1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 10stub-zone: 11 name: "." 12 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 13stub-zone: 14 name: "sub.example.com" 15 stub-addr: 1.2.3.6 16CONFIG_END 17 18SCENARIO_BEGIN Test stub with DS query 19; The stub zone is linked validly with a DS to the public internet zone. 20; unbound just has to be able to ask the DS from the right server (not 21; from the stub). 22 23; K.ROOT-SERVERS.NET. 24RANGE_BEGIN 0 100 25 ADDRESS 193.0.14.129 26ENTRY_BEGIN 27MATCH opcode qtype qname 28ADJUST copy_id 29REPLY QR NOERROR 30SECTION QUESTION 31. IN NS 32SECTION ANSWER 33. IN NS K.ROOT-SERVERS.NET. 34SECTION ADDITIONAL 35K.ROOT-SERVERS.NET. IN A 193.0.14.129 36ENTRY_END 37 38ENTRY_BEGIN 39MATCH opcode subdomain 40ADJUST copy_id copy_query 41REPLY QR NOERROR 42SECTION QUESTION 43com. IN NS 44SECTION AUTHORITY 45com. IN NS a.gtld-servers.net. 46SECTION ADDITIONAL 47a.gtld-servers.net. IN A 192.5.6.30 48ENTRY_END 49RANGE_END 50 51; a.gtld-servers.net. 52RANGE_BEGIN 0 100 53 ADDRESS 192.5.6.30 54ENTRY_BEGIN 55MATCH opcode qtype qname 56ADJUST copy_id 57REPLY QR NOERROR 58SECTION QUESTION 59com. IN NS 60SECTION ANSWER 61com. IN NS a.gtld-servers.net. 62SECTION ADDITIONAL 63a.gtld-servers.net. IN A 192.5.6.30 64ENTRY_END 65 66ENTRY_BEGIN 67MATCH opcode subdomain 68ADJUST copy_id copy_query 69REPLY QR NOERROR 70SECTION QUESTION 71example.com. IN A 72SECTION AUTHORITY 73example.com. IN NS ns.example.com. 74SECTION ADDITIONAL 75ns.example.com. IN A 1.2.3.4 76ENTRY_END 77RANGE_END 78 79; ns.example.com. 80RANGE_BEGIN 0 100 81 ADDRESS 1.2.3.4 82ENTRY_BEGIN 83MATCH opcode qtype qname 84ADJUST copy_id 85REPLY QR NOERROR 86SECTION QUESTION 87example.com. IN NS 88SECTION ANSWER 89example.com. IN NS ns.example.com. 90example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 91SECTION ADDITIONAL 92ns.example.com. IN A 1.2.3.4 93ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 94ENTRY_END 95 96; response to DNSKEY priming query 97ENTRY_BEGIN 98MATCH opcode qtype qname 99ADJUST copy_id 100REPLY QR NOERROR 101SECTION QUESTION 102example.com. IN DNSKEY 103SECTION ANSWER 104example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 105example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 106SECTION AUTHORITY 107example.com. IN NS ns.example.com. 108example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 109SECTION ADDITIONAL 110ns.example.com. IN A 1.2.3.4 111ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 112ENTRY_END 113 114; response for DS of sub.example.com. 115ENTRY_BEGIN 116MATCH opcode qtype qname 117ADJUST copy_id 118REPLY QR NOERROR 119SECTION QUESTION 120sub.example.com. IN DS 121SECTION ANSWER 122sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 123sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} 124SECTION AUTHORITY 125SECTION ADDITIONAL 126ENTRY_END 127 128; response for delegation to sub.example.com. 129ENTRY_BEGIN 130MATCH opcode subdomain 131ADJUST copy_id copy_query 132REPLY QR NOERROR 133SECTION QUESTION 134sub.example.com. IN A 135SECTION ANSWER 136SECTION AUTHORITY 137sub.example.com. IN NS ns.sub.example.com. 138sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 139sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} 140SECTION ADDITIONAL 141ns.sub.example.com. IN A 1.2.3.6 142ENTRY_END 143 144RANGE_END 145 146; ns.sub.example.com. 147RANGE_BEGIN 0 100 148 ADDRESS 1.2.3.6 149ENTRY_BEGIN 150MATCH opcode qtype qname 151ADJUST copy_id 152REPLY QR NOERROR 153SECTION QUESTION 154sub.example.com. IN NS 155SECTION ANSWER 156sub.example.com. IN NS ns.sub.example.com. 157sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} 158SECTION ADDITIONAL 159ns.sub.example.com. IN A 1.2.3.6 160ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} 161ENTRY_END 162 163; response to DNSKEY priming query 164; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 165ENTRY_BEGIN 166MATCH opcode qtype qname 167ADJUST copy_id 168REPLY QR NOERROR 169SECTION QUESTION 170sub.example.com. IN DNSKEY 171SECTION ANSWER 172sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 173sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} 174SECTION AUTHORITY 175sub.example.com. IN NS ns.sub.example.com. 176sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} 177SECTION ADDITIONAL 178ns.sub.example.com. IN A 1.2.3.6 179ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} 180ENTRY_END 181 182; response for qtype DS. This is not available here. 183ENTRY_BEGIN 184MATCH opcode qtype qname 185ADJUST copy_id 186REPLY QR SERVFAIL 187SECTION QUESTION 188sub.example.com. IN DS 189SECTION ANSWER 190SECTION AUTHORITY 191SECTION ADDITIONAL 192ENTRY_END 193 194; response to query of interest 195ENTRY_BEGIN 196MATCH opcode qtype qname 197ADJUST copy_id 198REPLY QR NOERROR 199SECTION QUESTION 200www.sub.example.com. IN A 201SECTION ANSWER 202www.sub.example.com. IN A 11.11.11.11 203www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} 204SECTION AUTHORITY 205SECTION ADDITIONAL 206ENTRY_END 207RANGE_END 208 209STEP 1 QUERY 210ENTRY_BEGIN 211REPLY RD DO 212SECTION QUESTION 213www.sub.example.com. IN A 214ENTRY_END 215 216; recursion happens here. 217STEP 10 CHECK_ANSWER 218ENTRY_BEGIN 219MATCH all 220REPLY QR RD RA AD DO NOERROR 221SECTION QUESTION 222www.sub.example.com. IN A 223SECTION ANSWER 224www.sub.example.com. 3600 IN A 11.11.11.11 225www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} 226SECTION AUTHORITY 227SECTION ADDITIONAL 228ENTRY_END 229 230SCENARIO_END 231