1; config options 2server: 3 trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" 4 val-override-date: "20120420235959" 5 target-fetch-policy: "0 0 0 0 0" 6 7stub-zone: 8 name: "." 9 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 10CONFIG_END 11 12SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without ce. 13 14; K.ROOT-SERVERS.NET. 15RANGE_BEGIN 0 100 16 ADDRESS 193.0.14.129 17ENTRY_BEGIN 18MATCH opcode qtype qname 19ADJUST copy_id 20REPLY QR NOERROR 21SECTION QUESTION 22. IN NS 23SECTION ANSWER 24. IN NS K.ROOT-SERVERS.NET. 25SECTION ADDITIONAL 26K.ROOT-SERVERS.NET. IN A 193.0.14.129 27ENTRY_END 28 29ENTRY_BEGIN 30MATCH opcode subdomain 31ADJUST copy_id copy_query 32REPLY QR NOERROR 33SECTION QUESTION 34example. IN A 35SECTION AUTHORITY 36example. IN NS ns1.example. 37; leave out to make unbound take ns1 38;example. IN NS ns2.example. 39SECTION ADDITIONAL 40ns1.example. IN A 192.0.2.1 41; leave out to make unbound take ns1 42;ns2.example. IN A 192.0.2.2 43ENTRY_END 44RANGE_END 45 46; ns1.example. 47RANGE_BEGIN 0 100 48 ADDRESS 192.0.2.1 49ENTRY_BEGIN 50MATCH opcode qtype qname 51ADJUST copy_id copy_query 52REPLY QR REFUSED 53SECTION QUESTION 54ns1.example. IN A 55SECTION ANSWER 56ENTRY_END 57 58ENTRY_BEGIN 59MATCH opcode qtype qname 60ADJUST copy_id copy_query 61REPLY QR REFUSED 62SECTION QUESTION 63ns1.example. IN AAAA 64SECTION ANSWER 65ENTRY_END 66 67ENTRY_BEGIN 68MATCH opcode qtype qname 69ADJUST copy_id copy_query 70REPLY QR REFUSED 71SECTION QUESTION 72example. IN NS 73SECTION ANSWER 74ENTRY_END 75 76; response to DNSKEY priming query 77 78ENTRY_BEGIN 79MATCH opcode qtype qname 80ADJUST copy_id 81REPLY QR NOERROR 82SECTION QUESTION 83example. IN DNSKEY 84SECTION ANSWER 85example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) 86example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) 87example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) 88ENTRY_END 89 90ENTRY_BEGIN 91MATCH opcode qtype qname 92ADJUST copy_id 93REPLY QR AA DO NOERROR 94SECTION QUESTION 95c.example. IN DS 96SECTION AUTHORITY 97;; NSEC3 RR that covers the "next closer" name (c.example) 98;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck 9935mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) 10035mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) 101 102;; NSEC3 RR that matches the closest encloser (example) 103;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom 104;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) 105;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) 106ENTRY_END 107 108ENTRY_BEGIN 109MATCH opcode subdomain 110ADJUST copy_id copy_query 111REPLY QR AA DO NOERROR 112SECTION QUESTION 113c.example. IN MX 114SECTION AUTHORITY 115c.example. NS ns1.c.example. 116c.example. NS ns2.c.example. 117 118;; NSEC3 RR that covers the "next closer" name (c.example) 119;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck 12035mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) 12135mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) 122 123;; NSEC3 RR that matches the closest encloser (example) 124;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom 125; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) 126; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) 127 128SECTION ADDITIONAL 129ns1.c.example. A 192.0.2.7 130ns2.c.example. A 192.0.2.8 131 132ENTRY_END 133RANGE_END 134 135; ns1.c.example. 136RANGE_BEGIN 0 100 137 ADDRESS 192.0.2.7 138ENTRY_BEGIN 139MATCH opcode qtype qname 140ADJUST copy_id 141REPLY QR AA REFUSED 142SECTION QUESTION 143ns1.c.example. IN AAAA 144ENTRY_END 145 146ENTRY_BEGIN 147MATCH opcode qtype qname 148ADJUST copy_id 149REPLY QR AA REFUSED 150SECTION QUESTION 151ns2.c.example. IN AAAA 152ENTRY_END 153 154ENTRY_BEGIN 155MATCH opcode qtype qname 156ADJUST copy_id 157REPLY QR AA NOERROR 158SECTION QUESTION 159c.example. IN NS 160SECTION ANSWER 161c.example. NS ns1.c.example. 162c.example. NS ns2.c.example. 163SECTION ADDITIONAL 164ns1.c.example. A 192.0.2.7 165ns2.c.example. A 192.0.2.8 166ENTRY_END 167 168ENTRY_BEGIN 169MATCH opcode qtype qname 170ADJUST copy_id 171REPLY QR AA NOERROR 172SECTION QUESTION 173mc.c.example. IN MX 174SECTION ANSWER 175mc.c.example. IN MX 50 mx.c.example. 176SECTION AUTHORITY 177c.example. NS ns1.c.example. 178c.example. NS ns2.c.example. 179SECTION ADDITIONAL 180ns1.c.example. A 192.0.2.7 181ns2.c.example. A 192.0.2.8 182ENTRY_END 183RANGE_END 184 185; ns2.c.example. 186RANGE_BEGIN 0 100 187 ADDRESS 192.0.2.8 188ENTRY_BEGIN 189MATCH opcode qtype qname 190ADJUST copy_id 191REPLY QR AA REFUSED 192SECTION QUESTION 193ns1.c.example. IN AAAA 194ENTRY_END 195 196ENTRY_BEGIN 197MATCH opcode qtype qname 198ADJUST copy_id 199REPLY QR AA REFUSED 200SECTION QUESTION 201ns2.c.example. IN AAAA 202ENTRY_END 203 204ENTRY_BEGIN 205MATCH opcode qtype qname 206ADJUST copy_id 207REPLY QR AA NOERROR 208SECTION QUESTION 209c.example. IN NS 210SECTION ANSWER 211c.example. NS ns1.c.example. 212c.example. NS ns2.c.example. 213SECTION ADDITIONAL 214ns1.c.example. A 192.0.2.7 215ns2.c.example. A 192.0.2.8 216ENTRY_END 217 218ENTRY_BEGIN 219MATCH opcode qtype qname 220ADJUST copy_id 221REPLY QR AA NOERROR 222SECTION QUESTION 223mc.c.example. IN MX 224SECTION ANSWER 225mc.c.example. IN MX 50 mx.c.example. 226SECTION AUTHORITY 227c.example. NS ns1.c.example. 228c.example. NS ns2.c.example. 229SECTION ADDITIONAL 230ns1.c.example. A 192.0.2.7 231ns2.c.example. A 192.0.2.8 232ENTRY_END 233RANGE_END 234 235 236STEP 1 QUERY 237ENTRY_BEGIN 238REPLY RD 239SECTION QUESTION 240mc.c.example. IN MX 241ENTRY_END 242 243; recursion happens here. 244STEP 10 CHECK_ANSWER 245ENTRY_BEGIN 246MATCH all 247REPLY QR RD RA SERVFAIL 248SECTION QUESTION 249mc.c.example. IN MX 250ENTRY_END 251 252SCENARIO_END 253