Vendor import of Unbound 1.9.1.

[FreeBSD/FreeBSD.git] / testdata / val_refer_unsignadd.rpl

; config options
; The island of trust is at example.com
server:
        trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
        trust-anchor: "example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
        val-override-date: "20070916134226"
        access-control: 127.0.0.1 allow_snoop
        target-fetch-policy: "0 0 0 0 0"
        qname-minimisation: "no"
        fake-sha1: yes
        trust-anchor-signaling: no

stub-zone:
        name: "."
        stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test validator with a referral with unsigned additional
; but the additional record is from a signed zone, 
; and a proper proof for no DS or DSNKEY types is forthcoming.

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
        ADDRESS 193.0.14.129 
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET.     IN      A       193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
; Skip .com, to provide unsigned referral A record for ns.example.net
; and go straight to example.com.
example.com.    IN NS   ns.example.com.
example.com.    IN NS   ns.example.net.
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.net  IN      A       1.2.3.5
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.net. IN A
SECTION AUTHORITY
net.    IN NS   a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.     IN      A       192.5.6.30
ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 100
        ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com.    IN NS   a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.     IN      A       192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net. IN NS
SECTION ANSWER
net.    IN NS   a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.     IN      A       192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com.    IN NS   ns.example.com.
example.com.    IN NS   ns.example.net.
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.net  IN      A       1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.net. IN A
SECTION AUTHORITY
example.net.    IN NS   ns.example.net.
SECTION ADDITIONAL
ns.example.net.         IN      A       1.2.3.5
ENTRY_END
RANGE_END

; ns.example.com.
RANGE_BEGIN 0 100
        ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com.    IN NS   ns.example.com.
example.com.    IN NS   ns.example.net.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

; response to example.com. DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
SECTION AUTHORITY
example.com.    IN NS   ns.example.com.
example.com.    IN NS   ns.example.net.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN     A 11.12.13.14
www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
RANGE_END

; ns.example.net.
RANGE_BEGIN 0 100
        ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com.    IN NS   ns.example.com.
example.com.    IN NS   ns.example.net.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

; example.com zone in ns.example.net.
; response to example.com. DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600    IN      RRSIG   DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
SECTION AUTHORITY
example.com.    IN NS   ns.example.com.
example.com.    IN NS   ns.example.net.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN     A 11.12.13.14
www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END

; example.net zone in ns.example.net.
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net.    IN NS   ns.example.net.
example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net.         IN      A       1.2.3.5
ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END

; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN DNSKEY
SECTION ANSWER
example.net.    3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
example.net.    3600    IN      RRSIG   DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
SECTION AUTHORITY
example.net.    IN NS   ns.example.net.
example.net.    3600    IN      RRSIG   NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net.         IN      A       1.2.3.5
ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END

; deny DS and DNSKEY types
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id 
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN DS
SECTION AUTHORITY
example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
example.net.    3600    IN      RRSIG   SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
ns.example.net  IN      NSEC    ns-new.example.net. A AAAA RRSIG NSEC
ns.example.net. 3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. HLkPBWA8Hstub8e/zdp/A8xyI6+fnnMsA9oiZ20VBuSTaBknX0SXmVulNhVGfdmz9fYmYFUr1zjqvPFG+ErO8A== ;{id = 30899}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id 
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN DNSKEY
SECTION AUTHORITY
example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
example.net.    3600    IN      RRSIG   SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
ns.example.net  IN      NSEC    ns-new.example.net. A RRSIG NSEC
ns.example.net. 3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. fAbDxuMP6lMqi71Wa9nsByG7buoJpfxyQhjps6HXOPzOC24UCCjdvZfZltlRy7Yrfrs28MjHwYEmHFmCeFpfPw== ;{id = 30899}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id 
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN A
SECTION ANSWER
ns.example.net.         IN      A       1.2.3.5
ns.example.net. 3600    IN      RRSIG   A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id 
REPLY QR NOERROR
SECTION QUESTION
ns.example.net. IN AAAA
SECTION AUTHORITY
example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
example.net.    3600    IN      RRSIG   SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
ns.example.net  IN      NSEC    ns-new.example.net. A RRSIG NSEC
ns.example.net. 3600    IN      RRSIG   NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. fAbDxuMP6lMqi71Wa9nsByG7buoJpfxyQhjps6HXOPzOC24UCCjdvZfZltlRy7Yrfrs28MjHwYEmHFmCeFpfPw== ;{id = 30899}
ENTRY_END

RANGE_END

; prime cache with example.com. NS rrset.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END

; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN     A       11.12.13.14
www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END

; test nonrec referral validation
STEP 11 QUERY
ENTRY_BEGIN
REPLY DO
SECTION QUESTION
bla.example.com. IN A
ENTRY_END

STEP 12 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RA AD DO NOERROR
SECTION QUESTION
bla.example.com. IN A
SECTION ANSWER
SECTION AUTHORITY
example.com.    IN NS   ns.example.com.
example.com.    IN NS   ns.example.net.
example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
SECTION ADDITIONAL
ns.example.com.         IN      A       1.2.3.4
ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END

SCENARIO_END