diff options
Diffstat (limited to 'tests/testdata_notimpl/iter_scrub_dname_sec.rpl')
-rw-r--r-- | tests/testdata_notimpl/iter_scrub_dname_sec.rpl | 212 |
1 files changed, 212 insertions, 0 deletions
diff --git a/tests/testdata_notimpl/iter_scrub_dname_sec.rpl b/tests/testdata_notimpl/iter_scrub_dname_sec.rpl new file mode 100644 index 0000000..0d06bf4 --- /dev/null +++ b/tests/testdata_notimpl/iter_scrub_dname_sec.rpl @@ -0,0 +1,212 @@ +; config options +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test scrub of secure DNAME in answer section + +RANGE_BEGIN 0 100 +; all adresses +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR NOERROR +; SECTION QUESTION +; x.y.example.com. IN A +; SECTION AUTHORITY +; com. IN NS a.gtld-servers.net. +; SECTION ADDITIONAL +; a.gtld-servers.net. IN A 192.5.6.30 +; ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR NOERROR +; SECTION QUESTION +; x.y.example.com. IN A +; SECTION AUTHORITY +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +y.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. ALCQdkXflwgQVKCFeYgCAx3ipuoPsGJVZjNeUriXE4nd94h50zJWDJ4= ;{id = 2854} +x.y.example.com. IN CNAME x.z.example.com. +x.z.example.com. IN A 10.20.30.0 +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. AA3IkI13XbKFU5NSqBVA9oM1WiyEKCy4DYFOAdihDf6uHps9lce3kEc= ;{id = 2854} +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AKcUlwrSz2xYKnQ7b7oMblRa0rKjfUNT900bIkGjLKLWDUGc8mKZE2M= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.z.example.com. IN A +SECTION ANSWER +x.z.example.com. IN A 10.20.30.40 +x.z.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 example.com. ADZ12PiZGEjVUyLLYkct/SBE2WT4D5IkMOKdcl0dzQ0XRAC5y/0bS7A= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854} +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ACHcJehLt4Hz+rAdxMPE96o7HJAEFohFXbxrKYlG+0WLfYAvH2nxU8k= ;{id = 2854} +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AInP69g8uR1n/aRg4gmGu8UoM+zZYgjOqbNN2IvOxw3bk/q+g05jKg0= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + + +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +x.y.example.com. IN A +ENTRY_END + +; answer to first query (simply puts DNAME in cache) +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO +SECTION QUESTION +x.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +y.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. ALCQdkXflwgQVKCFeYgCAx3ipuoPsGJVZjNeUriXE4nd94h50zJWDJ4= ;{id = 2854} +x.y.example.com. IN CNAME x.z.example.com. +x.z.example.com. IN A 10.20.30.40 +x.z.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 example.com. ADZ12PiZGEjVUyLLYkct/SBE2WT4D5IkMOKdcl0dzQ0XRAC5y/0bS7A= ;{id = 2854} +;SECTION AUTHORITY +;example.com. IN NS ns1.example.com. +;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854} +;SECTION ADDITIONAL +;ns1.example.com. IN A 168.192.2.2 +;ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854} +ENTRY_END + +; now, DNAME is secure and can be used from cache. +; new query +STEP 200 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +other.y.example.com. IN A +ENTRY_END + +STEP 230 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +other.z.example.com. IN A +ENTRY_END +STEP 240 REPLY +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +other.z.example.com. IN A +SECTION ANSWER +other.z.example.com. IN A 50.60.70.80 +other.z.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 example.com. AAp6G89oAvkyAaeF2d35AJNlzMhedGo0Bcppl0IOyF3HRzoc51vjJoU= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854} +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854} +ENTRY_END + +STEP 250 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO +SECTION QUESTION +other.y.example.com. IN A +SECTION ANSWER +y.example.com. DNAME z.example.com. +y.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. ALCQdkXflwgQVKCFeYgCAx3ipuoPsGJVZjNeUriXE4nd94h50zJWDJ4= ;{id = 2854} +other.y.example.com. IN CNAME other.z.example.com. +other.z.example.com. IN A 50.60.70.80 +other.z.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 example.com. AAp6G89oAvkyAaeF2d35AJNlzMhedGo0Bcppl0IOyF3HRzoc51vjJoU= ;{id = 2854} +;SECTION AUTHORITY +;example.com. IN NS ns1.example.com. +;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. ADesKDqTIOswg5QC6eTIQvGu3DHsPMz1htpHLcDJwE8IpURTnMuD0Mw= ;{id = 2854} +;SECTION ADDITIONAL +;ns1.example.com. IN A 168.192.2.2 +;ns1.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. ACYkeSRNcLVXeL+R9AM9e1GbxTwXNXpy1M5hcyuVkhkY2d5jGrkye7I= ;{id = 2854} +ENTRY_END + +SCENARIO_END |