1; config options 2server: 3 trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" 4 val-override-date: "20120420235959" 5 target-fetch-policy: "0 0 0 0 0" 6 qname-minimisation: "no" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 rrset-roundrobin: no 10 11stub-zone: 12 name: "." 13 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 14CONFIG_END 15 16SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without ce. 17 18; K.ROOT-SERVERS.NET. 19RANGE_BEGIN 0 100 20 ADDRESS 193.0.14.129 21ENTRY_BEGIN 22MATCH opcode qtype qname 23ADJUST copy_id 24REPLY QR NOERROR 25SECTION QUESTION 26. IN NS 27SECTION ANSWER 28. IN NS K.ROOT-SERVERS.NET. 29SECTION ADDITIONAL 30K.ROOT-SERVERS.NET. IN A 193.0.14.129 31ENTRY_END 32 33ENTRY_BEGIN 34MATCH opcode subdomain 35ADJUST copy_id copy_query 36REPLY QR NOERROR 37SECTION QUESTION 38example. IN A 39SECTION AUTHORITY 40example. IN NS ns1.example. 41; leave out to make unbound take ns1 42;example. IN NS ns2.example. 43SECTION ADDITIONAL 44ns1.example. IN A 192.0.2.1 45; leave out to make unbound take ns1 46;ns2.example. IN A 192.0.2.2 47ENTRY_END 48RANGE_END 49 50; ns1.example. 51RANGE_BEGIN 0 100 52 ADDRESS 192.0.2.1 53ENTRY_BEGIN 54MATCH opcode qtype qname 55ADJUST copy_id copy_query 56REPLY QR REFUSED 57SECTION QUESTION 58ns1.example. IN A 59SECTION ANSWER 60ENTRY_END 61 62ENTRY_BEGIN 63MATCH opcode qtype qname 64ADJUST copy_id copy_query 65REPLY QR REFUSED 66SECTION QUESTION 67ns1.example. IN AAAA 68SECTION ANSWER 69ENTRY_END 70 71ENTRY_BEGIN 72MATCH opcode qtype qname 73ADJUST copy_id copy_query 74REPLY QR REFUSED 75SECTION QUESTION 76example. IN NS 77SECTION ANSWER 78ENTRY_END 79 80; response to DNSKEY priming query 81 82ENTRY_BEGIN 83MATCH opcode qtype qname 84ADJUST copy_id 85REPLY QR NOERROR 86SECTION QUESTION 87example. IN DNSKEY 88SECTION ANSWER 89example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) 90example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) 91example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) 92ENTRY_END 93 94ENTRY_BEGIN 95MATCH opcode qtype qname 96ADJUST copy_id 97REPLY QR AA DO NOERROR 98SECTION QUESTION 99c.example. IN DS 100SECTION AUTHORITY 101;; NSEC3 RR that covers the "next closer" name (c.example) 102;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck 10335mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) 10435mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) 105 106;; NSEC3 RR that matches the closest encloser (example) 107;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom 108;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) 109;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) 110ENTRY_END 111 112ENTRY_BEGIN 113MATCH opcode subdomain 114ADJUST copy_id copy_query 115REPLY QR AA DO NOERROR 116SECTION QUESTION 117c.example. IN MX 118SECTION AUTHORITY 119c.example. NS ns1.c.example. 120c.example. NS ns2.c.example. 121 122;; NSEC3 RR that covers the "next closer" name (c.example) 123;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck 12435mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) 12535mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) 126 127;; NSEC3 RR that matches the closest encloser (example) 128;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom 129; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) 130; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) 131 132SECTION ADDITIONAL 133ns1.c.example. A 192.0.2.7 134ns2.c.example. A 192.0.2.8 135 136ENTRY_END 137RANGE_END 138 139; ns1.c.example. 140RANGE_BEGIN 0 100 141 ADDRESS 192.0.2.7 142ENTRY_BEGIN 143MATCH opcode qtype qname 144ADJUST copy_id 145REPLY QR AA REFUSED 146SECTION QUESTION 147ns1.c.example. IN AAAA 148ENTRY_END 149 150ENTRY_BEGIN 151MATCH opcode qtype qname 152ADJUST copy_id 153REPLY QR AA REFUSED 154SECTION QUESTION 155ns2.c.example. IN AAAA 156ENTRY_END 157 158ENTRY_BEGIN 159MATCH opcode qtype qname 160ADJUST copy_id 161REPLY QR AA NOERROR 162SECTION QUESTION 163c.example. IN NS 164SECTION ANSWER 165c.example. NS ns1.c.example. 166c.example. NS ns2.c.example. 167SECTION ADDITIONAL 168ns1.c.example. A 192.0.2.7 169ns2.c.example. A 192.0.2.8 170ENTRY_END 171 172ENTRY_BEGIN 173MATCH opcode qtype qname 174ADJUST copy_id 175REPLY QR AA NOERROR 176SECTION QUESTION 177mc.c.example. IN MX 178SECTION ANSWER 179mc.c.example. IN MX 50 mx.c.example. 180SECTION AUTHORITY 181c.example. NS ns1.c.example. 182c.example. NS ns2.c.example. 183SECTION ADDITIONAL 184ns1.c.example. A 192.0.2.7 185ns2.c.example. A 192.0.2.8 186ENTRY_END 187RANGE_END 188 189; ns2.c.example. 190RANGE_BEGIN 0 100 191 ADDRESS 192.0.2.8 192ENTRY_BEGIN 193MATCH opcode qtype qname 194ADJUST copy_id 195REPLY QR AA REFUSED 196SECTION QUESTION 197ns1.c.example. IN AAAA 198ENTRY_END 199 200ENTRY_BEGIN 201MATCH opcode qtype qname 202ADJUST copy_id 203REPLY QR AA REFUSED 204SECTION QUESTION 205ns2.c.example. IN AAAA 206ENTRY_END 207 208ENTRY_BEGIN 209MATCH opcode qtype qname 210ADJUST copy_id 211REPLY QR AA NOERROR 212SECTION QUESTION 213c.example. IN NS 214SECTION ANSWER 215c.example. NS ns1.c.example. 216c.example. NS ns2.c.example. 217SECTION ADDITIONAL 218ns1.c.example. A 192.0.2.7 219ns2.c.example. A 192.0.2.8 220ENTRY_END 221 222ENTRY_BEGIN 223MATCH opcode qtype qname 224ADJUST copy_id 225REPLY QR AA NOERROR 226SECTION QUESTION 227mc.c.example. IN MX 228SECTION ANSWER 229mc.c.example. IN MX 50 mx.c.example. 230SECTION AUTHORITY 231c.example. NS ns1.c.example. 232c.example. NS ns2.c.example. 233SECTION ADDITIONAL 234ns1.c.example. A 192.0.2.7 235ns2.c.example. A 192.0.2.8 236ENTRY_END 237RANGE_END 238 239 240STEP 1 QUERY 241ENTRY_BEGIN 242REPLY RD 243SECTION QUESTION 244mc.c.example. IN MX 245ENTRY_END 246 247; recursion happens here. 248STEP 10 CHECK_ANSWER 249ENTRY_BEGIN 250MATCH all 251REPLY QR RD RA SERVFAIL 252SECTION QUESTION 253mc.c.example. IN MX 254ENTRY_END 255 256SCENARIO_END 257