xref: /netbsd-src/external/bsd/unbound/dist/testdata/val_unsec_cname.rpl (revision 7cd94d692f099dff0c03996f61fd7a476e40159b) 
1; config options
2; The island of trust is at example.com
3server:
4	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5	val-override-date: "20070916134226"
6	target-fetch-policy: "0 0 0 0 0"
7	qname-minimisation: "no"
8	fake-sha1: yes
9	trust-anchor-signaling: no
10
11stub-zone:
12	name: "."
13	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
14CONFIG_END
15
16SCENARIO_BEGIN Test validator with DS, unsec, cname sequence.
17
18; K.ROOT-SERVERS.NET.
19RANGE_BEGIN 0 100
20	ADDRESS 193.0.14.129
21ENTRY_BEGIN
22MATCH opcode qtype qname
23ADJUST copy_id
24REPLY QR NOERROR
25SECTION QUESTION
26. IN NS
27SECTION ANSWER
28. IN NS	K.ROOT-SERVERS.NET.
29SECTION ADDITIONAL
30K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
31ENTRY_END
32
33ENTRY_BEGIN
34MATCH opcode qtype qname
35ADJUST copy_id
36REPLY QR NOERROR
37SECTION QUESTION
38a.b.sub.example.com. IN A
39SECTION AUTHORITY
40com.	IN NS	a.gtld-servers.net.
41SECTION ADDITIONAL
42a.gtld-servers.net.	IN 	A	192.5.6.30
43ENTRY_END
44RANGE_END
45
46; a.gtld-servers.net.
47RANGE_BEGIN 0 100
48	ADDRESS 192.5.6.30
49ENTRY_BEGIN
50MATCH opcode qtype qname
51ADJUST copy_id
52REPLY QR NOERROR
53SECTION QUESTION
54com. IN NS
55SECTION ANSWER
56com.    IN NS   a.gtld-servers.net.
57SECTION ADDITIONAL
58a.gtld-servers.net.     IN      A       192.5.6.30
59ENTRY_END
60
61ENTRY_BEGIN
62MATCH opcode qtype qname
63ADJUST copy_id
64REPLY QR NOERROR
65SECTION QUESTION
66a.b.sub.example.com. IN A
67SECTION AUTHORITY
68example.com.	IN NS	ns.example.com.
69SECTION ADDITIONAL
70ns.example.com.		IN 	A	1.2.3.4
71ENTRY_END
72RANGE_END
73
74; ns.example.com.
75RANGE_BEGIN 0 100
76	ADDRESS 1.2.3.4
77ENTRY_BEGIN
78MATCH opcode qtype qname
79ADJUST copy_id
80REPLY QR NOERROR
81SECTION QUESTION
82example.com. IN NS
83SECTION ANSWER
84example.com.    IN NS   ns.example.com.
85example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
86SECTION ADDITIONAL
87ns.example.com.         IN      A       1.2.3.4
88ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
89ENTRY_END
90
91; response to DNSKEY priming query
92ENTRY_BEGIN
93MATCH opcode qtype qname
94ADJUST copy_id
95REPLY QR NOERROR
96SECTION QUESTION
97example.com. IN DNSKEY
98SECTION ANSWER
99example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
100example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
101SECTION AUTHORITY
102example.com.	IN NS	ns.example.com.
103example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
104SECTION ADDITIONAL
105ns.example.com.		IN 	A	1.2.3.4
106ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
107ENTRY_END
108
109; response for delegation to c.example.com.
110ENTRY_BEGIN
111MATCH opcode qtype qname
112ADJUST copy_id
113REPLY QR NOERROR
114SECTION QUESTION
115c.c.example.com. IN A
116SECTION ANSWER
117SECTION AUTHORITY
118c.example.com. IN	NS ns.c.example.com.
119c.example.com. IN NSEC d.example.com. NS RRSIG NSEC
120c.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDQ1xBqQ8Yxy7d7MbfAOg9g+dInHAhUAgP2w61bvME+hLWFiNg42Ny02/vo= ;{id = 2854}
121SECTION ADDITIONAL
122ns.c.example.com. IN A 1.2.3.8
123ENTRY_END
124
125ENTRY_BEGIN
126MATCH opcode qtype qname
127ADJUST copy_id
128REPLY QR AA NOERROR
129SECTION QUESTION
130c.example.com. IN DS
131SECTION ANSWER
132SECTION AUTHORITY
133c.example.com. IN NSEC d.example.com. NS RRSIG NSEC
134c.example.com.  3600    IN      RRSIG   NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDQ1xBqQ8Yxy7d7MbfAOg9g+dInHAhUAgP2w61bvME+hLWFiNg42Ny02/vo= ;{id = 2854}
135SECTION ADDITIONAL
136ENTRY_END
137
138; response for delegation to sub.example.com.
139ENTRY_BEGIN
140MATCH opcode qtype qname
141ADJUST copy_id
142REPLY QR NOERROR
143SECTION QUESTION
144a.b.sub.example.com. IN A
145SECTION ANSWER
146SECTION AUTHORITY
147sub.example.com. IN	NS ns.sub.example.com.
148sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
149sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
150SECTION ADDITIONAL
151ns.sub.example.com. IN A 1.2.3.6
152ENTRY_END
153
154; response for delegation to sub.example.com.
155ENTRY_BEGIN
156MATCH opcode qtype qname
157ADJUST copy_id
158REPLY QR NOERROR
159SECTION QUESTION
160sub.example.com. IN DNSKEY
161SECTION ANSWER
162SECTION AUTHORITY
163sub.example.com. IN	NS ns.sub.example.com.
164sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
165sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
166SECTION ADDITIONAL
167ns.sub.example.com. IN A 1.2.3.6
168ENTRY_END
169RANGE_END
170
171; ns.sub.example.com.
172RANGE_BEGIN 0 100
173	ADDRESS 1.2.3.6
174ENTRY_BEGIN
175MATCH opcode qtype qname
176ADJUST copy_id
177REPLY QR NOERROR
178SECTION QUESTION
179sub.example.com. IN NS
180SECTION ANSWER
181sub.example.com. IN	NS ns.sub.example.com.
182sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
183SECTION ADDITIONAL
184ns.sub.example.com. IN A 1.2.3.6
185ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
186ENTRY_END
187
188; response to DNSKEY priming query
189; sub.example.com.        3600    IN      DS      30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
190ENTRY_BEGIN
191MATCH opcode qtype qname
192ADJUST copy_id
193REPLY QR NOERROR
194SECTION QUESTION
195sub.example.com. IN DNSKEY
196SECTION ANSWER
197sub.example.com.        3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
198sub.example.com.        3600    IN      RRSIG   DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
199SECTION AUTHORITY
200sub.example.com. IN	NS ns.sub.example.com.
201sub.example.com.        3600    IN      RRSIG   NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
202SECTION ADDITIONAL
203ns.sub.example.com. IN A 1.2.3.6
204ns.sub.example.com.     3600    IN      RRSIG   A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
205ENTRY_END
206
207; response to query of interest
208; another delegation, validated unsecure.
209ENTRY_BEGIN
210MATCH opcode qtype qname
211ADJUST copy_id
212REPLY QR NOERROR
213SECTION QUESTION
214a.b.sub.example.com. IN A
215SECTION ANSWER
216SECTION AUTHORITY
217b.sub.example.com. IN NS ns.b.sub.example.com.
218b.sub.example.com. IN NSEC c.sub.example.com. NS NSEC RRSIG
219b.sub.example.com.      3600    IN      RRSIG   NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. KPdURTUrbQvc6OXtDZaH3+14uO2qPUPIFO86aTNZ/Ujy3d2RMSB7fkSSulDO6QDSBEUhr9WgbQr0/YoljCBirA== ;{id = 30899}
220SECTION ADDITIONAL
221ns.b.sub.example.com. IN A 1.2.3.7
222ENTRY_END
223
224; b DS query.
225ENTRY_BEGIN
226MATCH opcode qtype qname
227ADJUST copy_id
228REPLY QR AA NOERROR
229SECTION QUESTION
230b.sub.example.com. IN DS
231SECTION AUTHORITY
232b.sub.example.com. IN NSEC c.sub.example.com. NS NSEC RRSIG
233b.sub.example.com.      3600    IN      RRSIG   NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. KPdURTUrbQvc6OXtDZaH3+14uO2qPUPIFO86aTNZ/Ujy3d2RMSB7fkSSulDO6QDSBEUhr9WgbQr0/YoljCBirA== ;{id = 30899}
234ENTRY_END
235RANGE_END
236
237; server ns.b.sub.example.com.
238RANGE_BEGIN 0 100
239	ADDRESS 1.2.3.7
240ENTRY_BEGIN
241MATCH opcode qtype qname
242ADJUST copy_id
243REPLY QR AA NOERROR
244SECTION QUESTION
245b.sub.example.com. IN NS
246SECTION ANSWER
247b.sub.example.com. IN NS ns.b.sub.example.com.
248SECTION ADDITIONAL
249ns.b.sub.example.com. IN A 1.2.3.7
250ENTRY_END
251
252ENTRY_BEGIN
253; query of interest, give a cname to another unsecure zone.
254MATCH opcode qtype qname
255ADJUST copy_id
256REPLY QR AA NOERROR
257SECTION QUESTION
258a.b.sub.example.com. IN A
259SECTION ANSWER
260a.b.sub.example.com. IN CNAME c.c.example.com.
261ENTRY_END
262
263ENTRY_BEGIN
264MATCH opcode qtype qname
265ADJUST copy_id
266REPLY QR AA NOERROR
267SECTION QUESTION
268a.b.sub.example.com. IN DS
269SECTION AUTHORITY
270b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7
271ENTRY_END
272RANGE_END
273
274; server ns.c.example.com.
275RANGE_BEGIN 0 100
276	ADDRESS 1.2.3.8
277ENTRY_BEGIN
278MATCH opcode qtype qname
279ADJUST copy_id
280REPLY QR AA NOERROR
281SECTION QUESTION
282c.sub.example.com. IN NS
283SECTION ANSWER
284c.sub.example.com. IN NS ns.c.sub.example.com.
285SECTION ADDITIONAL
286ns.c.sub.example.com. IN A 1.2.3.8
287ENTRY_END
288
289ENTRY_BEGIN
290MATCH opcode qtype qname
291ADJUST copy_id
292REPLY QR NOERROR
293SECTION QUESTION
294c.example.com. IN NS
295SECTION ANSWER
296c.example.com. IN	NS ns.c.example.com.
297SECTION ADDITIONAL
298ns.c.example.com. IN A 1.2.3.8
299ENTRY_END
300
301ENTRY_BEGIN
302MATCH opcode qtype qname
303ADJUST copy_id
304REPLY QR AA NOERROR
305SECTION QUESTION
306c.c.example.com. IN A
307SECTION ANSWER
308c.c.example.com. IN A	11.11.11.11
309ENTRY_END
310
311ENTRY_BEGIN
312MATCH opcode qtype qname
313ADJUST copy_id
314REPLY QR AA NOERROR
315SECTION QUESTION
316c.c.example.com. IN DS
317SECTION AUTHORITY
318c.example.com. IN SOA C-EXAMPLE. c-example. 1 2 3 4 5
319ENTRY_END
320RANGE_END
321
322STEP 1 QUERY
323ENTRY_BEGIN
324REPLY RD DO
325SECTION QUESTION
326a.b.sub.example.com. IN A
327ENTRY_END
328
329; recursion happens here.
330STEP 10 CHECK_ANSWER
331ENTRY_BEGIN
332MATCH all
333REPLY QR RD RA DO NOERROR
334SECTION QUESTION
335a.b.sub.example.com. IN A
336SECTION ANSWER
337a.b.sub.example.com. IN CNAME c.c.example.com.
338c.c.example.com. 	3600	IN	A	11.11.11.11
339SECTION AUTHORITY
340SECTION ADDITIONAL
341ENTRY_END
342
343; test that a DS query does not get CNAME redirected, but instead
344; asked to the right server that has to respond to it.
345STEP 20 QUERY
346ENTRY_BEGIN
347REPLY RD DO
348SECTION QUESTION
349a.b.sub.example.com. IN DS
350ENTRY_END
351
352STEP 30 CHECK_ANSWER
353ENTRY_BEGIN
354MATCH all
355REPLY QR RD RA DO NOERROR
356SECTION QUESTION
357a.b.sub.example.com. IN DS
358SECTION AUTHORITY
359b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7
360ENTRY_END
361
362SCENARIO_END
363