1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 11stub-zone: 12 name: "." 13 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 14CONFIG_END 15 16SCENARIO_BEGIN Test validator with negative cache DS response with cached SOA 17 18; K.ROOT-SERVERS.NET. 19RANGE_BEGIN 0 100 20 ADDRESS 193.0.14.129 21ENTRY_BEGIN 22MATCH opcode qtype qname 23ADJUST copy_id 24REPLY QR NOERROR 25SECTION QUESTION 26. IN NS 27SECTION ANSWER 28. IN NS K.ROOT-SERVERS.NET. 29SECTION ADDITIONAL 30K.ROOT-SERVERS.NET. IN A 193.0.14.129 31ENTRY_END 32 33ENTRY_BEGIN 34MATCH opcode qtype qname 35ADJUST copy_id 36REPLY QR NOERROR 37SECTION QUESTION 38www.sub.example.com. IN A 39SECTION AUTHORITY 40com. IN NS a.gtld-servers.net. 41SECTION ADDITIONAL 42a.gtld-servers.net. IN A 192.5.6.30 43ENTRY_END 44RANGE_END 45 46; a.gtld-servers.net. 47RANGE_BEGIN 0 100 48 ADDRESS 192.5.6.30 49ENTRY_BEGIN 50MATCH opcode qtype qname 51ADJUST copy_id 52REPLY QR NOERROR 53SECTION QUESTION 54com. IN NS 55SECTION ANSWER 56com. IN NS a.gtld-servers.net. 57SECTION ADDITIONAL 58a.gtld-servers.net. IN A 192.5.6.30 59ENTRY_END 60 61ENTRY_BEGIN 62MATCH opcode qtype qname 63ADJUST copy_id 64REPLY QR NOERROR 65SECTION QUESTION 66www.sub.example.com. IN A 67SECTION AUTHORITY 68example.com. IN NS ns.example.com. 69SECTION ADDITIONAL 70ns.example.com. IN A 1.2.3.4 71ENTRY_END 72RANGE_END 73 74; ns.example.com. 75RANGE_BEGIN 0 100 76 ADDRESS 1.2.3.4 77ENTRY_BEGIN 78MATCH opcode qtype qname 79ADJUST copy_id 80REPLY QR NOERROR 81SECTION QUESTION 82example.com. IN NS 83SECTION ANSWER 84example.com. IN NS ns.example.com. 85example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 86SECTION ADDITIONAL 87ns.example.com. IN A 1.2.3.4 88ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 89ENTRY_END 90 91; response to DNSKEY priming query 92ENTRY_BEGIN 93MATCH opcode qtype qname 94ADJUST copy_id 95REPLY QR NOERROR 96SECTION QUESTION 97example.com. IN DNSKEY 98SECTION ANSWER 99example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 100example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 101SECTION AUTHORITY 102example.com. IN NS ns.example.com. 103example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 104SECTION ADDITIONAL 105ns.example.com. IN A 1.2.3.4 106ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 107ENTRY_END 108 109; response for delegation to sub.example.com. 110ENTRY_BEGIN 111MATCH opcode qtype qname 112ADJUST copy_id 113REPLY QR NOERROR 114SECTION QUESTION 115www.sub.example.com. IN A 116SECTION ANSWER 117SECTION AUTHORITY 118sub.example.com. IN NS ns.sub.example.com. 119sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC 120sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} 121SECTION ADDITIONAL 122ns.sub.example.com. IN A 1.2.3.6 123ENTRY_END 124 125; query for missing DS record. 126; commented out, this query should not happen as negative cache works. 127;ENTRY_BEGIN 128;MATCH opcode qtype qname 129;ADJUST copy_id 130;REPLY QR NOERROR 131;SECTION QUESTION 132;sub.example.com. IN DS 133;SECTION ANSWER 134;SECTION AUTHORITY 135;example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 136;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} 137;sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC 138;sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} 139;SECTION ADDITIONAL 140;ns.sub.example.com. IN A 1.2.3.6 141;ENTRY_END 142 143ENTRY_BEGIN 144MATCH opcode qtype qname 145ADJUST copy_id 146REPLY QR AA NXDOMAIN 147SECTION QUESTION 148nx.example.com. IN A 149SECTION AUTHORITY 150example.com. 7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 151example.com. 7200 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} 152nw.example.com. 7200 IN NSEC ny.example.com. A RRSIG 153nw.example.com. 7200 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854} 154!.example.com. 7200 IN NSEC +.example.com. A RRSIG 155!.example.com. 7200 IN RRSIG NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854} 156ENTRY_END 157 158RANGE_END 159 160; ns.sub.example.com. 161RANGE_BEGIN 0 100 162 ADDRESS 1.2.3.6 163ENTRY_BEGIN 164MATCH opcode qtype qname 165ADJUST copy_id 166REPLY QR NOERROR 167SECTION QUESTION 168sub.example.com. IN NS 169SECTION ANSWER 170sub.example.com. IN NS ns.sub.example.com. 171SECTION ADDITIONAL 172ns.sub.example.com. IN A 1.2.3.6 173ENTRY_END 174 175; response to query of interest 176ENTRY_BEGIN 177MATCH opcode qtype qname 178ADJUST copy_id 179REPLY QR NOERROR 180SECTION QUESTION 181www.sub.example.com. IN A 182SECTION ANSWER 183www.sub.example.com. IN A 11.11.11.11 184SECTION AUTHORITY 185SECTION ADDITIONAL 186ENTRY_END 187RANGE_END 188 189STEP 1 QUERY 190ENTRY_BEGIN 191REPLY RD DO 192SECTION QUESTION 193www.sub.example.com. IN A 194ENTRY_END 195 196; recursion happens here. 197STEP 10 CHECK_ANSWER 198ENTRY_BEGIN 199MATCH all 200REPLY QR RD RA DO NOERROR 201SECTION QUESTION 202www.sub.example.com. IN A 203SECTION ANSWER 204www.sub.example.com. 3600 IN A 11.11.11.11 205SECTION AUTHORITY 206SECTION ADDITIONAL 207ENTRY_END 208 209; put the SOA into the cache 210STEP 14 QUERY 211ENTRY_BEGIN 212REPLY RD DO 213SECTION QUESTION 214nx.example.com. IN A 215ENTRY_END 216 217STEP 15 CHECK_ANSWER 218ENTRY_BEGIN 219MATCH all 220REPLY QR RD RA AD DO NXDOMAIN 221SECTION QUESTION 222nx.example.com. IN A 223SECTION ANSWER 224SECTION AUTHORITY 225example.com. 7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 226example.com. 7200 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} 227nw.example.com. 7200 IN NSEC ny.example.com. A RRSIG 228nw.example.com. 7200 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854} 229!.example.com. 7200 IN NSEC +.example.com. A RRSIG 230!.example.com. 7200 IN RRSIG NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854} 231SECTION ADDITIONAL 232ENTRY_END 233 234; the downstream validator wants the DS record. 235STEP 20 QUERY 236ENTRY_BEGIN 237REPLY RD DO 238SECTION QUESTION 239sub.example.com. IN DS 240ENTRY_END 241 242STEP 30 CHECK_ANSWER 243ENTRY_BEGIN 244MATCH all 245REPLY QR RD RA AD DO NOERROR 246SECTION QUESTION 247sub.example.com. IN DS 248SECTION ANSWER 249SECTION AUTHORITY 250sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC 251sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} 252example.com. 7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 253example.com. 7200 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} 254ENTRY_END 255 256SCENARIO_END 257