3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
6 trust-anchor-signaling: no
7 qname-minimisation: "no"
11 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
15 SCENARIO_BEGIN Bug test dnssec-lame detection at ds point with target queries.
21 MATCH opcode qtype qname
27 . IN NS K.ROOT-SERVERS.NET.
29 K.ROOT-SERVERS.NET. IN A 193.0.14.129
33 MATCH opcode subdomain
34 ADJUST copy_id copy_query
39 com. IN NS a.gtld-servers.net.
41 a.gtld-servers.net. IN A 192.5.6.30
45 MATCH opcode subdomain
46 ADJUST copy_id copy_query
51 net. IN NS e.gtld-servers.net.
53 e.gtld-servers.net. IN A 192.12.94.30
57 MATCH opcode qtype qname
61 ns.example.net. IN AAAA
63 net. IN NS e.gtld-servers.net.
65 e.gtld-servers.net. IN A 192.12.94.30
73 MATCH opcode qtype qname
79 com. IN NS a.gtld-servers.net.
81 a.gtld-servers.net. IN A 192.5.6.30
85 MATCH opcode subdomain
86 ADJUST copy_id copy_query
91 example.com. IN NS ns.example.com.
93 ns.example.com. IN A 1.2.3.55
98 ; Note this timing is so it will provide answers at the beginning.
102 MATCH opcode qtype qname
108 net. IN NS e.gtld-servers.net.
110 e.gtld-servers.net. IN A 192.12.94.30
114 MATCH opcode qtype qname
118 e.gtld-servers.net. IN AAAA
123 MATCH opcode qtype qname
127 a.gtld-servers.net. IN AAAA
131 ; no example.net delegation answers yet.
135 ; e.gtld-servers.net.
136 ; Note this timing is so it will not provide answers at the beginning,
141 MATCH opcode qtype qname
147 net. IN NS e.gtld-servers.net.
149 e.gtld-servers.net. IN A 192.12.94.30
153 MATCH opcode qtype qname
157 e.gtld-servers.net. IN AAAA
162 MATCH opcode qtype qname
166 a.gtld-servers.net. IN AAAA
171 MATCH opcode qtype qname
177 example.net. IN NS ns.example.net.
179 ns.example.net. IN A 1.2.3.44
183 MATCH opcode qtype qname
187 ns.example.net. IN AAAA
189 example.net. IN NS ns.example.net.
191 ns.example.net. IN A 1.2.3.44
196 ; Note this timing is so it will not provide answers at the beginning,
201 MATCH opcode qtype qname
207 example.net. IN NS ns.example.net.
209 ns.example.net. IN A 1.2.3.44
213 MATCH opcode qtype qname
219 ns.example.net. IN A 1.2.3.44
221 example.net. IN NS ns.example.net.
225 MATCH opcode qtype qname
229 ns.example.net. IN AAAA
231 example.net. IN NS ns.example.net.
233 ns.example.net. IN A 1.2.3.44
236 ; response to DNSKEY priming query
237 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
239 MATCH opcode qtype qname
243 sub.example.com. IN DNSKEY
245 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
246 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
248 ; no NS set. not needed for this test.
250 ns.sub.example.com. IN A 1.2.3.6
251 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
255 MATCH opcode qtype qname
259 sub.example.com. IN NS
261 sub.example.com. IN NS ns.sub.example.com.
262 sub.example.com. IN NS ns.example.net.
263 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
265 ns.sub.example.com. IN A 1.2.3.6
266 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
269 ; response to query of interest
271 MATCH opcode qtype qname
275 www.sub.example.com. IN A
277 www.sub.example.com. IN A 11.11.11.11
278 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
284 MATCH opcode qtype qname
288 ns.sub.example.com. IN AAAA
297 MATCH opcode qtype qname
303 example.com. IN NS ns.example.com.
305 ns.example.com. IN A 1.2.3.55
309 MATCH opcode qtype qname
315 ns.example.com. IN A 1.2.3.55
319 MATCH opcode qtype qname
323 ns.example.com. IN AAAA
326 ; fine DNSKEY response.
328 MATCH opcode qtype qname
332 example.com. IN DNSKEY
334 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
335 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
337 example.com. IN NS ns.example.com.
338 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
342 ; correct delegation with DS
344 MATCH opcode subdomain
345 ADJUST copy_id copy_query
348 sub.example.com. IN A
351 sub.example.com. IN NS ns.sub.example.com.
352 sub.example.com. IN NS ns.example.net.
353 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
354 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
356 ns.sub.example.com. IN A 1.2.3.6
359 ; response for delegation to sub.example.com.
361 MATCH opcode qtype qname
365 sub.example.com. IN DNSKEY
368 sub.example.com. IN NS ns.sub.example.com.
369 sub.example.com. IN NS ns.example.net.
370 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
371 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
373 ns.sub.example.com. IN A 1.2.3.6
377 ; This server is DNSSEC LAME!
378 ; ns.sub.example.com.
383 MATCH opcode qtype qname
387 sub.example.com. IN NS
389 sub.example.com. IN NS ns.sub.example.com.
390 sub.example.com. IN NS ns.example.net.
392 ns.sub.example.com. IN A 1.2.3.6
396 ; response to DNSKEY priming query
397 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
399 MATCH opcode qtype qname
403 sub.example.com. IN DNSKEY
405 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
407 sub.example.com. IN NS ns.sub.example.com.
408 sub.example.com. IN NS ns.example.net.
410 ns.sub.example.com. IN A 1.2.3.6
414 MATCH opcode qtype qname
418 ns.sub.example.com. IN AAAA
422 ; response to query of interest
424 MATCH opcode qtype qname
428 www.sub.example.com. IN A
430 www.sub.example.com. IN A 11.11.11.11
432 ; dnssec-lameness detection depends on this information
433 sub.example.com. IN NS ns.sub.example.com.
434 sub.example.com. IN NS ns.example.net.
436 ns.sub.example.com. IN A 1.2.3.6
445 www.sub.example.com. IN A
449 ; recursion at time 10.
450 ; first recursion with answers in 0-30 time
451 ; with bug it now resolves to the bad version
452 ; fixed, it stops waiting for more target queries.
455 ; next recursion with more answers at time 40.
457 ; recursion happens here.
461 REPLY QR RD RA AD DO NOERROR
463 www.sub.example.com. IN A
465 www.sub.example.com. IN A 11.11.11.11
466 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}