3 target-fetch-policy: "0 0 0 0 0"
5 val-override-date: '20091018111500'
9 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
10 AUTOTRUST_FILE example.com
11 ; autotrust trust anchor file
13 ;;last_queried: 1258962400 ;;Mon Nov 23 08:46:40 2009
14 ;;last_success: 1258962400 ;;Mon Nov 23 08:46:40 2009
15 ;;next_probe_time: 1258967360 ;;Mon Nov 23 10:09:20 2009
17 ;;query_interval: 5400
19 example.com. 10800 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009
20 example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 08:46:40 2009
24 SCENARIO_BEGIN Test autotrust with trust point revocation and instant use
25 ; so not a probe that discovers it but a user query.
31 MATCH opcode qname qtype
32 ADJUST copy_id copy_query
37 . IN NS k.root-servers.net.
39 k.root-servers.net IN A 193.0.14.129
43 MATCH opcode subdomain
44 ADJUST copy_id copy_query
49 com. IN NS a.gtld-servers.net.
51 a.gtld-servers.net. IN A 192.5.6.30
59 MATCH opcode subdomain
60 ADJUST copy_id copy_query
65 example.com. IN NS ns.example.com.
67 ns.example.com. IN A 1.2.3.4
75 MATCH opcode qname qtype
79 example.com. IN DNSKEY
84 example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b}
85 example.com. 10800 IN DNSKEY 385 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16614 (ksk), size = 512b}
87 example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 55710 example.com. zOSlB1iwtlP2lum1RK0WoDQrMVj0JKwk2E5Mu1okzV38hAx3Xm9IGMK6WrNkVVLmx4OkhYmdPVA95jVsFpwLMw== ;{id = 55710}
88 example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 16614 example.com. qP49cCYP3lvNnLBYty/JxAwHqBIGjpup5zQ7qpjPnaZpBb/TlpOhY17LBZrqD86VvBbEVz5tkxC9UrCy85ePDQ== ;{id = 16614}
93 MATCH opcode qname qtype
94 ADJUST copy_id copy_query
99 www.example.com. IN A 10.20.30.40
103 MATCH opcode qname qtype
104 ADJUST copy_id copy_query
107 ns.example.com. IN AAAA
117 www.example.com. IN A
120 ; correct unsigned response works after trust point revocation.
124 REPLY QR RD RA DO NOERROR
126 www.example.com. IN A
128 www.example.com. IN A 10.20.30.40
131 STEP 37 ASSIGN t0 = ${time}
132 STEP 41 CHECK_AUTOTRUST example.com
134 ; autotrust trust anchor file
136 ; The zone has all keys revoked, and is
137 ; considered as if it has no trust anchors.
138 ; the remainder of the file is the last probe.
139 ; to restart the trust anchor, overwrite this file.
140 ; with one containing valid DNSKEYs or DSes.
142 ;;last_queried: ${$t0} ;;${ctime $t0}
143 ;;last_success: ${$t0} ;;${ctime $t0}
144 ;;next_probe_time: ${0} ;;${ctime 0}
146 ;;query_interval: 5400
148 example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
149 example.com. 10800 IN DNSKEY 385 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16614 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}