1 ; Test ipsecmod-max-ttl option.
5 access-control: 127.0.0.1 allow_snoop
6 module-config: "ipsecmod validator iterator"
7 ; ../../ is there because the test runs from testdata/03-testbound.dir
8 ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
11 qname-minimisation: "no"
16 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
19 SCENARIO_BEGIN Test ipsecmod-max-ttl option
21 ; - query for example.com. IN A
22 ; - check that query for example.com. IN IPSECKEY is generated
23 ; - check that we get an answer for example.com. IN A with the correct TTL
24 ; - check that the get the same answer from cache
25 ; - check that we get the IPSECKEY answer from cache
31 MATCH opcode qtype qname
37 . IN NS K.ROOT-SERVERS.NET.
39 K.ROOT-SERVERS.NET. IN A 193.0.14.129
43 MATCH opcode qtype qname
47 a.gtld-servers.net. IN AAAA
49 . 86400 IN SOA . . 20070304 28800 7200 604800 86400
53 MATCH opcode qtype qname
57 K.ROOT-SERVERS.NET. IN AAAA
59 . 86400 IN SOA . . 20070304 28800 7200 604800 86400
63 MATCH opcode subdomain
64 ADJUST copy_id copy_query
69 com. IN NS a.gtld-servers.net.
71 a.gtld-servers.net. IN A 192.5.6.30
79 MATCH opcode qtype qname
85 com. IN NS a.gtld-servers.net.
87 a.gtld-servers.net. IN A 192.5.6.30
91 MATCH opcode subdomain
92 ADJUST copy_id copy_query
97 example.com. IN NS ns.example.com.
99 ns.example.com. IN A 1.2.3.4
107 MATCH opcode qtype qname
113 example.com. IN NS ns.example.com.
115 ns.example.com. IN A 1.2.3.4
119 MATCH opcode qtype qname
123 ns.example.com. IN AAAA
125 example.com. 10 IN SOA . . 15 28800 7200 604800 10
128 ; response to A query
130 MATCH opcode qtype qname
136 example.com. 3600 IN A 5.6.7.8
138 example.com. IN NS ns.example.com.
140 ns.example.com. IN A 1.2.3.4
143 ; response to IPSECKEY query
145 MATCH opcode qtype qname
149 example.com. IN IPSECKEY
151 example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
153 example.com. IN NS ns.example.com.
155 ns.example.com. IN A 1.2.3.4
167 STEP 2 CHECK_OUT_QUERY
169 MATCH qname qtype opcode
171 example.com. IN IPSECKEY
177 REPLY QR RD RA NOERROR
181 example.com. 200 IN A 5.6.7.8
183 example.com. IN NS ns.example.com.
185 ns.example.com. IN A 1.2.3.4
188 ; Query without RD, check if cached and with correct TTL
202 example.com. 200 IN A 5.6.7.8
204 example.com. IN NS ns.example.com.
206 ns.example.com. IN A 1.2.3.4
209 ; Query without RD, check if IPSECKEY cached
213 example.com. IN IPSECKEY
221 example.com. IN IPSECKEY
223 example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
225 example.com. IN NS ns.example.com.
227 ns.example.com. IN A 1.2.3.4