1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}" 5 trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" 6 val-override-date: "20070916134226" 7 target-fetch-policy: "0 0 0 0 0" 8 harden-algo-downgrade: no 9 fake-sha1: yes 10 trust-anchor-signaling: no 11 12stub-zone: 13 name: "." 14 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 15CONFIG_END 16 17SCENARIO_BEGIN Test validator with multiple algorithm trust anchor without harden 18 19; K.ROOT-SERVERS.NET. 20RANGE_BEGIN 0 100 21 ADDRESS 193.0.14.129 22ENTRY_BEGIN 23MATCH opcode qtype qname 24ADJUST copy_id 25REPLY QR NOERROR 26SECTION QUESTION 27. IN NS 28SECTION ANSWER 29. IN NS K.ROOT-SERVERS.NET. 30SECTION ADDITIONAL 31K.ROOT-SERVERS.NET. IN A 193.0.14.129 32ENTRY_END 33 34ENTRY_BEGIN 35MATCH opcode qtype qname 36ADJUST copy_id 37REPLY QR NOERROR 38SECTION QUESTION 39www.example.com. IN A 40SECTION AUTHORITY 41com. IN NS a.gtld-servers.net. 42SECTION ADDITIONAL 43a.gtld-servers.net. IN A 192.5.6.30 44ENTRY_END 45RANGE_END 46 47; a.gtld-servers.net. 48RANGE_BEGIN 0 100 49 ADDRESS 192.5.6.30 50ENTRY_BEGIN 51MATCH opcode qtype qname 52ADJUST copy_id 53REPLY QR NOERROR 54SECTION QUESTION 55com. IN NS 56SECTION ANSWER 57com. IN NS a.gtld-servers.net. 58SECTION ADDITIONAL 59a.gtld-servers.net. IN A 192.5.6.30 60ENTRY_END 61 62ENTRY_BEGIN 63MATCH opcode qtype qname 64ADJUST copy_id 65REPLY QR NOERROR 66SECTION QUESTION 67www.example.com. IN A 68SECTION AUTHORITY 69example.com. IN NS ns.example.com. 70SECTION ADDITIONAL 71ns.example.com. IN A 1.2.3.4 72ENTRY_END 73RANGE_END 74 75; ns.example.com. 76RANGE_BEGIN 0 100 77 ADDRESS 1.2.3.4 78ENTRY_BEGIN 79MATCH opcode qtype qname 80ADJUST copy_id 81REPLY QR NOERROR 82SECTION QUESTION 83example.com. IN NS 84SECTION ANSWER 85example.com. IN NS ns.example.com. 86example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 87example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} 88SECTION ADDITIONAL 89ns.example.com. IN A 1.2.3.4 90ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 91ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} 92ENTRY_END 93 94ENTRY_BEGIN 95MATCH opcode qtype qname 96ADJUST copy_id 97REPLY QR AA NOERROR 98SECTION QUESTION 99ns.example.com. IN AAAA 100SECTION ANSWER 101SECTION AUTHORITY 102example.com. IN NS ns.example.com. 103example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 104example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} 105SECTION ADDITIONAL 106ns.example.com. IN A 1.2.3.4 107ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 108ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} 109ENTRY_END 110 111 112; response to DNSKEY priming query 113ENTRY_BEGIN 114MATCH opcode qtype qname 115ADJUST copy_id 116REPLY QR NOERROR 117SECTION QUESTION 118example.com. IN DNSKEY 119SECTION ANSWER 120example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 121example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b} 122example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854} 123example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899} 124SECTION AUTHORITY 125example.com. IN NS ns.example.com. 126example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 127example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} 128SECTION ADDITIONAL 129ns.example.com. IN A 1.2.3.4 130ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 131ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} 132ENTRY_END 133 134; response to query of interest 135ENTRY_BEGIN 136MATCH opcode qtype qname 137ADJUST copy_id 138REPLY QR NOERROR 139SECTION QUESTION 140www.example.com. IN A 141SECTION ANSWER 142www.example.com. IN A 10.20.30.40 143ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 144www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899} 145SECTION AUTHORITY 146example.com. IN NS ns.example.com. 147example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 148example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} 149SECTION ADDITIONAL 150ns.example.com. IN A 1.2.3.4 151www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 152ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} 153ENTRY_END 154RANGE_END 155 156STEP 1 QUERY 157ENTRY_BEGIN 158REPLY RD DO 159SECTION QUESTION 160www.example.com. IN A 161ENTRY_END 162 163; recursion happens here. 164STEP 10 CHECK_ANSWER 165ENTRY_BEGIN 166MATCH all 167REPLY QR RD RA AD DO NOERROR 168SECTION QUESTION 169www.example.com. IN A 170SECTION ANSWER 171www.example.com. IN A 10.20.30.40 172www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899} 173www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 174SECTION AUTHORITY 175example.com. IN NS ns.example.com. 176example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 177example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} 178SECTION ADDITIONAL 179ns.example.com. IN A 1.2.3.4 180ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 181ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} 182ENTRY_END 183 184SCENARIO_END 185