1; config options 2server: 3 trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" 4 val-override-date: "20120420235959" 5 target-fetch-policy: "0 0 0 0 0" 6 qname-minimisation: "no" 7 fake-sha1: yes 8 trust-anchor-signaling: no 9 10stub-zone: 11 name: "." 12 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 13CONFIG_END 14 15SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without nc. 16 17; K.ROOT-SERVERS.NET. 18RANGE_BEGIN 0 100 19 ADDRESS 193.0.14.129 20ENTRY_BEGIN 21MATCH opcode qtype qname 22ADJUST copy_id 23REPLY QR NOERROR 24SECTION QUESTION 25. IN NS 26SECTION ANSWER 27. IN NS K.ROOT-SERVERS.NET. 28SECTION ADDITIONAL 29K.ROOT-SERVERS.NET. IN A 193.0.14.129 30ENTRY_END 31 32ENTRY_BEGIN 33MATCH opcode subdomain 34ADJUST copy_id copy_query 35REPLY QR NOERROR 36SECTION QUESTION 37example. IN A 38SECTION AUTHORITY 39example. IN NS ns1.example. 40; leave out to make unbound take ns1 41;example. IN NS ns2.example. 42SECTION ADDITIONAL 43ns1.example. IN A 192.0.2.1 44; leave out to make unbound take ns1 45;ns2.example. IN A 192.0.2.2 46ENTRY_END 47RANGE_END 48 49; ns1.example. 50RANGE_BEGIN 0 100 51 ADDRESS 192.0.2.1 52ENTRY_BEGIN 53MATCH opcode qtype qname 54ADJUST copy_id copy_query 55REPLY QR REFUSED 56SECTION QUESTION 57ns1.example. IN A 58SECTION ANSWER 59ENTRY_END 60 61ENTRY_BEGIN 62MATCH opcode qtype qname 63ADJUST copy_id copy_query 64REPLY QR REFUSED 65SECTION QUESTION 66ns1.example. IN AAAA 67SECTION ANSWER 68ENTRY_END 69 70ENTRY_BEGIN 71MATCH opcode qtype qname 72ADJUST copy_id copy_query 73REPLY QR REFUSED 74SECTION QUESTION 75example. IN NS 76SECTION ANSWER 77ENTRY_END 78 79; response to DNSKEY priming query 80 81ENTRY_BEGIN 82MATCH opcode qtype qname 83ADJUST copy_id 84REPLY QR NOERROR 85SECTION QUESTION 86example. IN DNSKEY 87SECTION ANSWER 88example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) 89example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) 90example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) 91ENTRY_END 92 93ENTRY_BEGIN 94MATCH opcode qtype qname 95ADJUST copy_id 96REPLY QR AA DO NOERROR 97SECTION QUESTION 98a.z.w.example. IN AAAA 99SECTION ANSWER 100SECTION AUTHORITY 101example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) 102example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) 103 104;; NSEC3 RR that matches the closest encloser (w.example) 105;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h 106k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi ) 107k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== ) 108 109;; NSEC3 RR that covers the "next closer" name (z.w.example) 110;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03 111;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ) 112;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== ) 113 114;; NSEC3 RR that matches a wildcard at the closest encloser. 115;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en 116r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG ) 117r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== ) 118 119SECTION ADDITIONAL 120ENTRY_END 121 122; catch glue queries 123ENTRY_BEGIN 124MATCH opcode qtype qname 125ADJUST copy_id 126REPLY QR AA DO NOERROR 127SECTION QUESTION 128ns2.example. IN A 129SECTION ANSWER 130; nothing to make sure the ns1 server is used for queries. 131ENTRY_END 132 133ENTRY_BEGIN 134MATCH opcode qtype qname 135ADJUST copy_id 136REPLY QR AA DO NOERROR 137SECTION QUESTION 138ns2.example. IN AAAA 139SECTION ANSWER 140; nothing to make sure the ns1 server is used for queries. 141ENTRY_END 142 143 144RANGE_END 145 146STEP 1 QUERY 147ENTRY_BEGIN 148REPLY RD 149SECTION QUESTION 150a.z.w.example. IN AAAA 151ENTRY_END 152 153; recursion happens here. 154STEP 10 CHECK_ANSWER 155ENTRY_BEGIN 156MATCH all 157REPLY QR RD RA SERVFAIL 158SECTION QUESTION 159a.z.w.example. IN AAAA 160SECTION ANSWER 161SECTION AUTHORITY 162SECTION ADDITIONAL 163ENTRY_END 164 165SCENARIO_END 166