3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
8 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
12 SCENARIO_BEGIN Test dnssec-lame detection at anchor point.
18 MATCH opcode qtype qname
24 . IN NS K.ROOT-SERVERS.NET.
26 K.ROOT-SERVERS.NET. IN A 193.0.14.129
30 MATCH opcode subdomain
31 ADJUST copy_id copy_query
36 com. IN NS a.gtld-servers.net.
38 a.gtld-servers.net. IN A 192.5.6.30
42 MATCH opcode subdomain
43 ADJUST copy_id copy_query
48 net. IN NS e.gtld-servers.net.
50 e.gtld-servers.net. IN A 192.12.94.30
54 MATCH opcode qtype qname
58 ns.example.net. IN AAAA
60 net. IN NS e.gtld-servers.net.
62 e.gtld-servers.net. IN A 192.12.94.30
70 MATCH opcode qtype qname
76 com. IN NS a.gtld-servers.net.
78 a.gtld-servers.net. IN A 192.5.6.30
82 MATCH opcode subdomain
83 ADJUST copy_id copy_query
88 example.com. IN NS ns.example.com.
89 example.com. IN NS ns.example.net.
91 ; this entry; glue will make unbound take this reference first.
92 ; it is however, the lame server.
93 ns.example.com. IN A 1.2.3.55
101 MATCH opcode qtype qname
107 net. IN NS e.gtld-servers.net.
109 e.gtld-servers.net. IN A 192.12.94.30
113 MATCH opcode qtype qname
117 a.gtld-servers.net. IN AAAA
122 MATCH opcode qtype qname
126 e.gtld-servers.net. IN AAAA
131 MATCH opcode qtype qname
137 example.net. IN NS ns.example.net.
139 ns.example.net. IN A 1.2.3.44
143 MATCH opcode qtype qname
147 ns.example.net. IN AAAA
149 example.net. IN NS ns.example.net.
151 ns.example.net. IN A 1.2.3.44
159 MATCH opcode qtype qname
165 example.net. IN NS ns.example.net.
167 ns.example.net. IN A 1.2.3.44
171 MATCH opcode qtype qname
177 ns.example.net. IN A 1.2.3.44
179 example.net. IN NS ns.example.net.
183 MATCH opcode qtype qname
187 ns.example.net. IN AAAA
189 example.net. IN NS ns.example.net.
191 ns.example.net. IN A 1.2.3.44
194 ; response to DNSKEY priming query
196 MATCH opcode qtype qname
200 example.com. IN DNSKEY
202 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
203 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
207 MATCH opcode qtype qname
213 example.com. IN NS ns.example.com.
214 example.com. IN NS ns.example.net.
215 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134802 20070829134802 2854 example.com. AJwwYIUGH7HgjehzPVkrVUFmFkSGGksGjUX+/zqpCOG9a/cgGC+n40I= ;{id = 2854}
217 ns.example.com. IN A 1.2.3.55
218 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134802 20070829134802 2854 example.com. ABUu7ITHLl6vfuWzedIp03igXknUR1gYPBl8X6uIDrvraN1bjQJPXME= ;{id = 2854}
222 MATCH opcode qtype qname
226 www.example.com. IN A
228 www.example.com. IN A 10.20.30.40
229 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
233 MATCH opcode qtype qname
237 ns.example.com. IN AAAA
246 MATCH opcode qtype qname
252 ns.example.com. IN A 1.2.3.55
256 MATCH opcode qtype qname
260 ns.example.com. IN AAAA
263 ; lame DNSKEY response.
264 ; here without sigs (assuming server does unknown-RR type handling)
266 MATCH opcode qtype qname
270 example.com. IN DNSKEY
272 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
277 MATCH opcode qtype qname
283 example.com. IN NS ns.example.com.
284 example.com. IN NS ns.example.net.
286 ns.example.com. IN A 1.2.3.55
289 ; the lame response. No RRSIGS.
291 MATCH opcode qtype qname
295 www.example.com. IN A
298 www.example.com. IN A 10.20.30.40
300 ; dnssec-lameness detection depends on this information
301 example.com. IN NS ns.example.com.
302 example.com. IN NS ns.example.net.
304 ns.example.com. IN A 1.2.3.55
312 www.example.com. IN A
315 ; recursion happens here.
319 REPLY QR RD RA AD DO NOERROR
321 www.example.com. IN A
323 www.example.com. IN A 10.20.30.40
324 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}