val_referglue.rpl revision 1.1.1.1
1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 directory: "" 7 access-control: 127.0.0.1 allow_snoop 8 target-fetch-policy: "0 0 0 0 0" 9 10stub-zone: 11 name: "." 12 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 13CONFIG_END 14 15SCENARIO_BEGIN Test validator with cache referral with unsigned glue 16 17; K.ROOT-SERVERS.NET. 18RANGE_BEGIN 0 100 19 ADDRESS 193.0.14.129 20ENTRY_BEGIN 21MATCH opcode qtype qname 22ADJUST copy_id 23REPLY QR NOERROR 24SECTION QUESTION 25. IN NS 26SECTION ANSWER 27. IN NS K.ROOT-SERVERS.NET. 28SECTION ADDITIONAL 29K.ROOT-SERVERS.NET. IN A 193.0.14.129 30ENTRY_END 31 32ENTRY_BEGIN 33MATCH opcode qtype qname 34ADJUST copy_id 35REPLY QR NOERROR 36SECTION QUESTION 37www.example.com. IN A 38SECTION AUTHORITY 39com. IN NS a.gtld-servers.net. 40SECTION ADDITIONAL 41a.gtld-servers.net. IN A 192.5.6.30 42ENTRY_END 43RANGE_END 44 45; a.gtld-servers.net. 46RANGE_BEGIN 0 100 47 ADDRESS 192.5.6.30 48ENTRY_BEGIN 49MATCH opcode qtype qname 50ADJUST copy_id 51REPLY QR NOERROR 52SECTION QUESTION 53com. IN NS 54SECTION ANSWER 55com. IN NS a.gtld-servers.net. 56SECTION ADDITIONAL 57a.gtld-servers.net. IN A 192.5.6.30 58ENTRY_END 59 60ENTRY_BEGIN 61MATCH opcode qtype qname 62ADJUST copy_id 63REPLY QR NOERROR 64SECTION QUESTION 65www.example.com. IN A 66SECTION AUTHORITY 67example.com. IN NS ns.example.com. 68SECTION ADDITIONAL 69ns.example.com. IN A 1.2.3.4 70ENTRY_END 71RANGE_END 72 73; ns.example.com. 74RANGE_BEGIN 0 100 75 ADDRESS 1.2.3.4 76ENTRY_BEGIN 77MATCH opcode qtype qname 78ADJUST copy_id 79REPLY QR NOERROR 80SECTION QUESTION 81example.com. IN NS 82SECTION ANSWER 83example.com. IN NS ns.example.com. 84example.com. IN NS ns2.sub.example.com. 85example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} 86SECTION ADDITIONAL 87ns.example.com. IN A 1.2.3.4 88ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 89ns2.sub.example.com. IN A 100.200.30.40 90ENTRY_END 91 92; referral, for all types 93ENTRY_BEGIN 94MATCH opcode qname 95ADJUST copy_id 96REPLY QR NOERROR 97SECTION QUESTION 98ns2.sub.example.com. IN A 99SECTION AUTHORITY 100sub.example.com. IN NS ns2.sub.example.com. 101sub.example.com. IN NSEC tlib.example.com. NS RRSIG NSEC 102sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABdrfr+eKT1syk2qFlV01wLOqQdvNMpEtPmGAM6CrtyQAje/ddXSi9A= ;{id = 2854} 103ns2.sub.example.com. IN A 100.200.30.40 104ENTRY_END 105 106; response to DNSKEY priming query 107ENTRY_BEGIN 108MATCH opcode qtype qname 109ADJUST copy_id 110REPLY QR NOERROR 111SECTION QUESTION 112example.com. IN DNSKEY 113SECTION ANSWER 114example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 115example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 116SECTION AUTHORITY 117example.com. IN NS ns.example.com. 118example.com. IN NS ns2.sub.example.com. 119example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} 120SECTION ADDITIONAL 121ns.example.com. IN A 1.2.3.4 122ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 123ns2.sub.example.com. IN A 100.200.30.40 124ENTRY_END 125 126ENTRY_BEGIN 127MATCH opcode qtype qname 128ADJUST copy_id 129REPLY QR NOERROR 130SECTION QUESTION 131www.example.com. IN A 132SECTION ANSWER 133www.example.com. IN A 10.20.30.40 134www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 135SECTION AUTHORITY 136example.com. IN NS ns.example.com. 137example.com. IN NS ns2.sub.example.com. 138example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} 139SECTION ADDITIONAL 140ns.example.com. IN A 1.2.3.4 141ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 142; This is from an unsigned subzone 143ns2.sub.example.com. IN A 100.200.30.40 144ENTRY_END 145ENTRY_BEGIN 146MATCH opcode qtype qname 147ADJUST copy_id 148REPLY QR NOERROR 149SECTION QUESTION 150sub.example.com. IN DS 151SECTION ANSWER 152SECTION AUTHORITY 153sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC 154sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEG4WWIYBDknWlr2d8S42UZHRuByAhRgnDELUAccGZTCVzG+xl/locivpA== ;{id = 2854} 155ENTRY_END 156RANGE_END 157 158; ns2.sub.example.com. 159RANGE_BEGIN 0 100 160 ADDRESS 100.200.30.40 161ENTRY_BEGIN 162MATCH opcode qtype qname 163ADJUST copy_id 164REPLY QR NOERROR 165SECTION QUESTION 166example.com. IN NS 167SECTION ANSWER 168example.com. IN NS ns.example.com. 169example.com. IN NS ns2.sub.example.com. 170example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} 171SECTION ADDITIONAL 172ns.example.com. IN A 1.2.3.4 173ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 174ENTRY_END 175 176; response to DNSKEY priming query 177ENTRY_BEGIN 178MATCH opcode qtype qname 179ADJUST copy_id 180REPLY QR NOERROR 181SECTION QUESTION 182example.com. IN DNSKEY 183SECTION ANSWER 184example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 185example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 186SECTION AUTHORITY 187example.com. IN NS ns.example.com. 188example.com. IN NS ns2.sub.example.com. 189example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} 190SECTION ADDITIONAL 191ns.example.com. IN A 1.2.3.4 192ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 193ENTRY_END 194 195ENTRY_BEGIN 196MATCH opcode qtype qname 197ADJUST copy_id 198REPLY QR NOERROR 199SECTION QUESTION 200www.example.com. IN A 201SECTION ANSWER 202www.example.com. IN A 10.20.30.40 203www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 204SECTION AUTHORITY 205example.com. IN NS ns.example.com. 206example.com. IN NS ns2.sub.example.com. 207example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} 208SECTION ADDITIONAL 209ns.example.com. IN A 1.2.3.4 210ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 211; This is from an unsigned subzone 212ns2.sub.example.com. IN A 100.200.30.40 213ENTRY_END 214ENTRY_BEGIN 215MATCH opcode qtype qname 216ADJUST copy_id 217REPLY QR NOERROR 218SECTION QUESTION 219sub.example.com. IN DS 220SECTION ANSWER 221SECTION AUTHORITY 222sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC 223sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEG4WWIYBDknWlr2d8S42UZHRuByAhRgnDELUAccGZTCVzG+xl/locivpA== ;{id = 2854} 224ENTRY_END 225 226ENTRY_BEGIN 227MATCH opcode qname qtype 228ADJUST copy_id 229REPLY QR NOERROR 230SECTION QUESTION 231ns2.sub.example.com. IN A 232SECTION ANSWER 233ns2.sub.example.com. IN A 100.200.30.40 234ENTRY_END 235 236ENTRY_BEGIN 237MATCH opcode qname qtype 238ADJUST copy_id 239REPLY QR NOERROR 240SECTION QUESTION 241ns2.sub.example.com. IN AAAA 242SECTION ANSWER 243ENTRY_END 244 245RANGE_END 246 247; first ask for +CD and get the data in the cache. 248STEP 1 QUERY 249ENTRY_BEGIN 250REPLY RD CD 251SECTION QUESTION 252www.example.com. IN A 253ENTRY_END 254 255STEP 3 CHECK_ANSWER 256ENTRY_BEGIN 257MATCH all 258REPLY QR RD RA CD NOERROR 259SECTION QUESTION 260www.example.com. IN A 261SECTION ANSWER 262www.example.com. IN A 10.20.30.40 263SECTION AUTHORITY 264example.com. IN NS ns.example.com. 265example.com. IN NS ns2.sub.example.com. 266SECTION ADDITIONAL 267ns.example.com. IN A 1.2.3.4 268; already validated and thus stripped from the answer. 269;ns2.sub.example.com. IN A 100.200.30.40 270ENTRY_END 271 272; now the data is in the cache, validate a referral from cache 273; note, no recursion desired 274STEP 5 QUERY 275ENTRY_BEGIN 276REPLY DO 277SECTION QUESTION 278bla.example.com. IN A 279ENTRY_END 280 281STEP 6 CHECK_ANSWER 282ENTRY_BEGIN 283MATCH all 284REPLY QR RA AD DO NOERROR 285SECTION QUESTION 286bla.example.com. IN A 287SECTION ANSWER 288SECTION AUTHORITY 289example.com. 3600 IN NS ns.example.com. 290example.com. 3600 IN NS ns2.sub.example.com. 291example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} 292SECTION ADDITIONAL 293ns.example.com. IN A 1.2.3.4 294ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 295ENTRY_END 296 297SCENARIO_END 298