summaryrefslogtreecommitdiffstats
path: root/tests/deckard/sets/resolver/iter_validate_extradata.rpl
diff options
context:
space:
mode:
Diffstat (limited to 'tests/deckard/sets/resolver/iter_validate_extradata.rpl')
-rw-r--r--tests/deckard/sets/resolver/iter_validate_extradata.rpl212
1 files changed, 212 insertions, 0 deletions
diff --git a/tests/deckard/sets/resolver/iter_validate_extradata.rpl b/tests/deckard/sets/resolver/iter_validate_extradata.rpl
new file mode 100644
index 0000000..e32af3a
--- /dev/null
+++ b/tests/deckard/sets/resolver/iter_validate_extradata.rpl
@@ -0,0 +1,212 @@
+; config options
+;server:
+ trust-anchor: ". 3600 IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
+ val-override-timestamp: "1437625000"
+
+;stub-zone:
+; name: "."
+ stub-addr: 198.41.0.4 # a.root-servers.net.
+CONFIG_END
+
+SCENARIO_BEGIN Test basic validation, answer contains an extra A record which must be ignored.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+ ADDRESS 198.41.0.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. 518400 IN NS a.root-servers.net.
+. 518400 IN NS b.root-servers.net.
+. 518400 IN NS c.root-servers.net.
+. 518400 IN NS d.root-servers.net.
+. 518400 IN NS e.root-servers.net.
+. 518400 IN NS f.root-servers.net.
+. 518400 IN NS g.root-servers.net.
+. 518400 IN NS h.root-servers.net.
+. 518400 IN NS i.root-servers.net.
+. 518400 IN NS j.root-servers.net.
+. 518400 IN NS k.root-servers.net.
+. 518400 IN NS l.root-servers.net.
+. 518400 IN NS m.root-servers.net.
+. 518400 IN RRSIG NS 8 0 518400 20150802050000 20150723040000 1518 . JSoL4/wQXh7vzoY/m98WYbpr2/S66u4RQi/UhkSrR3JmPZaWRRERDFm6 RRrFY6GWt4CP61X9rvshuVT+0OhluXqYpEatoHEDgur+PKf3+dTAmcgQ 4RzsahwhQ42Y9fDgJ2nNVMcN97HEIH+qMv0FWjU9b7wJ2iYlDL1ZoAVu TKE=
+SECTION ADDITIONAL
+a.root-servers.net. 518400 IN A 198.41.0.4
+ENTRY_END
+
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+. IN DNSKEY
+SECTION ANSWER
+. 172800 IN DNSKEY 256 3 8 AwEAAa67bQck1JjopOOFc+iMISFcp/osWrEst2wbKbuQSUWu77QC9UHL ipiHgWN7JlqVAEjKITZz49hhkLmOpmLK55pTq+RD2kwoyNWk9cvpc+tS nIxT7i93O+3oVeLYjMWrkDAz7K45rObbHDuSBwYZKrcSIUCZnCpNMUtn PFl/04cb
+. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=
+. 172800 IN RRSIG DNSKEY 8 0 172800 20150804235959 20150721000000 19036 . n9FwNj80Zik2Rr2zTB4F17ydFpiZfUIv8v/XAz4EbSgRxQgFT+TCz3FW i4O7tW5REXUVNHtULiS7fxKLsHZNDPev8DA20DXAw3eEIDi9pDi01O/e 4GnljpkPnP8d5zA62Dob4cxgmhjjFTvhIjtDsH5Dd4jmyHsgBboy4grZ uJNdsez76gD4Ad6WlosZn5Hj5JwqaxZlRph/6I3va4rkp4c32w5DwaQ7 WSne8ffMHX9r7Dn6EbT3FfvnXFDNPE1P6r+qzTzC0t+M/F4R3H+VOdqg cRJcBG6zGCh9ZErhAeoiJh1WAfpjpzx+TUMzqxZCjSC/XL+l2YMKVHtF 8WNg/w==
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+cz. IN NS
+SECTION AUTHORITY
+cz. 172800 IN NS a.ns.nic.cz.
+cz. 86400 IN DS 54576 10 2 397E50C85EDE9CDE33F363A9E66FD1B216D788F8DD438A57A423A386 869C8F06
+cz. 86400 IN RRSIG DS 8 1 86400 20150802050000 20150723040000 1518 . fEz3NpYRzgeBjKrLMpht3KFOQ0t6U2wikIaOt1HcmFvurxtPkZVvqdb0 QBQfvh8DoEXDbvpcikzMIO9XYLzzs10X/m91ybGiWzcTVcU+prVGZJP9 zZrvYAIWrpxoC4deKD+vOoNZXGnLfffi6lmGn7QRZaH0LVKjn33cIaPQ 9EM=
+SECTION ADDITIONAL
+a.ns.nic.cz. 172800 IN A 194.0.12.1
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+cz. IN DS
+SECTION ANSWER
+cz. 86400 IN DS 54576 10 2 397E50C85EDE9CDE33F363A9E66FD1B216D788F8DD438A57A423A386 869C8F06
+cz. 86400 IN RRSIG DS 8 1 86400 20150802050000 20150723040000 1518 . fEz3NpYRzgeBjKrLMpht3KFOQ0t6U2wikIaOt1HcmFvurxtPkZVvqdb0 QBQfvh8DoEXDbvpcikzMIO9XYLzzs10X/m91ybGiWzcTVcU+prVGZJP9 zZrvYAIWrpxoC4deKD+vOoNZXGnLfffi6lmGn7QRZaH0LVKjn33cIaPQ 9EM=
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+cz. IN RRSIG
+SECTION AUTHORITY
+cz. 172800 IN NS a.ns.nic.cz.
+cz. 86400 IN DS 54576 10 2 397E50C85EDE9CDE33F363A9E66FD1B216D788F8DD438A57A423A386 869C8F06
+cz. 86400 IN RRSIG DS 8 1 86400 20150802050000 20150723040000 1518 . fEz3NpYRzgeBjKrLMpht3KFOQ0t6U2wikIaOt1HcmFvurxtPkZVvqdb0 QBQfvh8DoEXDbvpcikzMIO9XYLzzs10X/m91ybGiWzcTVcU+prVGZJP9 zZrvYAIWrpxoC4deKD+vOoNZXGnLfffi6lmGn7QRZaH0LVKjn33cIaPQ 9EM=
+SECTION ADDITIONAL
+a.ns.nic.cz. 172800 IN A 194.0.12.1
+ENTRY_END
+
+RANGE_END
+
+;a.ns.nic.cz.
+RANGE_BEGIN 0 100
+ ADDRESS 194.0.12.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+cz. IN DNSKEY
+SECTION ANSWER
+cz. 18000 IN DNSKEY 256 3 10 AwEAAbwKeyKB5fuLe16/N5MR6OoG/PO8uxEob7HoIjK0w0wNjwINYb2w edLtzhVlA4HJ0AUUBuZiNj41hlJ474SOBlsAA7BQdtbL1V0Ksk8IC5Z8 3ldU9Mp+ynkj9p9Cl2UOBmoVFYfkbwz0BsOptcXruYA52Ayc9rHrmDPI /0Y8gZAL
+cz. 18000 IN DNSKEY 257 3 10 AwEAAay0hi4HN2r/BqMQTpIPIVDyjmyF+9ZWvr5Lewx+q+947o/GrRv4 FGFfkZxf9CFfYVUf0jG5Yq4i06pGVNwJl81HS9Ux2oeHRXUvgtLnl5He RVLL+zgI5byx9HSNr4bPO8ZEn5OjoayhkNyGSFr4VWrzQk/K02vLP4d1 cCEzUQy30eyZto2/tG5ZwCU/iRkS1PJOcOW98hiFIfFDZv1XjbEpqEYh T2PATs6rt+BKwSHKGISmg1PNdg+y0rItemYMWr1f9BGAdtTWoPCPCYPj OZMPoIyA4tMscD+ww54Jf/QNoHccY4hO1yHiuAXG7SUn8jo0IKQ9W7JJ xES0aqFCX/0=
+cz. 18000 IN RRSIG DNSKEY 10 1 18000 20150802000000 20150719000000 54576 cz. K04ONpLX3wseqHhUu2QLBY7wzSUszVlut5mC6jpCAqbfhgIvGMnyoWP5 lKwSvCLmjie0j1HSv8Q4OmoYGz8L+P/FGAzK4LhMturHrDtHkpuGvQJ6 //UsHQhf4iwCg5tEeHI4ZvaMmqRZI3FhBnSh0OyFjGO73FRbBU9nDrOM sPB1iCUfRfZhQU0sB/rj82ykBUma280sO1aRp3gmQHc/SVNbFfCL1Z8D htBP6sy4Jh0z3Z40d4CFZ8ZCBsIloHO44/GvXGePtr2dW4gJsoU1619B Jz+6cuTRh5RJBiweUNb/nwjBP8fNRkzH1CbjomC2FpDMnBXw7jE1GUiY vLW9Gg==
+cz. 18000 IN RRSIG DNSKEY 10 1 18000 20150805131929 20150723140842 39788 cz. KhyRPt4TYVYH7VAsfn39tY66+5P8bgZhG83d33oogLuqQEPgsxt/tu0c snrUA11Ub+4wOK3MslD5/gTyBuDtT9dk4FbRr3WeUZ4DNn5laYO3AcYx SAU3Vn3dZ8orWFxEwTKNhH5QthPdHj8p8097KRHiPo/DGEnFpYdocEws WJ4=
+ENTRY_END
+
+; a.ns.nic.cz.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+cz. IN NS
+SECTION ANSWER
+cz. 18000 IN NS a.ns.nic.cz.
+cz. 18000 IN NS b.ns.nic.cz.
+cz. 18000 IN NS c.ns.nic.cz.
+cz. 18000 IN NS d.ns.nic.cz.
+cz. 18000 IN RRSIG NS 10 1 18000 20150802132511 20150721120844 39788 cz. pf5UzinUesHzGQTav/1NxGW0AifCmzLW3S8X9tWDRwx7XSKGac7QVXgp nMNyb/NiSho9oj+ZTaQpBZQaTri+brHT4W/nE0TofqZlyYiaABb9xgxJ LgjLkt+OVcJsM3a+q+QEGSt+skNlZVDQeR+sztbuORiZXAqhxumxD8iy zZ8=
+SECTION AUTHORITY
+extra-a. 3600 IN A 1.2.3.4
+extra-ns. 3600 IN NS target-extra-ns.
+SECTION ADDITIONAL
+a.ns.nic.cz. 18000 IN A 194.0.12.1
+b.ns.nic.cz. 18000 IN A 194.0.12.1
+c.ns.nic.cz. 18000 IN A 194.0.12.1
+d.ns.nic.cz. 18000 IN A 194.0.12.1
+ENTRY_END
+
+; a.ns.nic.cz.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+cz. IN RRSIG
+SECTION ANSWER
+; It's okay to lie here as the resolver can't check if we have provided every RRSIG, because there is no RRSIG of RRSIGs
+cz. 18000 IN RRSIG SOA 10 1 18000 20151221212655 20151208120941 37310 cz. ZsKG0TImVm+nAuWvn+Kg61WIet0E++Bt1mxIIywCxtZs/JQlhbjzFPvA ICdYLoqZ06JTwit1nD9xx6jdrfguSVB55G3LGuQiXz4JwEdCWhoVcC3Y Aq6jG1Eor3dhAF8dSIYkE21J3A6oC3O1rDYymKiXpkekFMaaBE0JEvUJ ut8=
+ENTRY_END
+
+RANGE_END
+
+;STEP 0 TIME_PASSES ELAPSE 1000
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+cz. IN RRSIG
+ENTRY_END
+
+; check that it answers a query for RRSIG (unauthenticated)
+; digests are swapped, i.e. signatures are invalid, server shouldn't use them later
+STEP 2 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+cz. IN RRSIG
+SECTION ANSWER
+cz. 18000 IN RRSIG SOA 10 1 18000 20151221212655 20151208120941 37310 cz. ZsKG0TImVm+nAuWvn+Kg61WIet0E++Bt1mxIIywCxtZs/JQlhbjzFPvA ICdYLoqZ06JTwit1nD9xx6jdrfguSVB55G3LGuQiXz4JwEdCWhoVcC3Y Aq6jG1Eor3dhAF8dSIYkE21J3A6oC3O1rDYymKiXpkekFMaaBE0JEvUJ ut8=
+ENTRY_END
+
+STEP 3 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+cz. IN NS
+ENTRY_END
+
+; check that it answers a plain query
+STEP 4 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+cz. IN NS
+SECTION ANSWER
+cz. 18000 IN NS a.ns.nic.cz.
+cz. 18000 IN NS b.ns.nic.cz.
+cz. 18000 IN NS c.ns.nic.cz.
+cz. 18000 IN NS d.ns.nic.cz.
+ENTRY_END
+
+STEP 5 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+cz. IN NS
+ENTRY_END
+
+; recursion happens here.
+STEP 6 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+cz. IN NS
+SECTION ANSWER
+cz. 18000 IN NS a.ns.nic.cz.
+cz. 18000 IN NS b.ns.nic.cz.
+cz. 18000 IN NS c.ns.nic.cz.
+cz. 18000 IN NS d.ns.nic.cz.
+cz. 18000 IN RRSIG NS 10 1 18000 20150802132511 20150721120844 39788 cz. pf5UzinUesHzGQTav/1NxGW0AifCmzLW3S8X9tWDRwx7XSKGac7QVXgp nMNyb/NiSho9oj+ZTaQpBZQaTri+brHT4W/nE0TofqZlyYiaABb9xgxJ LgjLkt+OVcJsM3a+q+QEGSt+skNlZVDQeR+sztbuORiZXAqhxumxD8iy zZ8=
+ENTRY_END
+
+SCENARIO_END