xref: /netbsd-src/external/bsd/unbound/dist/testdata/val_nsec3_nods_badopt.rpl (revision cef8759bd76c1b621f8eab8faa6f208faabc2e15) 
1; config options
2; The island of trust is at example.com
3server:
4	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5	val-override-date: "20070916134226"
6	target-fetch-policy: "0 0 0 0 0"
7	qname-minimisation: "no"
8	fake-sha1: yes
9	trust-anchor-signaling: no
10
11stub-zone:
12	name: "."
13	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
14CONFIG_END
15
16SCENARIO_BEGIN Test validator with NSEC3 with no DS with wrong optout bit.
17
18; K.ROOT-SERVERS.NET.
19RANGE_BEGIN 0 100
20	ADDRESS 193.0.14.129
21ENTRY_BEGIN
22MATCH opcode qtype qname
23ADJUST copy_id
24REPLY QR NOERROR
25SECTION QUESTION
26. IN NS
27SECTION ANSWER
28. IN NS	K.ROOT-SERVERS.NET.
29SECTION ADDITIONAL
30K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
31ENTRY_END
32
33ENTRY_BEGIN
34MATCH opcode qtype qname
35ADJUST copy_id
36REPLY QR NOERROR
37SECTION QUESTION
38www.sub.example.com. IN A
39SECTION AUTHORITY
40com.	IN NS	a.gtld-servers.net.
41SECTION ADDITIONAL
42a.gtld-servers.net.	IN 	A	192.5.6.30
43ENTRY_END
44RANGE_END
45
46; a.gtld-servers.net.
47RANGE_BEGIN 0 100
48	ADDRESS 192.5.6.30
49ENTRY_BEGIN
50MATCH opcode qtype qname
51ADJUST copy_id
52REPLY QR NOERROR
53SECTION QUESTION
54com. IN NS
55SECTION ANSWER
56com.    IN NS   a.gtld-servers.net.
57SECTION ADDITIONAL
58a.gtld-servers.net.     IN      A       192.5.6.30
59ENTRY_END
60
61ENTRY_BEGIN
62MATCH opcode subdomain
63ADJUST copy_id copy_query
64REPLY QR NOERROR
65SECTION QUESTION
66example.com. IN A
67SECTION AUTHORITY
68example.com.	IN NS	ns.example.com.
69SECTION ADDITIONAL
70ns.example.com.		IN 	A	1.2.3.4
71ENTRY_END
72RANGE_END
73
74; ns.example.com.
75RANGE_BEGIN 0 100
76	ADDRESS 1.2.3.4
77ENTRY_BEGIN
78MATCH opcode qtype qname
79ADJUST copy_id
80REPLY QR AA REFUSED
81SECTION QUESTION
82ns.example.com. IN A
83ENTRY_END
84
85ENTRY_BEGIN
86MATCH opcode qtype qname
87ADJUST copy_id
88REPLY QR AA REFUSED
89SECTION QUESTION
90ns.example.com. IN AAAA
91ENTRY_END
92
93ENTRY_BEGIN
94MATCH opcode qtype qname
95ADJUST copy_id
96REPLY QR NOERROR
97SECTION QUESTION
98example.com. IN NS
99SECTION ANSWER
100example.com.    IN NS   ns.example.com.
101example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
102SECTION ADDITIONAL
103ns.example.com.         IN      A       1.2.3.4
104ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
105ENTRY_END
106
107; response to DNSKEY priming query
108ENTRY_BEGIN
109MATCH opcode qtype qname
110ADJUST copy_id
111REPLY QR NOERROR
112SECTION QUESTION
113example.com. IN DNSKEY
114SECTION ANSWER
115example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
116example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
117SECTION AUTHORITY
118example.com.	IN NS	ns.example.com.
119example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
120SECTION ADDITIONAL
121ns.example.com.		IN 	A	1.2.3.4
122ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
123ENTRY_END
124
125; response to query of interest
126ENTRY_BEGIN
127MATCH opcode qtype qname
128ADJUST copy_id
129REPLY QR NOERROR
130SECTION QUESTION
131www.example.com. IN A
132SECTION AUTHORITY
133example.com.	IN SOA	ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
134example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
135
136; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
137s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3  1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
138s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
139
140ENTRY_END
141
142ENTRY_BEGIN
143MATCH opcode qtype qname
144ADJUST copy_id
145REPLY QR NOERROR
146SECTION QUESTION
147sub.example.com. IN DS
148SECTION AUTHORITY
149; proof that there is no DS here.
150;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
151;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
152; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
153b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
154b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEtLEiFNr2V6qJOHUxIRQ4ittparAhUAm+WN3aqAHEgiQQEeX9z4S0Ub/dM= ;{id = 2854}
155; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
1568r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
1578r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCategdxsiQTpOMHED1ehjPT7PO2gIUDJ9f/zGCEUHy/UVp97aOh0RRoks= ;{id = 2854}
158ENTRY_END
159
160; refer to server one down
161ENTRY_BEGIN
162MATCH opcode subdomain
163ADJUST copy_id copy_query
164REPLY QR NOERROR
165SECTION QUESTION
166sub.example.com. IN A
167SECTION AUTHORITY
168sub.example.com. IN NS ns.sub.example.com.
169; proof that there is no DS here.
170;sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
171;sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
172; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
173b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
174b6fuorg741ufili49mg9j4328ig53sqg.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEtLEiFNr2V6qJOHUxIRQ4ittparAhUAm+WN3aqAHEgiQQEeX9z4S0Ub/dM= ;{id = 2854}
175; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.
1768r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG
1778r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCategdxsiQTpOMHED1ehjPT7PO2gIUDJ9f/zGCEUHy/UVp97aOh0RRoks= ;{id = 2854}
178
179SECTION ADDITIONAL
180ns.sub.example.com. IN A 1.2.3.10
181ENTRY_END
182
183RANGE_END
184
185; ns.sub.example.com.
186RANGE_BEGIN 0 100
187	ADDRESS 1.2.3.10
188ENTRY_BEGIN
189MATCH opcode qtype qname
190ADJUST copy_id
191REPLY QR AA REFUSED
192SECTION QUESTION
193ns.sub.example.com. IN AAAA
194ENTRY_END
195
196ENTRY_BEGIN
197MATCH opcode qtype qname
198ADJUST copy_id
199REPLY QR REFUSED
200SECTION QUESTION
201sub.example.com. IN NS
202SECTION ANSWER
203ENTRY_END
204
205; response to DNSKEY priming query
206ENTRY_BEGIN
207MATCH opcode qtype qname
208ADJUST copy_id
209REPLY QR NOERROR
210SECTION QUESTION
211sub.example.com. IN DNSKEY
212SECTION ANSWER
213sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
214sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
215
216ENTRY_END
217
218ENTRY_BEGIN
219MATCH opcode qtype qname
220ADJUST copy_id
221REPLY QR NOERROR
222SECTION QUESTION
223www.sub.example.com. IN A
224SECTION ANSWER
225www.sub.example.com. IN A 1.2.3.123
226www.sub.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854}
227ENTRY_END
228RANGE_END
229
230STEP 1 QUERY
231ENTRY_BEGIN
232REPLY RD
233SECTION QUESTION
234www.sub.example.com. IN A
235ENTRY_END
236
237; recursion happens here.
238STEP 10 CHECK_ANSWER
239ENTRY_BEGIN
240MATCH all
241REPLY QR RD RA SERVFAIL
242SECTION QUESTION
243www.sub.example.com. IN A
244SECTION ANSWER
245SECTION AUTHORITY
246SECTION ADDITIONAL
247ENTRY_END
248
249SCENARIO_END
250