black_key_entry.rpl revision 1.1.1.4
1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 ede: yes 10 11stub-zone: 12 name: "." 13 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 14CONFIG_END 15 16SCENARIO_BEGIN Test validator with blacked key entry and further queries 17; DNSKEY not for prime but further down the chain of trust 18; the blacklist action does not help. 19; the further queries should not generate traffic to the authority any more. 20; until the key entry expires. 21 22; K.ROOT-SERVERS.NET. 23RANGE_BEGIN 0 99 24 ADDRESS 193.0.14.129 25ENTRY_BEGIN 26MATCH opcode qtype qname 27ADJUST copy_id 28REPLY QR NOERROR 29SECTION QUESTION 30. IN NS 31SECTION ANSWER 32. IN NS K.ROOT-SERVERS.NET. 33SECTION ADDITIONAL 34K.ROOT-SERVERS.NET. IN A 193.0.14.129 35ENTRY_END 36 37ENTRY_BEGIN 38MATCH opcode subdomain 39ADJUST copy_id copy_query 40REPLY QR NOERROR 41SECTION QUESTION 42com. IN A 43SECTION AUTHORITY 44com. IN NS a.gtld-servers.net. 45SECTION ADDITIONAL 46a.gtld-servers.net. IN A 192.5.6.30 47ENTRY_END 48RANGE_END 49 50; a.gtld-servers.net. 51RANGE_BEGIN 0 99 52 ADDRESS 192.5.6.30 53ENTRY_BEGIN 54MATCH opcode qtype qname 55ADJUST copy_id 56REPLY QR NOERROR 57SECTION QUESTION 58com. IN NS 59SECTION ANSWER 60com. IN NS a.gtld-servers.net. 61SECTION ADDITIONAL 62a.gtld-servers.net. IN A 192.5.6.30 63ENTRY_END 64 65ENTRY_BEGIN 66MATCH opcode qtype qname 67ADJUST copy_id 68REPLY QR NOERROR 69SECTION QUESTION 70ns.blabla.com. IN A 71SECTION ANSWER 72ns.blabla.com. IN A 1.2.3.5 73ENTRY_END 74 75ENTRY_BEGIN 76MATCH opcode qtype qname 77ADJUST copy_id 78REPLY QR NOERROR 79SECTION QUESTION 80ns.blabla.com. IN AAAA 81SECTION AUTHORITY 82com. IN SOA com. com. 2009100100 28800 7200 604800 3600 83ENTRY_END 84 85ENTRY_BEGIN 86MATCH opcode qtype qname 87ADJUST copy_id 88REPLY QR NOERROR 89SECTION QUESTION 90ns.foo.com. IN A 91SECTION ANSWER 92ns.foo.com. IN A 1.2.4.7 93ENTRY_END 94 95ENTRY_BEGIN 96MATCH opcode qtype qname 97ADJUST copy_id 98REPLY QR NOERROR 99SECTION QUESTION 100ns.foo.com. IN AAAA 101SECTION AUTHORITY 102com. IN SOA com. com. 2009100100 28800 7200 604800 3600 103ENTRY_END 104 105ENTRY_BEGIN 106MATCH opcode subdomain 107ADJUST copy_id copy_query 108REPLY QR NOERROR 109SECTION QUESTION 110example.com. IN NS 111SECTION AUTHORITY 112example.com. IN NS ns.example.com. 113example.com. IN NS ns.blabla.com. 114SECTION ADDITIONAL 115ns.example.com. IN A 1.2.3.4 116ENTRY_END 117RANGE_END 118 119; ns.example.com. 120RANGE_BEGIN 0 99 121 ADDRESS 1.2.3.4 122ENTRY_BEGIN 123MATCH opcode qtype qname 124ADJUST copy_id 125REPLY QR NOERROR 126SECTION QUESTION 127example.com. IN NS 128SECTION ANSWER 129example.com. IN NS ns.example.com. 130example.com. IN NS ns.blabla.com. 131example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. AKJ3xUBdSrCiOFkYajsy93d+h06rewpbmBHItTkL8R/26rw57b1gCIg= ;{id = 2854} 132SECTION ADDITIONAL 133ns.example.com. IN A 1.2.3.4 134ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854} 135ENTRY_END 136 137ENTRY_BEGIN 138MATCH opcode qtype qname 139ADJUST copy_id 140REPLY QR NOERROR 141SECTION QUESTION 142ns.example.com. IN A 143SECTION ANSWER 144ns.example.com. IN A 1.2.3.4 145ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854} 146SECTION ADDITIONAL 147ENTRY_END 148 149ENTRY_BEGIN 150MATCH opcode qtype qname 151ADJUST copy_id 152REPLY QR NOERROR 153SECTION QUESTION 154ns.example.com. IN AAAA 155SECTION ANSWER 156SECTION ADDITIONAL 157ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A 158ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20030926134150 20030829134150 2854 example.com. ACFVLLBtuSX/1z3461tbOwDz9zTHe5S9DbVtwnSO1f2x06fYbMpzSDE= ;{id = 2854} 159ENTRY_END 160 161; response to DNSKEY priming query 162ENTRY_BEGIN 163MATCH opcode qtype qname 164ADJUST copy_id 165REPLY QR NOERROR 166SECTION QUESTION 167example.com. IN DNSKEY 168SECTION ANSWER 169example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 170; make priming query succeed 171example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 172;example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20030926134150 20030829134150 2854 example.com. AG21xE8CFQzTq6XtHErg28b9EAmqPsoYCUcFPEAoAjFybM6AY4/bMOo= ;{id = 2854} 173SECTION AUTHORITY 174;example.com. IN NS ns.example.com. 175;example.com. IN NS ns.blabla.com. 176;example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACiWu7zjBHqgEX3iUoOF7rfpOmIAHj1npKQ+XDIaNlmdkfJxoCwFl04= ;{id = 2854} 177SECTION ADDITIONAL 178;ns.example.com. IN A 1.2.3.4 179;ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. ACmAsKTf7hqDaYK8CQ7FL1cGYPW+blTCnzZGkExFtEUAGrHeze87o+A= ;{id = 2854} 180ENTRY_END 181 182ENTRY_BEGIN 183MATCH opcode qtype qname 184ADJUST copy_id 185REPLY QR NOERROR 186SECTION QUESTION 187www.example.com. IN A 188SECTION ANSWER 189www.example.com. IN A 10.20.30.40 190www.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGj9kE8oW3OhOLhkmJ3HBaNIOpvGf3S8zSd5gWmhpxAMc5hh6cxZfpQ= ;{id = 2854} 191SECTION AUTHORITY 192example.com. IN NS ns.example.com. 193example.com. IN NS ns.blabla.com. 194example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACHETweBNPgbmRoNRdKvxuw4X9qNUUTEpSuwV+HhuiBE83gbB98asAc= ;{id = 2854} 195SECTION ADDITIONAL 196ns.example.com. IN A 1.2.3.4 197ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGvu9A/nGsbatxJCmnObioIhKg2Tm0Apr0eo+DO1kIDrAHco/bt/EdY= ;{id = 2854} 198ENTRY_END 199 200; DS request 201ENTRY_BEGIN 202MATCH opcode qtype qname 203ADJUST copy_id 204REPLY QR AA NOERROR 205SECTION QUESTION 206sub.example.com. IN DS 207SECTION ANSWER 208sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 209sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AKslZ9oXcoyeOkPfGkTB3/hxnpdgU5ahzElLyK6B0n6+BdIXeirIEtE= ;{id = 2854} 210;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20030926134150 20030829134150 2854 example.com. AAT/7XwtMjHiT1GFHfV6Wvv4n+oOkqxllNdf9bLnpTHw/8h586yBgwg= ;{id = 2854} 211ENTRY_END 212 213ENTRY_BEGIN 214MATCH opcode subdomain 215ADJUST copy_id copy_query 216REPLY QR AA NOERROR 217SECTION QUESTION 218sub.example.com. IN NS 219SECTION AUTHORITY 220sub.example.com. IN NS ns.sub.example.com. 221;sub.example.com. IN NS ns.foo.com. 222sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 223sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AKslZ9oXcoyeOkPfGkTB3/hxnpdgU5ahzElLyK6B0n6+BdIXeirIEtE= ;{id = 2854} 224;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20030926134150 20030829134150 2854 example.com. AAT/7XwtMjHiT1GFHfV6Wvv4n+oOkqxllNdf9bLnpTHw/8h586yBgwg= ;{id = 2854} 225SECTION ADDITIONAL 226ns.sub.example.com. IN A 1.2.4.6 227ENTRY_END 228 229RANGE_END 230 231; ns.blabla.com. 232RANGE_BEGIN 0 99 233 ADDRESS 1.2.3.5 234ENTRY_BEGIN 235MATCH opcode qtype qname 236ADJUST copy_id 237REPLY QR NOERROR 238SECTION QUESTION 239example.com. IN NS 240SECTION ANSWER 241example.com. IN NS ns.example.com. 242example.com. IN NS ns.blabla.com. 243example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 244SECTION ADDITIONAL 245ns.example.com. IN A 1.2.3.4 246ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 247ENTRY_END 248 249ENTRY_BEGIN 250MATCH opcode qtype qname 251ADJUST copy_id 252REPLY QR NOERROR 253SECTION QUESTION 254ns.example.com. IN A 255SECTION ANSWER 256ns.example.com. IN A 1.2.3.4 257ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 258SECTION ADDITIONAL 259ENTRY_END 260 261ENTRY_BEGIN 262MATCH opcode qtype qname 263ADJUST copy_id 264REPLY QR NOERROR 265SECTION QUESTION 266ns.example.com. IN AAAA 267SECTION ANSWER 268SECTION ADDITIONAL 269ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A 270ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABhDNtJramb2a4R1SK5gb/CTYJybQts6mZ++z3kLiwsrUSZInA4ikeQ= ;{id = 2854} 271ENTRY_END 272 273; response to DNSKEY priming query 274ENTRY_BEGIN 275MATCH opcode qtype qname 276ADJUST copy_id 277REPLY QR NOERROR 278SECTION QUESTION 279example.com. IN DNSKEY 280SECTION ANSWER 281example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 282example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 283SECTION AUTHORITY 284example.com. IN NS ns.example.com. 285example.com. IN NS ns.blabla.com. 286example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 287SECTION ADDITIONAL 288ns.example.com. IN A 1.2.3.4 289ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 290ENTRY_END 291 292ENTRY_BEGIN 293MATCH opcode qtype qname 294ADJUST copy_id 295REPLY QR NOERROR 296SECTION QUESTION 297www.example.com. IN A 298SECTION ANSWER 299www.example.com. IN A 10.20.30.40 300ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 301SECTION AUTHORITY 302example.com. IN NS ns.example.com. 303example.com. IN NS ns.blabla.com. 304example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 305SECTION ADDITIONAL 306ns.example.com. IN A 1.2.3.4 307www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 308ENTRY_END 309 310; DS request 311ENTRY_BEGIN 312MATCH opcode qtype qname 313ADJUST copy_id 314REPLY QR AA NOERROR 315SECTION QUESTION 316sub.example.com. IN DS 317SECTION ANSWER 318sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 319sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AKslZ9oXcoyeOkPfGkTB3/hxnpdgU5ahzElLyK6B0n6+BdIXeirIEtE= ;{id = 2854} 320ENTRY_END 321 322ENTRY_BEGIN 323MATCH opcode subdomain 324ADJUST copy_id copy_query 325REPLY QR AA NOERROR 326SECTION QUESTION 327sub.example.com. IN NS 328SECTION AUTHORITY 329sub.example.com. IN NS ns.sub.example.com. 330;sub.example.com. IN NS ns.foo.com. 331sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 332sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AKslZ9oXcoyeOkPfGkTB3/hxnpdgU5ahzElLyK6B0n6+BdIXeirIEtE= ;{id = 2854} 333SECTION ADDITIONAL 334ns.sub.example.com. IN A 1.2.4.6 335ENTRY_END 336 337RANGE_END 338 339; ns.sub.example.com. 340RANGE_BEGIN 0 99 341 ADDRESS 1.2.4.6 342ENTRY_BEGIN 343MATCH opcode qtype qname 344ADJUST copy_id 345REPLY QR AA NOERROR 346SECTION QUESTION 347sub.example.com. IN DNSKEY 348SECTION ANSWER 349sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 350sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20030926134150 20030829134150 30899 sub.example.com. g+YoDwrCF75YCFyqYoxlF+/mNfcscnuZ6LfmfBgPLohlvCCC7jYj/wkc2fxAl3MEK0CriWkHp1hw0QQYkmbbKw== ;{id = 30899} 351ENTRY_END 352 353ENTRY_BEGIN 354MATCH opcode qtype qname 355ADJUST copy_id 356REPLY QR AA NOERROR 357SECTION QUESTION 358sub.example.com. IN NS 359SECTION ANSWER 360sub.example.com. IN NS ns.sub.example.com. 361;sub.example.com. IN NS ns.foo.com. 362sub.example.com. 3600 IN RRSIG NS 5 3 3600 20030926134150 20030829134150 30899 sub.example.com. VCDq+gfZHuziE81Uypxm2va4eXCtoD8F8YKkwNo8laMNUcXh/hvGdbHKXMMghwuJXgxLh89Diu5kywBVwb/AIg== ;{id = 30899} 363SECTION ADDITIONAL 364ns.sub.example.com. IN A 1.2.4.6 365ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20030926134150 20030829134150 30899 sub.example.com. l3wjlbDU2y7ECix6t1pp5Rtz+qFlADRMohcRsCrnD9b99IoOL0/cTpvvf2V1VTJveIibFGhbcHTuCqAQ4G4FKA== ;{id = 30899} 366ENTRY_END 367 368ENTRY_BEGIN 369MATCH opcode qtype qname 370ADJUST copy_id 371REPLY QR AA NOERROR 372SECTION QUESTION 373ns.sub.example.com. IN A 374SECTION ANSWER 375ns.sub.example.com. IN A 1.2.4.6 376ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20030926134150 20030829134150 30899 sub.example.com. l3wjlbDU2y7ECix6t1pp5Rtz+qFlADRMohcRsCrnD9b99IoOL0/cTpvvf2V1VTJveIibFGhbcHTuCqAQ4G4FKA== ;{id = 30899} 377ENTRY_END 378 379ENTRY_BEGIN 380MATCH opcode qtype qname 381ADJUST copy_id 382REPLY QR AA NOERROR 383SECTION QUESTION 384ns.sub.example.com. IN AAAA 385SECTION AUTHORITY 386ns.sub.example.com. IN NSEC nt.sub.example.com. NSEC RRSIG A 387ns.sub.example.com. 3600 IN RRSIG NSEC 5 4 3600 20030926134150 20030829134150 30899 sub.example.com. eVe3iQS2/a1Y57AA2QSlMU/z31xaJ2mwUU36PZh8vlv6shPpQywAT70JdX6+ZsuliRpsbY6crkVXTXJ2qpKTiQ== ;{id = 30899} 388sub.example.com. IN SOA sub.example.com. hostmaster.sub.example.com. 1 2 3 4 5 389sub.example.com. 3600 IN RRSIG SOA 5 3 3600 20030926134150 20030829134150 30899 sub.example.com. vEX2n1CksMr5jPq9d2BQJMIDwxaXdWlY5mYg+PBmOFI4xngFMKTsXa/+SfJy2SiqAgHTDI6joIo30AdQJsjdHA== ;{id = 30899} 390ENTRY_END 391 392ENTRY_BEGIN 393MATCH opcode qtype qname 394ADJUST copy_id 395REPLY QR AA NOERROR 396SECTION QUESTION 397www.sub.example.com. IN A 398SECTION ANSWER 399www.sub.example.com. IN A 10.20.30.40 400www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20030926134150 20030829134150 30899 sub.example.com. dBK6JOkKlp2G+f7mhInKnQM6DUBnEziTS+KpXzQ/5HT8/h9XkryOt4vAJKGCz0Ew3qRqjLgylsbGrcuxmIO9jA== ;{id = 30899} 401ENTRY_END 402 403RANGE_END 404 405; ns.foo.com. 406RANGE_BEGIN 0 99 407 ADDRESS 1.2.4.7 408ENTRY_BEGIN 409MATCH opcode qtype qname 410ADJUST copy_id 411REPLY QR AA NOERROR 412SECTION QUESTION 413sub.example.com. IN DNSKEY 414SECTION ANSWER 415sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 416sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} 417ENTRY_END 418 419ENTRY_BEGIN 420MATCH opcode qtype qname 421ADJUST copy_id 422REPLY QR AA NOERROR 423SECTION QUESTION 424sub.example.com. IN NS 425SECTION ANSWER 426sub.example.com. IN NS ns.sub.example.com. 427;sub.example.com. IN NS ns.foo.com. 428sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. hJ3nkrfyBwPcfpwc9wEwzhF5+ZKUddKBHQuZuHPZBjBwb1BsT7B7ryadttbGE3keQJiwNmK9AqvE0Zb+WkDceg== ;{id = 30899} 429SECTION ADDITIONAL 430ns.sub.example.com. IN A 1.2.4.6 431ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. fMRshSYDWgvGAwc24Lzg6746jnoG5shlK+o9CgzU7CQbkeNWmj3oO/0TJGP/zxp52JiDBpzRuTmBlrcJYV/gBA== ;{id = 30899} 432ENTRY_END 433 434ENTRY_BEGIN 435MATCH opcode qtype qname 436ADJUST copy_id 437REPLY QR AA NOERROR 438SECTION QUESTION 439ns.sub.example.com. IN A 440SECTION ANSWER 441ns.sub.example.com. IN A 1.2.4.6 442ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. fMRshSYDWgvGAwc24Lzg6746jnoG5shlK+o9CgzU7CQbkeNWmj3oO/0TJGP/zxp52JiDBpzRuTmBlrcJYV/gBA== ;{id = 30899} 443ENTRY_END 444 445ENTRY_BEGIN 446MATCH opcode qtype qname 447ADJUST copy_id 448REPLY QR AA NOERROR 449SECTION QUESTION 450ns.sub.example.com. IN AAAA 451SECTION AUTHORITY 452ns.sub.example.com. IN NSEC nt.sub.example.com. NSEC RRSIG A 453ns.sub.example.com. 3600 IN RRSIG NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. qwUibvlPTFnxgiyCNtEJCYqJIgA8WFDqypmsO6TSYje2Rqhq4AaWEVxQwU4bdjmipCGVqtlP8mMyMQHaYNMGKA== ;{id = 30899} 454sub.example.com. IN SOA sub.example.com. hostmaster.sub.example.com. 1 2 3 4 5 455sub.example.com. 3600 IN RRSIG SOA 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. sZQEMd0ys2mxPRajzBuvy4XdLNVvXMmJSnmfTHUL41d9IxbGN/ifpiIWs2MXOFPnbab05aYadrzZpT/cpDTxmQ== ;{id = 30899} 456ENTRY_END 457 458ENTRY_BEGIN 459MATCH opcode qtype qname 460ADJUST copy_id 461REPLY QR AA NOERROR 462SECTION QUESTION 463www.sub.example.com. IN A 464SECTION ANSWER 465www.sub.example.com. IN A 10.20.30.40 466www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. deNzEy9Hq+6gDZhafC0M7UDuRBm51AA1/FAIauAitNuQlYUzOvWLVHFQ95bn308rCVPqrb4rFDV+gNzxkzm1rw== ;{id = 30899} 467ENTRY_END 468RANGE_END 469 470; ns.sub.example.com. 471; This is for after, so only new queries, no requeries allowed. 472RANGE_BEGIN 100 200 473 ADDRESS 1.2.4.6 474 475ENTRY_BEGIN 476MATCH opcode qtype qname 477ADJUST copy_id 478REPLY QR AA NOERROR 479SECTION QUESTION 480ftp.sub.example.com. IN A 481SECTION ANSWER 482ftp.sub.example.com. IN A 10.20.30.46 483ftp.sub.example.com. 3600 IN RRSIG A 5 4 3600 20030926134150 20030829134150 30899 sub.example.com. nbxk6SiooKsUeVm/ZGskrxKwhOSWdJt9ly9X6Hqji4DKpBskM6bqulmTt/xZ/3G4ZOguYBeiTp8qwlWjl7VoSQ== ;{id = 30899} 484ENTRY_END 485 486RANGE_END 487 488; ns.sub.example.com. 489; fixed version 490RANGE_BEGIN 200 300 491 ADDRESS 1.2.4.6 492ENTRY_BEGIN 493MATCH opcode qtype qname 494ADJUST copy_id 495REPLY QR AA NOERROR 496SECTION QUESTION 497sub.example.com. IN DNSKEY 498SECTION ANSWER 499sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 500sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} 501ENTRY_END 502 503ENTRY_BEGIN 504MATCH opcode qtype qname 505ADJUST copy_id 506REPLY QR AA NOERROR 507SECTION QUESTION 508sub.example.com. IN NS 509SECTION ANSWER 510sub.example.com. IN NS ns.sub.example.com. 511;sub.example.com. IN NS ns.foo.com. 512sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. hJ3nkrfyBwPcfpwc9wEwzhF5+ZKUddKBHQuZuHPZBjBwb1BsT7B7ryadttbGE3keQJiwNmK9AqvE0Zb+WkDceg== ;{id = 30899} 513SECTION ADDITIONAL 514ns.sub.example.com. IN A 1.2.4.6 515ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. fMRshSYDWgvGAwc24Lzg6746jnoG5shlK+o9CgzU7CQbkeNWmj3oO/0TJGP/zxp52JiDBpzRuTmBlrcJYV/gBA== ;{id = 30899} 516ENTRY_END 517 518ENTRY_BEGIN 519MATCH opcode qtype qname 520ADJUST copy_id 521REPLY QR AA NOERROR 522SECTION QUESTION 523ns.sub.example.com. IN A 524SECTION ANSWER 525ns.sub.example.com. IN A 1.2.4.6 526ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. fMRshSYDWgvGAwc24Lzg6746jnoG5shlK+o9CgzU7CQbkeNWmj3oO/0TJGP/zxp52JiDBpzRuTmBlrcJYV/gBA== ;{id = 30899} 527ENTRY_END 528 529ENTRY_BEGIN 530MATCH opcode qtype qname 531ADJUST copy_id 532REPLY QR AA NOERROR 533SECTION QUESTION 534ns.sub.example.com. IN AAAA 535SECTION AUTHORITY 536ns.sub.example.com. IN NSEC nt.sub.example.com. NSEC RRSIG A 537ns.sub.example.com. 3600 IN RRSIG NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. qwUibvlPTFnxgiyCNtEJCYqJIgA8WFDqypmsO6TSYje2Rqhq4AaWEVxQwU4bdjmipCGVqtlP8mMyMQHaYNMGKA== ;{id = 30899} 538sub.example.com. IN SOA sub.example.com. hostmaster.sub.example.com. 1 2 3 4 5 539sub.example.com. 3600 IN RRSIG SOA 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. sZQEMd0ys2mxPRajzBuvy4XdLNVvXMmJSnmfTHUL41d9IxbGN/ifpiIWs2MXOFPnbab05aYadrzZpT/cpDTxmQ== ;{id = 30899} 540ENTRY_END 541 542ENTRY_BEGIN 543MATCH opcode qtype qname 544ADJUST copy_id 545REPLY QR AA NOERROR 546SECTION QUESTION 547www.sub.example.com. IN A 548SECTION ANSWER 549www.sub.example.com. IN A 10.20.30.40 550www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. deNzEy9Hq+6gDZhafC0M7UDuRBm51AA1/FAIauAitNuQlYUzOvWLVHFQ95bn308rCVPqrb4rFDV+gNzxkzm1rw== ;{id = 30899} 551ENTRY_END 552RANGE_END 553 554STEP 1 QUERY 555ENTRY_BEGIN 556REPLY RD DO 557SECTION QUESTION 558www.sub.example.com. IN A 559ENTRY_END 560 561; recursion happens here. 562STEP 10 CHECK_ANSWER 563ENTRY_BEGIN 564MATCH all ede=7 565REPLY QR RD RA DO SERVFAIL 566SECTION QUESTION 567www.sub.example.com. IN A 568SECTION ANSWER 569ENTRY_END 570 571; no more outgoing traffic possible. 572STEP 110 QUERY 573ENTRY_BEGIN 574REPLY RD DO 575SECTION QUESTION 576ftp.sub.example.com. IN A 577ENTRY_END 578 579STEP 120 CHECK_ANSWER 580ENTRY_BEGIN 581MATCH all ede=7 582REPLY QR RD RA DO SERVFAIL 583SECTION QUESTION 584ftp.sub.example.com. IN A 585SECTION ANSWER 586ENTRY_END 587 588; wait for timeout seconds. 589STEP 130 TIME_PASSES ELAPSE 901 590 591STEP 210 QUERY 592ENTRY_BEGIN 593REPLY RD DO 594SECTION QUESTION 595www.sub.example.com. IN A 596ENTRY_END 597 598; recursion happens here. 599STEP 220 CHECK_ANSWER 600ENTRY_BEGIN 601MATCH all 602REPLY QR RD RA AD DO NOERROR 603SECTION QUESTION 604www.sub.example.com. IN A 605SECTION ANSWER 606www.sub.example.com. IN A 10.20.30.40 607www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. deNzEy9Hq+6gDZhafC0M7UDuRBm51AA1/FAIauAitNuQlYUzOvWLVHFQ95bn308rCVPqrb4rFDV+gNzxkzm1rw== ;{id = 30899} 608ENTRY_END 609 610 611SCENARIO_END 612