1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 8stub-zone: 9 name: "." 10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 11CONFIG_END 12 13SCENARIO_BEGIN Test validator with insecure delegation and DS negative cache 14 15; K.ROOT-SERVERS.NET. 16RANGE_BEGIN 0 100 17 ADDRESS 193.0.14.129 18ENTRY_BEGIN 19MATCH opcode qtype qname 20ADJUST copy_id 21REPLY QR NOERROR 22SECTION QUESTION 23. IN NS 24SECTION ANSWER 25. IN NS K.ROOT-SERVERS.NET. 26SECTION ADDITIONAL 27K.ROOT-SERVERS.NET. IN A 193.0.14.129 28ENTRY_END 29 30ENTRY_BEGIN 31MATCH opcode qtype qname 32ADJUST copy_id 33REPLY QR NOERROR 34SECTION QUESTION 35www.sub.example.com. IN A 36SECTION AUTHORITY 37com. IN NS a.gtld-servers.net. 38SECTION ADDITIONAL 39a.gtld-servers.net. IN A 192.5.6.30 40ENTRY_END 41RANGE_END 42 43; a.gtld-servers.net. 44RANGE_BEGIN 0 100 45 ADDRESS 192.5.6.30 46ENTRY_BEGIN 47MATCH opcode qtype qname 48ADJUST copy_id 49REPLY QR NOERROR 50SECTION QUESTION 51com. IN NS 52SECTION ANSWER 53com. IN NS a.gtld-servers.net. 54SECTION ADDITIONAL 55a.gtld-servers.net. IN A 192.5.6.30 56ENTRY_END 57 58ENTRY_BEGIN 59MATCH opcode qtype qname 60ADJUST copy_id 61REPLY QR NOERROR 62SECTION QUESTION 63www.sub.example.com. IN A 64SECTION AUTHORITY 65example.com. IN NS ns.example.com. 66SECTION ADDITIONAL 67ns.example.com. IN A 1.2.3.4 68ENTRY_END 69RANGE_END 70 71; ns.example.com. 72RANGE_BEGIN 0 100 73 ADDRESS 1.2.3.4 74ENTRY_BEGIN 75MATCH opcode qtype qname 76ADJUST copy_id 77REPLY QR NOERROR 78SECTION QUESTION 79example.com. IN NS 80SECTION ANSWER 81example.com. IN NS ns.example.com. 82example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 83SECTION ADDITIONAL 84ns.example.com. IN A 1.2.3.4 85ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 86ENTRY_END 87 88; response to DNSKEY priming query 89ENTRY_BEGIN 90MATCH opcode qtype qname 91ADJUST copy_id 92REPLY QR NOERROR 93SECTION QUESTION 94example.com. IN DNSKEY 95SECTION ANSWER 96example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 97example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 98SECTION AUTHORITY 99example.com. IN NS ns.example.com. 100example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 101SECTION ADDITIONAL 102ns.example.com. IN A 1.2.3.4 103ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 104ENTRY_END 105 106; response for delegation to sub.example.com. 107ENTRY_BEGIN 108MATCH opcode qtype qname 109ADJUST copy_id 110REPLY QR NOERROR 111SECTION QUESTION 112www.sub.example.com. IN A 113SECTION ANSWER 114SECTION AUTHORITY 115sub.example.com. IN NS ns.sub.example.com. 116sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC 117sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} 118SECTION ADDITIONAL 119ns.sub.example.com. IN A 1.2.3.6 120ENTRY_END 121 122; query for missing DS record. 123; get it from the negative cache instead! 124;ENTRY_BEGIN 125;MATCH opcode qtype qname 126;ADJUST copy_id 127;REPLY QR NOERROR 128;SECTION QUESTION 129;sub.example.com. IN DS 130;SECTION ANSWER 131;SECTION AUTHORITY 132;example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 133;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} 134;sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC 135;sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} 136;SECTION ADDITIONAL 137;ns.sub.example.com. IN A 1.2.3.6 138;ENTRY_END 139 140 141RANGE_END 142 143; ns.sub.example.com. 144RANGE_BEGIN 0 100 145 ADDRESS 1.2.3.6 146ENTRY_BEGIN 147MATCH opcode qtype qname 148ADJUST copy_id 149REPLY QR NOERROR 150SECTION QUESTION 151sub.example.com. IN NS 152SECTION ANSWER 153sub.example.com. IN NS ns.sub.example.com. 154SECTION ADDITIONAL 155ns.sub.example.com. IN A 1.2.3.6 156ENTRY_END 157 158; response to query of interest 159ENTRY_BEGIN 160MATCH opcode qtype qname 161ADJUST copy_id 162REPLY QR NOERROR 163SECTION QUESTION 164www.sub.example.com. IN A 165SECTION ANSWER 166www.sub.example.com. IN A 11.11.11.11 167SECTION AUTHORITY 168SECTION ADDITIONAL 169ENTRY_END 170RANGE_END 171 172STEP 1 QUERY 173ENTRY_BEGIN 174REPLY RD DO 175SECTION QUESTION 176www.sub.example.com. IN A 177ENTRY_END 178 179; recursion happens here. 180STEP 10 CHECK_ANSWER 181ENTRY_BEGIN 182MATCH all 183REPLY QR RD RA DO NOERROR 184SECTION QUESTION 185www.sub.example.com. IN A 186SECTION ANSWER 187www.sub.example.com. 3600 IN A 11.11.11.11 188SECTION AUTHORITY 189SECTION ADDITIONAL 190ENTRY_END 191 192SCENARIO_END 193