2 ; The island of trust is at example.com
4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5 trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
6 val-override-date: "20070916134226"
7 access-control: 127.0.0.1 allow_snoop
8 target-fetch-policy: "0 0 0 0 0"
10 trust-anchor-signaling: no
14 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
17 SCENARIO_BEGIN Test validator with a referral with unsigned additional
18 ; but the additional record is from a signed zone,
19 ; and a proper proof for no DS or DSNKEY types is forthcoming.
25 MATCH opcode qtype qname
31 . IN NS K.ROOT-SERVERS.NET.
33 K.ROOT-SERVERS.NET. IN A 193.0.14.129
38 ADJUST copy_id copy_query
43 ; Skip .com, to provide unsigned referral A record for ns.example.net
44 ; and go straight to example.com.
45 example.com. IN NS ns.example.com.
46 example.com. IN NS ns.example.net.
48 ns.example.com. IN A 1.2.3.4
49 ns.example.net IN A 1.2.3.5
54 ADJUST copy_id copy_query
59 net. IN NS a.gtld-servers.net.
61 a.gtld-servers.net. IN A 192.5.6.30
69 MATCH opcode qtype qname
75 com. IN NS a.gtld-servers.net.
77 a.gtld-servers.net. IN A 192.5.6.30
81 MATCH opcode qtype qname
87 net. IN NS a.gtld-servers.net.
89 a.gtld-servers.net. IN A 192.5.6.30
94 ADJUST copy_id copy_query
99 example.com. IN NS ns.example.com.
100 example.com. IN NS ns.example.net.
102 ns.example.com. IN A 1.2.3.4
103 ns.example.net IN A 1.2.3.5
107 ADJUST copy_id copy_query
112 example.net. IN NS ns.example.net.
114 ns.example.net. IN A 1.2.3.5
122 MATCH opcode qtype qname
128 example.com. IN NS ns.example.com.
129 example.com. IN NS ns.example.net.
130 example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
132 ns.example.com. IN A 1.2.3.4
133 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
136 ; response to example.com. DNSKEY priming query
138 MATCH opcode qtype qname
142 example.com. IN DNSKEY
144 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
145 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
147 example.com. IN NS ns.example.com.
148 example.com. IN NS ns.example.net.
149 example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
151 ns.example.com. IN A 1.2.3.4
152 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
156 MATCH opcode qtype qname
160 www.example.com. IN A
162 www.example.com. IN A 11.12.13.14
163 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
173 MATCH opcode qtype qname
179 example.com. IN NS ns.example.com.
180 example.com. IN NS ns.example.net.
181 example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
183 ns.example.com. IN A 1.2.3.4
184 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
187 ; example.com zone in ns.example.net.
188 ; response to example.com. DNSKEY priming query
190 MATCH opcode qtype qname
194 example.com. IN DNSKEY
196 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
197 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
199 example.com. IN NS ns.example.com.
200 example.com. IN NS ns.example.net.
201 example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
203 ns.example.com. IN A 1.2.3.4
204 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
208 MATCH opcode qtype qname
212 www.example.com. IN A
214 www.example.com. IN A 11.12.13.14
215 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
220 ; example.net zone in ns.example.net.
222 MATCH opcode qtype qname
228 example.net. IN NS ns.example.net.
229 example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
231 ns.example.net. IN A 1.2.3.5
232 ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
235 ; response to DNSKEY priming query
237 MATCH opcode qtype qname
241 example.net. IN DNSKEY
243 example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
244 example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
246 example.net. IN NS ns.example.net.
247 example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
249 ns.example.net. IN A 1.2.3.5
250 ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
253 ; deny DS and DNSKEY types
255 MATCH opcode qtype qname
259 ns.example.net. IN DS
261 example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
262 example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
263 ns.example.net IN NSEC ns-new.example.net. A AAAA RRSIG NSEC
264 ns.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. HLkPBWA8Hstub8e/zdp/A8xyI6+fnnMsA9oiZ20VBuSTaBknX0SXmVulNhVGfdmz9fYmYFUr1zjqvPFG+ErO8A== ;{id = 30899}
268 MATCH opcode qtype qname
272 ns.example.net. IN DNSKEY
274 example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
275 example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
276 ns.example.net IN NSEC ns-new.example.net. A RRSIG NSEC
277 ns.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. fAbDxuMP6lMqi71Wa9nsByG7buoJpfxyQhjps6HXOPzOC24UCCjdvZfZltlRy7Yrfrs28MjHwYEmHFmCeFpfPw== ;{id = 30899}
281 MATCH opcode qtype qname
287 ns.example.net. IN A 1.2.3.5
288 ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
292 MATCH opcode qtype qname
296 ns.example.net. IN AAAA
298 example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200
299 example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899}
300 ns.example.net IN NSEC ns-new.example.net. A RRSIG NSEC
301 ns.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. fAbDxuMP6lMqi71Wa9nsByG7buoJpfxyQhjps6HXOPzOC24UCCjdvZfZltlRy7Yrfrs28MjHwYEmHFmCeFpfPw== ;{id = 30899}
306 ; prime cache with example.com. NS rrset.
311 www.example.com. IN A
314 ; recursion happens here.
318 REPLY QR RD RA AD DO NOERROR
320 www.example.com. IN A
322 www.example.com. IN A 11.12.13.14
323 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854}
328 ; test nonrec referral validation
333 bla.example.com. IN A
339 REPLY QR RA AD DO NOERROR
341 bla.example.com. IN A
344 example.com. IN NS ns.example.com.
345 example.com. IN NS ns.example.net.
346 example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854}
348 ns.example.com. IN A 1.2.3.4
349 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}