3 target-fetch-policy: "0 0 0 0 0"
6 trust-anchor-signaling: no
9 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
10 ; initial content (say from dig example.com DNSKEY > example.com.key)
11 AUTOTRUST_FILE example.com
12 example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
13 example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
17 SCENARIO_BEGIN Test autotrust ADDPEND state cannot sign
23 MATCH opcode qname qtype
24 ADJUST copy_id copy_query
29 . IN NS k.root-servers.net.
31 k.root-servers.net IN A 193.0.14.129
35 MATCH opcode subdomain
36 ADJUST copy_id copy_query
41 com. IN NS a.gtld-servers.net.
43 a.gtld-servers.net. IN A 192.5.6.30
51 MATCH opcode subdomain
52 ADJUST copy_id copy_query
57 example.com. IN NS ns.example.com.
59 ns.example.com. IN A 1.2.3.4
63 ; ns.example.com. KSK 55582
67 MATCH opcode qname qtype
73 www.example.com. 3600 IN A 10.20.30.40
74 www.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
76 example.com. 3600 IN NS ns.example.com.
77 example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
79 ns.example.com. 3600 IN A 1.2.3.4
80 ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
84 MATCH opcode qname qtype
88 example.com. IN DNSKEY
91 example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
93 example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
95 example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
96 example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
100 ; ns.example.com. KSK 55582 and 60946
104 MATCH opcode qname qtype
108 example.com. IN DNSKEY
111 example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
113 example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
115 example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
117 example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 30899 example.com. rkaCUpTFPWVu4Om5oMTR+39Mct6ZMs56xrE0rbxMMOokfvIQheIxsAEc5BFJeA/2y5WTewl6diCD6yQXCybrDg== ;{id = 30899}
118 example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 55582 example.com. CoMon+lWPAsUvgfpCTDPx8Zn8dQpky3lu2O6T+oJ2Mat9a/u1YwGhSQHGPn7ZNG/4vKM97tx84sSlUGz3geD1w== ;{id = 55582}
119 example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 60946 example.com. o+Cbs7DcYPYlSLd4hi3vkSVQpXGnKgKSi9MpHGfu1Uahv5190U2DUOxP1du/HOYbf+IHYL8zLbMZjVEG5wgnTg== ;{id = 60946}
124 ; ns.example.com. KSK 55582 and 60946 (signatures updated)
127 ; badly signed DNSKEY probe only signed with ADDPEND key
129 MATCH opcode qname qtype
133 example.com. IN DNSKEY
136 example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
138 example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
140 example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
142 example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 30899 example.com. rkaCUpTFPWVu4Om5oMTR+39Mct6ZMs56xrE0rbxMMOokfvIQheIxsAEc5BFJeA/2y5WTewl6diCD6yQXCybrDg== ;{id = 30899}
143 ;example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 55582 example.com. CoMon+lWPAsUvgfpCTDPx8Zn8dQpky3lu2O6T+oJ2Mat9a/u1YwGhSQHGPn7ZNG/4vKM97tx84sSlUGz3geD1w== ;{id = 55582}
144 example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 60946 example.com. o+Cbs7DcYPYlSLd4hi3vkSVQpXGnKgKSi9MpHGfu1Uahv5190U2DUOxP1du/HOYbf+IHYL8zLbMZjVEG5wgnTg== ;{id = 60946}
148 MATCH opcode qname qtype
156 MATCH opcode qname qtype
160 ns.example.com. IN AAAA
164 ; set date/time to Aug 24 07:46:40 (2009).
165 STEP 5 TIME_PASSES ELAPSE 1251100000
166 STEP 6 TRAFFIC ; the initial probe
167 STEP 7 ASSIGN t0 = ${time}
168 STEP 8 ASSIGN probe0 = ${range 4800 ${timeout} 5400}
170 ; the auto probing should have been done now.
171 STEP 10 CHECK_AUTOTRUST example.com
173 ; autotrust trust anchor file
175 ;;last_queried: ${$t0} ;;${ctime $t0}
176 ;;last_success: ${$t0} ;;${ctime $t0}
177 ;;next_probe_time: ${$t0 + $probe0} ;;${ctime $t0 + $probe0}
179 ;;query_interval: 5400
181 example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
184 ; key prepublished. First poll. 30 days later
185 STEP 11 TIME_PASSES EVAL ${30*24*3600}
187 STEP 13 ASSIGN t1 = ${time}
188 STEP 14 ASSIGN probe1 = ${range 4800 ${timeout} 5400}
189 STEP 15 CHECK_AUTOTRUST example.com
191 ; autotrust trust anchor file
193 ;;last_queried: ${$t1} ;;${ctime $t1}
194 ;;last_success: ${$t1} ;;${ctime $t1}
195 ;;next_probe_time: ${$t1 + $probe1} ;;${ctime $t1 + $probe1}
197 ;;query_interval: 5400
199 example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t1} ;;${ctime $t1}
200 example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
203 ; Second poll. 10 days later
204 STEP 21 TIME_PASSES EVAL ${10*24*3600}
206 STEP 23 ASSIGN t2 = ${time}
208 ; probe must be a failed probe! no larger than 3600
209 STEP 24 ASSIGN probe2 = ${range 3200 ${timeout} 3600}
210 STEP 25 CHECK_AUTOTRUST example.com
212 ; autotrust trust anchor file
214 ;;last_queried: ${$t2} ;;${ctime $t2}
215 ;;last_success: ${$t1} ;;${ctime $t1}
216 ;;next_probe_time: ${$t2 + $probe2} ;;${ctime $t2 + $probe2}
218 ;;query_interval: 5400
220 example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t1} ;;${ctime $t1}
221 example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}