2 ; The island of trust is at example.com
4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5 val-override-date: "20070916134226"
6 target-fetch-policy: "0 0 0 0 0"
11 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
14 SCENARIO_BEGIN Test validator with negative cache DS response with cached SOA
20 MATCH opcode qtype qname
26 . IN NS K.ROOT-SERVERS.NET.
28 K.ROOT-SERVERS.NET. IN A 193.0.14.129
32 MATCH opcode qtype qname
36 www.sub.example.com. IN A
38 com. IN NS a.gtld-servers.net.
40 a.gtld-servers.net. IN A 192.5.6.30
48 MATCH opcode qtype qname
54 com. IN NS a.gtld-servers.net.
56 a.gtld-servers.net. IN A 192.5.6.30
60 MATCH opcode qtype qname
64 www.sub.example.com. IN A
66 example.com. IN NS ns.example.com.
68 ns.example.com. IN A 1.2.3.4
76 MATCH opcode qtype qname
82 example.com. IN NS ns.example.com.
83 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
85 ns.example.com. IN A 1.2.3.4
86 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
89 ; response to DNSKEY priming query
91 MATCH opcode qtype qname
95 example.com. IN DNSKEY
97 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
98 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
100 example.com. IN NS ns.example.com.
101 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
103 ns.example.com. IN A 1.2.3.4
104 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
107 ; response for delegation to sub.example.com.
109 MATCH opcode qtype qname
113 www.sub.example.com. IN A
116 sub.example.com. IN NS ns.sub.example.com.
117 sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC
118 sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
120 ns.sub.example.com. IN A 1.2.3.6
123 ; query for missing DS record.
124 ; commented out, this query should not happen as negative cache works.
126 ;MATCH opcode qtype qname
130 ;sub.example.com. IN DS
133 ;example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
134 ;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
135 ;sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC
136 ;sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
138 ;ns.sub.example.com. IN A 1.2.3.6
142 MATCH opcode qtype qname
148 example.com. 7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
149 example.com. 7200 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
150 nw.example.com. 7200 IN NSEC ny.example.com. A RRSIG
151 nw.example.com. 7200 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854}
152 !.example.com. 7200 IN NSEC +.example.com. A RRSIG
153 !.example.com. 7200 IN RRSIG NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854}
158 ; ns.sub.example.com.
162 MATCH opcode qtype qname
166 sub.example.com. IN NS
168 sub.example.com. IN NS ns.sub.example.com.
170 ns.sub.example.com. IN A 1.2.3.6
173 ; response to query of interest
175 MATCH opcode qtype qname
179 www.sub.example.com. IN A
181 www.sub.example.com. IN A 11.11.11.11
191 www.sub.example.com. IN A
194 ; recursion happens here.
198 REPLY QR RD RA DO NOERROR
200 www.sub.example.com. IN A
202 www.sub.example.com. 3600 IN A 11.11.11.11
207 ; put the SOA into the cache
218 REPLY QR RD RA AD DO NXDOMAIN
223 example.com. 7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
224 example.com. 7200 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
225 nw.example.com. 7200 IN NSEC ny.example.com. A RRSIG
226 nw.example.com. 7200 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854}
227 !.example.com. 7200 IN NSEC +.example.com. A RRSIG
228 !.example.com. 7200 IN RRSIG NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854}
232 ; the downstream validator wants the DS record.
237 sub.example.com. IN DS
243 REPLY QR RD RA AD DO NOERROR
245 sub.example.com. IN DS
248 sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC
249 sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
250 example.com. 7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
251 example.com. 7200 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}