECTION ADDITIONAL 184ENTRY_END 185RANGE_END 186 187STEP 1 QUERY 188ENTRY_BEGIN 189REPLY RD DO 190SECTION QUESTION 191www.sub.example.com. IN A 192ENTRY_END 193 194; recursion happens here. 195STEP 10 CHECK_ANSWER 196ENTRY_BEGIN 197MATCH all 198REPLY QR RD RA AD DO NOERROR 199SECTION QUESTION 200www.sub.example.com. IN A 201SECTION ANSWER 202www.sub.example.com. 3600 IN A 11.11.11.11 203www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385} 204SECTION AUTHORITY 205SECTION ADDITIONAL 206ENTRY_END 207 208SCENARIO_END 209