2 ; The island of trust is at example.com
4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5 val-override-date: "20070916134226"
6 target-fetch-policy: "0 0 0 0 0"
11 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
14 SCENARIO_BEGIN Test validator with blacklist for ENT response
15 ; 'ENT' Empty Non Terminal
16 ; which needs a valid NSEC(3) proof.
22 MATCH opcode qtype qname
28 . IN NS K.ROOT-SERVERS.NET.
30 K.ROOT-SERVERS.NET. IN A 193.0.14.129
34 MATCH opcode subdomain
35 ADJUST copy_id copy_query
40 com. IN NS a.gtld-servers.net.
42 a.gtld-servers.net. IN A 192.5.6.30
50 MATCH opcode qtype qname
56 com. IN NS a.gtld-servers.net.
58 a.gtld-servers.net. IN A 192.5.6.30
62 MATCH opcode qtype qname
68 ns.blabla.com. IN A 1.2.3.5
72 MATCH opcode qtype qname
76 ns.blabla.com. IN AAAA
78 com. IN SOA com. com. 2009100100 28800 7200 604800 3600
82 MATCH opcode subdomain
83 ADJUST copy_id copy_query
88 example.com. IN NS ns.example.com.
89 example.com. IN NS ns.blabla.com.
91 ns.example.com. IN A 1.2.3.4
92 ; no ns.blabla.com, try that later
100 MATCH opcode qtype qname
106 example.com. IN NS ns.example.com.
107 example.com. IN NS ns.blabla.com.
108 example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. AKJ3xUBdSrCiOFkYajsy93d+h06rewpbmBHItTkL8R/26rw57b1gCIg= ;{id = 2854}
110 ns.example.com. IN A 1.2.3.4
111 ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854}
115 MATCH opcode qtype qname
121 ns.example.com. IN A 1.2.3.4
122 ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AHNj99mBmP4np19V01nSq990ZIFlIiLWoeHijm/HcOG/o8+DuIp4fL8= ;{id = 2854}
127 MATCH opcode qtype qname
131 ns.example.com. IN AAAA
134 ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A
135 ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20030926134150 20030829134150 2854 example.com. ACFVLLBtuSX/1z3461tbOwDz9zTHe5S9DbVtwnSO1f2x06fYbMpzSDE= ;{id = 2854}
138 ; response to DNSKEY priming query
140 MATCH opcode qtype qname
144 example.com. IN DNSKEY
146 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
147 ; make priming query succeed
148 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
149 ;example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20030926134150 20030829134150 2854 example.com. AG21xE8CFQzTq6XtHErg28b9EAmqPsoYCUcFPEAoAjFybM6AY4/bMOo= ;{id = 2854}
151 ;example.com. IN NS ns.example.com.
152 ;example.com. IN NS ns.blabla.com.
153 ;example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACiWu7zjBHqgEX3iUoOF7rfpOmIAHj1npKQ+XDIaNlmdkfJxoCwFl04= ;{id = 2854}
155 ;ns.example.com. IN A 1.2.3.4
156 ;ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. ACmAsKTf7hqDaYK8CQ7FL1cGYPW+blTCnzZGkExFtEUAGrHeze87o+A= ;{id = 2854}
160 MATCH opcode qtype qname
164 www.example.com. IN A
166 www.example.com. IN A 10.20.30.40
167 www.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGj9kE8oW3OhOLhkmJ3HBaNIOpvGf3S8zSd5gWmhpxAMc5hh6cxZfpQ= ;{id = 2854}
169 example.com. IN NS ns.example.com.
170 example.com. IN NS ns.blabla.com.
171 example.com. 3600 IN RRSIG NS 3 2 3600 20030926134150 20030829134150 2854 example.com. ACHETweBNPgbmRoNRdKvxuw4X9qNUUTEpSuwV+HhuiBE83gbB98asAc= ;{id = 2854}
173 ns.example.com. IN A 1.2.3.4
174 ns.example.com. 3600 IN RRSIG A 3 3 3600 20030926134150 20030829134150 2854 example.com. AGvu9A/nGsbatxJCmnObioIhKg2Tm0Apr0eo+DO1kIDrAHco/bt/EdY= ;{id = 2854}
179 MATCH opcode qtype qname
183 sub.example.com. IN DS
185 rub.example.com. IN NSEC sub.sub.example.com. RRSIG NSEC A
186 rub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20030926134150 20030829134150 2854 example.com. AAUOa/L9F/ZrGfXSov4WRhTTbd8+CsdTJeM4Nk973wcLZ27A4YiIlTs= ;{id = 2854}
188 sub.sub.example.com. IN NSEC tub.example.com. RRSIG NSEC DS
189 sub.sub.example.com. 3600 IN RRSIG NSEC 3 4 3600 20030926134150 20030829134150 2854 example.com. AJVJEBTIlbnAHF0HR0skEfTVS28hMrbUHzBx5CMfY/NhxZohQtGVcwo= ;{id = 2854}
194 MATCH opcode qtype qname
198 sub.sub.example.com. IN DS
200 sub.sub.example.com. 3600 IN DS 30899 5 1 dea269e4bccaa019a4ba0cf5b198292f28faeee1
201 sub.sub.example.com. 3600 IN RRSIG DS 3 4 3600 20030926134150 20030829134150 2854 example.com. AGQoKQd4UT+e4AMdYdDznxWo9cybYZyRAgC7exEgJ1asYRmmgvJG7Zw= ;{id = 2854}
205 MATCH opcode subdomain
206 ADJUST copy_id copy_query
209 sub.sub.example.com. IN NS
211 sub.sub.example.com. IN NS ns.sub.sub.example.com.
212 sub.sub.example.com. IN NS ns.foo.com.
213 sub.sub.example.com. 3600 IN DS 30899 5 1 dea269e4bccaa019a4ba0cf5b198292f28faeee1
214 sub.sub.example.com. 3600 IN RRSIG DS 3 4 3600 20030926134150 20030829134150 2854 example.com. AGQoKQd4UT+e4AMdYdDznxWo9cybYZyRAgC7exEgJ1asYRmmgvJG7Zw= ;{id = 2854}
216 ns.sub.sub.example.com. IN A 1.2.4.6
225 MATCH opcode qtype qname
231 example.com. IN NS ns.example.com.
232 example.com. IN NS ns.blabla.com.
233 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854}
235 ns.example.com. IN A 1.2.3.4
236 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
240 MATCH opcode qtype qname
246 ns.example.com. IN A 1.2.3.4
247 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
252 MATCH opcode qtype qname
256 ns.example.com. IN AAAA
259 ns.example.com. IN NSEC oof.example.com. NSEC RRSIG A
260 ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABhDNtJramb2a4R1SK5gb/CTYJybQts6mZ++z3kLiwsrUSZInA4ikeQ= ;{id = 2854}
263 ; response to DNSKEY priming query
265 MATCH opcode qtype qname
269 example.com. IN DNSKEY
271 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
272 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
274 example.com. IN NS ns.example.com.
275 example.com. IN NS ns.blabla.com.
276 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854}
278 ns.example.com. IN A 1.2.3.4
279 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
283 MATCH opcode qtype qname
287 www.example.com. IN A
289 www.example.com. IN A 10.20.30.40
290 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
292 example.com. IN NS ns.example.com.
293 example.com. IN NS ns.blabla.com.
294 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AAJHNhPYVG6+550zQga9ZgV8McQZHLboOWjfbdiq2ZC+gUcQeQDDlFs= ;{id = 2854}
296 ns.example.com. IN A 1.2.3.4
297 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
302 MATCH opcode qtype qname
306 sub.example.com. IN DS
308 rub.example.com. IN NSEC sub.sub.example.com. RRSIG NSEC A
309 rub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AKxt275OlwQmfqO36rTYkPXBqdoyaD3lId4q+UA4+Gs50qfn/RkuIOs= ;{id = 2854}
311 sub.sub.example.com. IN NSEC tub.example.com. RRSIG NSEC DS
312 sub.sub.example.com. 3600 IN RRSIG NSEC 3 4 3600 20070926134150 20070829134150 2854 example.com. AJlIjBQvBluNTu1883DMH9ZtBVfKTXVEH2LvLV785UcwGELnwRYfZbA= ;{id = 2854}
317 MATCH opcode qtype qname
321 sub.sub.example.com. IN DS
323 sub.sub.example.com. 3600 IN DS 30899 5 1 dea269e4bccaa019a4ba0cf5b198292f28faeee1
324 sub.sub.example.com. 3600 IN RRSIG DS 3 4 3600 20070926134150 20070829134150 2854 example.com. AAPYiFzyEyehaff0hYTyOBFHF6qiCE7I7Zoa7Atn2F+HN2N/g/RloN8= ;{id = 2854}
329 MATCH opcode subdomain
330 ADJUST copy_id copy_query
333 sub.sub.example.com. IN NS
335 sub.sub.example.com. IN NS ns.sub.sub.example.com.
336 sub.sub.example.com. IN NS ns.foo.com.
337 sub.sub.example.com. 3600 IN DS 30899 5 1 dea269e4bccaa019a4ba0cf5b198292f28faeee1
338 sub.sub.example.com. 3600 IN RRSIG DS 3 4 3600 20070926134150 20070829134150 2854 example.com. AAPYiFzyEyehaff0hYTyOBFHF6qiCE7I7Zoa7Atn2F+HN2N/g/RloN8= ;{id = 2854}
340 ns.sub.sub.example.com. IN A 1.2.4.6
345 ; ns.sub.sub.example.com.
349 MATCH opcode qtype qname
353 sub.sub.example.com. IN DNSKEY
355 sub.sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
356 sub.sub.example.com. 3600 IN RRSIG DNSKEY 5 4 3600 20070926134150 20070829134150 30899 sub.sub.example.com. RO6LECPRS3aL6kRp++qbSIdNiJvhvYTJr0fupJMF5lPuTwI5HhAL5mAHjrmc3r0LeFE9iRpjFmdp/p1i0qVWzQ== ;{id = 30899}
360 MATCH opcode qtype qname
364 sub.sub.example.com. IN NS
366 sub.sub.example.com. IN NS ns.sub.sub.example.com.
367 sub.sub.example.com. IN NS ns.foo.com.
368 sub.sub.example.com. 3600 IN RRSIG NS 5 4 3600 20070926134150 20070829134150 30899 sub.sub.example.com. blhq9ELWjE5YhhLn1UN3K/QTh52w/ZkGv+hI8HbL1a9Av6W67H2jsb1B5iaPbOagKzAIPId9qtcskjCo3DSaHg== ;{id = 30899}
370 ns.sub.sub.example.com. IN A 1.2.4.6
371 ns.sub.sub.example.com. 3600 IN RRSIG A 5 5 3600 20070926134150 20070829134150 30899 sub.sub.example.com. JU2A7WvVR3AB7Ni9Qjfv7sxetc0jIfRgeERj8x+UUWdPiEBEkhUvD+ba6eLu5irMRWCj7CXIM81Mgl58QXCqfg== ;{id = 30899}
375 MATCH opcode qtype qname
379 ns.sub.sub.example.com. IN A
381 ns.sub.sub.example.com. IN A 1.2.4.6
382 ns.sub.sub.example.com. 3600 IN RRSIG A 5 5 3600 20070926134150 20070829134150 30899 sub.sub.example.com. JU2A7WvVR3AB7Ni9Qjfv7sxetc0jIfRgeERj8x+UUWdPiEBEkhUvD+ba6eLu5irMRWCj7CXIM81Mgl58QXCqfg== ;{id = 30899}
386 MATCH opcode qtype qname
390 ns.sub.sub.example.com. IN AAAA
392 ns.sub.sub.example.com. IN NSEC nt.sub.sub.example.com. NSEC RRSIG A
393 ns.sub.sub.example.com. 3600 IN RRSIG NSEC 5 5 3600 20070926134150 20070829134150 30899 sub.sub.example.com. zoir16lVMbPOFS81l20ZXyqWlXYvQg99zzfOiH5tzpbqPYHxrnQvsfJgTMR7rZvYG55Qh64Y4J1MSw+U2QAgmw== ;{id = 30899}
394 sub.sub.example.com. IN SOA sub.sub.example.com. hostmaster.sub.sub.example.com. 1 2 3 4 5
395 sub.sub.example.com. 3600 IN RRSIG SOA 5 4 3600 20070926134150 20070829134150 30899 sub.sub.example.com. aAKz5eF2EdRP5HVojabqDkvINeXczBAZyBesjC0+DtMmb7WvaUQzKQfYtBdWhE7CdrnPYuHPg4WlNbn0f7DsCw== ;{id = 30899}
399 MATCH opcode qtype qname
403 www.sub.sub.example.com. IN A
405 www.sub.sub.example.com. IN A 10.20.30.40
406 www.sub.sub.example.com. 3600 IN RRSIG A 5 5 3600 20070926134150 20070829134150 30899 sub.sub.example.com. ZXZoHA8pavJZELucMJpXLWQXNaIYXO4ryXpkp2BVZbW9sdcYCobWPyyzN5nmBatm+CaWLd6fjhwXh+OVVIH1Gg== ;{id = 30899}
415 www.sub.sub.example.com. IN A
418 ; recursion happens here.
422 REPLY QR RD RA AD DO NOERROR
424 www.sub.sub.example.com. IN A
426 www.sub.sub.example.com. IN A 10.20.30.40
427 www.sub.sub.example.com. 3600 IN RRSIG A 5 5 3600 20070926134150 20070829134150 30899 sub.sub.example.com. ZXZoHA8pavJZELucMJpXLWQXNaIYXO4ryXpkp2BVZbW9sdcYCobWPyyzN5nmBatm+CaWLd6fjhwXh+OVVIH1Gg== ;{id = 30899}
430 ; remove pending ns.blabla.com AAAA msg
435 ns.blabla.com. IN AAAA
438 ; recursion happens here.
442 REPLY QR RD CD RA DO NOERROR
444 ns.blabla.com. IN AAAA
447 com. IN SOA com. com. 2009100100 28800 7200 604800 3600