3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
9 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
13 SCENARIO_BEGIN Bug test dnssec-lame detection at ds point with target queries.
19 MATCH opcode qtype qname
25 . IN NS K.ROOT-SERVERS.NET.
27 K.ROOT-SERVERS.NET. IN A 193.0.14.129
31 MATCH opcode subdomain
32 ADJUST copy_id copy_query
37 com. IN NS a.gtld-servers.net.
39 a.gtld-servers.net. IN A 192.5.6.30
43 MATCH opcode subdomain
44 ADJUST copy_id copy_query
49 net. IN NS e.gtld-servers.net.
51 e.gtld-servers.net. IN A 192.12.94.30
55 MATCH opcode qtype qname
59 ns.example.net. IN AAAA
61 net. IN NS e.gtld-servers.net.
63 e.gtld-servers.net. IN A 192.12.94.30
71 MATCH opcode qtype qname
77 com. IN NS a.gtld-servers.net.
79 a.gtld-servers.net. IN A 192.5.6.30
83 MATCH opcode subdomain
84 ADJUST copy_id copy_query
89 example.com. IN NS ns.example.com.
91 ns.example.com. IN A 1.2.3.55
96 ; Note this timing is so it will provide answers at the beginning.
100 MATCH opcode qtype qname
106 net. IN NS e.gtld-servers.net.
108 e.gtld-servers.net. IN A 192.12.94.30
112 MATCH opcode qtype qname
116 e.gtld-servers.net. IN AAAA
121 MATCH opcode qtype qname
125 a.gtld-servers.net. IN AAAA
129 ; no example.net delegation answers yet.
133 ; e.gtld-servers.net.
134 ; Note this timing is so it will not provide answers at the beginning,
139 MATCH opcode qtype qname
145 net. IN NS e.gtld-servers.net.
147 e.gtld-servers.net. IN A 192.12.94.30
151 MATCH opcode qtype qname
155 e.gtld-servers.net. IN AAAA
160 MATCH opcode qtype qname
164 a.gtld-servers.net. IN AAAA
169 MATCH opcode qtype qname
175 example.net. IN NS ns.example.net.
177 ns.example.net. IN A 1.2.3.44
181 MATCH opcode qtype qname
185 ns.example.net. IN AAAA
187 example.net. IN NS ns.example.net.
189 ns.example.net. IN A 1.2.3.44
194 ; Note this timing is so it will not provide answers at the beginning,
199 MATCH opcode qtype qname
205 example.net. IN NS ns.example.net.
207 ns.example.net. IN A 1.2.3.44
211 MATCH opcode qtype qname
217 ns.example.net. IN A 1.2.3.44
219 example.net. IN NS ns.example.net.
223 MATCH opcode qtype qname
227 ns.example.net. IN AAAA
229 example.net. IN NS ns.example.net.
231 ns.example.net. IN A 1.2.3.44
234 ; response to DNSKEY priming query
235 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
237 MATCH opcode qtype qname
241 sub.example.com. IN DNSKEY
243 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
244 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
246 ; no NS set. not needed for this test.
248 ns.sub.example.com. IN A 1.2.3.6
249 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
253 MATCH opcode qtype qname
257 sub.example.com. IN NS
259 sub.example.com. IN NS ns.sub.example.com.
260 sub.example.com. IN NS ns.example.net.
261 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
263 ns.sub.example.com. IN A 1.2.3.6
264 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
267 ; response to query of interest
269 MATCH opcode qtype qname
273 www.sub.example.com. IN A
275 www.sub.example.com. IN A 11.11.11.11
276 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
282 MATCH opcode qtype qname
286 ns.sub.example.com. IN AAAA
295 MATCH opcode qtype qname
301 example.com. IN NS ns.example.com.
303 ns.example.com. IN A 1.2.3.55
307 MATCH opcode qtype qname
313 ns.example.com. IN A 1.2.3.55
317 MATCH opcode qtype qname
321 ns.example.com. IN AAAA
324 ; fine DNSKEY response.
326 MATCH opcode qtype qname
330 example.com. IN DNSKEY
332 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
333 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
335 example.com. IN NS ns.example.com.
336 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
340 ; correct delegation with DS
342 MATCH opcode subdomain
343 ADJUST copy_id copy_query
346 sub.example.com. IN A
349 sub.example.com. IN NS ns.sub.example.com.
350 sub.example.com. IN NS ns.example.net.
351 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
352 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
354 ns.sub.example.com. IN A 1.2.3.6
357 ; response for delegation to sub.example.com.
359 MATCH opcode qtype qname
363 sub.example.com. IN DNSKEY
366 sub.example.com. IN NS ns.sub.example.com.
367 sub.example.com. IN NS ns.example.net.
368 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
369 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
371 ns.sub.example.com. IN A 1.2.3.6
375 ; This server is DNSSEC LAME!
376 ; ns.sub.example.com.
381 MATCH opcode qtype qname
385 sub.example.com. IN NS
387 sub.example.com. IN NS ns.sub.example.com.
388 sub.example.com. IN NS ns.example.net.
390 ns.sub.example.com. IN A 1.2.3.6
394 ; response to DNSKEY priming query
395 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
397 MATCH opcode qtype qname
401 sub.example.com. IN DNSKEY
403 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
405 sub.example.com. IN NS ns.sub.example.com.
406 sub.example.com. IN NS ns.example.net.
408 ns.sub.example.com. IN A 1.2.3.6
412 MATCH opcode qtype qname
416 ns.sub.example.com. IN AAAA
420 ; response to query of interest
422 MATCH opcode qtype qname
426 www.sub.example.com. IN A
428 www.sub.example.com. IN A 11.11.11.11
430 ; dnssec-lameness detection depends on this information
431 sub.example.com. IN NS ns.sub.example.com.
432 sub.example.com. IN NS ns.example.net.
434 ns.sub.example.com. IN A 1.2.3.6
443 www.sub.example.com. IN A
447 ; recursion at time 10.
448 ; first recursion with answers in 0-30 time
449 ; with bug it now resolves to the bad version
450 ; fixed, it stops waiting for more target queries.
453 ; next recursion with more answers at time 40.
455 ; recursion happens here.
459 REPLY QR RD RA AD DO NOERROR
461 www.sub.example.com. IN A
463 www.sub.example.com. IN A 11.11.11.11
464 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}