Vendor import of Unbound 1.6.2.

[FreeBSD/FreeBSD.git] / testdata / iter_scrub_dname_sec.rpl

; config options
server:
        trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
        trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
        val-override-date: "20070916134226"
        target-fetch-policy: "0 0 0 0 0"
        fake-sha1: yes

stub-zone:
        name: "."
        stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test scrub of secure DNAME in answer section

RANGE_BEGIN 0 100
; all adresses
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END

; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR NOERROR
; SECTION QUESTION
; x.y.example.com. IN A
; SECTION AUTHORITY
; com. IN NS a.gtld-servers.net.
; SECTION ADDITIONAL
; a.gtld-servers.net. IN A 192.5.6.30
; ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END

; ENTRY_BEGIN
; MATCH opcode qtype qname
; ADJUST copy_id
; REPLY QR NOERROR
; SECTION QUESTION
; x.y.example.com. IN A
; SECTION AUTHORITY
; example.com. IN NS ns1.example.com.
; SECTION ADDITIONAL
; ns1.example.com. IN A 168.192.2.2
; ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
x.y.example.com. IN A
SECTION ANSWER
y.example.com. DNAME z.example.com.
y.example.com.  3600    IN      RRSIG   DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. ALCQdkXflwgQVKCFeYgCAx3ipuoPsGJVZjNeUriXE4nd94h50zJWDJ4= ;{id = 2854}
x.y.example.com. IN CNAME x.z.example.com.
x.z.example.com. IN A 10.20.30.0
SECTION AUTHORITY
example.com. IN NS ns1.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AA3IkI13XbKFU5NSqBVA9oM1WiyEKCy4DYFOAdihDf6uHps9lce3kEc= ;{id = 2854}
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ns1.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. AKcUlwrSz2xYKnQ7b7oMblRa0rKjfUNT900bIkGjLKLWDUGc8mKZE2M= ;{id = 2854}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
x.z.example.com. IN A
SECTION ANSWER
x.z.example.com. IN A 10.20.30.40
x.z.example.com.        3600    IN      RRSIG   A 3 4 3600 20070926134150 20070829134150 2854 example.com. ADZ12PiZGEjVUyLLYkct/SBE2WT4D5IkMOKdcl0dzQ0XRAC5y/0bS7A= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns1.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854}
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ns1.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns1.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ACHcJehLt4Hz+rAdxMPE96o7HJAEFohFXbxrKYlG+0WLfYAvH2nxU8k= ;{id = 2854}
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ns1.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. AInP69g8uR1n/aRg4gmGu8UoM+zZYgjOqbNN2IvOxw3bk/q+g05jKg0= ;{id = 2854}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END


RANGE_END

STEP 10 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
x.y.example.com. IN A
ENTRY_END

; answer to first query (simply puts DNAME in cache)
STEP 90 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO
SECTION QUESTION
x.y.example.com. IN A
SECTION ANSWER
y.example.com. DNAME z.example.com.
y.example.com.  3600    IN      RRSIG   DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. ALCQdkXflwgQVKCFeYgCAx3ipuoPsGJVZjNeUriXE4nd94h50zJWDJ4= ;{id = 2854}
x.y.example.com. IN CNAME x.z.example.com.
x.z.example.com. IN A 10.20.30.40
x.z.example.com.        3600    IN      RRSIG   A 3 4 3600 20070926134150 20070829134150 2854 example.com. ADZ12PiZGEjVUyLLYkct/SBE2WT4D5IkMOKdcl0dzQ0XRAC5y/0bS7A= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns1.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854}
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ns1.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854}
ENTRY_END

; now, DNAME is secure and can be used from cache.
; new query
STEP 200 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
other.y.example.com. IN A
ENTRY_END

STEP 230 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode
SECTION QUESTION
other.z.example.com. IN A
ENTRY_END
STEP 240 REPLY
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
other.z.example.com. IN A
SECTION ANSWER
other.z.example.com. IN A 50.60.70.80
other.z.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926134150 20070829134150 2854 example.com. AAp6G89oAvkyAaeF2d35AJNlzMhedGo0Bcppl0IOyF3HRzoc51vjJoU= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns1.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854}
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ns1.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854}
ENTRY_END

STEP 250 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO
SECTION QUESTION
other.y.example.com. IN A
SECTION ANSWER
y.example.com. DNAME z.example.com.
y.example.com.  3600    IN      RRSIG   DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. ALCQdkXflwgQVKCFeYgCAx3ipuoPsGJVZjNeUriXE4nd94h50zJWDJ4= ;{id = 2854}
other.y.example.com. IN CNAME other.z.example.com.
other.z.example.com. IN A 50.60.70.80
other.z.example.com.    3600    IN      RRSIG   A 3 4 3600 20070926134150 20070829134150 2854 example.com. AAp6G89oAvkyAaeF2d35AJNlzMhedGo0Bcppl0IOyF3HRzoc51vjJoU= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns1.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854}
SECTION ADDITIONAL
ns1.example.com. IN A 168.192.2.2
ns1.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854}
ENTRY_END

SCENARIO_END