1; config options 2server: 3 trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" 4 val-override-date: "20120420235959" 5 target-fetch-policy: "0 0 0 0 0" 6 fake-sha1: yes 7 trust-anchor-signaling: no 8 9stub-zone: 10 name: "." 11 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 12CONFIG_END 13 14SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without nc. 15 16; K.ROOT-SERVERS.NET. 17RANGE_BEGIN 0 100 18 ADDRESS 193.0.14.129 19ENTRY_BEGIN 20MATCH opcode qtype qname 21ADJUST copy_id 22REPLY QR NOERROR 23SECTION QUESTION 24. IN NS 25SECTION ANSWER 26. IN NS K.ROOT-SERVERS.NET. 27SECTION ADDITIONAL 28K.ROOT-SERVERS.NET. IN A 193.0.14.129 29ENTRY_END 30 31ENTRY_BEGIN 32MATCH opcode subdomain 33ADJUST copy_id copy_query 34REPLY QR NOERROR 35SECTION QUESTION 36example. IN A 37SECTION AUTHORITY 38example. IN NS ns1.example. 39; leave out to make unbound take ns1 40;example. IN NS ns2.example. 41SECTION ADDITIONAL 42ns1.example. IN A 192.0.2.1 43; leave out to make unbound take ns1 44;ns2.example. IN A 192.0.2.2 45ENTRY_END 46RANGE_END 47 48; ns1.example. 49RANGE_BEGIN 0 100 50 ADDRESS 192.0.2.1 51ENTRY_BEGIN 52MATCH opcode qtype qname 53ADJUST copy_id copy_query 54REPLY QR REFUSED 55SECTION QUESTION 56ns1.example. IN A 57SECTION ANSWER 58ENTRY_END 59 60ENTRY_BEGIN 61MATCH opcode qtype qname 62ADJUST copy_id copy_query 63REPLY QR REFUSED 64SECTION QUESTION 65ns1.example. IN AAAA 66SECTION ANSWER 67ENTRY_END 68 69ENTRY_BEGIN 70MATCH opcode qtype qname 71ADJUST copy_id copy_query 72REPLY QR REFUSED 73SECTION QUESTION 74example. IN NS 75SECTION ANSWER 76ENTRY_END 77 78; response to DNSKEY priming query 79 80ENTRY_BEGIN 81MATCH opcode qtype qname 82ADJUST copy_id 83REPLY QR NOERROR 84SECTION QUESTION 85example. IN DNSKEY 86SECTION ANSWER 87example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) 88example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) 89example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) 90ENTRY_END 91 92ENTRY_BEGIN 93MATCH opcode qtype qname 94ADJUST copy_id 95REPLY QR AA DO NOERROR 96SECTION QUESTION 97c.example. IN DS 98SECTION AUTHORITY 99;; NSEC3 RR that covers the "next closer" name (c.example) 100;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck 101;35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) 102;35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) 103 104;; NSEC3 RR that matches the closest encloser (example) 105;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom 1060p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) 1070p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) 108ENTRY_END 109 110ENTRY_BEGIN 111MATCH opcode subdomain 112ADJUST copy_id copy_query 113REPLY QR AA DO NOERROR 114SECTION QUESTION 115c.example. IN MX 116SECTION AUTHORITY 117c.example. NS ns1.c.example. 118c.example. NS ns2.c.example. 119 120;; NSEC3 RR that covers the "next closer" name (c.example) 121;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck 122; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) 123; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) 124 125;; NSEC3 RR that matches the closest encloser (example) 126;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom 1270p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) 1280p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) 129 130SECTION ADDITIONAL 131ns1.c.example. A 192.0.2.7 132ns2.c.example. A 192.0.2.8 133 134ENTRY_END 135 136RANGE_END 137 138; ns1.c.example. 139RANGE_BEGIN 0 100 140 ADDRESS 192.0.2.7 141ENTRY_BEGIN 142MATCH opcode qtype qname 143ADJUST copy_id 144REPLY QR AA REFUSED 145SECTION QUESTION 146ns1.c.example. IN AAAA 147ENTRY_END 148 149ENTRY_BEGIN 150MATCH opcode qtype qname 151ADJUST copy_id 152REPLY QR AA REFUSED 153SECTION QUESTION 154ns2.c.example. IN AAAA 155ENTRY_END 156 157ENTRY_BEGIN 158MATCH opcode qtype qname 159ADJUST copy_id 160REPLY QR AA NOERROR 161SECTION QUESTION 162c.example. IN NS 163SECTION ANSWER 164c.example. NS ns1.c.example. 165c.example. NS ns2.c.example. 166SECTION ADDITIONAL 167ns1.c.example. A 192.0.2.7 168ns2.c.example. A 192.0.2.8 169ENTRY_END 170 171ENTRY_BEGIN 172MATCH opcode qtype qname 173ADJUST copy_id 174REPLY QR AA NOERROR 175SECTION QUESTION 176mc.c.example. IN MX 177SECTION ANSWER 178mc.c.example. IN MX 50 mx.c.example. 179SECTION AUTHORITY 180c.example. NS ns1.c.example. 181c.example. NS ns2.c.example. 182SECTION ADDITIONAL 183ns1.c.example. A 192.0.2.7 184ns2.c.example. A 192.0.2.8 185ENTRY_END 186RANGE_END 187 188; ns2.c.example. 189RANGE_BEGIN 0 100 190 ADDRESS 192.0.2.8 191ENTRY_BEGIN 192MATCH opcode qtype qname 193ADJUST copy_id 194REPLY QR AA REFUSED 195SECTION QUESTION 196ns1.c.example. IN AAAA 197ENTRY_END 198 199ENTRY_BEGIN 200MATCH opcode qtype qname 201ADJUST copy_id 202REPLY QR AA REFUSED 203SECTION QUESTION 204ns2.c.example. IN AAAA 205ENTRY_END 206 207ENTRY_BEGIN 208MATCH opcode qtype qname 209ADJUST copy_id 210REPLY QR AA NOERROR 211SECTION QUESTION 212c.example. IN NS 213SECTION ANSWER 214c.example. NS ns1.c.example. 215c.example. NS ns2.c.example. 216SECTION ADDITIONAL 217ns1.c.example. A 192.0.2.7 218ns2.c.example. A 192.0.2.8 219ENTRY_END 220 221ENTRY_BEGIN 222MATCH opcode qtype qname 223ADJUST copy_id 224REPLY QR AA NOERROR 225SECTION QUESTION 226mc.c.example. IN MX 227SECTION ANSWER 228mc.c.example. IN MX 50 mx.c.example. 229SECTION AUTHORITY 230c.example. NS ns1.c.example. 231c.example. NS ns2.c.example. 232SECTION ADDITIONAL 233ns1.c.example. A 192.0.2.7 234ns2.c.example. A 192.0.2.8 235ENTRY_END 236RANGE_END 237 238 239STEP 1 QUERY 240ENTRY_BEGIN 241REPLY RD 242SECTION QUESTION 243mc.c.example. IN MX 244ENTRY_END 245 246; recursion happens here. 247STEP 10 CHECK_ANSWER 248ENTRY_BEGIN 249MATCH all 250REPLY QR RD RA SERVFAIL 251SECTION QUESTION 252mc.c.example. IN MX 253ENTRY_END 254 255SCENARIO_END 256