val_nsec3_b4_wild_wr.rpl revision 1.1.1.4
1; config options 2server: 3 trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" 4 val-override-date: "20120420235959" 5 target-fetch-policy: "0 0 0 0 0" 6 qname-minimisation: "no" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 10stub-zone: 11 name: "." 12 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 13CONFIG_END 14 15SCENARIO_BEGIN Test validator NSEC3 B.4 wildcard expansion, wrong NSEC3. 16 17; K.ROOT-SERVERS.NET. 18RANGE_BEGIN 0 100 19 ADDRESS 193.0.14.129 20ENTRY_BEGIN 21MATCH opcode qtype qname 22ADJUST copy_id 23REPLY QR NOERROR 24SECTION QUESTION 25. IN NS 26SECTION ANSWER 27. IN NS K.ROOT-SERVERS.NET. 28SECTION ADDITIONAL 29K.ROOT-SERVERS.NET. IN A 193.0.14.129 30ENTRY_END 31 32ENTRY_BEGIN 33MATCH opcode subdomain 34ADJUST copy_id copy_query 35REPLY QR NOERROR 36SECTION QUESTION 37example. IN A 38SECTION AUTHORITY 39example. IN NS ns1.example. 40; leave out to make unbound take ns1 41;example. IN NS ns2.example. 42SECTION ADDITIONAL 43ns1.example. IN A 192.0.2.1 44; leave out to make unbound take ns1 45;ns2.example. IN A 192.0.2.2 46ENTRY_END 47RANGE_END 48 49; ns1.example. 50RANGE_BEGIN 0 100 51 ADDRESS 192.0.2.1 52ENTRY_BEGIN 53MATCH opcode qtype qname 54ADJUST copy_id copy_query 55REPLY QR REFUSED 56SECTION QUESTION 57ns1.example. IN A 58SECTION ANSWER 59ENTRY_END 60 61ENTRY_BEGIN 62MATCH opcode qtype qname 63ADJUST copy_id copy_query 64REPLY QR REFUSED 65SECTION QUESTION 66ns1.example. IN AAAA 67SECTION ANSWER 68ENTRY_END 69 70ENTRY_BEGIN 71MATCH opcode qtype qname 72ADJUST copy_id copy_query 73REPLY QR REFUSED 74SECTION QUESTION 75example. IN NS 76SECTION ANSWER 77ENTRY_END 78 79; response to DNSKEY priming query 80 81ENTRY_BEGIN 82MATCH opcode qtype qname 83ADJUST copy_id 84REPLY QR NOERROR 85SECTION QUESTION 86example. IN DNSKEY 87SECTION ANSWER 88example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) 89example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) 90example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) 91ENTRY_END 92 93ENTRY_BEGIN 94MATCH opcode qtype qname 95ADJUST copy_id 96REPLY QR AA DO NOERROR 97SECTION QUESTION 98a.z.w.example. IN MX 99SECTION ANSWER 100a.z.w.example. MX 1 ai.example. 101a.z.w.example. RRSIG MX 7 2 3600 20150420235959 20051021000000 ( 40430 example. CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== ) 102SECTION AUTHORITY 103example. NS ns1.example. 104example. NS ns2.example. 105example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) 106 107;; NSEC3 RR that covers the "next closer" name (z.w.example) 108;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03 109;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ) 110;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== ) 111 112; The wrong NSEC3 here 113k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi ) 114k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== ) 115 116SECTION ADDITIONAL 117ai.example. A 192.0.2.9 118ai.example. RRSIG A 7 2 3600 20150420235959 20051021000000 ( 40430 example. hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== ) 119ai.example. AAAA 2001:db8:0:0:0:0:f00:baa9 120ai.example. RRSIG AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example. LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== ) 121ENTRY_END 122 123; catch glue queries 124ENTRY_BEGIN 125MATCH opcode qtype qname 126ADJUST copy_id 127REPLY QR AA DO NOERROR 128SECTION QUESTION 129ns2.example. IN A 130SECTION ANSWER 131; nothing to make sure the ns1 server is used for queries. 132SECTION AUTHORITY 133example. NS ns1.example. 134example. NS ns2.example. 135example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) 136ENTRY_END 137 138ENTRY_BEGIN 139MATCH opcode qtype qname 140ADJUST copy_id 141REPLY QR AA DO NOERROR 142SECTION QUESTION 143ns2.example. IN AAAA 144SECTION ANSWER 145; nothing to make sure the ns1 server is used for queries. 146SECTION AUTHORITY 147example. NS ns1.example. 148example. NS ns2.example. 149example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) 150ENTRY_END 151 152 153RANGE_END 154 155STEP 1 QUERY 156ENTRY_BEGIN 157REPLY RD 158SECTION QUESTION 159a.z.w.example. IN MX 160ENTRY_END 161 162; recursion happens here. 163STEP 10 CHECK_ANSWER 164ENTRY_BEGIN 165MATCH all 166REPLY QR RD RA SERVFAIL 167SECTION QUESTION 168a.z.w.example. IN MX 169SECTION ANSWER 170SECTION AUTHORITY 171SECTION ADDITIONAL 172ENTRY_END 173 174SCENARIO_END 175