1; config options
2server:
3    trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
4	val-override-date: "20120420235959"
5	target-fetch-policy: "0 0 0 0 0"
6	qname-minimisation: "no"
7	fake-sha1: yes
8	trust-anchor-signaling: no
9
10stub-zone:
11	name: "."
12	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
13CONFIG_END
14
15SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without nc.
16
17; K.ROOT-SERVERS.NET.
18RANGE_BEGIN 0 100
19	ADDRESS 193.0.14.129 
20ENTRY_BEGIN
21MATCH opcode qtype qname
22ADJUST copy_id
23REPLY QR NOERROR
24SECTION QUESTION
25. IN NS
26SECTION ANSWER
27. IN NS	K.ROOT-SERVERS.NET.
28SECTION ADDITIONAL
29K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
30ENTRY_END
31
32ENTRY_BEGIN
33MATCH opcode subdomain
34ADJUST copy_id copy_query
35REPLY QR NOERROR
36SECTION QUESTION
37example. IN A
38SECTION AUTHORITY
39example.	IN NS	ns1.example.
40; leave out to make unbound take ns1
41;example.	IN NS	ns2.example.
42SECTION ADDITIONAL
43ns1.example.	IN A 192.0.2.1
44; leave out to make unbound take ns1
45;ns2.example.	IN A 192.0.2.2
46ENTRY_END
47RANGE_END
48
49; ns1.example.
50RANGE_BEGIN 0 100
51	ADDRESS 192.0.2.1
52ENTRY_BEGIN
53MATCH opcode qtype qname
54ADJUST copy_id copy_query
55REPLY QR REFUSED
56SECTION QUESTION
57ns1.example. IN A
58SECTION ANSWER
59ENTRY_END
60
61ENTRY_BEGIN
62MATCH opcode qtype qname
63ADJUST copy_id copy_query
64REPLY QR REFUSED
65SECTION QUESTION
66ns1.example. IN AAAA
67SECTION ANSWER
68ENTRY_END
69
70ENTRY_BEGIN
71MATCH opcode qtype qname
72ADJUST copy_id copy_query
73REPLY QR REFUSED
74SECTION QUESTION
75example. IN NS
76SECTION ANSWER
77ENTRY_END
78
79; response to DNSKEY priming query
80
81ENTRY_BEGIN
82MATCH opcode qtype qname
83ADJUST copy_id
84REPLY QR NOERROR
85SECTION QUESTION
86example. IN DNSKEY
87SECTION ANSWER
88example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
89example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
90example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
91ENTRY_END
92
93ENTRY_BEGIN
94MATCH opcode qtype qname
95ADJUST copy_id
96REPLY QR AA DO NOERROR
97SECTION QUESTION
98a.z.w.example.      IN AAAA
99SECTION ANSWER
100SECTION AUTHORITY
101example.       SOA     ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
102example.        RRSIG   SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example.  Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
103
104;; NSEC3 RR that matches the closest encloser (w.example)
105;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h
106k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi )
107k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== )
108
109;; NSEC3 RR that covers the "next closer" name (z.w.example)
110;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03
111;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG )
112;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== )
113
114;; NSEC3 RR that matches a wildcard at the closest encloser.
115;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en
116r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG )
117r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== )
118
119SECTION ADDITIONAL
120ENTRY_END
121
122; catch glue queries
123ENTRY_BEGIN
124MATCH opcode qtype qname
125ADJUST copy_id
126REPLY QR AA DO NOERROR
127SECTION QUESTION
128ns2.example. IN      A
129SECTION ANSWER
130; nothing to make sure the ns1 server is used for queries.
131ENTRY_END
132
133ENTRY_BEGIN
134MATCH opcode qtype qname
135ADJUST copy_id
136REPLY QR AA DO NOERROR
137SECTION QUESTION
138ns2.example. IN      AAAA
139SECTION ANSWER
140; nothing to make sure the ns1 server is used for queries.
141ENTRY_END
142
143
144RANGE_END
145
146STEP 1 QUERY
147ENTRY_BEGIN
148REPLY RD
149SECTION QUESTION
150a.z.w.example.      IN AAAA
151ENTRY_END
152
153; recursion happens here.
154STEP 10 CHECK_ANSWER
155ENTRY_BEGIN
156MATCH all
157REPLY QR RD RA SERVFAIL
158SECTION QUESTION
159a.z.w.example.      IN AAAA
160SECTION ANSWER
161SECTION AUTHORITY
162SECTION ADDITIONAL
163ENTRY_END
164
165SCENARIO_END
166