3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
5 target-fetch-policy: "0 0 0 0 0"
10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
14 SCENARIO_BEGIN Test dnssec-lame detection at ds point, which is ok.
20 MATCH opcode qtype qname
26 . IN NS K.ROOT-SERVERS.NET.
28 K.ROOT-SERVERS.NET. IN A 193.0.14.129
32 MATCH opcode qtype qname
36 www.sub.example.com. IN A
38 com. IN NS a.gtld-servers.net.
40 a.gtld-servers.net. IN A 192.5.6.30
44 MATCH opcode qtype qname
50 net. IN NS e.gtld-servers.net.
52 e.gtld-servers.net. IN A 192.12.94.30
56 MATCH opcode qtype qname
60 ns.example.net. IN AAAA
62 net. IN NS e.gtld-servers.net.
64 e.gtld-servers.net. IN A 192.12.94.30
73 MATCH opcode qtype qname
79 com. IN NS a.gtld-servers.net.
81 a.gtld-servers.net. IN A 192.5.6.30
85 MATCH opcode qtype qname
89 www.sub.example.com. IN A
91 example.com. IN NS ns.example.com.
93 ns.example.com. IN A 1.2.3.55
101 MATCH opcode qtype qname
107 net. IN NS e.gtld-servers.net.
109 e.gtld-servers.net. IN A 192.12.94.30
113 MATCH opcode qtype qname
119 example.net. IN NS ns.example.net.
121 ns.example.net. IN A 1.2.3.44
125 MATCH opcode qtype qname
129 ns.example.net. IN AAAA
131 example.net. IN NS ns.example.net.
133 ns.example.net. IN A 1.2.3.44
141 MATCH opcode qtype qname
147 example.net. IN NS ns.example.net.
149 ns.example.net. IN A 1.2.3.44
153 MATCH opcode qtype qname
159 ns.example.net. IN A 1.2.3.44
161 example.net. IN NS ns.example.net.
165 MATCH opcode qtype qname
169 ns.example.net. IN AAAA
171 example.net. IN NS ns.example.net.
173 ns.example.net. IN A 1.2.3.44
176 ; response to DNSKEY priming query
177 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
179 MATCH opcode qtype qname
183 sub.example.com. IN DNSKEY
185 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
186 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
188 ; no NS set. not needed for this test.
190 ns.sub.example.com. IN A 1.2.3.6
191 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
194 ; response to query of interest
196 MATCH opcode qtype qname
200 www.sub.example.com. IN A
202 www.sub.example.com. IN A 11.11.11.11
203 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
213 MATCH opcode qtype qname
219 example.com. IN NS ns.example.com.
221 ns.example.com. IN A 1.2.3.55
225 MATCH opcode qtype qname
231 ns.example.com. IN A 1.2.3.55
235 MATCH opcode qtype qname
239 ns.example.com. IN AAAA
242 ; fine DNSKEY response.
244 MATCH opcode qtype qname
248 example.com. IN DNSKEY
250 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
251 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
253 example.com. IN NS ns.example.com.
254 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
257 ; correct delegation with DS
259 MATCH opcode qtype qname
263 www.sub.example.com. IN A
266 sub.example.com. IN NS ns.sub.example.com.
267 sub.example.com. IN NS ns.example.net.
268 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
269 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
271 ns.sub.example.com. IN A 1.2.3.6
274 ; response for delegation to sub.example.com.
276 MATCH opcode qtype qname
280 sub.example.com. IN DNSKEY
283 sub.example.com. IN NS ns.sub.example.com.
284 sub.example.com. IN NS ns.example.net.
285 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
286 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
288 ns.sub.example.com. IN A 1.2.3.6
292 ; server is not DNSSEC lame.
293 ; ns.sub.example.com.
298 MATCH opcode qtype qname
302 sub.example.com. IN NS
304 sub.example.com. IN NS ns.sub.example.com.
305 sub.example.com. IN NS ns.example.net.
306 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
308 ns.sub.example.com. IN A 1.2.3.6
309 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
312 ; response to DNSKEY priming query
313 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
315 MATCH opcode qtype qname
319 sub.example.com. IN DNSKEY
321 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
322 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
325 ; response to query of interest
327 MATCH opcode qtype qname
331 www.sub.example.com. IN A
333 www.sub.example.com. IN A 11.11.11.11
334 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
338 MATCH opcode qtype qname
342 ns.sub.example.com. IN AAAA
353 www.sub.example.com. IN A
356 ; recursion happens here.
360 REPLY QR RD RA AD DO NOERROR
362 www.sub.example.com. IN A
364 www.sub.example.com. IN A 11.11.11.11
365 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}