3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
6 trust-anchor-signaling: no
7 qname-minimisation: "no"
11 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
15 SCENARIO_BEGIN Test dnssec-lame detection at anchor point.
21 MATCH opcode qtype qname
27 . IN NS K.ROOT-SERVERS.NET.
29 K.ROOT-SERVERS.NET. IN A 193.0.14.129
33 MATCH opcode subdomain
34 ADJUST copy_id copy_query
39 com. IN NS a.gtld-servers.net.
41 a.gtld-servers.net. IN A 192.5.6.30
45 MATCH opcode subdomain
46 ADJUST copy_id copy_query
51 net. IN NS e.gtld-servers.net.
53 e.gtld-servers.net. IN A 192.12.94.30
57 MATCH opcode qtype qname
61 ns.example.net. IN AAAA
63 net. IN NS e.gtld-servers.net.
65 e.gtld-servers.net. IN A 192.12.94.30
73 MATCH opcode qtype qname
79 com. IN NS a.gtld-servers.net.
81 a.gtld-servers.net. IN A 192.5.6.30
85 MATCH opcode subdomain
86 ADJUST copy_id copy_query
91 example.com. IN NS ns.example.com.
92 example.com. IN NS ns.example.net.
94 ; this entry; glue will make unbound take this reference first.
95 ; it is however, the lame server.
96 ns.example.com. IN A 1.2.3.55
100 ; e.gtld-servers.net.
104 MATCH opcode qtype qname
110 net. IN NS e.gtld-servers.net.
112 e.gtld-servers.net. IN A 192.12.94.30
116 MATCH opcode qtype qname
120 a.gtld-servers.net. IN AAAA
125 MATCH opcode qtype qname
129 e.gtld-servers.net. IN AAAA
134 MATCH opcode qtype qname
140 example.net. IN NS ns.example.net.
142 ns.example.net. IN A 1.2.3.44
146 MATCH opcode qtype qname
150 ns.example.net. IN AAAA
152 example.net. IN NS ns.example.net.
154 ns.example.net. IN A 1.2.3.44
162 MATCH opcode qtype qname
168 example.net. IN NS ns.example.net.
170 ns.example.net. IN A 1.2.3.44
174 MATCH opcode qtype qname
180 ns.example.net. IN A 1.2.3.44
182 example.net. IN NS ns.example.net.
186 MATCH opcode qtype qname
190 ns.example.net. IN AAAA
192 example.net. IN NS ns.example.net.
194 ns.example.net. IN A 1.2.3.44
197 ; response to DNSKEY priming query
199 MATCH opcode qtype qname
203 example.com. IN DNSKEY
205 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
206 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
210 MATCH opcode qtype qname
216 example.com. IN NS ns.example.com.
217 example.com. IN NS ns.example.net.
218 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134802 20070829134802 2854 example.com. AJwwYIUGH7HgjehzPVkrVUFmFkSGGksGjUX+/zqpCOG9a/cgGC+n40I= ;{id = 2854}
220 ns.example.com. IN A 1.2.3.55
221 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134802 20070829134802 2854 example.com. ABUu7ITHLl6vfuWzedIp03igXknUR1gYPBl8X6uIDrvraN1bjQJPXME= ;{id = 2854}
225 MATCH opcode qtype qname
229 www.example.com. IN A
231 www.example.com. IN A 10.20.30.40
232 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
236 MATCH opcode qtype qname
240 ns.example.com. IN AAAA
249 MATCH opcode qtype qname
255 ns.example.com. IN A 1.2.3.55
259 MATCH opcode qtype qname
263 ns.example.com. IN AAAA
266 ; lame DNSKEY response.
267 ; here without sigs (assuming server does unknown-RR type handling)
269 MATCH opcode qtype qname
273 example.com. IN DNSKEY
275 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
280 MATCH opcode qtype qname
286 example.com. IN NS ns.example.com.
287 example.com. IN NS ns.example.net.
289 ns.example.com. IN A 1.2.3.55
292 ; the lame response. No RRSIGS.
294 MATCH opcode qtype qname
298 www.example.com. IN A
301 www.example.com. IN A 10.20.30.40
303 ; dnssec-lameness detection depends on this information
304 example.com. IN NS ns.example.com.
305 example.com. IN NS ns.example.net.
307 ns.example.com. IN A 1.2.3.55
315 www.example.com. IN A
318 ; recursion happens here.
322 REPLY QR RD RA AD DO NOERROR
324 www.example.com. IN A
326 www.example.com. IN A 10.20.30.40
327 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}