diff options
Diffstat (limited to 'tests/deckard/sets/resolver/val_cnamenx_dblnsec.rpl')
-rw-r--r-- | tests/deckard/sets/resolver/val_cnamenx_dblnsec.rpl | 178 |
1 files changed, 178 insertions, 0 deletions
diff --git a/tests/deckard/sets/resolver/val_cnamenx_dblnsec.rpl b/tests/deckard/sets/resolver/val_cnamenx_dblnsec.rpl new file mode 100644 index 0000000..5c6f423 --- /dev/null +++ b/tests/deckard/sets/resolver/val_cnamenx_dblnsec.rpl @@ -0,0 +1,178 @@ +; config options +; The island of trust is at example.com +;server: + trust-anchor: "example.com. 3600 IN DS 21485 7 1 D0AED7DEAE346B008881F31F9ABBB055DF94CBD5 " +val-override-date: "20181130121821" +; target-fetch-policy: "0 0 0 0 0" +; fake-sha1: yes + +;stub-zone: +; name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +query-minimization: off +CONFIG_END + +SCENARIO_BEGIN Test validator with cname-nxdomain for duplicate NSEC detection + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +cname.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +cname.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 7 2 3600 20181230101821 20181130101821 21485 example.com. cdC5PUdx8wOzA3Ffx0jI2KrGMpU0VmxM/Y7RpFM0JgCMO3aeYsGbtcpR pvS6i9sSFUTA3XNp0tiGqpS1iH07CJy67U0g1qKh/peHn07TWCrR9Kqy 0OXGlNfZQL4BG5i7hq0VXvUeBvyquMeTd0c6n/yni8DDFx0l95lvu5nr k5w= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 7 3 3600 20181230101821 20181130101821 21485 example.com. soIpMtGzUOKCj5F6RjqQxrrhSJwhWLv9plOIEfGyI9OLgTYaTYgqC1R9 /4IIVPjzk4mB5VJSLcLNN2/QP8Qa/gO/dIb5o6nnHKdfDS4IPpG6ikeM T9cS2EMJ0+5rI5nLTCIofvGmsYTtjMuT3ysJ8xM4/9p1A7yjd49Mrkeb JWo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 7 AwEAAdHIjtVPYHtA3eUV5xOLpXVDAxdm16vsbjbfA4zFA9h2i1snUhCo fZV3hnOzn6WGpJkn/K2FBioTbwqhtQgEKnAg4+wxr+FnE/D89hdTF3CJ av/DRtw5pOu7PK5LbVZWWE2ztmok57RoMr31ecQGJ3S/B2rCZDaEDbYg EK+MoKHZ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 7 2 3600 20181230101821 20181130101821 21485 example.com. gHeTNDlfGHqlxNke2s0TIm4x6fFdV64FgkCyc9CVf+eR5gMqpnhkRBk5 DdDK1Gi5MO3XnbzRcUrC2Y+7i20M+nTA+KD9ZlQsXWszevLYJY3TJmnQ cz9d5hQJexrAx1+G0C78vDO6vWZNJz3J0LzvDQcmH23R3j9ow2wM1W7x f4k= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 7 2 3600 20181230101821 20181130101821 21485 example.com. cdC5PUdx8wOzA3Ffx0jI2KrGMpU0VmxM/Y7RpFM0JgCMO3aeYsGbtcpR pvS6i9sSFUTA3XNp0tiGqpS1iH07CJy67U0g1qKh/peHn07TWCrR9Kqy 0OXGlNfZQL4BG5i7hq0VXvUeBvyquMeTd0c6n/yni8DDFx0l95lvu5nr k5w= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 7 3 3600 20181230101821 20181130101821 21485 example.com. soIpMtGzUOKCj5F6RjqQxrrhSJwhWLv9plOIEfGyI9OLgTYaTYgqC1R9 /4IIVPjzk4mB5VJSLcLNN2/QP8Qa/gO/dIb5o6nnHKdfDS4IPpG6ikeM T9cS2EMJ0+5rI5nLTCIofvGmsYTtjMuT3ysJ8xM4/9p1A7yjd49Mrkeb JWo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cname.example.com. IN A +SECTION ANSWER +cname.example.com. 3600 IN CNAME www.example.com. +cname.example.com. 3600 IN RRSIG CNAME 7 3 3600 20181230101821 20181130101821 21485 example.com. KSB4An66g0tVndlXTHPjpRzQmsM6TMvV54THQJmiPqiI9UNTQwIwgEPI zSG5lUZwqORK7h4fTStwAosDl+dKFtPWoiW3yV0XytaJqJBfB5eOr6/X 665Qp876He3ZhVBYfekFVZnO+amzv8oycjngPsSHxpMZ760HNFRSgacy bDc= ;{id = 2854} +SECTION AUTHORITY +; already includes the necessary NSECs +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 7 2 3600 20181230101821 20181130101821 21485 example.com. kvapB5PKSev/ZKLrVqexb3HPFftCrdE7a5fYzzAlSmW85Wzj4b7Pi3pU Jyh6W+9Wo7iTkT9NdBy93RgApoW38CHVh4/FiGJlbIs+cJFgpMfG1kdu Q2j3xn5P4TUlRX9PNtkjDdy13FqpiSMPHNU1ZdLq5oQ/wL2vNSsJ83zq ZZw= ;{id = 2854} +; wildcard denial +example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +example.com. 3600 IN RRSIG NSEC 7 2 18000 20181230101821 20181130101821 21485 example.com. W4RWRKbmCTSKQZuIaDybI+dEwB+wKs24C9f5h01XRuhj9OKTEeomaHCN 4AsK+DdsU7Z6QBYedn+rbYjaCjbTQqztc7Qi8fAF/dw9wRG+WMdATnqD 0uJGRsQLzJmzjttKp64Njtgl4eiNuhOwYzsZpDANKwMv1Rlg7P7HVsZU T+g= ;{id = 2854} +; qname denial +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 7 3 18000 20181230101821 20181130101821 21485 example.com. WFil25/HtvZtJ3QUa9toox+C+qcJOKJwcZ2ylTOlSJzJrJB99oTKN1ZW XLDIRHPX81TTEp0edigErhyLO+xna1+L96Ze4tN9nP/0+N7gzY3bhzmg sms/ojtjuqKSf0ac1ZAUU3aGSdA/rgBYfeTh/2wMaLcQC1BUBZFsztAs sUg= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 7 2 3600 20181230101821 20181130101821 21485 example.com. kvapB5PKSev/ZKLrVqexb3HPFftCrdE7a5fYzzAlSmW85Wzj4b7Pi3pU Jyh6W+9Wo7iTkT9NdBy93RgApoW38CHVh4/FiGJlbIs+cJFgpMfG1kdu Q2j3xn5P4TUlRX9PNtkjDdy13FqpiSMPHNU1ZdLq5oQ/wL2vNSsJ83zq ZZw= ;{id = 2854} +; wildcard denial +example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +example.com. 3600 IN RRSIG NSEC 7 2 18000 20181230101821 20181130101821 21485 example.com. W4RWRKbmCTSKQZuIaDybI+dEwB+wKs24C9f5h01XRuhj9OKTEeomaHCN 4AsK+DdsU7Z6QBYedn+rbYjaCjbTQqztc7Qi8fAF/dw9wRG+WMdATnqD 0uJGRsQLzJmzjttKp64Njtgl4eiNuhOwYzsZpDANKwMv1Rlg7P7HVsZU T+g= ;{id = 2854} +; qname denial +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 7 3 18000 20181230101821 20181130101821 21485 example.com. WFil25/HtvZtJ3QUa9toox+C+qcJOKJwcZ2ylTOlSJzJrJB99oTKN1ZW XLDIRHPX81TTEp0edigErhyLO+xna1+L96Ze4tN9nP/0+N7gzY3bhzmg sms/ojtjuqKSf0ac1ZAUU3aGSdA/rgBYfeTh/2wMaLcQC1BUBZFsztAs sUg= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cname.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +cname.example.com. IN A +SECTION ANSWER +cname.example.com. 3600 IN CNAME www.example.com. +cname.example.com. 3600 IN RRSIG CNAME 7 3 3600 20181230101821 20181130101821 21485 example.com. KSB4An66g0tVndlXTHPjpRzQmsM6TMvV54THQJmiPqiI9UNTQwIwgEPI zSG5lUZwqORK7h4fTStwAosDl+dKFtPWoiW3yV0XytaJqJBfB5eOr6/X 665Qp876He3ZhVBYfekFVZnO+amzv8oycjngPsSHxpMZ760HNFRSgacy bDc= ;{id = 2854} +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 7 2 3600 20181230101821 20181130101821 21485 example.com. kvapB5PKSev/ZKLrVqexb3HPFftCrdE7a5fYzzAlSmW85Wzj4b7Pi3pU Jyh6W+9Wo7iTkT9NdBy93RgApoW38CHVh4/FiGJlbIs+cJFgpMfG1kdu Q2j3xn5P4TUlRX9PNtkjDdy13FqpiSMPHNU1ZdLq5oQ/wL2vNSsJ83zq ZZw= ;{id = 2854} +example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +example.com. 3600 IN RRSIG NSEC 7 2 18000 20181230101821 20181130101821 21485 example.com. W4RWRKbmCTSKQZuIaDybI+dEwB+wKs24C9f5h01XRuhj9OKTEeomaHCN 4AsK+DdsU7Z6QBYedn+rbYjaCjbTQqztc7Qi8fAF/dw9wRG+WMdATnqD 0uJGRsQLzJmzjttKp64Njtgl4eiNuhOwYzsZpDANKwMv1Rlg7P7HVsZU T+g= ;{id = 2854} +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 7 3 18000 20181230101821 20181130101821 21485 example.com. WFil25/HtvZtJ3QUa9toox+C+qcJOKJwcZ2ylTOlSJzJrJB99oTKN1ZW XLDIRHPX81TTEp0edigErhyLO+xna1+L96Ze4tN9nP/0+N7gzY3bhzmg sms/ojtjuqKSf0ac1ZAUU3aGSdA/rgBYfeTh/2wMaLcQC1BUBZFsztAs sUg= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END |