1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}" 5 trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" 6 trust-anchor: "example.com. 3600 IN DS 30899 7 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" 7 val-override-date: "20070916134226" 8 target-fetch-policy: "0 0 0 0 0" 9 qname-minimisation: "no" 10 harden-algo-downgrade: yes 11 fake-sha1: yes 12 trust-anchor-signaling: no 13 ede: yes 14 access-control: 127.0.0.0/8 allow_snoop 15 16stub-zone: 17 name: "." 18 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 19CONFIG_END 20 21SCENARIO_BEGIN Test validator with multiple algorithm missing one 22 23; K.ROOT-SERVERS.NET. 24RANGE_BEGIN 0 100 25 ADDRESS 193.0.14.129 26ENTRY_BEGIN 27MATCH opcode qtype qname 28ADJUST copy_id 29REPLY QR NOERROR 30SECTION QUESTION 31. IN NS 32SECTION ANSWER 33. IN NS K.ROOT-SERVERS.NET. 34SECTION ADDITIONAL 35K.ROOT-SERVERS.NET. IN A 193.0.14.129 36ENTRY_END 37 38ENTRY_BEGIN 39MATCH opcode qtype qname 40ADJUST copy_id 41REPLY QR NOERROR 42SECTION QUESTION 43www.example.com. IN A 44SECTION AUTHORITY 45com. IN NS a.gtld-servers.net. 46SECTION ADDITIONAL 47a.gtld-servers.net. IN A 192.5.6.30 48ENTRY_END 49RANGE_END 50 51; a.gtld-servers.net. 52RANGE_BEGIN 0 100 53 ADDRESS 192.5.6.30 54ENTRY_BEGIN 55MATCH opcode qtype qname 56ADJUST copy_id 57REPLY QR NOERROR 58SECTION QUESTION 59com. IN NS 60SECTION ANSWER 61com. IN NS a.gtld-servers.net. 62SECTION ADDITIONAL 63a.gtld-servers.net. IN A 192.5.6.30 64ENTRY_END 65 66ENTRY_BEGIN 67MATCH opcode qtype qname 68ADJUST copy_id 69REPLY QR NOERROR 70SECTION QUESTION 71www.example.com. IN A 72SECTION AUTHORITY 73example.com. IN NS ns.example.com. 74SECTION ADDITIONAL 75ns.example.com. IN A 1.2.3.4 76ENTRY_END 77RANGE_END 78 79; ns.example.com. 80RANGE_BEGIN 0 100 81 ADDRESS 1.2.3.4 82ENTRY_BEGIN 83MATCH opcode qtype qname 84ADJUST copy_id 85REPLY QR NOERROR 86SECTION QUESTION 87example.com. IN NS 88SECTION ANSWER 89example.com. IN NS ns.example.com. 90example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 91example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} 92SECTION ADDITIONAL 93ns.example.com. IN A 1.2.3.4 94ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 95ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} 96ENTRY_END 97 98ENTRY_BEGIN 99MATCH opcode qtype qname 100ADJUST copy_id 101REPLY QR AA NOERROR 102SECTION QUESTION 103ns.example.com. IN AAAA 104SECTION ANSWER 105SECTION AUTHORITY 106example.com. IN NS ns.example.com. 107example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 108example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} 109SECTION ADDITIONAL 110ns.example.com. IN A 1.2.3.4 111ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 112ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} 113ENTRY_END 114 115 116; response to DNSKEY priming query 117ENTRY_BEGIN 118MATCH opcode qtype qname 119ADJUST copy_id 120REPLY QR NOERROR 121SECTION QUESTION 122example.com. IN DNSKEY 123SECTION ANSWER 124example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 125example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b} 126example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854} 127example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899} 128SECTION AUTHORITY 129example.com. IN NS ns.example.com. 130example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 131example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} 132SECTION ADDITIONAL 133ns.example.com. IN A 1.2.3.4 134ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 135ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} 136ENTRY_END 137 138; response to query of interest 139ENTRY_BEGIN 140MATCH opcode qtype qname 141ADJUST copy_id 142REPLY QR NOERROR 143SECTION QUESTION 144www.example.com. IN A 145SECTION ANSWER 146www.example.com. IN A 10.20.30.40 147ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 148www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899} 149SECTION AUTHORITY 150example.com. IN NS ns.example.com. 151example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 152example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} 153SECTION ADDITIONAL 154ns.example.com. IN A 1.2.3.4 155www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 156ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} 157ENTRY_END 158RANGE_END 159 160STEP 1 QUERY 161ENTRY_BEGIN 162REPLY RD DO 163SECTION QUESTION 164www.example.com. IN A 165ENTRY_END 166 167; recursion happens here. 168STEP 10 CHECK_ANSWER 169ENTRY_BEGIN 170MATCH all ede=6 171REPLY QR RD RA DO SERVFAIL 172SECTION QUESTION 173www.example.com. IN A 174SECTION ANSWER 175ENTRY_END 176 177STEP 11 QUERY 178ENTRY_BEGIN 179REPLY DO 180SECTION QUESTION 181www.example.com. IN A 182ENTRY_END 183 184STEP 12 CHECK_ANSWER 185ENTRY_BEGIN 186MATCH all ede=6 187REPLY QR RA DO SERVFAIL 188SECTION QUESTION 189www.example.com. IN A 190SECTION ANSWER 191ENTRY_END 192 193SCENARIO_END 194