3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
8 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
12 SCENARIO_BEGIN Test dnssec-lame detection at ds point.
18 MATCH opcode qtype qname
24 . IN NS K.ROOT-SERVERS.NET.
26 K.ROOT-SERVERS.NET. IN A 193.0.14.129
30 MATCH opcode subdomain
31 ADJUST copy_id copy_query
36 com. IN NS a.gtld-servers.net.
38 a.gtld-servers.net. IN A 192.5.6.30
42 MATCH opcode subdomain
43 ADJUST copy_id copy_query
48 net. IN NS e.gtld-servers.net.
50 e.gtld-servers.net. IN A 192.12.94.30
54 MATCH opcode qtype qname
58 ns.example.net. IN AAAA
60 net. IN NS e.gtld-servers.net.
62 e.gtld-servers.net. IN A 192.12.94.30
70 MATCH opcode qtype qname
76 com. IN NS a.gtld-servers.net.
78 a.gtld-servers.net. IN A 192.5.6.30
82 MATCH opcode subdomain
83 ADJUST copy_id copy_query
88 example.com. IN NS ns.example.com.
90 ns.example.com. IN A 1.2.3.55
98 MATCH opcode qtype qname
104 net. IN NS e.gtld-servers.net.
106 e.gtld-servers.net. IN A 192.12.94.30
110 MATCH opcode qtype qname
114 e.gtld-servers.net. IN AAAA
119 MATCH opcode qtype qname
123 a.gtld-servers.net. IN AAAA
128 MATCH opcode qtype qname
134 example.net. IN NS ns.example.net.
136 ns.example.net. IN A 1.2.3.44
140 MATCH opcode qtype qname
144 ns.example.net. IN AAAA
146 example.net. IN NS ns.example.net.
148 ns.example.net. IN A 1.2.3.44
156 MATCH opcode qtype qname
162 example.net. IN NS ns.example.net.
164 ns.example.net. IN A 1.2.3.44
168 MATCH opcode qtype qname
174 ns.example.net. IN A 1.2.3.44
176 example.net. IN NS ns.example.net.
180 MATCH opcode qtype qname
184 ns.example.net. IN AAAA
186 example.net. IN NS ns.example.net.
188 ns.example.net. IN A 1.2.3.44
191 ; response to DNSKEY priming query
192 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
194 MATCH opcode qtype qname
198 sub.example.com. IN DNSKEY
200 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
201 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
203 ; no NS set. not needed for this test.
205 ns.sub.example.com. IN A 1.2.3.6
206 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
210 MATCH opcode qtype qname
214 sub.example.com. IN NS
216 sub.example.com. IN NS ns.sub.example.com.
217 sub.example.com. IN NS ns.example.net.
218 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
220 ns.sub.example.com. IN A 1.2.3.6
221 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
224 ; response to query of interest
226 MATCH opcode qtype qname
230 www.sub.example.com. IN A
232 www.sub.example.com. IN A 11.11.11.11
233 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
239 MATCH opcode qtype qname
243 ns.sub.example.com. IN AAAA
252 MATCH opcode qtype qname
258 example.com. IN NS ns.example.com.
260 ns.example.com. IN A 1.2.3.55
264 MATCH opcode qtype qname
270 ns.example.com. IN A 1.2.3.55
274 MATCH opcode qtype qname
278 ns.example.com. IN AAAA
281 ; fine DNSKEY response.
283 MATCH opcode qtype qname
287 example.com. IN DNSKEY
289 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
290 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
292 example.com. IN NS ns.example.com.
293 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
297 ; correct delegation with DS
299 MATCH opcode subdomain
300 ADJUST copy_id copy_query
303 sub.example.com. IN A
306 sub.example.com. IN NS ns.sub.example.com.
307 sub.example.com. IN NS ns.example.net.
308 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
309 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
311 ns.sub.example.com. IN A 1.2.3.6
314 ; response for delegation to sub.example.com.
316 MATCH opcode qtype qname
320 sub.example.com. IN DNSKEY
323 sub.example.com. IN NS ns.sub.example.com.
324 sub.example.com. IN NS ns.example.net.
325 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
326 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
328 ns.sub.example.com. IN A 1.2.3.6
332 ; This server is DNSSEC LAME!
333 ; ns.sub.example.com.
338 MATCH opcode qtype qname
342 sub.example.com. IN NS
344 sub.example.com. IN NS ns.sub.example.com.
345 sub.example.com. IN NS ns.example.net.
347 ns.sub.example.com. IN A 1.2.3.6
351 ; response to DNSKEY priming query
352 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
354 MATCH opcode qtype qname
358 sub.example.com. IN DNSKEY
360 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
362 sub.example.com. IN NS ns.sub.example.com.
363 sub.example.com. IN NS ns.example.net.
365 ns.sub.example.com. IN A 1.2.3.6
369 MATCH opcode qtype qname
373 ns.sub.example.com. IN AAAA
377 ; response to query of interest
379 MATCH opcode qtype qname
383 www.sub.example.com. IN A
385 www.sub.example.com. IN A 11.11.11.11
387 ; dnssec-lameness detection depends on this information
388 sub.example.com. IN NS ns.sub.example.com.
389 sub.example.com. IN NS ns.example.net.
391 ns.sub.example.com. IN A 1.2.3.6
400 www.sub.example.com. IN A
403 ; recursion happens here.
407 REPLY QR RD RA AD DO NOERROR
409 www.sub.example.com. IN A
411 www.sub.example.com. IN A 11.11.11.11
412 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}