3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
5 target-fetch-policy: "0 0 0 0 0"
7 trust-anchor-signaling: no
11 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
15 SCENARIO_BEGIN Test dnssec-lame detection at ds point, which is ok.
21 MATCH opcode qtype qname
27 . IN NS K.ROOT-SERVERS.NET.
29 K.ROOT-SERVERS.NET. IN A 193.0.14.129
33 MATCH opcode qtype qname
37 www.sub.example.com. IN A
39 com. IN NS a.gtld-servers.net.
41 a.gtld-servers.net. IN A 192.5.6.30
45 MATCH opcode qtype qname
51 net. IN NS e.gtld-servers.net.
53 e.gtld-servers.net. IN A 192.12.94.30
57 MATCH opcode qtype qname
61 ns.example.net. IN AAAA
63 net. IN NS e.gtld-servers.net.
65 e.gtld-servers.net. IN A 192.12.94.30
74 MATCH opcode qtype qname
80 com. IN NS a.gtld-servers.net.
82 a.gtld-servers.net. IN A 192.5.6.30
86 MATCH opcode qtype qname
90 www.sub.example.com. IN A
92 example.com. IN NS ns.example.com.
94 ns.example.com. IN A 1.2.3.55
102 MATCH opcode qtype qname
108 net. IN NS e.gtld-servers.net.
110 e.gtld-servers.net. IN A 192.12.94.30
114 MATCH opcode qtype qname
120 example.net. IN NS ns.example.net.
122 ns.example.net. IN A 1.2.3.44
126 MATCH opcode qtype qname
130 ns.example.net. IN AAAA
132 example.net. IN NS ns.example.net.
134 ns.example.net. IN A 1.2.3.44
142 MATCH opcode qtype qname
148 example.net. IN NS ns.example.net.
150 ns.example.net. IN A 1.2.3.44
154 MATCH opcode qtype qname
160 ns.example.net. IN A 1.2.3.44
162 example.net. IN NS ns.example.net.
166 MATCH opcode qtype qname
170 ns.example.net. IN AAAA
172 example.net. IN NS ns.example.net.
174 ns.example.net. IN A 1.2.3.44
177 ; response to DNSKEY priming query
178 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
180 MATCH opcode qtype qname
184 sub.example.com. IN DNSKEY
186 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
187 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
189 ; no NS set. not needed for this test.
191 ns.sub.example.com. IN A 1.2.3.6
192 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
195 ; response to query of interest
197 MATCH opcode qtype qname
201 www.sub.example.com. IN A
203 www.sub.example.com. IN A 11.11.11.11
204 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
214 MATCH opcode qtype qname
220 example.com. IN NS ns.example.com.
222 ns.example.com. IN A 1.2.3.55
226 MATCH opcode qtype qname
232 ns.example.com. IN A 1.2.3.55
236 MATCH opcode qtype qname
240 ns.example.com. IN AAAA
243 ; fine DNSKEY response.
245 MATCH opcode qtype qname
249 example.com. IN DNSKEY
251 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
252 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
254 example.com. IN NS ns.example.com.
255 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
258 ; correct delegation with DS
260 MATCH opcode qtype qname
264 www.sub.example.com. IN A
267 sub.example.com. IN NS ns.sub.example.com.
268 sub.example.com. IN NS ns.example.net.
269 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
270 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
272 ns.sub.example.com. IN A 1.2.3.6
275 ; response for delegation to sub.example.com.
277 MATCH opcode qtype qname
281 sub.example.com. IN DNSKEY
284 sub.example.com. IN NS ns.sub.example.com.
285 sub.example.com. IN NS ns.example.net.
286 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
287 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
289 ns.sub.example.com. IN A 1.2.3.6
293 ; server is not DNSSEC lame.
294 ; ns.sub.example.com.
299 MATCH opcode qtype qname
303 sub.example.com. IN NS
305 sub.example.com. IN NS ns.sub.example.com.
306 sub.example.com. IN NS ns.example.net.
307 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. C/0b+sqlsdSTkhd+aDXb6ELyuQreosIGBzLCtWxYGD+Q9QGB5rN8uB+4+48yhw36pd3MfeAn06AgAnJ6eu8tJg== ;{id = 30899}
309 ns.sub.example.com. IN A 1.2.3.6
310 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
313 ; response to DNSKEY priming query
314 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
316 MATCH opcode qtype qname
320 sub.example.com. IN DNSKEY
322 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
323 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
326 ; response to query of interest
328 MATCH opcode qtype qname
332 www.sub.example.com. IN A
334 www.sub.example.com. IN A 11.11.11.11
335 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
339 MATCH opcode qtype qname
343 ns.sub.example.com. IN AAAA
354 www.sub.example.com. IN A
357 ; recursion happens here.
361 REPLY QR RD RA AD DO NOERROR
363 www.sub.example.com. IN A
365 www.sub.example.com. IN A 11.11.11.11
366 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}