1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" 6 val-override-date: "20070916134226" 7 target-fetch-policy: "0 0 0 0 0" 8 qname-minimisation: "no" 9 fake-sha1: yes 10 trust-anchor-signaling: no 11 minimal-responses: no 12 13stub-zone: 14 name: "." 15 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 16CONFIG_END 17 18SCENARIO_BEGIN Test validator with DS query and two anchors 19 20; K.ROOT-SERVERS.NET. 21RANGE_BEGIN 0 100 22 ADDRESS 193.0.14.129 23ENTRY_BEGIN 24MATCH opcode qtype qname 25ADJUST copy_id 26REPLY QR NOERROR 27SECTION QUESTION 28. IN NS 29SECTION ANSWER 30. IN NS K.ROOT-SERVERS.NET. 31SECTION ADDITIONAL 32K.ROOT-SERVERS.NET. IN A 193.0.14.129 33ENTRY_END 34 35ENTRY_BEGIN 36MATCH opcode qtype qname 37ADJUST copy_id 38REPLY QR NOERROR 39SECTION QUESTION 40sub.example.com. IN DS 41SECTION AUTHORITY 42com. IN NS a.gtld-servers.net. 43SECTION ADDITIONAL 44a.gtld-servers.net. IN A 192.5.6.30 45ENTRY_END 46RANGE_END 47 48; a.gtld-servers.net. 49RANGE_BEGIN 0 100 50 ADDRESS 192.5.6.30 51ENTRY_BEGIN 52MATCH opcode qtype qname 53ADJUST copy_id 54REPLY QR NOERROR 55SECTION QUESTION 56com. IN NS 57SECTION ANSWER 58com. IN NS a.gtld-servers.net. 59SECTION ADDITIONAL 60a.gtld-servers.net. IN A 192.5.6.30 61ENTRY_END 62 63ENTRY_BEGIN 64MATCH opcode qtype qname 65ADJUST copy_id 66REPLY QR NOERROR 67SECTION QUESTION 68sub.example.com. IN DS 69SECTION AUTHORITY 70example.com. IN NS ns.example.com. 71SECTION ADDITIONAL 72ns.example.com. IN A 1.2.3.4 73ENTRY_END 74RANGE_END 75 76; ns.example.com. 77RANGE_BEGIN 0 100 78 ADDRESS 1.2.3.4 79ENTRY_BEGIN 80MATCH opcode qtype qname 81ADJUST copy_id 82REPLY QR NOERROR 83SECTION QUESTION 84example.com. IN NS 85SECTION ANSWER 86example.com. IN NS ns.example.com. 87example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 88SECTION ADDITIONAL 89ns.example.com. IN A 1.2.3.4 90ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 91ENTRY_END 92 93; response to DNSKEY priming query 94ENTRY_BEGIN 95MATCH opcode qtype qname 96ADJUST copy_id 97REPLY QR NOERROR 98SECTION QUESTION 99example.com. IN DNSKEY 100SECTION ANSWER 101example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 102example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 103SECTION AUTHORITY 104example.com. IN NS ns.example.com. 105example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 106SECTION ADDITIONAL 107ns.example.com. IN A 1.2.3.4 108ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 109ENTRY_END 110 111; response for delegation to sub.example.com. 112ENTRY_BEGIN 113MATCH opcode qtype qname 114ADJUST copy_id 115REPLY QR NOERROR 116SECTION QUESTION 117www.sub.example.com. IN A 118SECTION ANSWER 119SECTION AUTHORITY 120sub.example.com. IN NS ns.sub.example.com. 121sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 122sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} 123SECTION ADDITIONAL 124ns.sub.example.com. IN A 1.2.3.6 125ENTRY_END 126 127; response for delegation to sub.example.com. 128ENTRY_BEGIN 129MATCH opcode qtype qname 130ADJUST copy_id 131REPLY QR NOERROR 132SECTION QUESTION 133sub.example.com. IN DNSKEY 134SECTION ANSWER 135SECTION AUTHORITY 136sub.example.com. IN NS ns.sub.example.com. 137sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 138sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} 139SECTION ADDITIONAL 140ns.sub.example.com. IN A 1.2.3.6 141ENTRY_END 142 143; response to DS query 144ENTRY_BEGIN 145MATCH opcode qtype qname 146ADJUST copy_id 147REPLY QR NOERROR 148SECTION QUESTION 149sub.example.com. IN DS 150SECTION ANSWER 151sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 152sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} 153SECTION AUTHORITY 154example.com. IN NS ns.example.com. 155example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 156SECTION ADDITIONAL 157ns.example.com. IN A 1.2.3.4 158ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 159ENTRY_END 160RANGE_END 161 162; ns.sub.example.com. 163RANGE_BEGIN 0 100 164 ADDRESS 1.2.3.6 165 166; response to DNSKEY priming query 167; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 168ENTRY_BEGIN 169MATCH opcode qtype qname 170ADJUST copy_id 171REPLY QR NOERROR 172SECTION QUESTION 173sub.example.com. IN DNSKEY 174SECTION ANSWER 175sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 176sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} 177SECTION AUTHORITY 178sub.example.com. IN NS ns.sub.example.com. 179sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} 180SECTION ADDITIONAL 181ns.sub.example.com. IN A 1.2.3.6 182ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} 183ENTRY_END 184 185; response to query of interest 186ENTRY_BEGIN 187MATCH opcode qtype qname 188ADJUST copy_id 189REPLY QR NOERROR 190SECTION QUESTION 191www.sub.example.com. IN A 192SECTION ANSWER 193www.sub.example.com. IN A 11.11.11.11 194www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} 195SECTION AUTHORITY 196SECTION ADDITIONAL 197ENTRY_END 198RANGE_END 199 200STEP 1 QUERY 201ENTRY_BEGIN 202REPLY RD DO 203SECTION QUESTION 204sub.example.com. IN DS 205ENTRY_END 206 207; recursion happens here. 208STEP 10 CHECK_ANSWER 209ENTRY_BEGIN 210MATCH all 211REPLY QR RD RA AD DO NOERROR 212SECTION QUESTION 213sub.example.com. IN DS 214SECTION ANSWER 215sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 216sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} 217SECTION AUTHORITY 218example.com. IN NS ns.example.com. 219example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 220SECTION ADDITIONAL 221ns.example.com. IN A 1.2.3.4 222ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 223ENTRY_END 224 225SCENARIO_END 226