1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 8stub-zone: 9 name: "." 10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 11CONFIG_END 12 13SCENARIO_BEGIN Test validator with NSEC3 response for NODATA ENT with optout. 14 15; K.ROOT-SERVERS.NET. 16RANGE_BEGIN 0 100 17 ADDRESS 193.0.14.129 18ENTRY_BEGIN 19MATCH opcode qtype qname 20ADJUST copy_id 21REPLY QR NOERROR 22SECTION QUESTION 23. IN NS 24SECTION ANSWER 25. IN NS K.ROOT-SERVERS.NET. 26SECTION ADDITIONAL 27K.ROOT-SERVERS.NET. IN A 193.0.14.129 28ENTRY_END 29 30ENTRY_BEGIN 31MATCH opcode subdomain 32ADJUST copy_id copy_query 33REPLY QR NOERROR 34SECTION QUESTION 35com. IN A 36SECTION AUTHORITY 37com. IN NS a.gtld-servers.net. 38SECTION ADDITIONAL 39a.gtld-servers.net. IN A 192.5.6.30 40ENTRY_END 41RANGE_END 42 43; a.gtld-servers.net. 44RANGE_BEGIN 0 100 45 ADDRESS 192.5.6.30 46ENTRY_BEGIN 47MATCH opcode qtype qname 48ADJUST copy_id 49REPLY QR NOERROR 50SECTION QUESTION 51com. IN NS 52SECTION ANSWER 53com. IN NS a.gtld-servers.net. 54SECTION ADDITIONAL 55a.gtld-servers.net. IN A 192.5.6.30 56ENTRY_END 57 58ENTRY_BEGIN 59MATCH opcode subdomain 60ADJUST copy_id copy_query 61REPLY QR NOERROR 62SECTION QUESTION 63example.com. IN A 64SECTION AUTHORITY 65example.com. IN NS ns.example.com. 66SECTION ADDITIONAL 67ns.example.com. IN A 1.2.3.4 68ENTRY_END 69RANGE_END 70 71; ns.example.com. 72RANGE_BEGIN 0 100 73 ADDRESS 1.2.3.4 74ENTRY_BEGIN 75MATCH opcode qtype qname 76ADJUST copy_id 77REPLY QR AA REFUSED 78SECTION QUESTION 79ns.example.com. IN A 80ENTRY_END 81 82ENTRY_BEGIN 83MATCH opcode qtype qname 84ADJUST copy_id 85REPLY QR AA REFUSED 86SECTION QUESTION 87ns.example.com. IN AAAA 88ENTRY_END 89 90ENTRY_BEGIN 91MATCH opcode qtype qname 92ADJUST copy_id 93REPLY QR NOERROR 94SECTION QUESTION 95example.com. IN NS 96SECTION ANSWER 97example.com. IN NS ns.example.com. 98example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 99SECTION ADDITIONAL 100ns.example.com. IN A 1.2.3.4 101ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 102ENTRY_END 103 104; response to DNSKEY priming query 105ENTRY_BEGIN 106MATCH opcode qtype qname 107ADJUST copy_id 108REPLY QR NOERROR 109SECTION QUESTION 110example.com. IN DNSKEY 111SECTION ANSWER 112example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 113example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 114SECTION AUTHORITY 115example.com. IN NS ns.example.com. 116example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 117SECTION ADDITIONAL 118ns.example.com. IN A 1.2.3.4 119ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 120ENTRY_END 121 122ENTRY_BEGIN 123MATCH opcode qtype qname 124ADJUST copy_id 125REPLY QR NOERROR 126SECTION QUESTION 127www.example.com. IN A 128SECTION AUTHORITY 129example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 130example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} 131 132; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 133s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG 134s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} 135 136ENTRY_END 137 138ENTRY_BEGIN 139MATCH opcode qtype qname 140ADJUST copy_id 141REPLY QR NOERROR 142SECTION QUESTION 143ent.example.com. IN DS 144SECTION AUTHORITY 145; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. 146; OPTOUT 147b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG 148b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78= 149 150; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag. 151; the span does not have OPTOUT 1522kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag 1532kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AAaGjBrmbElksOWsOAU0vdNwbRKsbsQgOwhFkONaynSk9M+2QpJQ6+k= 154ENTRY_END 155 156; refer to server one down 157ENTRY_BEGIN 158MATCH opcode subdomain 159ADJUST copy_id copy_query 160REPLY QR NOERROR 161SECTION QUESTION 162ent.example.com. IN A 163SECTION AUTHORITY 164; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. 165; OPTOUT 166b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG 167b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78= 168 169; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag. 170; the span does not have OPTOUT 1712kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag 1722kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AAaGjBrmbElksOWsOAU0vdNwbRKsbsQgOwhFkONaynSk9M+2QpJQ6+k= 173ENTRY_END 174 175RANGE_END 176 177STEP 1 QUERY 178ENTRY_BEGIN 179REPLY RD DO 180SECTION QUESTION 181ent.example.com. IN A 182ENTRY_END 183 184; recursion happens here. 185STEP 10 CHECK_ANSWER 186ENTRY_BEGIN 187MATCH all 188REPLY QR RD RA DO SERVFAIL 189SECTION QUESTION 190ent.example.com. IN A 191SECTION ANSWER 192SECTION AUTHORITY 193SECTION ADDITIONAL 194ENTRY_END 195 196SCENARIO_END 197