1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" 6 val-override-date: "20070916134226" 7 target-fetch-policy: "0 0 0 0 0" 8 qname-minimisation: "no" 9 fake-sha1: yes 10 trust-anchor-signaling: no 11 12stub-zone: 13 name: "." 14 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 15CONFIG_END 16 17SCENARIO_BEGIN Test validator with cname-nxdomain with rcode nxdomain 18 19; K.ROOT-SERVERS.NET. 20RANGE_BEGIN 0 100 21 ADDRESS 193.0.14.129 22ENTRY_BEGIN 23MATCH opcode qtype qname 24ADJUST copy_id 25REPLY QR NOERROR 26SECTION QUESTION 27. IN NS 28SECTION ANSWER 29. IN NS K.ROOT-SERVERS.NET. 30SECTION ADDITIONAL 31K.ROOT-SERVERS.NET. IN A 193.0.14.129 32ENTRY_END 33 34ENTRY_BEGIN 35MATCH opcode qtype qname 36ADJUST copy_id 37REPLY QR NOERROR 38SECTION QUESTION 39www.example.com. IN A 40SECTION AUTHORITY 41com. IN NS a.gtld-servers.net. 42SECTION ADDITIONAL 43a.gtld-servers.net. IN A 192.5.6.30 44ENTRY_END 45 46ENTRY_BEGIN 47MATCH opcode qtype qname 48ADJUST copy_id 49REPLY QR NOERROR 50SECTION QUESTION 51www.example.net. IN A 52SECTION AUTHORITY 53net. IN NS a.gtld-servers.net. 54SECTION ADDITIONAL 55a.gtld-servers.net. IN A 192.5.6.30 56ENTRY_END 57RANGE_END 58 59; a.gtld-servers.net. 60RANGE_BEGIN 0 100 61 ADDRESS 192.5.6.30 62ENTRY_BEGIN 63MATCH opcode qtype qname 64ADJUST copy_id 65REPLY QR NOERROR 66SECTION QUESTION 67com. IN NS 68SECTION ANSWER 69com. IN NS a.gtld-servers.net. 70SECTION ADDITIONAL 71a.gtld-servers.net. IN A 192.5.6.30 72ENTRY_END 73 74ENTRY_BEGIN 75MATCH opcode qtype qname 76ADJUST copy_id 77REPLY QR NOERROR 78SECTION QUESTION 79net. IN NS 80SECTION ANSWER 81net. IN NS a.gtld-servers.net. 82SECTION ADDITIONAL 83a.gtld-servers.net. IN A 192.5.6.30 84ENTRY_END 85 86ENTRY_BEGIN 87MATCH opcode qtype qname 88ADJUST copy_id 89REPLY QR NOERROR 90SECTION QUESTION 91www.example.com. IN A 92SECTION AUTHORITY 93example.com. IN NS ns.example.com. 94SECTION ADDITIONAL 95ns.example.com. IN A 1.2.3.4 96ENTRY_END 97ENTRY_BEGIN 98MATCH opcode qtype qname 99ADJUST copy_id 100REPLY QR NOERROR 101SECTION QUESTION 102www.example.net. IN A 103SECTION AUTHORITY 104example.net. IN NS ns.example.net. 105SECTION ADDITIONAL 106ns.example.net. IN A 1.2.3.5 107ENTRY_END 108RANGE_END 109 110; ns.example.com. 111RANGE_BEGIN 0 100 112 ADDRESS 1.2.3.4 113ENTRY_BEGIN 114MATCH opcode qtype qname 115ADJUST copy_id 116REPLY QR NOERROR 117SECTION QUESTION 118example.com. IN NS 119SECTION ANSWER 120example.com. IN NS ns.example.com. 121example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 122SECTION ADDITIONAL 123ns.example.com. IN A 1.2.3.4 124ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 125ENTRY_END 126 127; response to DNSKEY priming query 128ENTRY_BEGIN 129MATCH opcode qtype qname 130ADJUST copy_id 131REPLY QR NOERROR 132SECTION QUESTION 133example.com. IN DNSKEY 134SECTION ANSWER 135example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 136example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 137SECTION AUTHORITY 138example.com. IN NS ns.example.com. 139example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 140SECTION ADDITIONAL 141ns.example.com. IN A 1.2.3.4 142ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 143ENTRY_END 144 145; response to query of interest 146ENTRY_BEGIN 147MATCH opcode qtype qname 148ADJUST copy_id 149REPLY QR NXDOMAIN 150SECTION QUESTION 151www.example.com. IN A 152SECTION ANSWER 153www.example.com. 3600 IN CNAME www.example.net. 154www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} 155SECTION AUTHORITY 156SECTION ADDITIONAL 157ENTRY_END 158RANGE_END 159 160; ns.example.net. 161RANGE_BEGIN 0 100 162 ADDRESS 1.2.3.5 163ENTRY_BEGIN 164MATCH opcode qtype qname 165ADJUST copy_id 166REPLY QR NOERROR 167SECTION QUESTION 168example.net. IN NS 169SECTION ANSWER 170example.net. IN NS ns.example.net. 171example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 172SECTION ADDITIONAL 173ns.example.net. IN A 1.2.3.5 174ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 175ENTRY_END 176 177; response to DNSKEY priming query 178ENTRY_BEGIN 179MATCH opcode qtype qname 180ADJUST copy_id 181REPLY QR NOERROR 182SECTION QUESTION 183example.net. IN DNSKEY 184SECTION ANSWER 185example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 186example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} 187SECTION AUTHORITY 188example.net. IN NS ns.example.net. 189example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 190SECTION ADDITIONAL 191ns.example.net. IN A 1.2.3.5 192ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 193ENTRY_END 194 195; response to query of interest 196ENTRY_BEGIN 197MATCH opcode qtype qname 198ADJUST copy_id 199REPLY QR NXDOMAIN 200SECTION QUESTION 201www.example.net. IN A 202SECTION ANSWER 203SECTION AUTHORITY 204example.net. IN NSEC abc.example.net. SOA NS DNSKEY NSEC RRSIG 205example.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899} 206wab.example.net. IN NSEC wzz.example.net. A NSEC RRSIG 207wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} 208SECTION ADDITIONAL 209ENTRY_END 210RANGE_END 211 212STEP 1 QUERY 213ENTRY_BEGIN 214REPLY RD DO 215SECTION QUESTION 216www.example.com. IN A 217ENTRY_END 218 219; recursion happens here. 220STEP 10 CHECK_ANSWER 221ENTRY_BEGIN 222MATCH all 223REPLY QR RD RA AD DO NXDOMAIN 224SECTION QUESTION 225www.example.com. IN A 226SECTION ANSWER 227www.example.com. IN CNAME www.example.net. 228www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} 229SECTION AUTHORITY 230example.net. IN NSEC abc.example.net. SOA NS DNSKEY NSEC RRSIG 231example.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899} 232wab.example.net. IN NSEC wzz.example.net. A NSEC RRSIG 233wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} 234SECTION ADDITIONAL 235ENTRY_END 236 237SCENARIO_END 238