239 lines
6.9 KiB
Text
239 lines
6.9 KiB
Text
do-ip6: no
|
|
|
|
query-minimization: off
|
|
; config options
|
|
; The island of trust is at example.com
|
|
;server:
|
|
trust-anchor: "example.com. 86400 IN DS 56216 13 2 60E5A8A0A2959A0E65A79A6C149FF5E1D68C866C5F5462DB21032AF5185B728A"
|
|
val-override-date: "20210501000000"
|
|
; target-fetch-policy: "0 0 0 0 0"
|
|
; fake-sha1: yes
|
|
|
|
;stub-zone:
|
|
; name: "."
|
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
|
query-minimization: off
|
|
CONFIG_END
|
|
|
|
SCENARIO_BEGIN Test validating NSEC3 with too many iterations
|
|
|
|
; K.ROOT-SERVERS.NET.
|
|
RANGE_BEGIN 0 100
|
|
ADDRESS 193.0.14.129
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
. IN NS
|
|
SECTION ANSWER
|
|
. IN NS K.ROOT-SERVERS.NET.
|
|
SECTION ADDITIONAL
|
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
K.ROOT-SERVERS.NET. IN A
|
|
SECTION ANSWER
|
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
com. IN A
|
|
SECTION AUTHORITY
|
|
com. IN NS a.gtld-servers.net.
|
|
SECTION ADDITIONAL
|
|
a.gtld-servers.net. IN A 192.5.6.30
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
a.gtld-servers.net. IN A
|
|
SECTION ANSWER
|
|
a.gtld-servers.net. IN A 192.5.6.30
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
|
|
; a.gtld-servers.net.
|
|
RANGE_BEGIN 0 100
|
|
ADDRESS 192.5.6.30
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
com. IN NS
|
|
SECTION ANSWER
|
|
com. IN NS a.gtld-servers.net.
|
|
SECTION ADDITIONAL
|
|
a.gtld-servers.net. IN A 192.5.6.30
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode subdomain
|
|
ADJUST copy_id copy_query
|
|
REPLY QR NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN A
|
|
SECTION AUTHORITY
|
|
example.com. IN NS ns1.example.com.
|
|
SECTION ADDITIONAL
|
|
ns1.example.com. IN A 1.2.3.4
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
; ns1.example.com.
|
|
RANGE_BEGIN 0 100
|
|
ADDRESS 1.2.3.4
|
|
;;; Generated by starting knotd with this simple zone file and then querying it with kdig.
|
|
;$ORIGIN example.com.
|
|
;$TTL 86400
|
|
;@ SOA ns1.example.com. hostmaster.example.com. (
|
|
; 1 ; serial
|
|
; 21600 ; refresh after 6 hours
|
|
; 3600 ; retry after 1 hour
|
|
; 604800 ; expire after 1 week
|
|
; 86400 ) ; minimum TTL of 1 day
|
|
;@ NS ns1.example.com.
|
|
;ns1.example.com. A 1.2.3.4
|
|
;*.wild.example.com. TXT "wildcard"
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN NS
|
|
SECTION ANSWER
|
|
example.com. 86400 NS ns1.example.com.
|
|
example.com. 86400 RRSIG NS 13 2 86400 20210514155807 20210430142807 28964 example.com. k80kgr7N/MPVZhv4MT8CqEQBUG1Oth9buWh6d7nwO64DR7f7WJnH1yvBeQcFSXBxQcv/f0V8SJzqdcD6EmWzsw==
|
|
SECTION ADDITIONAL
|
|
ns1.example.com. 86400 A 1.2.3.4
|
|
ns1.example.com. 86400 RRSIG A 13 3 86400 20210514155807 20210430142807 28964 example.com. sGykdbHcEy4gnMAhIu4KGA96KS5hZKNM/C3yr61gyOOqgkV+6nAzuLBYvGxe4AexM/qA/Zpv0IyLg7bi9iufhg==
|
|
ENTRY_END
|
|
|
|
; response to DNSKEY priming query
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
example.com. IN DNSKEY
|
|
SECTION ANSWER
|
|
example.com. 86400 DNSKEY 256 3 13 MN1ctIwG9m3p1fuH3Vn18XFLz4k6TUy1uXg/BF+7i+NrMkfbm4PLhhWflVElgowiQv/2103uHcW7a78ZaNP44g==
|
|
example.com. 86400 DNSKEY 257 3 13 d7yF/Xsdi0i8bUwN8FyCOIu9XGuoVlyuW2ZtVXEfdfwDpJxoHPjG3DImr8iLK2PMu75SMqj8+nwsP9dHiKYo9A==
|
|
example.com. 86400 RRSIG DNSKEY 13 2 86400 20210514155807 20210430142807 56216 example.com. BiPljLSmTP+uY5YrQ9mzxZhDsE33Bz3tBZaED8O+U3bmAfXNnZ1h8yN0FqOrJ7iRxmfK3ffNIgl3eANYi29z7A==
|
|
ENTRY_END
|
|
|
|
ENTRY_BEGIN
|
|
MATCH opcode qtype qname
|
|
ADJUST copy_id
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
ns1.example.com. IN A
|
|
SECTION ANSWER
|
|
ns1.example.com. 86400 A 1.2.3.4
|
|
ns1.example.com. 86400 RRSIG A 13 3 86400 20210514155807 20210430142807 28964 example.com. sGykdbHcEy4gnMAhIu4KGA96KS5hZKNM/C3yr61gyOOqgkV+6nAzuLBYvGxe4AexM/qA/Zpv0IyLg7bi9iufhg==
|
|
ENTRY_END
|
|
|
|
; response to the simple query of interest
|
|
ENTRY_BEGIN
|
|
MATCH opcode qname
|
|
ADJUST copy_id copy_query
|
|
REPLY QR AA NXDOMAIN
|
|
SECTION QUESTION
|
|
nxdomain.example.com. IN A
|
|
SECTION AUTHORITY
|
|
example.com. 86400 SOA ns1.example.com. hostmaster.example.com. 3 21600 3600 604800 86400
|
|
1cl7h356uun3lupr5ul5ok6puohj998d.example.com. 86400 NSEC3 1 0 65535 D7F1DC453FCD0B67 cf2t29nn8sqbpn6p9d1euo8k1emtvg6d NS SOA RRSIG DNSKEY NSEC3PARAM CDS CDNSKEY
|
|
cf2t29nn8sqbpn6p9d1euo8k1emtvg6d.example.com. 86400 NSEC3 1 0 65535 D7F1DC453FCD0B67 marb4pbbo27u50b2jb062rmee7hu5h0d
|
|
example.com. 86400 RRSIG SOA 13 2 86400 20210514161125 20210430144125 28964 example.com. cepCaZukRNjqLn52iIiH3I7C9MzosmjOaBNIgcmre8owxYyUC0Ur/lkNt0PVIGYYNGq0ZxstynleoZfebu+Hag==
|
|
1cl7h356uun3lupr5ul5ok6puohj998d.example.com. 86400 RRSIG NSEC3 13 3 86400 20210514161125 20210430144125 28964 example.com. +L2sxEcpXKOurY/KM5jL3WsaoNl3fuQYSfkF0hat/Qi7cVCFMmVVPa5nuuAaE4L6dYDyuVnJ7CkSZaJD0cYQXA==
|
|
cf2t29nn8sqbpn6p9d1euo8k1emtvg6d.example.com. 86400 RRSIG NSEC3 13 3 86400 20210514161125 20210430144125 28964 example.com. I8qbPSgWDvKstK2b1QZs9ukdih1+mYLmdtZg+Y4gLJscpSgss8Ydz8L8jyvNTb079QwajT5FKPHRHJxGZZiCkQ==
|
|
ENTRY_END
|
|
|
|
; response to the wildcard query of interest
|
|
ENTRY_BEGIN
|
|
MATCH opcode qname
|
|
ADJUST copy_id copy_query
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
foo.wild.example.com. IN TXT
|
|
SECTION ANSWER
|
|
foo.wild.example.com. 86400 TXT "wildcard"
|
|
foo.wild.example.com. 86400 RRSIG TXT 13 3 86400 20210514161125 20210430144125 28964 example.com. sN/uAISiZueMg3yoRqnHpRw5Qayb0HDxht8XVvyY/C1H/DO6cBvyskTyBIU7S1B+hIOvaIKUAqd9D1+VIr58bA==
|
|
SECTION AUTHORITY
|
|
ti6egnlv8nsi9js84c1mv3ec7sq4293g.example.com. 86400 NSEC3 1 0 65535 D7F1DC453FCD0B67 1cl7h356uun3lupr5ul5ok6puohj998d TXT RRSIG
|
|
ti6egnlv8nsi9js84c1mv3ec7sq4293g.example.com. 86400 RRSIG NSEC3 13 3 86400 20210514161125 20210430144125 28964 example.com. zeA5x5Fcqcvqq8deQT93Fa8ZOtgLA+zIZ/uKED5e4vjtNEg5cCJ6/4+YM4/ztwYnkSzkkKbzrzF7qanJNSlk3w==
|
|
ENTRY_END
|
|
RANGE_END
|
|
|
|
|
|
STEP 10 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD AD
|
|
SECTION QUESTION
|
|
ns1.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; recursion happens here
|
|
STEP 11 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA AD NOERROR
|
|
SECTION QUESTION
|
|
ns1.example.com. IN A
|
|
SECTION ANSWER
|
|
ns1.example.com. 86400 IN A 1.2.3.4
|
|
ENTRY_END
|
|
|
|
; now simple non-existing entry
|
|
STEP 21 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD AD
|
|
SECTION QUESTION
|
|
nxdomain.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; it should get downgraded
|
|
STEP 22 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NXDOMAIN
|
|
SECTION QUESTION
|
|
nxdomain.example.com. IN A
|
|
SECTION AUTHORITY
|
|
example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. 3 21600 3600 604800 86400
|
|
ENTRY_END
|
|
|
|
; more difficult: positive wildcard expansion
|
|
STEP 31 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD AD
|
|
SECTION QUESTION
|
|
foo.wild.example.com. IN TXT
|
|
ENTRY_END
|
|
|
|
STEP 32 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all
|
|
REPLY QR RD RA NOERROR
|
|
SECTION QUESTION
|
|
foo.wild.example.com. IN TXT
|
|
SECTION ANSWER
|
|
foo.wild.example.com. 86400 TXT "wildcard"
|
|
ENTRY_END
|
|
|
|
SCENARIO_END
|