1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 ede: yes 10 access-control: 127.0.0.0/8 allow_snoop 11 12stub-zone: 13 name: "." 14 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 15CONFIG_END 16 17SCENARIO_BEGIN Test validator with failed key prime, no keys. 18 19; K.ROOT-SERVERS.NET. 20RANGE_BEGIN 0 100 21 ADDRESS 193.0.14.129 22ENTRY_BEGIN 23MATCH opcode qtype qname 24ADJUST copy_id 25REPLY QR NOERROR 26SECTION QUESTION 27. IN NS 28SECTION ANSWER 29. IN NS K.ROOT-SERVERS.NET. 30SECTION ADDITIONAL 31K.ROOT-SERVERS.NET. IN A 193.0.14.129 32ENTRY_END 33 34ENTRY_BEGIN 35MATCH opcode subdomain 36ADJUST copy_id copy_query 37REPLY QR NOERROR 38SECTION QUESTION 39com. IN A 40SECTION AUTHORITY 41com. IN NS a.gtld-servers.net. 42SECTION ADDITIONAL 43a.gtld-servers.net. IN A 192.5.6.30 44ENTRY_END 45RANGE_END 46 47; a.gtld-servers.net. 48RANGE_BEGIN 0 100 49 ADDRESS 192.5.6.30 50ENTRY_BEGIN 51MATCH opcode qtype qname 52ADJUST copy_id 53REPLY QR NOERROR 54SECTION QUESTION 55com. IN NS 56SECTION ANSWER 57com. IN NS a.gtld-servers.net. 58SECTION ADDITIONAL 59a.gtld-servers.net. IN A 192.5.6.30 60ENTRY_END 61 62ENTRY_BEGIN 63MATCH opcode subdomain 64ADJUST copy_id copy_query 65REPLY QR NOERROR 66SECTION QUESTION 67example.com. IN A 68SECTION AUTHORITY 69example.com. IN NS ns.example.com. 70SECTION ADDITIONAL 71ns.example.com. IN A 1.2.3.4 72ENTRY_END 73RANGE_END 74 75; ns.example.com. 76RANGE_BEGIN 0 100 77 ADDRESS 1.2.3.4 78ENTRY_BEGIN 79MATCH opcode qtype qname 80ADJUST copy_id 81REPLY QR NOERROR 82SECTION QUESTION 83example.com. IN NS 84SECTION ANSWER 85example.com. IN NS ns.example.com. 86example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 87SECTION ADDITIONAL 88ns.example.com. IN A 1.2.3.4 89ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 90ENTRY_END 91 92ENTRY_BEGIN 93MATCH opcode qtype qname 94ADJUST copy_id 95REPLY QR NOERROR 96SECTION QUESTION 97ns.example.com. IN A 98SECTION ANSWER 99ns.example.com. IN A 1.2.3.4 100ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 101SECTION AUTHORITY 102example.com. IN NS ns.example.com. 103example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 104ENTRY_END 105 106; barely valid nodata for AAAA 107ENTRY_BEGIN 108MATCH opcode qtype qname 109ADJUST copy_id 110REPLY QR NOERROR 111SECTION QUESTION 112ns.example.com. IN AAAA 113SECTION ANSWER 114SECTION AUTHORITY 115example.com. IN NS ns.example.com. 116example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 117ENTRY_END 118 119 120; response to DNSKEY priming query 121ENTRY_BEGIN 122MATCH opcode qtype qname 123ADJUST copy_id 124REPLY QR AA NOERROR 125SECTION QUESTION 126example.com. IN DNSKEY 127SECTION ANSWER 128SECTION AUTHORITY 129example.com. IN SOA ns.example.com. hostmaster.example.com. 2007101500 28800 7200 604800 18000 130SECTION ADDITIONAL 131ENTRY_END 132 133; response to query of interest 134ENTRY_BEGIN 135MATCH opcode qtype qname 136ADJUST copy_id 137REPLY QR AA NOERROR 138SECTION QUESTION 139www.example.com. IN A 140SECTION ANSWER 141www.example.com. IN A 10.20.30.40 142SECTION AUTHORITY 143example.com. IN NS ns.example.com. 144SECTION ADDITIONAL 145ns.example.com. IN A 1.2.3.4 146ENTRY_END 147RANGE_END 148 149STEP 1 QUERY 150ENTRY_BEGIN 151REPLY RD DO 152SECTION QUESTION 153www.example.com. IN A 154ENTRY_END 155 156STEP 10 CHECK_ANSWER 157ENTRY_BEGIN 158MATCH all ede=9 159REPLY QR RD RA DO SERVFAIL 160SECTION QUESTION 161www.example.com. IN A 162SECTION ANSWER 163ENTRY_END 164 165; Redo the query without RD to check EDE caching. 166STEP 11 QUERY 167ENTRY_BEGIN 168REPLY DO 169SECTION QUESTION 170www.example.com. IN A 171ENTRY_END 172 173STEP 12 CHECK_ANSWER 174ENTRY_BEGIN 175MATCH all ede=9 176REPLY QR RA DO SERVFAIL 177SECTION QUESTION 178www.example.com. IN A 179SECTION ANSWER 180ENTRY_END 181 182SCENARIO_END 183