3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
9 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
13 SCENARIO_BEGIN Test dnssec-lame detection at ds point.
19 MATCH opcode qtype qname
25 . IN NS K.ROOT-SERVERS.NET.
27 K.ROOT-SERVERS.NET. IN A 193.0.14.129
31 MATCH opcode subdomain
32 ADJUST copy_id copy_query
37 com. IN NS a.gtld-servers.net.
39 a.gtld-servers.net. IN A 192.5.6.30
43 MATCH opcode subdomain
44 ADJUST copy_id copy_query
49 net. IN NS e.gtld-servers.net.
51 e.gtld-servers.net. IN A 192.12.94.30
55 MATCH opcode qtype qname
59 ns.example.net. IN AAAA
61 net. IN NS e.gtld-servers.net.
63 e.gtld-servers.net. IN A 192.12.94.30
71 MATCH opcode qtype qname
77 com. IN NS a.gtld-servers.net.
79 a.gtld-servers.net. IN A 192.5.6.30
83 MATCH opcode subdomain
84 ADJUST copy_id copy_query
89 example.com. IN NS ns.example.com.
91 ns.example.com. IN A 1.2.3.55
99 MATCH opcode qtype qname
105 net. IN NS e.gtld-servers.net.
107 e.gtld-servers.net. IN A 192.12.94.30
111 MATCH opcode qtype qname
115 e.gtld-servers.net. IN AAAA
120 MATCH opcode qtype qname
124 a.gtld-servers.net. IN AAAA
129 MATCH opcode qtype qname
135 example.net. IN NS ns.example.net.
137 ns.example.net. IN A 1.2.3.44
141 MATCH opcode qtype qname
145 ns.example.net. IN AAAA
147 example.net. IN NS ns.example.net.
149 ns.example.net. IN A 1.2.3.44
157 MATCH opcode qtype qname
163 example.net. IN NS ns.example.net.
165 ns.example.net. IN A 1.2.3.44
169 MATCH opcode qtype qname
175 ns.example.net. IN A 1.2.3.44
177 example.net. IN NS ns.example.net.
181 MATCH opcode qtype qname
185 ns.example.net. IN AAAA
187 example.net. IN NS ns.example.net.
189 ns.example.net. IN A 1.2.3.44
192 ; response to DNSKEY priming query
193 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
195 MATCH opcode qtype qname
199 sub.example.com. IN DNSKEY
201 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
202 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
204 ; no NS set. not needed for this test.
206 ns.sub.example.com. IN A 1.2.3.6
207 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
211 MATCH opcode qtype qname
215 sub.example.com. IN NS
217 sub.example.com. IN NS ns.sub.example.com.
218 sub.example.com. IN NS ns.example.net.
219 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
221 ns.sub.example.com. IN A 1.2.3.6
222 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
225 ; response to query of interest
227 MATCH opcode qtype qname
231 www.sub.example.com. IN A
233 www.sub.example.com. IN A 11.11.11.11
234 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
240 MATCH opcode qtype qname
244 ns.sub.example.com. IN AAAA
253 MATCH opcode qtype qname
259 example.com. IN NS ns.example.com.
261 ns.example.com. IN A 1.2.3.55
265 MATCH opcode qtype qname
271 ns.example.com. IN A 1.2.3.55
275 MATCH opcode qtype qname
279 ns.example.com. IN AAAA
282 ; fine DNSKEY response.
284 MATCH opcode qtype qname
288 example.com. IN DNSKEY
290 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
291 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
293 example.com. IN NS ns.example.com.
294 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
298 ; correct delegation with DS
300 MATCH opcode subdomain
301 ADJUST copy_id copy_query
304 sub.example.com. IN A
307 sub.example.com. IN NS ns.sub.example.com.
308 sub.example.com. IN NS ns.example.net.
309 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
310 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
312 ns.sub.example.com. IN A 1.2.3.6
315 ; response for delegation to sub.example.com.
317 MATCH opcode qtype qname
321 sub.example.com. IN DNSKEY
324 sub.example.com. IN NS ns.sub.example.com.
325 sub.example.com. IN NS ns.example.net.
326 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
327 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
329 ns.sub.example.com. IN A 1.2.3.6
333 ; This server is DNSSEC LAME!
334 ; ns.sub.example.com.
339 MATCH opcode qtype qname
343 sub.example.com. IN NS
345 sub.example.com. IN NS ns.sub.example.com.
346 sub.example.com. IN NS ns.example.net.
348 ns.sub.example.com. IN A 1.2.3.6
352 ; response to DNSKEY priming query
353 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
355 MATCH opcode qtype qname
359 sub.example.com. IN DNSKEY
361 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
363 sub.example.com. IN NS ns.sub.example.com.
364 sub.example.com. IN NS ns.example.net.
366 ns.sub.example.com. IN A 1.2.3.6
370 MATCH opcode qtype qname
374 ns.sub.example.com. IN AAAA
378 ; response to query of interest
380 MATCH opcode qtype qname
384 www.sub.example.com. IN A
386 www.sub.example.com. IN A 11.11.11.11
388 ; dnssec-lameness detection depends on this information
389 sub.example.com. IN NS ns.sub.example.com.
390 sub.example.com. IN NS ns.example.net.
392 ns.sub.example.com. IN A 1.2.3.6
401 www.sub.example.com. IN A
404 ; recursion happens here.
408 REPLY QR RD RA AD DO NOERROR
410 www.sub.example.com. IN A
412 www.sub.example.com. IN A 11.11.11.11
413 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}