1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 8stub-zone: 9 name: "." 10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 11CONFIG_END 12 13SCENARIO_BEGIN Test validator with NSEC3 CNAME for qtype DS. 14 15; K.ROOT-SERVERS.NET. 16RANGE_BEGIN 0 100 17 ADDRESS 193.0.14.129 18ENTRY_BEGIN 19MATCH opcode qtype qname 20ADJUST copy_id 21REPLY QR NOERROR 22SECTION QUESTION 23. IN NS 24SECTION ANSWER 25. IN NS K.ROOT-SERVERS.NET. 26SECTION ADDITIONAL 27K.ROOT-SERVERS.NET. IN A 193.0.14.129 28ENTRY_END 29 30ENTRY_BEGIN 31MATCH opcode qtype qname 32ADJUST copy_id 33REPLY QR NOERROR 34SECTION QUESTION 35www.sub.example.com. IN DS 36SECTION AUTHORITY 37com. IN NS a.gtld-servers.net. 38SECTION ADDITIONAL 39a.gtld-servers.net. IN A 192.5.6.30 40ENTRY_END 41RANGE_END 42 43; a.gtld-servers.net. 44RANGE_BEGIN 0 100 45 ADDRESS 192.5.6.30 46ENTRY_BEGIN 47MATCH opcode qtype qname 48ADJUST copy_id 49REPLY QR NOERROR 50SECTION QUESTION 51com. IN NS 52SECTION ANSWER 53com. IN NS a.gtld-servers.net. 54SECTION ADDITIONAL 55a.gtld-servers.net. IN A 192.5.6.30 56ENTRY_END 57 58ENTRY_BEGIN 59MATCH opcode qtype qname 60ADJUST copy_id 61REPLY QR NOERROR 62SECTION QUESTION 63www.sub.example.com. IN DS 64SECTION AUTHORITY 65example.com. IN NS ns.example.com. 66SECTION ADDITIONAL 67ns.example.com. IN A 1.2.3.4 68ENTRY_END 69RANGE_END 70 71; ns.example.com. 72RANGE_BEGIN 0 100 73 ADDRESS 1.2.3.4 74ENTRY_BEGIN 75MATCH opcode qtype qname 76ADJUST copy_id 77REPLY QR NOERROR 78SECTION QUESTION 79example.com. IN NS 80SECTION ANSWER 81example.com. IN NS ns.example.com. 82example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 83SECTION ADDITIONAL 84ns.example.com. IN A 1.2.3.4 85ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 86ENTRY_END 87 88; response to DNSKEY priming query 89ENTRY_BEGIN 90MATCH opcode qtype qname 91ADJUST copy_id 92REPLY QR NOERROR 93SECTION QUESTION 94example.com. IN DNSKEY 95SECTION ANSWER 96example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 97example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 98SECTION AUTHORITY 99example.com. IN NS ns.example.com. 100example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 101SECTION ADDITIONAL 102ns.example.com. IN A 1.2.3.4 103ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 104ENTRY_END 105 106; response to query of interest 107ENTRY_BEGIN 108MATCH opcode qtype qname 109ADJUST copy_id 110REPLY QR NOERROR 111SECTION QUESTION 112www.example.com. IN A 113SECTION AUTHORITY 114example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 115example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} 116 117; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 118s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG 119s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} 120 121ENTRY_END 122 123; refer to server one down 124ENTRY_BEGIN 125MATCH opcode qtype qname 126ADJUST copy_id 127REPLY QR NOERROR 128SECTION QUESTION 129www.sub.example.com. IN DS 130SECTION AUTHORITY 131sub.example.com. IN NS ns.sub.example.com. 132sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 133sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} 134SECTION ADDITIONAL 135ns.sub.example.com. IN A 1.2.3.10 136ENTRY_END 137RANGE_END 138 139; ns.sub.example.com. 140RANGE_BEGIN 0 100 141 ADDRESS 1.2.3.10 142ENTRY_BEGIN 143MATCH opcode qtype qname 144ADJUST copy_id 145REPLY QR NOERROR 146SECTION QUESTION 147sub.example.com. IN NS 148SECTION ANSWER 149sub.example.com. IN NS ns.sub.example.com. 150SECTION ADDITIONAL 151ns.sub.example.com. IN A 1.2.3.10 152ENTRY_END 153 154; response to DNSKEY priming query 155ENTRY_BEGIN 156MATCH opcode qtype qname 157ADJUST copy_id 158REPLY QR NOERROR 159SECTION QUESTION 160sub.example.com. IN DNSKEY 161SECTION ANSWER 162sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 163sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} 164 165ENTRY_END 166 167ENTRY_BEGIN 168MATCH opcode qtype qname 169ADJUST copy_id 170REPLY QR NOERROR 171SECTION QUESTION 172www.sub.example.com. IN DS 173SECTION ANSWER 174; from *.sub.example.com. IN CNAME sub.example.com. 175www.sub.example.com. IN CNAME sub.example.com. 176www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFyXwAzONbrkZD3oQ50zRYXOr1vvAhQAmzDTm7YYloe6F96eBS1L+KE9hg== ;{id = 2854} 177SECTION AUTHORITY 178; cover qname next closer name, for the wildcard. 179; H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme 180ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG 181ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854} 182 183ENTRY_END 184RANGE_END 185 186STEP 1 QUERY 187ENTRY_BEGIN 188REPLY RD DO 189SECTION QUESTION 190www.sub.example.com. IN DS 191ENTRY_END 192 193; recursion happens here. 194STEP 10 CHECK_ANSWER 195ENTRY_BEGIN 196MATCH all 197REPLY QR RD RA DO NOERROR 198SECTION QUESTION 199www.sub.example.com. IN DS 200SECTION ANSWER 201www.sub.example.com. IN CNAME sub.example.com. 202www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFyXwAzONbrkZD3oQ50zRYXOr1vvAhQAmzDTm7YYloe6F96eBS1L+KE9hg== ;{id = 2854} 203sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 204sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} 205SECTION AUTHORITY 206ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG 207ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854} 208SECTION ADDITIONAL 209ENTRY_END 210 211SCENARIO_END 212