2 ; The island of trust is at example.com
4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5 val-override-date: "20070916134226"
6 target-fetch-policy: "0 0 0 0 0"
7 qname-minimisation: "no"
9 trust-anchor-signaling: no
13 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
16 SCENARIO_BEGIN Test validator with NSEC3 CNAME for qtype DS.
22 MATCH opcode qtype qname
28 . IN NS K.ROOT-SERVERS.NET.
30 K.ROOT-SERVERS.NET. IN A 193.0.14.129
34 MATCH opcode qtype qname
38 www.sub.example.com. IN DS
40 com. IN NS a.gtld-servers.net.
42 a.gtld-servers.net. IN A 192.5.6.30
50 MATCH opcode qtype qname
56 com. IN NS a.gtld-servers.net.
58 a.gtld-servers.net. IN A 192.5.6.30
62 MATCH opcode qtype qname
66 www.sub.example.com. IN DS
68 example.com. IN NS ns.example.com.
70 ns.example.com. IN A 1.2.3.4
78 MATCH opcode qtype qname
84 example.com. IN NS ns.example.com.
85 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
87 ns.example.com. IN A 1.2.3.4
88 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
91 ; response to DNSKEY priming query
93 MATCH opcode qtype qname
97 example.com. IN DNSKEY
99 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
100 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
102 example.com. IN NS ns.example.com.
103 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
105 ns.example.com. IN A 1.2.3.4
106 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
109 ; response to query of interest
111 MATCH opcode qtype qname
115 www.example.com. IN A
117 example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
118 example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
120 ; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
121 s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
122 s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
126 ; refer to server one down
128 MATCH opcode qtype qname
132 www.sub.example.com. IN DS
134 sub.example.com. IN NS ns.sub.example.com.
135 sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
136 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
138 ns.sub.example.com. IN A 1.2.3.10
142 ; ns.sub.example.com.
146 MATCH opcode qtype qname
150 sub.example.com. IN NS
152 sub.example.com. IN NS ns.sub.example.com.
154 ns.sub.example.com. IN A 1.2.3.10
157 ; response to DNSKEY priming query
159 MATCH opcode qtype qname
163 sub.example.com. IN DNSKEY
165 sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
166 sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
171 MATCH opcode qtype qname
175 www.sub.example.com. IN DS
177 ; from *.sub.example.com. IN CNAME sub.example.com.
178 www.sub.example.com. IN CNAME sub.example.com.
179 www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFyXwAzONbrkZD3oQ50zRYXOr1vvAhQAmzDTm7YYloe6F96eBS1L+KE9hg== ;{id = 2854}
181 ; cover qname next closer name, for the wildcard.
182 ; H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme
183 ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
184 ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854}
193 www.sub.example.com. IN DS
196 ; recursion happens here.
200 REPLY QR RD RA DO NOERROR
202 www.sub.example.com. IN DS
204 www.sub.example.com. IN CNAME sub.example.com.
205 www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFyXwAzONbrkZD3oQ50zRYXOr1vvAhQAmzDTm7YYloe6F96eBS1L+KE9hg== ;{id = 2854}
206 sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
207 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
209 ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
210 ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854}