1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 10stub-zone: 11 name: "." 12 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 13CONFIG_END 14 15SCENARIO_BEGIN Test validator with lots of ENTs in the chain of trust 16; query is for a.1.2.b.3.4.c.5.6.example.com. 17; labels 1-6 are empty nonterminals. 18; there are DNSKEYs at labels b, c, example.com. 19; and DSes at b and c. 20 21; K.ROOT-SERVERS.NET. 22RANGE_BEGIN 0 100 23 ADDRESS 193.0.14.129 24ENTRY_BEGIN 25MATCH opcode qtype qname 26ADJUST copy_id 27REPLY QR NOERROR 28SECTION QUESTION 29. IN NS 30SECTION ANSWER 31. IN NS K.ROOT-SERVERS.NET. 32SECTION ADDITIONAL 33K.ROOT-SERVERS.NET. IN A 193.0.14.129 34ENTRY_END 35 36ENTRY_BEGIN 37MATCH opcode qtype 38ADJUST copy_id copy_query 39REPLY QR NOERROR 40SECTION QUESTION 41www.sub.example.com. IN A 42SECTION AUTHORITY 43com. IN NS a.gtld-servers.net. 44SECTION ADDITIONAL 45a.gtld-servers.net. IN A 192.5.6.30 46ENTRY_END 47RANGE_END 48 49; a.gtld-servers.net. 50RANGE_BEGIN 0 100 51 ADDRESS 192.5.6.30 52ENTRY_BEGIN 53MATCH opcode qtype qname 54ADJUST copy_id 55REPLY QR NOERROR 56SECTION QUESTION 57com. IN NS 58SECTION ANSWER 59com. IN NS a.gtld-servers.net. 60SECTION ADDITIONAL 61a.gtld-servers.net. IN A 192.5.6.30 62ENTRY_END 63 64ENTRY_BEGIN 65MATCH opcode qtype 66ADJUST copy_id copy_query 67REPLY QR NOERROR 68SECTION QUESTION 69www.sub.example.com. IN A 70SECTION AUTHORITY 71example.com. IN NS ns.example.com. 72SECTION ADDITIONAL 73ns.example.com. IN A 1.2.3.4 74ENTRY_END 75RANGE_END 76 77; ns.example.com. 78RANGE_BEGIN 0 100 79 ADDRESS 1.2.3.4 80ENTRY_BEGIN 81MATCH opcode qtype qname 82ADJUST copy_id 83REPLY QR NOERROR 84SECTION QUESTION 85example.com. IN NS 86SECTION ANSWER 87example.com. IN NS ns.example.com. 88example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 89SECTION ADDITIONAL 90ns.example.com. IN A 1.2.3.4 91ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 92ENTRY_END 93 94; response to DNSKEY priming query 95ENTRY_BEGIN 96MATCH opcode qtype qname 97ADJUST copy_id 98REPLY AA QR NOERROR 99SECTION QUESTION 100example.com. IN DNSKEY 101SECTION ANSWER 102example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 103example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 104SECTION AUTHORITY 105example.com. IN NS ns.example.com. 106example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 107SECTION ADDITIONAL 108ns.example.com. IN A 1.2.3.4 109ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 110ENTRY_END 111 112; response for ENT DS queries. 113ENTRY_BEGIN 114MATCH opcode qtype qname 115ADJUST copy_id 116REPLY AA QR NOERROR 117SECTION QUESTION 1186.example.com. IN DS 119SECTION AUTHORITY 120example.com. NSEC c.5.6.example.com. SOA DNSKEY NS RRSIG NSEC 121example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCoocKDsR+Hius4e+5zJPlXeeWNowIUO+pa14FBcWH/dCNK5R0vRrlWY5s= ;{id = 2854} 122ENTRY_END 123 124ENTRY_BEGIN 125MATCH opcode qtype qname 126ADJUST copy_id 127REPLY AA QR NOERROR 128SECTION QUESTION 1295.6.example.com. IN DS 130SECTION AUTHORITY 131example.com. NSEC c.5.6.example.com. SOA DNSKEY NS RRSIG NSEC 132example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCoocKDsR+Hius4e+5zJPlXeeWNowIUO+pa14FBcWH/dCNK5R0vRrlWY5s= ;{id = 2854} 133ENTRY_END 134 135; response for query in question - delegation 136; and all other queries, receive a delegation to c.5.6.example.com. 137ENTRY_BEGIN 138MATCH opcode 139ADJUST copy_id copy_query 140REPLY QR NOERROR 141SECTION QUESTION 142a.1.2.b.3.4.c.5.6.example.com. IN A 143SECTION ANSWER 144SECTION AUTHORITY 145c.5.6.example.com. IN NS ns.c.5.6.example.com. 146c.5.6.example.com. 3600 IN DS 2854 3 1 4449f16fa7d712283aa43cc8dcc8e07c05856e08 147c.5.6.example.com. 3600 IN RRSIG DS 3 5 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCgiF7eFL89mSqjUPEpQuL5QEa1OgIUWdfUmMkwVBwOgmxlxZIKfGs5od0= ;{id = 2854} 148SECTION ADDITIONAL 149ns.c.5.6.example.com. IN A 1.2.3.6 150ENTRY_END 151RANGE_END 152 153; ns.c.5.6.example.com. 154RANGE_BEGIN 0 100 155 ADDRESS 1.2.3.6 156ENTRY_BEGIN 157MATCH opcode qtype qname 158ADJUST copy_id 159REPLY AA QR NOERROR 160SECTION QUESTION 161c.5.6.example.com. IN NS 162SECTION ANSWER 163ENTRY_END 164 165; response to DNSKEY priming query 166ENTRY_BEGIN 167MATCH opcode qtype qname 168ADJUST copy_id 169REPLY AA QR NOERROR 170SECTION QUESTION 171c.5.6.example.com. IN DNSKEY 172SECTION ANSWER 173c.5.6.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 174c.5.6.example.com. 3600 IN RRSIG DNSKEY 3 5 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MC0CFHsYd4tGO5BotXFzG9d8fzHkX576AhUAoZ2d1FNUBsrwxl6XSz/hoxme/4Q= ;{id = 2854} 175ENTRY_END 176 177; response to DS queries. 178ENTRY_BEGIN 179MATCH opcode qtype qname 180ADJUST copy_id 181REPLY AA QR NOERROR 182SECTION QUESTION 1834.c.5.6.example.com. IN DS 184SECTION AUTHORITY 1853.c.5.6.example.com. IN NSEC b.3.4.c.5.6.example.com. NS DS RRSIG NSEC 1863.c.5.6.example.com. 3600 IN RRSIG NSEC 3 6 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MCwCFFFF5WwGibkPunDt0BW2W9lncACcAhQuFh7FbfCE1ulJqBFf1YxjvT/WHQ== ;{id = 2854} 187 188ENTRY_END 189 190ENTRY_BEGIN 191MATCH opcode qtype qname 192ADJUST copy_id 193REPLY AA QR NOERROR 194SECTION QUESTION 1953.4.c.5.6.example.com. IN DS 196SECTION AUTHORITY 1973.c.5.6.example.com. IN NSEC b.3.4.c.5.6.example.com. NS DS RRSIG NSEC 1983.c.5.6.example.com. 3600 IN RRSIG NSEC 3 6 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MCwCFFFF5WwGibkPunDt0BW2W9lncACcAhQuFh7FbfCE1ulJqBFf1YxjvT/WHQ== ;{id = 2854} 199ENTRY_END 200 201; any other query gets a referral 202ENTRY_BEGIN 203MATCH opcode 204ADJUST copy_id copy_query 205REPLY AA QR NOERROR 206SECTION QUESTION 2074.c.5.6.example.com. IN DS 208SECTION AUTHORITY 209b.3.4.c.5.6.example.com. IN NS ns.b.3.4.c.5.6.example.com. 210b.3.4.c.5.6.example.com. 3600 IN DS 30899 5 1 849ebbdefa338db3e6c3ddffd58851523ba701de 211b.3.4.c.5.6.example.com. 3600 IN RRSIG DS 3 8 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MC0CFEuXbvClpAOx7E1SXeH0d+Q4jpySAhUAtbEbQ8qtRF5chUOWNtg31ESAjWg= ;{id = 2854} 212SECTION ADDITIONAL 213ns.b.3.4.c.5.6.example.com. IN A 1.2.3.7 214ENTRY_END 215RANGE_END 216 217; ns.b.3.4.c.5.6.example.com. 218RANGE_BEGIN 0 100 219 ADDRESS 1.2.3.7 220ENTRY_BEGIN 221MATCH opcode qtype qname 222ADJUST copy_id 223REPLY QR AA NOERROR 224SECTION QUESTION 225b.3.4.c.5.6.example.com. IN NS 226SECTION ANSWER 227ENTRY_END 228 229; response to DNSKEY priming query 230ENTRY_BEGIN 231MATCH opcode qtype qname 232ADJUST copy_id 233REPLY QR AA NOERROR 234SECTION QUESTION 235b.3.4.c.5.6.example.com. IN DNSKEY 236SECTION ANSWER 237b.3.4.c.5.6.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 238b.3.4.c.5.6.example.com. 3600 IN RRSIG DNSKEY 5 8 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. KNftlGVkrfvo3l3Wliq+i695MqJI9B8QnTVhCHKhFPZfEq0HCxV8gO3ZlaTUle1YEnr7+yXUritXlzjFOlf1hw== ;{id = 30899} 239ENTRY_END 240 241; response to query of interest 242ENTRY_BEGIN 243MATCH opcode qtype qname 244ADJUST copy_id 245REPLY QR AA NOERROR 246SECTION QUESTION 247a.1.2.b.3.4.c.5.6.example.com. IN A 248SECTION ANSWER 249a.1.2.b.3.4.c.5.6.example.com. IN A 11.11.11.11 250a.1.2.b.3.4.c.5.6.example.com. 3600 IN RRSIG A 5 11 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. GUZcUHhxAvc6FYwAzVJcTqsjz5L36bGA45dyeSupEGEhhUJj0wm/FaYCAlO8J+H2zcFEqbgK0KzHdrFmNHkgUQ== ;{id = 30899} 251SECTION AUTHORITY 252SECTION ADDITIONAL 253ENTRY_END 254RANGE_END 255 256STEP 1 QUERY 257ENTRY_BEGIN 258REPLY RD DO 259SECTION QUESTION 260a.1.2.b.3.4.c.5.6.example.com. IN A 261ENTRY_END 262 263; recursion happens here. 264STEP 10 CHECK_ANSWER 265ENTRY_BEGIN 266MATCH all 267REPLY QR RD RA AD DO NOERROR 268SECTION QUESTION 269a.1.2.b.3.4.c.5.6.example.com. IN A 270SECTION ANSWER 271a.1.2.b.3.4.c.5.6.example.com. 3600 IN A 11.11.11.11 272a.1.2.b.3.4.c.5.6.example.com. 3600 IN RRSIG A 5 11 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. GUZcUHhxAvc6FYwAzVJcTqsjz5L36bGA45dyeSupEGEhhUJj0wm/FaYCAlO8J+H2zcFEqbgK0KzHdrFmNHkgUQ== ;{id = 30899} 273SECTION AUTHORITY 274SECTION ADDITIONAL 275ENTRY_END 276 277SCENARIO_END 278