Apply upstream fix 08968baec1122a58bb90d8f97ad948a75f8a5d69:

[FreeBSD/FreeBSD.git] / testdata / val_nsec3_cname_sub.rpl

; config options
; The island of trust is at example.com
server:
        trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
        val-override-date: "20070916134226"
        target-fetch-policy: "0 0 0 0 0"
        qname-minimisation: "no"
        fake-sha1: yes
        trust-anchor-signaling: no

stub-zone:
        name: "."
        stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test validator with NSEC3 wildcard CNAME to subzone.
; to test the zone determination routines in nsec3.

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
        ADDRESS 193.0.14.129 
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET.     IN      A       193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com.    IN NS   a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.     IN      A       192.5.6.30
ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 100
        ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com.    IN NS   a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.     IN      A       192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com.    IN NS   ns.example.com.
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ENTRY_END
RANGE_END

; ns.example.com.
RANGE_BEGIN 0 100
        ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com.    IN NS   ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
SECTION AUTHORITY
example.com.    IN NS   ns.example.com.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
;from *.example.com. IN CNAME www.sub.example.com.
www.example.com. IN CNAME www.sub.example.com.
www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCjVxqOi0bcgHgxVkwzJqIi6iNJswIUZxbmItvoyEczTclgVtHsr9Jmf+w= ;{id = 2854}
SECTION AUTHORITY
; cover qname next closer name.
; H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3.
s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
ENTRY_END

; refer to server one down
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.sub.example.com. IN A
SECTION AUTHORITY
sub.example.com. IN NS ns.sub.example.com.
sub.example.com.        3600    IN      DS      2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31
sub.example.com.        3600    IN      RRSIG   DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854}
SECTION ADDITIONAL
ns.sub.example.com. IN A 1.2.3.10
ENTRY_END
RANGE_END

; ns.sub.example.com.
RANGE_BEGIN 0 100
        ADDRESS 1.2.3.10
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
sub.example.com. IN NS
SECTION ANSWER
sub.example.com. IN NS ns.sub.example.com.
SECTION ADDITIONAL
ns.sub.example.com. IN A 1.2.3.10
ENTRY_END

; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
sub.example.com. IN DNSKEY
SECTION ANSWER
sub.example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
sub.example.com.        3600    IN      RRSIG   DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854}

ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NXDOMAIN
SECTION QUESTION
www.sub.example.com. IN A
SECTION AUTHORITY
sub.example.com.        IN SOA  ns.sub.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
sub.example.com.        3600    IN      RRSIG   SOA 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBLls0z0ncWxTXzDt4uLAuJsr932AhQvVeUJevgwAL6mfmLL6fAf2IZ7mg== ;{id = 2854}

; closest encloser, H(sub.example.com). = 8r1f0ieoutlnjc03meng9e3bn2n0o9pd
8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd SOA NS MX RRSIG
8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBX1qVlth+YE+y57p5C7X00bLthDAhRIF2xoHF0exs29obE7JjVthwXfHA== ;{id = 2854}

; wildcard denial, H(*.sub.example.com.) = hq432j8q183b54mejh50200pqo8rvlog
hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd hq432j8q183b54mejh50200pqo9rvlog A RRSIG
hq432j8q183b54mejh50200pqo7rvlog.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAOXoeUk1d0cxT9p1gUvBrybAQCSAhQ5eLWaK932TxxY4U6NAxgst4O4uA== ;{id = 2854}

; next closer denial H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme
ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAuD3qb/+CWyqjBRt/RDjZvsSyCGAhQivfP3zr1+2Uknw9RhXUcUO0g6Lg== ;{id = 2854}
ENTRY_END
RANGE_END

STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END

; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO NXDOMAIN
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN CNAME www.sub.example.com.
www.example.com.  3600    IN      RRSIG   CNAME 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCjVxqOi0bcgHgxVkwzJqIi6iNJswIUZxbmItvoyEczTclgVtHsr9Jmf+w= ;{id = 2854}
SECTION AUTHORITY
SECTION AUTHORITY
s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG
s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com.   3600    IN      RRSIG   NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854}
sub.example.com.        IN SOA  ns.sub.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
sub.example.com.        3600    IN      RRSIG   SOA 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBLls0z0ncWxTXzDt4uLAuJsr932AhQvVeUJevgwAL6mfmLL6fAf2IZ7mg== ;{id = 2854}
8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd SOA NS MX RRSIG
8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBX1qVlth+YE+y57p5C7X00bLthDAhRIF2xoHF0exs29obE7JjVthwXfHA== ;{id = 2854}
hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd hq432j8q183b54mejh50200pqo9rvlog A RRSIG
hq432j8q183b54mejh50200pqo7rvlog.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAOXoeUk1d0cxT9p1gUvBrybAQCSAhQ5eLWaK932TxxY4U6NAxgst4O4uA== ;{id = 2854}
ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG
ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com.       3600    IN      RRSIG  NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAuD3qb/+CWyqjBRt/RDjZvsSyCGAhQivfP3zr1+2Uknw9RhXUcUO0g6Lg== ;{id = 2854}
SECTION ADDITIONAL
ENTRY_END

SCENARIO_END