1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 11stub-zone: 12 name: "." 13 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 14CONFIG_END 15 16SCENARIO_BEGIN Test validator with NSEC3 wildcard CNAME to parent. 17; to test the zone determination routines in nsec3. 18 19; K.ROOT-SERVERS.NET. 20RANGE_BEGIN 0 100 21 ADDRESS 193.0.14.129 22ENTRY_BEGIN 23MATCH opcode qtype qname 24ADJUST copy_id 25REPLY QR NOERROR 26SECTION QUESTION 27. IN NS 28SECTION ANSWER 29. IN NS K.ROOT-SERVERS.NET. 30SECTION ADDITIONAL 31K.ROOT-SERVERS.NET. IN A 193.0.14.129 32ENTRY_END 33 34ENTRY_BEGIN 35MATCH opcode qtype qname 36ADJUST copy_id 37REPLY QR NOERROR 38SECTION QUESTION 39www.sub.example.com. IN A 40SECTION AUTHORITY 41com. IN NS a.gtld-servers.net. 42SECTION ADDITIONAL 43a.gtld-servers.net. IN A 192.5.6.30 44ENTRY_END 45RANGE_END 46 47; a.gtld-servers.net. 48RANGE_BEGIN 0 100 49 ADDRESS 192.5.6.30 50ENTRY_BEGIN 51MATCH opcode qtype qname 52ADJUST copy_id 53REPLY QR NOERROR 54SECTION QUESTION 55com. IN NS 56SECTION ANSWER 57com. IN NS a.gtld-servers.net. 58SECTION ADDITIONAL 59a.gtld-servers.net. IN A 192.5.6.30 60ENTRY_END 61 62ENTRY_BEGIN 63MATCH opcode qtype qname 64ADJUST copy_id 65REPLY QR NOERROR 66SECTION QUESTION 67www.sub.example.com. IN A 68SECTION AUTHORITY 69example.com. IN NS ns.example.com. 70SECTION ADDITIONAL 71ns.example.com. IN A 1.2.3.4 72ENTRY_END 73RANGE_END 74 75; ns.example.com. 76RANGE_BEGIN 0 100 77 ADDRESS 1.2.3.4 78ENTRY_BEGIN 79MATCH opcode qtype qname 80ADJUST copy_id 81REPLY QR NOERROR 82SECTION QUESTION 83example.com. IN NS 84SECTION ANSWER 85example.com. IN NS ns.example.com. 86example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 87SECTION ADDITIONAL 88ns.example.com. IN A 1.2.3.4 89ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 90ENTRY_END 91 92; response to DNSKEY priming query 93ENTRY_BEGIN 94MATCH opcode qtype qname 95ADJUST copy_id 96REPLY QR NOERROR 97SECTION QUESTION 98example.com. IN DNSKEY 99SECTION ANSWER 100example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 101example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 102SECTION AUTHORITY 103example.com. IN NS ns.example.com. 104example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 105SECTION ADDITIONAL 106ns.example.com. IN A 1.2.3.4 107ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 108ENTRY_END 109 110; response to query of interest 111ENTRY_BEGIN 112MATCH opcode qtype qname 113ADJUST copy_id 114REPLY QR NOERROR 115SECTION QUESTION 116www.example.com. IN A 117SECTION AUTHORITY 118example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 119example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} 120 121; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 122s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG 123s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} 124 125ENTRY_END 126 127; refer to server one down 128ENTRY_BEGIN 129MATCH opcode qtype qname 130ADJUST copy_id 131REPLY QR NOERROR 132SECTION QUESTION 133www.sub.example.com. IN A 134SECTION AUTHORITY 135sub.example.com. IN NS ns.sub.example.com. 136sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 137sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} 138SECTION ADDITIONAL 139ns.sub.example.com. IN A 1.2.3.10 140ENTRY_END 141RANGE_END 142 143; ns.sub.example.com. 144RANGE_BEGIN 0 100 145 ADDRESS 1.2.3.10 146ENTRY_BEGIN 147MATCH opcode qtype qname 148ADJUST copy_id 149REPLY QR NOERROR 150SECTION QUESTION 151sub.example.com. IN NS 152SECTION ANSWER 153sub.example.com. IN NS ns.sub.example.com. 154SECTION ADDITIONAL 155ns.sub.example.com. IN A 1.2.3.10 156ENTRY_END 157 158; response to DNSKEY priming query 159ENTRY_BEGIN 160MATCH opcode qtype qname 161ADJUST copy_id 162REPLY QR NOERROR 163SECTION QUESTION 164sub.example.com. IN DNSKEY 165SECTION ANSWER 166sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 167sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} 168 169ENTRY_END 170 171ENTRY_BEGIN 172MATCH opcode qtype qname 173ADJUST copy_id 174REPLY QR NOERROR 175SECTION QUESTION 176www.sub.example.com. IN A 177SECTION ANSWER 178; from *.sub.example.com. IN CNAME www.example.com. 179www.sub.example.com. IN CNAME www.example.com. 180www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFKPEuHCx2R69zF2Nd4c7Vu/4RUxAhRB9zHHPCihRU4HT5HhpPJxJykeFg== ;{id = 2854} 181SECTION AUTHORITY 182; cover qname next closer name, for the wildcard. 183; H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme 184ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG 185ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854} 186 187ENTRY_END 188RANGE_END 189 190STEP 1 QUERY 191ENTRY_BEGIN 192REPLY RD DO 193SECTION QUESTION 194www.sub.example.com. IN A 195ENTRY_END 196 197; recursion happens here. 198STEP 10 CHECK_ANSWER 199ENTRY_BEGIN 200MATCH all 201REPLY QR RD RA DO NOERROR 202SECTION QUESTION 203www.sub.example.com. IN A 204SECTION ANSWER 205www.sub.example.com. IN CNAME www.example.com. 206www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFKPEuHCx2R69zF2Nd4c7Vu/4RUxAhRB9zHHPCihRU4HT5HhpPJxJykeFg== ;{id = 2854} 207SECTION AUTHORITY 208ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG 209ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854} 210example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 211example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} 212s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG 213s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} 214 215SECTION ADDITIONAL 216ENTRY_END 217 218SCENARIO_END 219