3 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
4 val-override-date: "20070916134226"
6 trust-anchor-signaling: no
10 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
14 SCENARIO_BEGIN Test dnssec-lame detection at anchor point.
20 MATCH opcode qtype qname
26 . IN NS K.ROOT-SERVERS.NET.
28 K.ROOT-SERVERS.NET. IN A 193.0.14.129
32 MATCH opcode subdomain
33 ADJUST copy_id copy_query
38 com. IN NS a.gtld-servers.net.
40 a.gtld-servers.net. IN A 192.5.6.30
44 MATCH opcode subdomain
45 ADJUST copy_id copy_query
50 net. IN NS e.gtld-servers.net.
52 e.gtld-servers.net. IN A 192.12.94.30
56 MATCH opcode qtype qname
60 ns.example.net. IN AAAA
62 net. IN NS e.gtld-servers.net.
64 e.gtld-servers.net. IN A 192.12.94.30
72 MATCH opcode qtype qname
78 com. IN NS a.gtld-servers.net.
80 a.gtld-servers.net. IN A 192.5.6.30
84 MATCH opcode subdomain
85 ADJUST copy_id copy_query
90 example.com. IN NS ns.example.com.
91 example.com. IN NS ns.example.net.
93 ; this entry; glue will make unbound take this reference first.
94 ; it is however, the lame server.
95 ns.example.com. IN A 1.2.3.55
103 MATCH opcode qtype qname
109 net. IN NS e.gtld-servers.net.
111 e.gtld-servers.net. IN A 192.12.94.30
115 MATCH opcode qtype qname
119 a.gtld-servers.net. IN AAAA
124 MATCH opcode qtype qname
128 e.gtld-servers.net. IN AAAA
133 MATCH opcode qtype qname
139 example.net. IN NS ns.example.net.
141 ns.example.net. IN A 1.2.3.44
145 MATCH opcode qtype qname
149 ns.example.net. IN AAAA
151 example.net. IN NS ns.example.net.
153 ns.example.net. IN A 1.2.3.44
161 MATCH opcode qtype qname
167 example.net. IN NS ns.example.net.
169 ns.example.net. IN A 1.2.3.44
173 MATCH opcode qtype qname
179 ns.example.net. IN A 1.2.3.44
181 example.net. IN NS ns.example.net.
185 MATCH opcode qtype qname
189 ns.example.net. IN AAAA
191 example.net. IN NS ns.example.net.
193 ns.example.net. IN A 1.2.3.44
196 ; response to DNSKEY priming query
198 MATCH opcode qtype qname
202 example.com. IN DNSKEY
204 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
205 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
209 MATCH opcode qtype qname
215 example.com. IN NS ns.example.com.
216 example.com. IN NS ns.example.net.
217 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134802 20070829134802 2854 example.com. AJwwYIUGH7HgjehzPVkrVUFmFkSGGksGjUX+/zqpCOG9a/cgGC+n40I= ;{id = 2854}
219 ns.example.com. IN A 1.2.3.55
220 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134802 20070829134802 2854 example.com. ABUu7ITHLl6vfuWzedIp03igXknUR1gYPBl8X6uIDrvraN1bjQJPXME= ;{id = 2854}
224 MATCH opcode qtype qname
228 www.example.com. IN A
230 www.example.com. IN A 10.20.30.40
231 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
235 MATCH opcode qtype qname
239 ns.example.com. IN AAAA
248 MATCH opcode qtype qname
254 ns.example.com. IN A 1.2.3.55
258 MATCH opcode qtype qname
262 ns.example.com. IN AAAA
265 ; lame DNSKEY response.
266 ; here without sigs (assuming server does unknown-RR type handling)
268 MATCH opcode qtype qname
272 example.com. IN DNSKEY
274 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
279 MATCH opcode qtype qname
285 example.com. IN NS ns.example.com.
286 example.com. IN NS ns.example.net.
288 ns.example.com. IN A 1.2.3.55
291 ; the lame response. No RRSIGS.
293 MATCH opcode qtype qname
297 www.example.com. IN A
300 www.example.com. IN A 10.20.30.40
302 ; dnssec-lameness detection depends on this information
303 example.com. IN NS ns.example.com.
304 example.com. IN NS ns.example.net.
306 ns.example.com. IN A 1.2.3.55
314 www.example.com. IN A
317 ; recursion happens here.
321 REPLY QR RD RA AD DO NOERROR
323 www.example.com. IN A
325 www.example.com. IN A 10.20.30.40
326 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}