2 ; The island of trust is at example.com
4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5 val-override-date: "20070916134226"
6 target-fetch-policy: "0 0 0 0 0"
8 trust-anchor-signaling: no
12 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
15 SCENARIO_BEGIN Test pickup of DS NSEC from the cache.
16 ; make sure unbound does not pick up the wrong nsec.
22 MATCH opcode qtype qname
28 . IN NS K.ROOT-SERVERS.NET.
30 K.ROOT-SERVERS.NET. IN A 193.0.14.129
34 MATCH opcode subdomain
35 ADJUST copy_id copy_query
40 com. IN NS a.gtld-servers.net.
42 a.gtld-servers.net. IN A 192.5.6.30
50 MATCH opcode qtype qname
56 com. IN NS a.gtld-servers.net.
58 a.gtld-servers.net. IN A 192.5.6.30
62 MATCH opcode subdomain
63 ADJUST copy_id copy_query
68 example.com. IN NS ns.example.com.
70 ns.example.com. IN A 1.2.3.4
78 MATCH opcode qtype qname
84 example.com. IN NS ns.example.com.
85 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
87 ns.example.com. IN A 1.2.3.4
88 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
91 ; barely valid nodata for AAAA
93 MATCH opcode qtype qname
97 ns.example.com. IN AAAA
100 example.com. IN NS ns.example.com.
101 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
105 MATCH opcode qtype qname
111 ns.example.com. IN A 1.2.3.4
112 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
114 example.com. IN NS ns.example.com.
115 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
118 ; response to DNSKEY priming query
120 MATCH opcode qtype qname
124 example.com. IN DNSKEY
126 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
127 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
129 example.com. IN NS ns.example.com.
130 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
132 ns.example.com. IN A 1.2.3.4
133 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
136 ; response for tub.example.com
138 MATCH opcode subdomain
139 ADJUST copy_id copy_query
142 tub.example.com. IN DNSKEY
146 example.com IN SOA ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400
147 example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854}
149 sub.example.com. IN NSEC wub.example.com. NS DS RRSIG NSEC
150 sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854}
152 example.com. IN NSEC blub.example.com. NS SOA RRSIG NSEC DNSKEY
153 example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854}
157 ; DS query for sub.example.com
159 MATCH opcode qtype qname
163 sub.example.com. IN DS
165 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
166 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
171 ; response for delegation to sub.example.com.
173 MATCH opcode subdomain
174 ADJUST copy_id copy_query
177 sub.example.com. IN DNSKEY
180 sub.example.com. IN NS ns.sub.example.com.
181 ;sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
182 ;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854}
184 ns.sub.example.com. IN A 1.2.3.6
188 ; ns.sub.example.com.
192 MATCH opcode qtype qname
196 sub.example.com. IN NS
198 sub.example.com. IN NS ns.sub.example.com.
199 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
201 ns.sub.example.com. IN A 1.2.3.6
202 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
205 ; response to DNSKEY priming query
206 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3
208 MATCH opcode qtype qname
212 sub.example.com. IN DNSKEY
214 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
215 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899}
217 sub.example.com. IN NS ns.sub.example.com.
218 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899}
220 ns.sub.example.com. IN A 1.2.3.6
221 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899}
224 ; response to query of interest
226 MATCH opcode qtype qname
230 www.sub.example.com. IN A
232 www.sub.example.com. IN A 11.11.11.11
233 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}
239 ; query for a domain next to it, so the wrong NSEC gets in the cache.
244 www.tub.example.com. IN A
247 ; recursion happens here.
251 REPLY QR RD RA AD DO NXDOMAIN
253 www.tub.example.com. IN A
256 example.com. 3600 IN SOA ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400
257 example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854}
258 sub.example.com. 3600 IN NSEC wub.example.com. NS DS RRSIG NSEC
259 sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854}
260 example.com. 3600 IN NSEC blub.example.com. NS SOA RRSIG NSEC DNSKEY
261 example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854}
270 www.sub.example.com. IN A
276 REPLY QR RD RA AD DO NOERROR
278 www.sub.example.com. IN A
280 www.sub.example.com. 3600 IN A 11.11.11.11
281 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899}