3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
8 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
12 SCENARIO_BEGIN Bug test dnssec-lame detection at ds point with target queries.
18 MATCH opcode qtype qname
24 . IN NS K.ROOT-SERVERS.NET.
26 K.ROOT-SERVERS.NET. IN A 193.0.14.129
30 MATCH opcode subdomain
31 ADJUST copy_id copy_query
36 com. IN NS a.gtld-servers.net.
38 a.gtld-servers.net. IN A 192.5.6.30
42 MATCH opcode subdomain
43 ADJUST copy_id copy_query
48 net. IN NS e.gtld-servers.net.
50 e.gtld-servers.net. IN A 192.12.94.30
54 MATCH opcode qtype qname
58 ns.example.net. IN AAAA
60 net. IN NS e.gtld-servers.net.
62 e.gtld-servers.net. IN A 192.12.94.30
70 MATCH opcode qtype qname
76 com. IN NS a.gtld-servers.net.
78 a.gtld-servers.net. IN A 192.5.6.30
82 MATCH opcode subdomain
83 ADJUST copy_id copy_query
88 example.com. IN NS ns.example.com.
90 ns.example.com. IN A 1.2.3.55
95 ; Note this timing is so it will provide answers at the beginning.
99 MATCH opcode qtype qname
105 net. IN NS e.gtld-servers.net.
107 e.gtld-servers.net. IN A 192.12.94.30
111 MATCH opcode qtype qname
115 e.gtld-servers.net. IN AAAA
120 MATCH opcode qtype qname
124 a.gtld-servers.net. IN AAAA
128 ; no example.net delegation answers yet.
132 ; e.gtld-servers.net.
133 ; Note this timing is so it will not provide answers at the beginning,
138 MATCH opcode qtype qname
144 net. IN NS e.gtld-servers.net.
146 e.gtld-servers.net. IN A 192.12.94.30
150 MATCH opcode qtype qname
154 e.gtld-servers.net. IN AAAA
159 MATCH opcode qtype qname
163 a.gtld-servers.net. IN AAAA
168 MATCH opcode qtype qname
174 example.net. IN NS ns.example.net.
176 ns.example.net. IN A 1.2.3.44
180 MATCH opcode qtype qname
184 ns.example.net. IN AAAA
186 example.net. IN NS ns.example.net.
188 ns.example.net. IN A 1.2.3.44
193 ; Note this timing is so it will not provide answers at the beginning,
198 MATCH opcode qtype qname
204 example.net. IN NS ns.example.net.
206 ns.example.net. IN A 1.2.3.44
210 MATCH opcode qtype qname
216 ns.example.net. IN A 1.2.3.44
218 example.net. IN NS ns.example.net.
222 MATCH opcode qtype qname
226 ns.example.net. IN AAAA
228 example.net. IN NS ns.example.net.
230 ns.example.net. IN A 1.2.3.44
233 ; response to DNSKEY priming query
234 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
236 MATCH opcode qtype qname
240 sub.example.com. IN DNSKEY
242 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
243 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
245 ; no NS set. not needed for this test.
247 ns.sub.example.com. IN A 1.2.3.6
248 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
252 MATCH opcode qtype qname
256 sub.example.com. IN NS
258 sub.example.com. IN NS ns.sub.example.com.
259 sub.example.com. IN NS ns.example.net.
260 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
262 ns.sub.example.com. IN A 1.2.3.6
263 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
266 ; response to query of interest
268 MATCH opcode qtype qname
272 www.sub.example.com. IN A
274 www.sub.example.com. IN A 11.11.11.11
275 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
281 MATCH opcode qtype qname
285 ns.sub.example.com. IN AAAA
294 MATCH opcode qtype qname
300 example.com. IN NS ns.example.com.
302 ns.example.com. IN A 1.2.3.55
306 MATCH opcode qtype qname
312 ns.example.com. IN A 1.2.3.55
316 MATCH opcode qtype qname
320 ns.example.com. IN AAAA
323 ; fine DNSKEY response.
325 MATCH opcode qtype qname
329 example.com. IN DNSKEY
331 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
332 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
334 example.com. IN NS ns.example.com.
335 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
339 ; correct delegation with DS
341 MATCH opcode subdomain
342 ADJUST copy_id copy_query
345 sub.example.com. IN A
348 sub.example.com. IN NS ns.sub.example.com.
349 sub.example.com. IN NS ns.example.net.
350 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
351 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
353 ns.sub.example.com. IN A 1.2.3.6
356 ; response for delegation to sub.example.com.
358 MATCH opcode qtype qname
362 sub.example.com. IN DNSKEY
365 sub.example.com. IN NS ns.sub.example.com.
366 sub.example.com. IN NS ns.example.net.
367 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
368 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
370 ns.sub.example.com. IN A 1.2.3.6
374 ; This server is DNSSEC LAME!
375 ; ns.sub.example.com.
380 MATCH opcode qtype qname
384 sub.example.com. IN NS
386 sub.example.com. IN NS ns.sub.example.com.
387 sub.example.com. IN NS ns.example.net.
389 ns.sub.example.com. IN A 1.2.3.6
393 ; response to DNSKEY priming query
394 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
396 MATCH opcode qtype qname
400 sub.example.com. IN DNSKEY
402 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
404 sub.example.com. IN NS ns.sub.example.com.
405 sub.example.com. IN NS ns.example.net.
407 ns.sub.example.com. IN A 1.2.3.6
411 MATCH opcode qtype qname
415 ns.sub.example.com. IN AAAA
419 ; response to query of interest
421 MATCH opcode qtype qname
425 www.sub.example.com. IN A
427 www.sub.example.com. IN A 11.11.11.11
429 ; dnssec-lameness detection depends on this information
430 sub.example.com. IN NS ns.sub.example.com.
431 sub.example.com. IN NS ns.example.net.
433 ns.sub.example.com. IN A 1.2.3.6
442 www.sub.example.com. IN A
446 ; recursion at time 10.
447 ; first recursion with answers in 0-30 time
448 ; with bug it now resolves to the bad version
449 ; fixed, it stops waiting for more target queries.
452 ; next recursion with more answers at time 40.
454 ; recursion happens here.
458 REPLY QR RD RA AD DO NOERROR
460 www.sub.example.com. IN A
462 www.sub.example.com. IN A 11.11.11.11
463 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}