; config options ; The island of trust is at example.com server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END SCENARIO_BEGIN Test validator with lots of ENTs in the chain of trust ; query is for a.1.2.b.3.4.c.5.6.example.com. ; labels 1-6 are empty nonterminals. ; there are DNSKEYs at labels b, c, example.com. ; and DSes at b and c. ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS K.ROOT-SERVERS.NET. SECTION ADDITIONAL K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END ENTRY_BEGIN MATCH opcode qtype ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION www.sub.example.com. IN A SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END RANGE_END ; a.gtld-servers.net. RANGE_BEGIN 0 100 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION ANSWER com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode qtype ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION www.sub.example.com. IN A SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END RANGE_END ; ns.example.com. RANGE_BEGIN 0 100 ADDRESS 1.2.3.4 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION ANSWER example.com. IN NS ns.example.com. example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} ENTRY_END ; response to DNSKEY priming query ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION example.com. IN DNSKEY SECTION ANSWER example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} SECTION AUTHORITY example.com. IN NS ns.example.com. example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} ENTRY_END ; response for ENT DS queries. ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION 6.example.com. IN DS SECTION AUTHORITY example.com. NSEC c.5.6.example.com. SOA DNSKEY NS RRSIG NSEC example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCoocKDsR+Hius4e+5zJPlXeeWNowIUO+pa14FBcWH/dCNK5R0vRrlWY5s= ;{id = 2854} ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION 5.6.example.com. IN DS SECTION AUTHORITY example.com. NSEC c.5.6.example.com. SOA DNSKEY NS RRSIG NSEC example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCoocKDsR+Hius4e+5zJPlXeeWNowIUO+pa14FBcWH/dCNK5R0vRrlWY5s= ;{id = 2854} ENTRY_END ; response for query in question - delegation ; and all other queries, receive a delegation to c.5.6.example.com. ENTRY_BEGIN MATCH opcode ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION a.1.2.b.3.4.c.5.6.example.com. IN A SECTION ANSWER SECTION AUTHORITY c.5.6.example.com. IN NS ns.c.5.6.example.com. c.5.6.example.com. 3600 IN DS 2854 3 1 4449f16fa7d712283aa43cc8dcc8e07c05856e08 c.5.6.example.com. 3600 IN RRSIG DS 3 5 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCgiF7eFL89mSqjUPEpQuL5QEa1OgIUWdfUmMkwVBwOgmxlxZIKfGs5od0= ;{id = 2854} SECTION ADDITIONAL ns.c.5.6.example.com. IN A 1.2.3.6 ENTRY_END RANGE_END ; ns.c.5.6.example.com. RANGE_BEGIN 0 100 ADDRESS 1.2.3.6 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION c.5.6.example.com. IN NS SECTION ANSWER ENTRY_END ; response to DNSKEY priming query ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION c.5.6.example.com. IN DNSKEY SECTION ANSWER c.5.6.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} c.5.6.example.com. 3600 IN RRSIG DNSKEY 3 5 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MC0CFHsYd4tGO5BotXFzG9d8fzHkX576AhUAoZ2d1FNUBsrwxl6XSz/hoxme/4Q= ;{id = 2854} ENTRY_END ; response to DS queries. ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION 4.c.5.6.example.com. IN DS SECTION AUTHORITY 3.c.5.6.example.com. IN NSEC b.3.4.c.5.6.example.com. NS DS RRSIG NSEC 3.c.5.6.example.com. 3600 IN RRSIG NSEC 3 6 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MCwCFFFF5WwGibkPunDt0BW2W9lncACcAhQuFh7FbfCE1ulJqBFf1YxjvT/WHQ== ;{id = 2854} ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY AA QR NOERROR SECTION QUESTION 3.4.c.5.6.example.com. IN DS SECTION AUTHORITY 3.c.5.6.example.com. IN NSEC b.3.4.c.5.6.example.com. NS DS RRSIG NSEC 3.c.5.6.example.com. 3600 IN RRSIG NSEC 3 6 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MCwCFFFF5WwGibkPunDt0BW2W9lncACcAhQuFh7FbfCE1ulJqBFf1YxjvT/WHQ== ;{id = 2854} ENTRY_END ; any other query gets a referral ENTRY_BEGIN MATCH opcode ADJUST copy_id copy_query REPLY AA QR NOERROR SECTION QUESTION 4.c.5.6.example.com. IN DS SECTION AUTHORITY b.3.4.c.5.6.example.com. IN NS ns.b.3.4.c.5.6.example.com. b.3.4.c.5.6.example.com. 3600 IN DS 30899 5 1 849ebbdefa338db3e6c3ddffd58851523ba701de b.3.4.c.5.6.example.com. 3600 IN RRSIG DS 3 8 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MC0CFEuXbvClpAOx7E1SXeH0d+Q4jpySAhUAtbEbQ8qtRF5chUOWNtg31ESAjWg= ;{id = 2854} SECTION ADDITIONAL ns.b.3.4.c.5.6.example.com. IN A 1.2.3.7 ENTRY_END RANGE_END ; ns.b.3.4.c.5.6.example.com. RANGE_BEGIN 0 100 ADDRESS 1.2.3.7 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION b.3.4.c.5.6.example.com. IN NS SECTION ANSWER ENTRY_END ; response to DNSKEY priming query ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION b.3.4.c.5.6.example.com. IN DNSKEY SECTION ANSWER b.3.4.c.5.6.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} b.3.4.c.5.6.example.com. 3600 IN RRSIG DNSKEY 5 8 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. KNftlGVkrfvo3l3Wliq+i695MqJI9B8QnTVhCHKhFPZfEq0HCxV8gO3ZlaTUle1YEnr7+yXUritXlzjFOlf1hw== ;{id = 30899} ENTRY_END ; response to query of interest ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION a.1.2.b.3.4.c.5.6.example.com. IN A SECTION ANSWER a.1.2.b.3.4.c.5.6.example.com. IN A 11.11.11.11 a.1.2.b.3.4.c.5.6.example.com. 3600 IN RRSIG A 5 11 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. GUZcUHhxAvc6FYwAzVJcTqsjz5L36bGA45dyeSupEGEhhUJj0wm/FaYCAlO8J+H2zcFEqbgK0KzHdrFmNHkgUQ== ;{id = 30899} SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END RANGE_END STEP 1 QUERY ENTRY_BEGIN REPLY RD DO SECTION QUESTION a.1.2.b.3.4.c.5.6.example.com. IN A ENTRY_END ; recursion happens here. STEP 10 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA AD DO NOERROR SECTION QUESTION a.1.2.b.3.4.c.5.6.example.com. IN A SECTION ANSWER a.1.2.b.3.4.c.5.6.example.com. 3600 IN A 11.11.11.11 a.1.2.b.3.4.c.5.6.example.com. 3600 IN RRSIG A 5 11 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. GUZcUHhxAvc6FYwAzVJcTqsjz5L36bGA45dyeSupEGEhhUJj0wm/FaYCAlO8J+H2zcFEqbgK0KzHdrFmNHkgUQ== ;{id = 30899} SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END SCENARIO_END