2 ; The island of trust is at example.com
4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5 val-override-date: "20070916134226"
6 target-fetch-policy: "0 0 0 0 0"
7 qname-minimisation: "no"
9 trust-anchor-signaling: no
13 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
16 SCENARIO_BEGIN Test validator with NSEC3 wildcard CNAME to subzone.
17 ; to test the zone determination routines in nsec3.
23 MATCH opcode qtype qname
29 . IN NS K.ROOT-SERVERS.NET.
31 K.ROOT-SERVERS.NET. IN A 193.0.14.129
35 MATCH opcode qtype qname
41 com. IN NS a.gtld-servers.net.
43 a.gtld-servers.net. IN A 192.5.6.30
51 MATCH opcode qtype qname
57 com. IN NS a.gtld-servers.net.
59 a.gtld-servers.net. IN A 192.5.6.30
63 MATCH opcode qtype qname
69 example.com. IN NS ns.example.com.
71 ns.example.com. IN A 1.2.3.4
79 MATCH opcode qtype qname
85 example.com. IN NS ns.example.com.
86 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
88 ns.example.com. IN A 1.2.3.4
89 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
92 ; response to DNSKEY priming query
94 MATCH opcode qtype qname
98 example.com. IN DNSKEY
100 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
101 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
103 example.com. IN NS ns.example.com.
104 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
106 ns.example.com. IN A 1.2.3.4
107 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
110 ; response to query of interest
112 MATCH opcode qtype qname
116 www.example.com. IN A
118 ;from *.example.com. IN CNAME www.sub.example.com.
119 www.example.com. IN CNAME www.sub.example.com.
120 www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCjVxqOi0bcgHgxVkwzJqIi6iNJswIUZxbmItvoyEczTclgVtHsr9Jmf+w= ;{id = 2854}
122 ; cover qname next closer name.
123 ; H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
124 s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
125 s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
128 ; refer to server one down
130 MATCH opcode qtype qname
134 www.sub.example.com. IN A
136 sub.example.com. IN NS ns.sub.example.com.
137 sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
138 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
140 ns.sub.example.com. IN A 1.2.3.10
144 ; ns.sub.example.com.
148 MATCH opcode qtype qname
152 sub.example.com. IN NS
154 sub.example.com. IN NS ns.sub.example.com.
156 ns.sub.example.com. IN A 1.2.3.10
159 ; response to DNSKEY priming query
161 MATCH opcode qtype qname
165 sub.example.com. IN DNSKEY
167 sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
168 sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}
173 MATCH opcode qtype qname
177 www.sub.example.com. IN A
179 sub.example.com. IN SOA ns.sub.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
180 sub.example.com. 3600 IN RRSIG SOA 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBLls0z0ncWxTXzDt4uLAuJsr932AhQvVeUJevgwAL6mfmLL6fAf2IZ7mg== ;{id = 2854}
182 ; closest encloser, H(sub.example.com). = 8r1f0ieoutlnjc03meng9e3bn2n0o9pd
183 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd SOA NS MX RRSIG
184 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBX1qVlth+YE+y57p5C7X00bLthDAhRIF2xoHF0exs29obE7JjVthwXfHA== ;{id = 2854}
186 ; wildcard denial, H(*.sub.example.com.) = hq432j8q183b54mejh50200pqo8rvlog
187 hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd hq432j8q183b54mejh50200pqo9rvlog A RRSIG
188 hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAOXoeUk1d0cxT9p1gUvBrybAQCSAhQ5eLWaK932TxxY4U6NAxgst4O4uA== ;{id = 2854}
190 ; next closer denial H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme
191 ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
192 ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAuD3qb/+CWyqjBRt/RDjZvsSyCGAhQivfP3zr1+2Uknw9RhXUcUO0g6Lg== ;{id = 2854}
200 www.example.com. IN A
203 ; recursion happens here.
207 REPLY QR RD RA DO NXDOMAIN
209 www.example.com. IN A
211 www.example.com. IN CNAME www.sub.example.com.
212 www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCjVxqOi0bcgHgxVkwzJqIi6iNJswIUZxbmItvoyEczTclgVtHsr9Jmf+w= ;{id = 2854}
215 s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
216 s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
217 sub.example.com. IN SOA ns.sub.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
218 sub.example.com. 3600 IN RRSIG SOA 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBLls0z0ncWxTXzDt4uLAuJsr932AhQvVeUJevgwAL6mfmLL6fAf2IZ7mg== ;{id = 2854}
219 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd SOA NS MX RRSIG
220 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBX1qVlth+YE+y57p5C7X00bLthDAhRIF2xoHF0exs29obE7JjVthwXfHA== ;{id = 2854}
221 hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd hq432j8q183b54mejh50200pqo9rvlog A RRSIG
222 hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAOXoeUk1d0cxT9p1gUvBrybAQCSAhQ5eLWaK932TxxY4U6NAxgst4O4uA== ;{id = 2854}
223 ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
224 ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAuD3qb/+CWyqjBRt/RDjZvsSyCGAhQivfP3zr1+2Uknw9RhXUcUO0g6Lg== ;{id = 2854}