2 ; The island of trust is at example.com
4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
5 val-override-date: "20070916134226"
6 target-fetch-policy: "0 0 0 0 0"
11 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
14 SCENARIO_BEGIN Test validator with insecure delegation and DS negative cache
20 MATCH opcode qtype qname
26 . IN NS K.ROOT-SERVERS.NET.
28 K.ROOT-SERVERS.NET. IN A 193.0.14.129
32 MATCH opcode qtype qname
36 www.sub.example.com. IN A
38 com. IN NS a.gtld-servers.net.
40 a.gtld-servers.net. IN A 192.5.6.30
48 MATCH opcode qtype qname
54 com. IN NS a.gtld-servers.net.
56 a.gtld-servers.net. IN A 192.5.6.30
60 MATCH opcode qtype qname
64 www.sub.example.com. IN A
66 example.com. IN NS ns.example.com.
68 ns.example.com. IN A 1.2.3.4
76 MATCH opcode qtype qname
82 example.com. IN NS ns.example.com.
83 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
85 ns.example.com. IN A 1.2.3.4
86 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
89 ; response to DNSKEY priming query
91 MATCH opcode qtype qname
95 example.com. IN DNSKEY
97 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
98 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
100 example.com. IN NS ns.example.com.
101 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
103 ns.example.com. IN A 1.2.3.4
104 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
107 ; response for delegation to sub.example.com.
109 MATCH opcode qtype qname
113 www.sub.example.com. IN A
116 sub.example.com. IN NS ns.sub.example.com.
117 sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC
118 sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
120 ns.sub.example.com. IN A 1.2.3.6
123 ; query for missing DS record.
124 ; get it from the negative cache instead!
126 ;MATCH opcode qtype qname
130 ;sub.example.com. IN DS
133 ;example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
134 ;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
135 ;sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC
136 ;sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
138 ;ns.sub.example.com. IN A 1.2.3.6
144 ; ns.sub.example.com.
148 MATCH opcode qtype qname
152 sub.example.com. IN NS
154 sub.example.com. IN NS ns.sub.example.com.
156 ns.sub.example.com. IN A 1.2.3.6
159 ; response to query of interest
161 MATCH opcode qtype qname
165 www.sub.example.com. IN A
167 www.sub.example.com. IN A 11.11.11.11
177 www.sub.example.com. IN A
180 ; recursion happens here.
184 REPLY QR RD RA DO NOERROR
186 www.sub.example.com. IN A
188 www.sub.example.com. 3600 IN A 11.11.11.11