black_key_entry.rpl revision 1.1.1.5
1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 ede: yes 10 access-control: 127.0.0.0/8 allow_snoop 11 12stub-zone: 13 name: "." 14 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 15CONFIG_END 16 17SCENARIO_BEGIN Test validator with blacked key entry and further queries 18; DNSKEY not for prime but further down the chain of trust 19; the blacklist action does not help. 20; the further queries should not generate traffic to the authority any more. 21; until the key entry expires. 22 23; K.ROOT-SERVERS.NET. 24RANGE_BEGIN 0 99 25 ADDRESS 193.0.14.129 26ENTRY_BEGIN 27MATCH opcode qtype qname 28ADJUST copy_id 29REPLY QR NOERROR 30SECTION QUESTION 31. IN NS 32SECTION ANSWER 33. IN NS K.ROOT-SERVERS.NET. 34SECTION ADDITIONAL 35K.ROOT-SERVERS.NET. IN A 193.0.14.129 36ENTRY_END 37 38ENTRY_BEGIN 39MATCH opcode subdomain 40ADJUST copy_id copy_query 41REPLY QR NOERROR 42SECTION QUESTION 43com. IN A 44SECTION AUTHORITY 45com. IN NS a.gtld-servers.net. 46SECTION ADDITIONAL 47a.gtld-servers.net. IN A 192.5.6.30 48ENTRY_END 49RANGE_END 50 51; a.gtld-servers.net. 52RANGE_BEGIN 0 99 53 ADDRESS 192.5.6.30 54ENTRY_BEGIN 55MATCH opcode qtype qname 56ADJUST copy_id 57REPLY QR NOERROR 58SECTION QUESTION 59com. IN NS 60SECTION ANSWER 61com. IN NS a.gtld-servers.net. 62SECTION ADDITIONAL 63a.gtld-servers.net. IN A 192.5.6.30 64ENTRY_END 65 66ENTRY_BEGIN 67MATCH opcode qtype qname 68ADJUST copy_id 69REPLY QR NOERROR 70SECTION QUESTION 71ns.blabla.com. IN A 72SECTION ANSWER 73ns.blabla.com. IN A 1.2.3.5 74ENTRY_END 75 76ENTRY_BEGIN 77MATCH opcode qtype qname 78ADJUST copy_id 79REPLY QR NOERROR 80SECTION QUESTION 81ns.blabla.com. IN AAAA 82SECTION AUTHORITY 83com. IN SOA com. com. 2009100100 28800 7200 604800 3600 84ENTRY_END 85 86ENTRY_BEGIN 87MATCH opcode qtype qname 88ADJUST copy_id 89REPLY QR NOERROR 90SECTION QUESTION 91ns.foo.com. IN A 92SECTION ANSWER 93ns.foo.com. IN A 1.2.4.7 94ENTRY_END 95 96ENTRY_BEGIN 97MATCH opcode qtype qname 98ADJUST copy_id 99REPLY QR NOERROR 100SECTION QUESTION 101ns.foo.com. IN AAAA 102SECTION AUTHORITY 103com. IN SOA com. com. 2009100100 28800 7200 604800 3600 104ENTRY_END 105 106ENTRY_BEGIN 107MATCH opcode subdomain 108ADJUST copy_id copy_query 109REPLY QR NOERROR 110SECTION QUESTION 111example.com. IN NS 112SECTION AUTHORITY 113example.com. IN NS ns.example.com. 114example.com. IN NS ns.blabla.com. 115SECTION ADDITIONAL 116ns.example.com. IN A 1.2.3.4 117ENTRY_END 118RANGE_END 119 120; ns.example.com. 121RANGE_BEGIN 0 99 122 ADDRESS 1.2.3.4 123ENTRY_BEGIN 124MATCH opcode qtype qname 125ADJUST copy_id 126REPLY QR NOERROR 127SECTION QUESTION 128example.com. IN NS 129SECTION ANSWER 130example.com. IN NS ns.example.com. 131example.com. IN NS ns.blabla.com. 132example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. AKJ3xUBdSrCiOFkYajsy93d+h06rewpbmBHItTkL8R/26rw57b1gCIg= ;{id = 2854} 133SECTION ADDITIONAL 134ns.example.com. IN A 1.2.3.4 135ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854} 136ENTRY_END 137 138ENTRY_BEGIN 139MATCH opcode qtype qname 140ADJUST copy_id 141REPLY QR NOERROR 142SECTION QUESTION 143ns.example.com. IN A 144SECTION ANSWER 145ns.example.com. IN A 1.2.3.4 146ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854} 147SECTION ADDITIONAL 148ENTRY_END 149 150ENTRY_BEGIN 151MATCH opcode qtype qname 152ADJUST copy_id 153REPLY QR NOERROR 154SECTION QUESTION 155ns.example.com. IN AAAA 156SECTION ANSWER 157SECTION ADDITIONAL 158ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A 159ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20030926134150 20030829134150 2854 example.com. ACFVLLBtuSX/1z3461tbOwDz9zTHe5S9DbVtwnSO1f2x06fYbMpzSDE= ;{id = 2854} 160ENTRY_END 161 162; response to DNSKEY priming query 163ENTRY_BEGIN 164MATCH opcode qtype qname 165ADJUST copy_id 166REPLY QR NOERROR 167SECTION QUESTION 168example.com. IN DNSKEY 169SECTION ANSWER 170example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 171; make priming query succeed 172example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 173;example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20030926134150 20030829134150 2854 example.com. AG21xE8CFQzTq6XtHErg28b9EAmqPsoYCUcFPEAoAjFybM6AY4/bMOo= ;{id = 2854} 174SECTION AUTHORITY 175;example.com. IN NS ns.example.com. 176;example.com. IN NS ns.blabla.com. 177;example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACiWu7zjBHqgEX3iUoOF7rfpOmIAHj1npKQ+XDIaNlmdkfJxoCwFl04= ;{id = 2854} 178SECTION ADDITIONAL 179;ns.example.com. IN A 1.2.3.4 180;ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. ACmAsKTf7hqDaYK8CQ7FL1cGYPW+blTCnzZGkExFtEUAGrHeze87o+A= ;{id = 2854} 181ENTRY_END 182 183ENTRY_BEGIN 184MATCH opcode qtype qname 185ADJUST copy_id 186REPLY QR NOERROR 187SECTION QUESTION 188www.example.com. IN A 189SECTION ANSWER 190www.example.com. IN A 10.20.30.40 191www.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGj9kE8oW3OhOLhkmJ3HBaNIOpvGf3S8zSd5gWmhpxAMc5hh6cxZfpQ= ;{id = 2854} 192SECTION AUTHORITY 193example.com. IN NS ns.example.com. 194example.com. IN NS ns.blabla.com. 195example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACHETweBNPgbmRoNRdKvxuw4X9qNUUTEpSuwV+HhuiBE83gbB98asAc= ;{id = 2854} 196SECTION ADDITIONAL 197ns.example.com. IN A 1.2.3.4 198ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGvu9A/nGsbatxJCmnObioIhKg2Tm0Apr0eo+DO1kIDrAHco/bt/EdY= ;{id = 2854} 199ENTRY_END 200 201; DS request 202ENTRY_BEGIN 203MATCH opcode qtype qname 204ADJUST copy_id 205REPLY QR AA NOERROR 206SECTION QUESTION 207sub.example.com. IN DS 208SECTION ANSWER 209sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 210sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AKslZ9oXcoyeOkPfGkTB3/hxnpdgU5ahzElLyK6B0n6+BdIXeirIEtE= ;{id = 2854} 211;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20030926134150 20030829134150 2854 example.com. AAT/7XwtMjHiT1GFHfV6Wvv4n+oOkqxllNdf9bLnpTHw/8h586yBgwg= ;{id = 2854} 212ENTRY_END 213 214ENTRY_BEGIN 215MATCH opcode subdomain 216ADJUST copy_id copy_query 217REPLY QR AA NOERROR 218SECTION QUESTION 219sub.example.com. IN NS 220SECTION AUTHORITY 221sub.example.com. IN NS ns.sub.example.com. 222;sub.example.com. IN NS ns.foo.com. 223sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 224sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AKslZ9oXcoyeOkPfGkTB3/hxnpdgU5ahzElLyK6B0n6+BdIXeirIEtE= ;{id = 2854} 225;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20030926134150 20030829134150 2854 example.com. AAT/7XwtMjHiT1GFHfV6Wvv4n+oOkqxllNdf9bLnpTHw/8h586yBgwg= ;{id = 2854} 226SECTION ADDITIONAL 227ns.sub.example.com. IN A 1.2.4.6 228ENTRY_END 229 230RANGE_END 231 232; ns.blabla.com. 233RANGE_BEGIN 0 99 234 ADDRESS 1.2.3.5 235ENTRY_BEGIN 236MATCH opcode qtype qname 237ADJUST copy_id 238REPLY QR NOERROR 239SECTION QUESTION 240example.com. IN NS 241SECTION ANSWER 242example.com. IN NS ns.example.com. 243example.com. IN NS ns.blabla.com. 244example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 245SECTION ADDITIONAL 246ns.example.com. IN A 1.2.3.4 247ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 248ENTRY_END 249 250ENTRY_BEGIN 251MATCH opcode qtype qname 252ADJUST copy_id 253REPLY QR NOERROR 254SECTION QUESTION 255ns.example.com. IN A 256SECTION ANSWER 257ns.example.com. IN A 1.2.3.4 258ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 259SECTION ADDITIONAL 260ENTRY_END 261 262ENTRY_BEGIN 263MATCH opcode qtype qname 264ADJUST copy_id 265REPLY QR NOERROR 266SECTION QUESTION 267ns.example.com. IN AAAA 268SECTION ANSWER 269SECTION ADDITIONAL 270ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A 271ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABhDNtJramb2a4R1SK5gb/CTYJybQts6mZ++z3kLiwsrUSZInA4ikeQ= ;{id = 2854} 272ENTRY_END 273 274; response to DNSKEY priming query 275ENTRY_BEGIN 276MATCH opcode qtype qname 277ADJUST copy_id 278REPLY QR NOERROR 279SECTION QUESTION 280example.com. IN DNSKEY 281SECTION ANSWER 282example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 283example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 284SECTION AUTHORITY 285example.com. IN NS ns.example.com. 286example.com. IN NS ns.blabla.com. 287example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 288SECTION ADDITIONAL 289ns.example.com. IN A 1.2.3.4 290ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 291ENTRY_END 292 293ENTRY_BEGIN 294MATCH opcode qtype qname 295ADJUST copy_id 296REPLY QR NOERROR 297SECTION QUESTION 298www.example.com. IN A 299SECTION ANSWER 300www.example.com. IN A 10.20.30.40 301ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 302SECTION AUTHORITY 303example.com. IN NS ns.example.com. 304example.com. IN NS ns.blabla.com. 305example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854} 306SECTION ADDITIONAL 307ns.example.com. IN A 1.2.3.4 308www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 309ENTRY_END 310 311; DS request 312ENTRY_BEGIN 313MATCH opcode qtype qname 314ADJUST copy_id 315REPLY QR AA NOERROR 316SECTION QUESTION 317sub.example.com. IN DS 318SECTION ANSWER 319sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 320sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AKslZ9oXcoyeOkPfGkTB3/hxnpdgU5ahzElLyK6B0n6+BdIXeirIEtE= ;{id = 2854} 321ENTRY_END 322 323ENTRY_BEGIN 324MATCH opcode subdomain 325ADJUST copy_id copy_query 326REPLY QR AA NOERROR 327SECTION QUESTION 328sub.example.com. IN NS 329SECTION AUTHORITY 330sub.example.com. IN NS ns.sub.example.com. 331;sub.example.com. IN NS ns.foo.com. 332sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 333sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AKslZ9oXcoyeOkPfGkTB3/hxnpdgU5ahzElLyK6B0n6+BdIXeirIEtE= ;{id = 2854} 334SECTION ADDITIONAL 335ns.sub.example.com. IN A 1.2.4.6 336ENTRY_END 337 338RANGE_END 339 340; ns.sub.example.com. 341RANGE_BEGIN 0 99 342 ADDRESS 1.2.4.6 343ENTRY_BEGIN 344MATCH opcode qtype qname 345ADJUST copy_id 346REPLY QR AA NOERROR 347SECTION QUESTION 348sub.example.com. IN DNSKEY 349SECTION ANSWER 350sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 351sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20030926134150 20030829134150 30899 sub.example.com. g+YoDwrCF75YCFyqYoxlF+/mNfcscnuZ6LfmfBgPLohlvCCC7jYj/wkc2fxAl3MEK0CriWkHp1hw0QQYkmbbKw== ;{id = 30899} 352ENTRY_END 353 354ENTRY_BEGIN 355MATCH opcode qtype qname 356ADJUST copy_id 357REPLY QR AA NOERROR 358SECTION QUESTION 359sub.example.com. IN NS 360SECTION ANSWER 361sub.example.com. IN NS ns.sub.example.com. 362;sub.example.com. IN NS ns.foo.com. 363sub.example.com. 3600 IN RRSIG NS 5 3 3600 20030926134150 20030829134150 30899 sub.example.com. VCDq+gfZHuziE81Uypxm2va4eXCtoD8F8YKkwNo8laMNUcXh/hvGdbHKXMMghwuJXgxLh89Diu5kywBVwb/AIg== ;{id = 30899} 364SECTION ADDITIONAL 365ns.sub.example.com. IN A 1.2.4.6 366ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20030926134150 20030829134150 30899 sub.example.com. l3wjlbDU2y7ECix6t1pp5Rtz+qFlADRMohcRsCrnD9b99IoOL0/cTpvvf2V1VTJveIibFGhbcHTuCqAQ4G4FKA== ;{id = 30899} 367ENTRY_END 368 369ENTRY_BEGIN 370MATCH opcode qtype qname 371ADJUST copy_id 372REPLY QR AA NOERROR 373SECTION QUESTION 374ns.sub.example.com. IN A 375SECTION ANSWER 376ns.sub.example.com. IN A 1.2.4.6 377ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20030926134150 20030829134150 30899 sub.example.com. l3wjlbDU2y7ECix6t1pp5Rtz+qFlADRMohcRsCrnD9b99IoOL0/cTpvvf2V1VTJveIibFGhbcHTuCqAQ4G4FKA== ;{id = 30899} 378ENTRY_END 379 380ENTRY_BEGIN 381MATCH opcode qtype qname 382ADJUST copy_id 383REPLY QR AA NOERROR 384SECTION QUESTION 385ns.sub.example.com. IN AAAA 386SECTION AUTHORITY 387ns.sub.example.com. IN NSEC nt.sub.example.com. NSEC RRSIG A 388ns.sub.example.com. 3600 IN RRSIG NSEC 5 4 3600 20030926134150 20030829134150 30899 sub.example.com. eVe3iQS2/a1Y57AA2QSlMU/z31xaJ2mwUU36PZh8vlv6shPpQywAT70JdX6+ZsuliRpsbY6crkVXTXJ2qpKTiQ== ;{id = 30899} 389sub.example.com. IN SOA sub.example.com. hostmaster.sub.example.com. 1 2 3 4 5 390sub.example.com. 3600 IN RRSIG SOA 5 3 3600 20030926134150 20030829134150 30899 sub.example.com. vEX2n1CksMr5jPq9d2BQJMIDwxaXdWlY5mYg+PBmOFI4xngFMKTsXa/+SfJy2SiqAgHTDI6joIo30AdQJsjdHA== ;{id = 30899} 391ENTRY_END 392 393ENTRY_BEGIN 394MATCH opcode qtype qname 395ADJUST copy_id 396REPLY QR AA NOERROR 397SECTION QUESTION 398www.sub.example.com. IN A 399SECTION ANSWER 400www.sub.example.com. IN A 10.20.30.40 401www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20030926134150 20030829134150 30899 sub.example.com. dBK6JOkKlp2G+f7mhInKnQM6DUBnEziTS+KpXzQ/5HT8/h9XkryOt4vAJKGCz0Ew3qRqjLgylsbGrcuxmIO9jA== ;{id = 30899} 402ENTRY_END 403 404RANGE_END 405 406; ns.foo.com. 407RANGE_BEGIN 0 99 408 ADDRESS 1.2.4.7 409ENTRY_BEGIN 410MATCH opcode qtype qname 411ADJUST copy_id 412REPLY QR AA NOERROR 413SECTION QUESTION 414sub.example.com. IN DNSKEY 415SECTION ANSWER 416sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 417sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} 418ENTRY_END 419 420ENTRY_BEGIN 421MATCH opcode qtype qname 422ADJUST copy_id 423REPLY QR AA NOERROR 424SECTION QUESTION 425sub.example.com. IN NS 426SECTION ANSWER 427sub.example.com. IN NS ns.sub.example.com. 428;sub.example.com. IN NS ns.foo.com. 429sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. hJ3nkrfyBwPcfpwc9wEwzhF5+ZKUddKBHQuZuHPZBjBwb1BsT7B7ryadttbGE3keQJiwNmK9AqvE0Zb+WkDceg== ;{id = 30899} 430SECTION ADDITIONAL 431ns.sub.example.com. IN A 1.2.4.6 432ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. fMRshSYDWgvGAwc24Lzg6746jnoG5shlK+o9CgzU7CQbkeNWmj3oO/0TJGP/zxp52JiDBpzRuTmBlrcJYV/gBA== ;{id = 30899} 433ENTRY_END 434 435ENTRY_BEGIN 436MATCH opcode qtype qname 437ADJUST copy_id 438REPLY QR AA NOERROR 439SECTION QUESTION 440ns.sub.example.com. IN A 441SECTION ANSWER 442ns.sub.example.com. IN A 1.2.4.6 443ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. fMRshSYDWgvGAwc24Lzg6746jnoG5shlK+o9CgzU7CQbkeNWmj3oO/0TJGP/zxp52JiDBpzRuTmBlrcJYV/gBA== ;{id = 30899} 444ENTRY_END 445 446ENTRY_BEGIN 447MATCH opcode qtype qname 448ADJUST copy_id 449REPLY QR AA NOERROR 450SECTION QUESTION 451ns.sub.example.com. IN AAAA 452SECTION AUTHORITY 453ns.sub.example.com. IN NSEC nt.sub.example.com. NSEC RRSIG A 454ns.sub.example.com. 3600 IN RRSIG NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. qwUibvlPTFnxgiyCNtEJCYqJIgA8WFDqypmsO6TSYje2Rqhq4AaWEVxQwU4bdjmipCGVqtlP8mMyMQHaYNMGKA== ;{id = 30899} 455sub.example.com. IN SOA sub.example.com. hostmaster.sub.example.com. 1 2 3 4 5 456sub.example.com. 3600 IN RRSIG SOA 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. sZQEMd0ys2mxPRajzBuvy4XdLNVvXMmJSnmfTHUL41d9IxbGN/ifpiIWs2MXOFPnbab05aYadrzZpT/cpDTxmQ== ;{id = 30899} 457ENTRY_END 458 459ENTRY_BEGIN 460MATCH opcode qtype qname 461ADJUST copy_id 462REPLY QR AA NOERROR 463SECTION QUESTION 464www.sub.example.com. IN A 465SECTION ANSWER 466www.sub.example.com. IN A 10.20.30.40 467www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. deNzEy9Hq+6gDZhafC0M7UDuRBm51AA1/FAIauAitNuQlYUzOvWLVHFQ95bn308rCVPqrb4rFDV+gNzxkzm1rw== ;{id = 30899} 468ENTRY_END 469RANGE_END 470 471; ns.sub.example.com. 472; This is for after, so only new queries, no requeries allowed. 473RANGE_BEGIN 100 200 474 ADDRESS 1.2.4.6 475 476ENTRY_BEGIN 477MATCH opcode qtype qname 478ADJUST copy_id 479REPLY QR AA NOERROR 480SECTION QUESTION 481ftp.sub.example.com. IN A 482SECTION ANSWER 483ftp.sub.example.com. IN A 10.20.30.46 484ftp.sub.example.com. 3600 IN RRSIG A 5 4 3600 20030926134150 20030829134150 30899 sub.example.com. nbxk6SiooKsUeVm/ZGskrxKwhOSWdJt9ly9X6Hqji4DKpBskM6bqulmTt/xZ/3G4ZOguYBeiTp8qwlWjl7VoSQ== ;{id = 30899} 485ENTRY_END 486 487RANGE_END 488 489; ns.sub.example.com. 490; fixed version 491RANGE_BEGIN 200 300 492 ADDRESS 1.2.4.6 493ENTRY_BEGIN 494MATCH opcode qtype qname 495ADJUST copy_id 496REPLY QR AA NOERROR 497SECTION QUESTION 498sub.example.com. IN DNSKEY 499SECTION ANSWER 500sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 501sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} 502ENTRY_END 503 504ENTRY_BEGIN 505MATCH opcode qtype qname 506ADJUST copy_id 507REPLY QR AA NOERROR 508SECTION QUESTION 509sub.example.com. IN NS 510SECTION ANSWER 511sub.example.com. IN NS ns.sub.example.com. 512;sub.example.com. IN NS ns.foo.com. 513sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. hJ3nkrfyBwPcfpwc9wEwzhF5+ZKUddKBHQuZuHPZBjBwb1BsT7B7ryadttbGE3keQJiwNmK9AqvE0Zb+WkDceg== ;{id = 30899} 514SECTION ADDITIONAL 515ns.sub.example.com. IN A 1.2.4.6 516ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. fMRshSYDWgvGAwc24Lzg6746jnoG5shlK+o9CgzU7CQbkeNWmj3oO/0TJGP/zxp52JiDBpzRuTmBlrcJYV/gBA== ;{id = 30899} 517ENTRY_END 518 519ENTRY_BEGIN 520MATCH opcode qtype qname 521ADJUST copy_id 522REPLY QR AA NOERROR 523SECTION QUESTION 524ns.sub.example.com. IN A 525SECTION ANSWER 526ns.sub.example.com. IN A 1.2.4.6 527ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. fMRshSYDWgvGAwc24Lzg6746jnoG5shlK+o9CgzU7CQbkeNWmj3oO/0TJGP/zxp52JiDBpzRuTmBlrcJYV/gBA== ;{id = 30899} 528ENTRY_END 529 530ENTRY_BEGIN 531MATCH opcode qtype qname 532ADJUST copy_id 533REPLY QR AA NOERROR 534SECTION QUESTION 535ns.sub.example.com. IN AAAA 536SECTION AUTHORITY 537ns.sub.example.com. IN NSEC nt.sub.example.com. NSEC RRSIG A 538ns.sub.example.com. 3600 IN RRSIG NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. qwUibvlPTFnxgiyCNtEJCYqJIgA8WFDqypmsO6TSYje2Rqhq4AaWEVxQwU4bdjmipCGVqtlP8mMyMQHaYNMGKA== ;{id = 30899} 539sub.example.com. IN SOA sub.example.com. hostmaster.sub.example.com. 1 2 3 4 5 540sub.example.com. 3600 IN RRSIG SOA 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. sZQEMd0ys2mxPRajzBuvy4XdLNVvXMmJSnmfTHUL41d9IxbGN/ifpiIWs2MXOFPnbab05aYadrzZpT/cpDTxmQ== ;{id = 30899} 541ENTRY_END 542 543ENTRY_BEGIN 544MATCH opcode qtype qname 545ADJUST copy_id 546REPLY QR AA NOERROR 547SECTION QUESTION 548www.sub.example.com. IN A 549SECTION ANSWER 550www.sub.example.com. IN A 10.20.30.40 551www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. deNzEy9Hq+6gDZhafC0M7UDuRBm51AA1/FAIauAitNuQlYUzOvWLVHFQ95bn308rCVPqrb4rFDV+gNzxkzm1rw== ;{id = 30899} 552ENTRY_END 553RANGE_END 554 555STEP 1 QUERY 556ENTRY_BEGIN 557REPLY RD DO 558SECTION QUESTION 559www.sub.example.com. IN A 560ENTRY_END 561 562; recursion happens here. 563STEP 10 CHECK_ANSWER 564ENTRY_BEGIN 565MATCH all ede=7 566REPLY QR RD RA DO SERVFAIL 567SECTION QUESTION 568www.sub.example.com. IN A 569SECTION ANSWER 570ENTRY_END 571 572; Redo the query without RD to check EDE caching. 573STEP 20 QUERY 574ENTRY_BEGIN 575REPLY DO 576SECTION QUESTION 577www.sub.example.com. IN A 578ENTRY_END 579 580STEP 30 CHECK_ANSWER 581ENTRY_BEGIN 582MATCH all ede=7 583REPLY QR RA DO SERVFAIL 584SECTION QUESTION 585www.sub.example.com. IN A 586SECTION ANSWER 587ENTRY_END 588 589; no more outgoing traffic possible. 590STEP 110 QUERY 591ENTRY_BEGIN 592REPLY RD DO 593SECTION QUESTION 594ftp.sub.example.com. IN A 595ENTRY_END 596 597STEP 120 CHECK_ANSWER 598ENTRY_BEGIN 599MATCH all ede=7 600REPLY QR RD RA DO SERVFAIL 601SECTION QUESTION 602ftp.sub.example.com. IN A 603SECTION ANSWER 604ENTRY_END 605 606; Redo the query without RD to check EDE caching. 607STEP 121 QUERY 608ENTRY_BEGIN 609REPLY DO 610SECTION QUESTION 611ftp.sub.example.com. IN A 612ENTRY_END 613 614STEP 122 CHECK_ANSWER 615ENTRY_BEGIN 616MATCH all ede=7 617REPLY QR RA DO SERVFAIL 618SECTION QUESTION 619ftp.sub.example.com. IN A 620SECTION ANSWER 621ENTRY_END 622 623; wait for timeout seconds. 624STEP 130 TIME_PASSES ELAPSE 901 625 626STEP 210 QUERY 627ENTRY_BEGIN 628REPLY RD DO 629SECTION QUESTION 630www.sub.example.com. IN A 631ENTRY_END 632 633; recursion happens here. 634STEP 220 CHECK_ANSWER 635ENTRY_BEGIN 636MATCH all 637REPLY QR RD RA AD DO NOERROR 638SECTION QUESTION 639www.sub.example.com. IN A 640SECTION ANSWER 641www.sub.example.com. IN A 10.20.30.40 642www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. deNzEy9Hq+6gDZhafC0M7UDuRBm51AA1/FAIauAitNuQlYUzOvWLVHFQ95bn308rCVPqrb4rFDV+gNzxkzm1rw== ;{id = 30899} 643ENTRY_END 644 645 646SCENARIO_END 647