xref: /netbsd-src/external/bsd/unbound/dist/testdata/val_nsec3_b3_optout_negcache.rpl (revision eceb233b9bd0dfebb902ed73b531ae6964fa3f9b) 
1; config options
2server:
3        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
4	val-override-date: "20120420235959"
5	target-fetch-policy: "0 0 0 0 0"
6	qname-minimisation: "no"
7	fake-sha1: yes
8	trust-anchor-signaling: no
9	minimal-responses: no
10
11stub-zone:
12	name: "."
13	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
14CONFIG_END
15
16SCENARIO_BEGIN Test validator NSEC3 B.3 referral optout with negative cache.
17
18; K.ROOT-SERVERS.NET.
19RANGE_BEGIN 0 100
20	ADDRESS 193.0.14.129
21ENTRY_BEGIN
22MATCH opcode qtype qname
23ADJUST copy_id
24REPLY QR NOERROR
25SECTION QUESTION
26. IN NS
27SECTION ANSWER
28. IN NS	K.ROOT-SERVERS.NET.
29SECTION ADDITIONAL
30K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
31ENTRY_END
32
33ENTRY_BEGIN
34MATCH opcode
35ADJUST copy_id copy_query
36REPLY QR NOERROR
37SECTION QUESTION
38. IN A
39SECTION AUTHORITY
40example.	IN NS	ns1.example.
41; leave out to make unbound take ns1
42;example.	IN NS	ns2.example.
43SECTION ADDITIONAL
44ns1.example.	IN A 192.0.2.1
45; leave out to make unbound take ns1
46;ns2.example.	IN A 192.0.2.2
47ENTRY_END
48RANGE_END
49
50; ns1.example.
51RANGE_BEGIN 0 100
52	ADDRESS 192.0.2.1
53ENTRY_BEGIN
54MATCH opcode qtype qname
55ADJUST copy_id copy_query
56REPLY QR REFUSED
57SECTION QUESTION
58example. IN NS
59SECTION ANSWER
60ENTRY_END
61
62; response to DNSKEY priming query
63
64ENTRY_BEGIN
65MATCH opcode qtype qname
66ADJUST copy_id
67REPLY QR NOERROR
68SECTION QUESTION
69example. IN DNSKEY
70SECTION ANSWER
71example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
72example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
73example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
74ENTRY_END
75
76ENTRY_BEGIN
77MATCH opcode qtype qname
78ADJUST copy_id
79REPLY QR AA DO NOERROR
80SECTION QUESTION
81mc.c.example.       IN MX
82SECTION AUTHORITY
83c.example.	NS      ns1.c.example.
84c.example. 	NS      ns2.c.example.
85
86;; NSEC3 RR that covers the "next closer" name (c.example)
87;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
8835mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
8935mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
90
91;; NSEC3 RR that matches the closest encloser (example)
92;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
930p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
940p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
95
96SECTION ADDITIONAL
97ns1.c.example. A       192.0.2.7
98ns2.c.example. A       192.0.2.8
99
100ENTRY_END
101
102
103; DS must be gotten from neg cache
104; ENTRY_BEGIN
105; MATCH opcode qtype qname
106; ADJUST copy_id
107; REPLY QR AA DO NOERROR
108; SECTION QUESTION
109; c.example.       IN DS
110; SECTION AUTHORITY
111; ;; NSEC3 RR that covers the "next closer" name (c.example)
112; ;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
113; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
114; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
115;
116; ;; NSEC3 RR that matches the closest encloser (example)
117; ;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
118; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
119; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
120; ENTRY_END
121
122RANGE_END
123
124; ns1.c.example.
125RANGE_BEGIN 0 100
126	ADDRESS 192.0.2.7
127ENTRY_BEGIN
128MATCH opcode qtype qname
129ADJUST copy_id
130REPLY QR AA NOERROR
131SECTION QUESTION
132c.example.       IN NS
133SECTION ANSWER
134c.example.	NS      ns1.c.example.
135c.example. 	NS      ns2.c.example.
136SECTION ADDITIONAL
137ns1.c.example. A       192.0.2.7
138ns2.c.example. A       192.0.2.8
139ENTRY_END
140
141ENTRY_BEGIN
142MATCH opcode qtype qname
143ADJUST copy_id
144REPLY QR AA NOERROR
145SECTION QUESTION
146mc.c.example.       IN MX
147SECTION ANSWER
148mc.c.example.       IN MX 50 mx.c.example.
149SECTION AUTHORITY
150c.example.	NS      ns1.c.example.
151c.example. 	NS      ns2.c.example.
152SECTION ADDITIONAL
153ns1.c.example. A       192.0.2.7
154ns2.c.example. A       192.0.2.8
155ENTRY_END
156RANGE_END
157
158; ns2.c.example.
159RANGE_BEGIN 0 100
160	ADDRESS 192.0.2.8
161ENTRY_BEGIN
162MATCH opcode qtype qname
163ADJUST copy_id
164REPLY QR AA NOERROR
165SECTION QUESTION
166c.example.       IN NS
167SECTION ANSWER
168c.example.	NS      ns1.c.example.
169c.example. 	NS      ns2.c.example.
170SECTION ADDITIONAL
171ns1.c.example. A       192.0.2.7
172ns2.c.example. A       192.0.2.8
173ENTRY_END
174
175ENTRY_BEGIN
176MATCH opcode qtype qname
177ADJUST copy_id
178REPLY QR AA NOERROR
179SECTION QUESTION
180mc.c.example.       IN MX
181SECTION ANSWER
182mc.c.example.       IN MX 50 mx.c.example.
183SECTION AUTHORITY
184c.example.	NS      ns1.c.example.
185c.example. 	NS      ns2.c.example.
186SECTION ADDITIONAL
187ns1.c.example. A       192.0.2.7
188ns2.c.example. A       192.0.2.8
189ENTRY_END
190RANGE_END
191
192
193STEP 1 QUERY
194ENTRY_BEGIN
195REPLY RD DO
196SECTION QUESTION
197mc.c.example.       IN MX
198ENTRY_END
199
200; recursion happens here.
201STEP 10 CHECK_ANSWER
202ENTRY_BEGIN
203MATCH all
204REPLY QR RD RA DO NOERROR
205SECTION QUESTION
206mc.c.example.       IN MX
207SECTION ANSWER
208mc.c.example.       IN MX 50 mx.c.example.
209SECTION AUTHORITY
210c.example.	NS      ns1.c.example.
211c.example. 	NS      ns2.c.example.
212SECTION ADDITIONAL
213ns1.c.example. A       192.0.2.7
214ns2.c.example. A       192.0.2.8
215ENTRY_END
216
217SCENARIO_END
218