1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 10stub-zone: 11 name: "." 12 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 13CONFIG_END 14 15SCENARIO_BEGIN Test validator with NSEC3 wildcard CNAME to parent. 16; to test the zone determination routines in nsec3. 17 18; K.ROOT-SERVERS.NET. 19RANGE_BEGIN 0 100 20 ADDRESS 193.0.14.129 21ENTRY_BEGIN 22MATCH opcode qtype qname 23ADJUST copy_id 24REPLY QR NOERROR 25SECTION QUESTION 26. IN NS 27SECTION ANSWER 28. IN NS K.ROOT-SERVERS.NET. 29SECTION ADDITIONAL 30K.ROOT-SERVERS.NET. IN A 193.0.14.129 31ENTRY_END 32 33ENTRY_BEGIN 34MATCH opcode qtype qname 35ADJUST copy_id 36REPLY QR NOERROR 37SECTION QUESTION 38www.sub.example.com. IN A 39SECTION AUTHORITY 40com. IN NS a.gtld-servers.net. 41SECTION ADDITIONAL 42a.gtld-servers.net. IN A 192.5.6.30 43ENTRY_END 44RANGE_END 45 46; a.gtld-servers.net. 47RANGE_BEGIN 0 100 48 ADDRESS 192.5.6.30 49ENTRY_BEGIN 50MATCH opcode qtype qname 51ADJUST copy_id 52REPLY QR NOERROR 53SECTION QUESTION 54com. IN NS 55SECTION ANSWER 56com. IN NS a.gtld-servers.net. 57SECTION ADDITIONAL 58a.gtld-servers.net. IN A 192.5.6.30 59ENTRY_END 60 61ENTRY_BEGIN 62MATCH opcode qtype qname 63ADJUST copy_id 64REPLY QR NOERROR 65SECTION QUESTION 66www.sub.example.com. IN A 67SECTION AUTHORITY 68example.com. IN NS ns.example.com. 69SECTION ADDITIONAL 70ns.example.com. IN A 1.2.3.4 71ENTRY_END 72RANGE_END 73 74; ns.example.com. 75RANGE_BEGIN 0 100 76 ADDRESS 1.2.3.4 77ENTRY_BEGIN 78MATCH opcode qtype qname 79ADJUST copy_id 80REPLY QR NOERROR 81SECTION QUESTION 82example.com. IN NS 83SECTION ANSWER 84example.com. IN NS ns.example.com. 85example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 86SECTION ADDITIONAL 87ns.example.com. IN A 1.2.3.4 88ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 89ENTRY_END 90 91; response to DNSKEY priming query 92ENTRY_BEGIN 93MATCH opcode qtype qname 94ADJUST copy_id 95REPLY QR NOERROR 96SECTION QUESTION 97example.com. IN DNSKEY 98SECTION ANSWER 99example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 100example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 101SECTION AUTHORITY 102example.com. IN NS ns.example.com. 103example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 104SECTION ADDITIONAL 105ns.example.com. IN A 1.2.3.4 106ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 107ENTRY_END 108 109; response to query of interest 110ENTRY_BEGIN 111MATCH opcode qtype qname 112ADJUST copy_id 113REPLY QR NOERROR 114SECTION QUESTION 115www.example.com. IN A 116SECTION AUTHORITY 117example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 118example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} 119 120; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 121s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG 122s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} 123 124ENTRY_END 125 126; refer to server one down 127ENTRY_BEGIN 128MATCH opcode qtype qname 129ADJUST copy_id 130REPLY QR NOERROR 131SECTION QUESTION 132www.sub.example.com. IN A 133SECTION AUTHORITY 134sub.example.com. IN NS ns.sub.example.com. 135sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 136sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} 137SECTION ADDITIONAL 138ns.sub.example.com. IN A 1.2.3.10 139ENTRY_END 140RANGE_END 141 142; ns.sub.example.com. 143RANGE_BEGIN 0 100 144 ADDRESS 1.2.3.10 145ENTRY_BEGIN 146MATCH opcode qtype qname 147ADJUST copy_id 148REPLY QR NOERROR 149SECTION QUESTION 150sub.example.com. IN NS 151SECTION ANSWER 152sub.example.com. IN NS ns.sub.example.com. 153SECTION ADDITIONAL 154ns.sub.example.com. IN A 1.2.3.10 155ENTRY_END 156 157; response to DNSKEY priming query 158ENTRY_BEGIN 159MATCH opcode qtype qname 160ADJUST copy_id 161REPLY QR NOERROR 162SECTION QUESTION 163sub.example.com. IN DNSKEY 164SECTION ANSWER 165sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 166sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} 167 168ENTRY_END 169 170ENTRY_BEGIN 171MATCH opcode qtype qname 172ADJUST copy_id 173REPLY QR NOERROR 174SECTION QUESTION 175www.sub.example.com. IN A 176SECTION ANSWER 177; from *.sub.example.com. IN CNAME www.example.com. 178www.sub.example.com. IN CNAME www.example.com. 179www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFKPEuHCx2R69zF2Nd4c7Vu/4RUxAhRB9zHHPCihRU4HT5HhpPJxJykeFg== ;{id = 2854} 180SECTION AUTHORITY 181; cover qname next closer name, for the wildcard. 182; H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme 183ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG 184ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854} 185 186ENTRY_END 187RANGE_END 188 189STEP 1 QUERY 190ENTRY_BEGIN 191REPLY RD DO 192SECTION QUESTION 193www.sub.example.com. IN A 194ENTRY_END 195 196; recursion happens here. 197STEP 10 CHECK_ANSWER 198ENTRY_BEGIN 199MATCH all 200REPLY QR RD RA DO NOERROR 201SECTION QUESTION 202www.sub.example.com. IN A 203SECTION ANSWER 204www.sub.example.com. IN CNAME www.example.com. 205www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFKPEuHCx2R69zF2Nd4c7Vu/4RUxAhRB9zHHPCihRU4HT5HhpPJxJykeFg== ;{id = 2854} 206SECTION AUTHORITY 207ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG 208ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854} 209example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 210example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} 211s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG 212s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} 213 214SECTION ADDITIONAL 215ENTRY_END 216 217SCENARIO_END 218