xref: /netbsd-src/external/bsd/unbound/dist/testdata/val_nsec3_b4_wild_wr.rpl (revision 92e958de60c71aa0f2452bd7074cbb006fe6546b) 
1; config options
2server:
3	trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
4	val-override-date: "20120420235959"
5	target-fetch-policy: "0 0 0 0 0"
6
7stub-zone:
8	name: "."
9	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
10CONFIG_END
11
12SCENARIO_BEGIN Test validator NSEC3 B.4 wildcard expansion, wrong NSEC3.
13
14; K.ROOT-SERVERS.NET.
15RANGE_BEGIN 0 100
16	ADDRESS 193.0.14.129
17ENTRY_BEGIN
18MATCH opcode qtype qname
19ADJUST copy_id
20REPLY QR NOERROR
21SECTION QUESTION
22. IN NS
23SECTION ANSWER
24. IN NS	K.ROOT-SERVERS.NET.
25SECTION ADDITIONAL
26K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
27ENTRY_END
28
29ENTRY_BEGIN
30MATCH opcode subdomain
31ADJUST copy_id copy_query
32REPLY QR NOERROR
33SECTION QUESTION
34example. IN A
35SECTION AUTHORITY
36example.	IN NS	ns1.example.
37; leave out to make unbound take ns1
38;example.	IN NS	ns2.example.
39SECTION ADDITIONAL
40ns1.example.	IN A 192.0.2.1
41; leave out to make unbound take ns1
42;ns2.example.	IN A 192.0.2.2
43ENTRY_END
44RANGE_END
45
46; ns1.example.
47RANGE_BEGIN 0 100
48	ADDRESS 192.0.2.1
49ENTRY_BEGIN
50MATCH opcode qtype qname
51ADJUST copy_id copy_query
52REPLY QR REFUSED
53SECTION QUESTION
54ns1.example. IN A
55SECTION ANSWER
56ENTRY_END
57
58ENTRY_BEGIN
59MATCH opcode qtype qname
60ADJUST copy_id copy_query
61REPLY QR REFUSED
62SECTION QUESTION
63ns1.example. IN AAAA
64SECTION ANSWER
65ENTRY_END
66
67ENTRY_BEGIN
68MATCH opcode qtype qname
69ADJUST copy_id copy_query
70REPLY QR REFUSED
71SECTION QUESTION
72example. IN NS
73SECTION ANSWER
74ENTRY_END
75
76; response to DNSKEY priming query
77
78ENTRY_BEGIN
79MATCH opcode qtype qname
80ADJUST copy_id
81REPLY QR NOERROR
82SECTION QUESTION
83example. IN DNSKEY
84SECTION ANSWER
85example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
86example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
87example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
88ENTRY_END
89
90ENTRY_BEGIN
91MATCH opcode qtype qname
92ADJUST copy_id
93REPLY QR AA DO NOERROR
94SECTION QUESTION
95a.z.w.example. IN MX
96SECTION ANSWER
97a.z.w.example. MX      1 ai.example.
98a.z.w.example. RRSIG   MX 7 2 3600 20150420235959 20051021000000 ( 40430 example.  CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== )
99SECTION AUTHORITY
100example.       NS      ns1.example.
101example.       NS      ns2.example.
102example. RRSIG   NS 7 1 3600 20150420235959 20051021000000 ( 40430 example.  PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== )
103
104;; NSEC3 RR that covers the "next closer" name (z.w.example)
105;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
106;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
107;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
108
109; The wrong NSEC3 here
110k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
111k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
112
113SECTION ADDITIONAL
114ai.example.    A       192.0.2.9
115ai.example.    RRSIG   A 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== )
116ai.example.    AAAA    2001:db8:0:0:0:0:f00:baa9
117ai.example.    RRSIG   AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example.  LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== )
118ENTRY_END
119
120; catch glue queries
121ENTRY_BEGIN
122MATCH opcode qtype qname
123ADJUST copy_id
124REPLY QR AA DO NOERROR
125SECTION QUESTION
126ns2.example. IN      A
127SECTION ANSWER
128; nothing to make sure the ns1 server is used for queries.
129ENTRY_END
130
131ENTRY_BEGIN
132MATCH opcode qtype qname
133ADJUST copy_id
134REPLY QR AA DO NOERROR
135SECTION QUESTION
136ns2.example. IN      AAAA
137SECTION ANSWER
138; nothing to make sure the ns1 server is used for queries.
139ENTRY_END
140
141
142RANGE_END
143
144STEP 1 QUERY
145ENTRY_BEGIN
146REPLY RD
147SECTION QUESTION
148a.z.w.example. IN MX
149ENTRY_END
150
151; recursion happens here.
152STEP 10 CHECK_ANSWER
153ENTRY_BEGIN
154MATCH all
155REPLY QR RD RA SERVFAIL
156SECTION QUESTION
157a.z.w.example. IN MX
158SECTION ANSWER
159SECTION AUTHORITY
160SECTION ADDITIONAL
161ENTRY_END
162
163SCENARIO_END
164