From 3d0386f27ca66379acf50199e1d1298386eeeeb8 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 6 May 2024 02:55:53 +0200
Subject: Adding upstream version 3.2.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../resolver/nsec_wildcard_answer_response.rpl     | 418 +++++++++++++++++++++
 1 file changed, 418 insertions(+)
 create mode 100644 tests/deckard/sets/resolver/nsec_wildcard_answer_response.rpl

(limited to 'tests/deckard/sets/resolver/nsec_wildcard_answer_response.rpl')

diff --git a/tests/deckard/sets/resolver/nsec_wildcard_answer_response.rpl b/tests/deckard/sets/resolver/nsec_wildcard_answer_response.rpl
new file mode 100644
index 0000000..e51d351
--- /dev/null
+++ b/tests/deckard/sets/resolver/nsec_wildcard_answer_response.rpl
@@ -0,0 +1,418 @@
+; config options
+;server:
+	trust-anchor: ". IN DS 41524 8 2 5175938255D97A88F9D16A5A46ED3AE373441DF5058C1666D953005D A6BD57F3"
+	val-override-date: "20170401000000"
+
+;stub-zone:
+;	name: "."
+	stub-addr: 192.0.2.1 	# ns.
+CONFIG_END
+
+SCENARIO_BEGIN Test validation of NSEC wildcard answer response.
+
+; ns.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.2.1
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+.			3600	IN	NS	ns.
+.			3600	IN	RRSIG	NS 8 0 3600 20170418124934 20170319124934 41524 . cclqaWsABHoHHSVEjxvWUkj7WBJQGdxvEj2/brtPw9wh42JsedoAsu9g e7885/LSxVOSFf5mZ3eHN1dfxHF5QLYVO2oKgDOl8kM7Hyb3rkqmOp7L lqVS4v4iH4etaonhIW6qwqZTLlets59Z48sF/qurX6EVE/xTc7Kc917c 7oUgHoPoKa8RXkBvXFOuSgXA+OkewLrBcdGaokSLD92/+wZKLAWopc32 mTbZMSImdywm4CvePEZUyXeeQASc7H4eCKE6LFw/4577YrHzDYp2QVnq meJfYg46NXm7xC4bJni/zHmnjKxIS+vi2CdqA7uJviTFpj5XF3g+73aj LHI99Q==
+SECTION ADDITIONAL
+ns.			3600	IN	A	192.0.2.1
+ns.			3600	IN	RRSIG	A 8 1 3600 20170418124934 20170319124934 41524 . r+kPV+Qp088ifM2RRJd9/kTwlFV4Ejuhb8G8VAPmWwkiXSJSrS7HXR9n xkO1CHSzwGYumIDoZsPqZ+RQwY4EBd6xPuAdMAmN/zbebmz+UtNTGLz3 8KVjZoRsJt0BftJs/o3SogiV6cfUtFVnRJN4sCRzAQcyywtKxhtKgHjX 1A47NKzjkbkm2TlUeVwXJjkp0FleZaiNP6wEoxE2cr1hKX4HutXzegzr PaiNGgQhY3yLohBmoSozFLYUN8YPMw6BTf0CLAqyU6N51fVaPZIlARbd V9Ia48AGz44324WrvssuaW2wb0OQie0RAPrHlXg5Ly5I9DeE6m6Czc+M fHBZUQ==
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns. IN A
+SECTION ANSWER
+ns.			3600	IN	A	192.0.2.1
+ns.			3600	IN	RRSIG	A 8 1 3600 20170418124934 20170319124934 41524 . r+kPV+Qp088ifM2RRJd9/kTwlFV4Ejuhb8G8VAPmWwkiXSJSrS7HXR9n xkO1CHSzwGYumIDoZsPqZ+RQwY4EBd6xPuAdMAmN/zbebmz+UtNTGLz3 8KVjZoRsJt0BftJs/o3SogiV6cfUtFVnRJN4sCRzAQcyywtKxhtKgHjX 1A47NKzjkbkm2TlUeVwXJjkp0FleZaiNP6wEoxE2cr1hKX4HutXzegzr PaiNGgQhY3yLohBmoSozFLYUN8YPMw6BTf0CLAqyU6N51fVaPZIlARbd V9Ia48AGz44324WrvssuaW2wb0OQie0RAPrHlXg5Ly5I9DeE6m6Czc+M fHBZUQ==
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns. IN AAAA
+SECTION AUTHORITY
+.			0	IN	SOA	. . 0 0 0 0 0
+ns.			0	IN	NSEC	. A RRSIG NSEC
+.			3600	IN	RRSIG	SOA 8 0 3600 20170418124934 20170319124934 41524 . njTin0/F2e0rVDB1tR4Qf3Fy7yFhsEQBjBP0tLbjAGxkXXmkf3RQAQI6 2OzbNgFH+v+SlupN03LwNbGgxVpvgpEC9X9wh5/l6t+YgMFEHwzVu5Qv 9Mybiqe0gMU8KBtYnTcFkUGs+gE+t7Z/DhPx88zBixYTNGXbDNUWI5nl /xq4FlIAcEb1r+bKpFbpAHyVTrqjy1ZIpn5lYrQPwfrQ/g0iL76SgwT+ 8oBF9LDmrgeVZA5lzzjfu7jp7/N7eYAA6YYZCaK6tca33xTc2RUbmyKQ VJMN8wets+iPxrwAAbHVc5FmxmdlDVQlh4AXkgDahFoUtZwzvLCuphj/ D66dsA==
+ns.			0	IN	RRSIG	NSEC 8 1 0 20170418124934 20170319124934 41524 . ELuSBQbX8wpCTnUBj2OC/if7HEc0DyekwfNccg84kG9vCfn4PS+AcwJB ZbjJjRWGIIYJBesXuRbaZ1P0yYWSlPfwqbWhO1amSmqOgKEMKgVDmQ3g Qc3e3qqRi5YiGpAnQen7EOnbtUuFKH/OTd5Valq+sKxaYVpJxz53tgTm 42nYuWJg/9aDr9P6NNtl1XoTV+84ApFSxQ9EM9WHsYkVzYTrLZQhMmlQ K1zAsUoUcLISTf5q0T7npsMY7bjaoWfNvGeuUT2VMz44sevivR39Wy3o utWn9zcXa2hXPXW3XXrzIQfkQN9CDkJ5IAwKRPWq1a5vFmbyXN8GfBR3 6le6qA==
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+. IN DNSKEY
+SECTION ANSWER
+.			3600	IN	DNSKEY	257 3 8 AwEAAbgyvYQ2Vlff/inpv4NZLlIk2+l1sL0JoeOUlWHZ3eeWXZKxQJak QIXyGi8xsuANzu/YStLp31SfU/Fj4piUciqA+U74Lot1S/jcM7/1eczh 69YqGUAPZkreZ3z2DpWzBN4lgPR/w0OvTada3D42uV2bzuSK/nXMiMpZ vP1vZ1ykNRmbksTzA+HnrefRi2yuMSUqMHbtfbfFwqVTQ1ddVwSK7qIJ 02jo95YJUSZDPUUQlczIsFsa7Zxn6gQZl+iaRuDY6nLxxStYYlcqZhVA G5U8Dx4IznQ0FkEJp9RXtv5rmtClcQpudCl1gE0GC/W+TTUAa3hD597f onH+s/OfdCE=
+.			3600	IN	RRSIG	DNSKEY 8 0 3600 20170418124934 20170319124934 41524 . j/TFYuMrE2Hw4fVUjyIeawIGjuPSGYpmaPQO6fo6B36LG+Fi+GsdrR8x 0OltpfgM7K6QXXZvvPe8IiBACfwPhjUbDgocjkT3VfXONO2wg3xI4pbh rBP7va2otZxPKnnOHWg78l9wcDdaJePOvRv9XjqW6TxO1tugskUy612/ fZpaCrqqQPnCxmjxso8VbKYJHy5dRJFVGX0q2BTsoK55x6+Ecao4eDFo d5VFP9R+oMFlMHV9GPF+NPpfWp3lvQa+6jEikJlZXIExx4x0vUzHgrfZ 2V+4C8Hn0Bc9JfyLqYk6aulbfqkxs+Ao9fm+aNkQVJR4+1PLXnqSCH+/ iP0FVQ==
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example. IN NS
+SECTION AUTHORITY
+.			0	IN	SOA	. . 0 0 0 0 0
+.			0	IN	NSEC	*.nsec.example. NS SOA RRSIG NSEC DNSKEY
+.			3600	IN	RRSIG	SOA 8 0 3600 20170418145253 20170319145253 41524 . GrQu0mY+qRcyVrfn2tp3IpLLZhXUEVCEIg6oVa+wlS5eNULJIJ4xZLG8 T8Dt/ca7XYiWz5Hbv5FP2UG8vbME9Qi3W4pghCSeUq+r0Z+sKJ//BS20 wcX9gpv3KeenLCiLggZDuDvhIJ0Ce8V+p9p+BFbpL4rSESEOLR7VDt5q 2bXgra5ukVp94OF6mCuMSTv2uPfgoNV5b53waJ2TS98E2yOPnNd/LgYa XWqao2a0en3odQPGy+5sdg+Z+UkLS1ySn6hB50Xl6f1CMYVPU7X8+bub g2bHD3yK2Sy5bkNipyohcW8P7tNnR78HhlJyOOGeHzOS2975B6E34mjV zSumrA==
+.			0	IN	RRSIG	NSEC 8 0 0 20170418145253 20170319145253 41524 . C0tKsifl3qXK5OqpVW4boQleYwtWtT3P7UeVZhBSqEMAIV7UcEWMnnUW wUgtgA181pwvyqwcDYmbz1sM+1GfewfjQY1ulZyj3bjgOy7/w+0BT8JX +FFXrE6j2vRvHFHF0nyfNHwJHAYxaoEl1m5uobPYQy8Cb61MfbRGfj1Q rF5OcSI1O0ExXoPIcIuS3WN2wAqLGLwzSsrltp6K8N81+bbMHZD4TIlA ED3Rl+hL6eg/kx1IcY5PEKI+T6gaqbRlfXicyk+Z4ZYnMn5nH7k5s6Hw CaMUYMsJLpU5ZUfjgQUFbUyKOU5ivTbPQEcujy9yXJ5dX3K2JP4u7MrY sIpuCA==
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+name.example. IN NS
+SECTION AUTHORITY
+.			0	IN	SOA	. . 0 0 0 0 0
+.			0	IN	NSEC	*.nsec.example. NS SOA RRSIG NSEC DNSKEY
+.			3600	IN	RRSIG	SOA 8 0 3600 20170418145253 20170319145253 41524 . GrQu0mY+qRcyVrfn2tp3IpLLZhXUEVCEIg6oVa+wlS5eNULJIJ4xZLG8 T8Dt/ca7XYiWz5Hbv5FP2UG8vbME9Qi3W4pghCSeUq+r0Z+sKJ//BS20 wcX9gpv3KeenLCiLggZDuDvhIJ0Ce8V+p9p+BFbpL4rSESEOLR7VDt5q 2bXgra5ukVp94OF6mCuMSTv2uPfgoNV5b53waJ2TS98E2yOPnNd/LgYa XWqao2a0en3odQPGy+5sdg+Z+UkLS1ySn6hB50Xl6f1CMYVPU7X8+bub g2bHD3yK2Sy5bkNipyohcW8P7tNnR78HhlJyOOGeHzOS2975B6E34mjV zSumrA==
+.			0	IN	RRSIG	NSEC 8 0 0 20170418145253 20170319145253 41524 . C0tKsifl3qXK5OqpVW4boQleYwtWtT3P7UeVZhBSqEMAIV7UcEWMnnUW wUgtgA181pwvyqwcDYmbz1sM+1GfewfjQY1ulZyj3bjgOy7/w+0BT8JX +FFXrE6j2vRvHFHF0nyfNHwJHAYxaoEl1m5uobPYQy8Cb61MfbRGfj1Q rF5OcSI1O0ExXoPIcIuS3WN2wAqLGLwzSsrltp6K8N81+bbMHZD4TIlA ED3Rl+hL6eg/kx1IcY5PEKI+T6gaqbRlfXicyk+Z4ZYnMn5nH7k5s6Hw CaMUYMsJLpU5ZUfjgQUFbUyKOU5ivTbPQEcujy9yXJ5dX3K2JP4u7MrY sIpuCA==
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+nsec.example. IN NS
+SECTION AUTHORITY
+.			0	IN	SOA	. . 0 0 0 0 0
+.			0	IN	NSEC	*.nsec.example. NS SOA RRSIG NSEC DNSKEY
+*.nsec.example.		0	IN	NSEC	explicita.nsec.example. A RRSIG NSEC
+.			3600	IN	RRSIG	SOA 8 0 3600 20170418145253 20170319145253 41524 . GrQu0mY+qRcyVrfn2tp3IpLLZhXUEVCEIg6oVa+wlS5eNULJIJ4xZLG8 T8Dt/ca7XYiWz5Hbv5FP2UG8vbME9Qi3W4pghCSeUq+r0Z+sKJ//BS20 wcX9gpv3KeenLCiLggZDuDvhIJ0Ce8V+p9p+BFbpL4rSESEOLR7VDt5q 2bXgra5ukVp94OF6mCuMSTv2uPfgoNV5b53waJ2TS98E2yOPnNd/LgYa XWqao2a0en3odQPGy+5sdg+Z+UkLS1ySn6hB50Xl6f1CMYVPU7X8+bub g2bHD3yK2Sy5bkNipyohcW8P7tNnR78HhlJyOOGeHzOS2975B6E34mjV zSumrA==
+.			0	IN	RRSIG	NSEC 8 0 0 20170418145253 20170319145253 41524 . C0tKsifl3qXK5OqpVW4boQleYwtWtT3P7UeVZhBSqEMAIV7UcEWMnnUW wUgtgA181pwvyqwcDYmbz1sM+1GfewfjQY1ulZyj3bjgOy7/w+0BT8JX +FFXrE6j2vRvHFHF0nyfNHwJHAYxaoEl1m5uobPYQy8Cb61MfbRGfj1Q rF5OcSI1O0ExXoPIcIuS3WN2wAqLGLwzSsrltp6K8N81+bbMHZD4TIlA ED3Rl+hL6eg/kx1IcY5PEKI+T6gaqbRlfXicyk+Z4ZYnMn5nH7k5s6Hw CaMUYMsJLpU5ZUfjgQUFbUyKOU5ivTbPQEcujy9yXJ5dX3K2JP4u7MrY sIpuCA==
+*.nsec.example.		0	IN	RRSIG	NSEC 8 2 0 20170418145253 20170319145253 41524 . A60R/W7nJnrOGnESzKm1//8kydq91hlsk9+2r5z/AT3vuyLdrDVRmmZg LzIdcJ/9qIt4XrfvaGWmqhs2qmm5EbjFoXh+AoRqaetaK1auuAGHqH9U KdMOuxlkoJ4z6sDpSxumbgVxKq7kj7nKGYF/dyCHTcJhKuo498XYh+MQ MDKu82CfmLPdwroqgQyyux/9oimLbYDo/fz09w+/uzApnOWgyM5WiE/M Q6tgHL+UTi5hdZ7jIF2gCtp+V5YcWLI/wcmuJ7lkCh3B9UoCy0box8PB V4U2chvK7pR3DG8slgEaag5wiPto6fwru7PShfp0oC6d6m0x4jsuT6u1 j6GmIw==
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+local.nsec.example. IN A
+SECTION ANSWER
+local.nsec.example.	3600	IN	A	10.6.6.6
+local.nsec.example.	3600	IN	RRSIG	A 8 2 3600 20170418145253 20170319145253 41524 . aHyII7vYA6ELENm2C+88GLhJ0D+WBO/TaabT4jnHpyPaVlg+KXOg7Ar1 s04vcPDczmzft178ZcQYbeY2/UR7LsDZoj8j+86MTkVP/FIyNt/8rHch r/AFQQvXvjqD1XTho+3Fyk1HLD+VKI8Rkq894cfc9rAPb1+H3PPz6JWb EwM7S6Ox2OixUEVNKStrsEIDzYSyWmdpRXFC8CVR5zEv1OxBlNBUvza2 KNJHTxwEIcFQY5MdKkGIa25TckAYhncboI1j79VdRa0xqymO81E7AR/D HTBVLD/gENvgN7HGAduC834SuZ1ReDhlbSD1KHw5GPgBGw9e7kzpsoYH MASASg==
+SECTION AUTHORITY
+explicita2.nsec.example. 0	IN	NSEC	ns. A RRSIG NSEC
+explicita2.nsec.example. 0	IN	RRSIG	NSEC 8 3 0 20170418145253 20170319145253 41524 . kam1hKBwoeTPR0wpvPs2Jyik3hB+Q0Ek4rpD3BNhUa+gTbBk1Z0q5yEs RFVsp6EZlpcP357QiipC2wrPfd3SunGVTVfAD4h6gn1/e5mPN4kJJfOa nMgwZQATF/vilnGu2+5Xtup3blFhg43UJB//iyTcn8c+phMaySbyT5uG xXaM1Gv2maHeJQNOB8cwFWHpYy/Uoph5rpEcZoxGjGkTLNE8pvhlSAgB wYEtMvli3KJH6hjBnOzhMAtOl+ZHy3VFo/UVm/Lwyzmlg+OQ8LCz+NY0 kmAH8z7ZNKZMxyvBpLzxAU2O+j4uSmp5ENuLcqvEyofr2xrq5Fm7OSoH qZvQ1A==
+ENTRY_END
+
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+local.nsec.example. IN NS
+SECTION AUTHORITY
+.			0	IN	SOA	. . 0 0 0 0 0
+*.nsec.example.		0	IN	NSEC	explicita.nsec.example. A RRSIG NSEC
+explicita2.nsec.example. 0	IN	NSEC	ns. A RRSIG NSEC
+.			3600	IN	RRSIG	SOA 8 0 3600 20170418145253 20170319145253 41524 . GrQu0mY+qRcyVrfn2tp3IpLLZhXUEVCEIg6oVa+wlS5eNULJIJ4xZLG8 T8Dt/ca7XYiWz5Hbv5FP2UG8vbME9Qi3W4pghCSeUq+r0Z+sKJ//BS20 wcX9gpv3KeenLCiLggZDuDvhIJ0Ce8V+p9p+BFbpL4rSESEOLR7VDt5q 2bXgra5ukVp94OF6mCuMSTv2uPfgoNV5b53waJ2TS98E2yOPnNd/LgYa XWqao2a0en3odQPGy+5sdg+Z+UkLS1ySn6hB50Xl6f1CMYVPU7X8+bub g2bHD3yK2Sy5bkNipyohcW8P7tNnR78HhlJyOOGeHzOS2975B6E34mjV zSumrA==
+*.nsec.example.		0	IN	RRSIG	NSEC 8 2 0 20170418145253 20170319145253 41524 . A60R/W7nJnrOGnESzKm1//8kydq91hlsk9+2r5z/AT3vuyLdrDVRmmZg LzIdcJ/9qIt4XrfvaGWmqhs2qmm5EbjFoXh+AoRqaetaK1auuAGHqH9U KdMOuxlkoJ4z6sDpSxumbgVxKq7kj7nKGYF/dyCHTcJhKuo498XYh+MQ MDKu82CfmLPdwroqgQyyux/9oimLbYDo/fz09w+/uzApnOWgyM5WiE/M Q6tgHL+UTi5hdZ7jIF2gCtp+V5YcWLI/wcmuJ7lkCh3B9UoCy0box8PB V4U2chvK7pR3DG8slgEaag5wiPto6fwru7PShfp0oC6d6m0x4jsuT6u1 j6GmIw==
+explicita2.nsec.example. 0	IN	RRSIG	NSEC 8 3 0 20170418145253 20170319145253 41524 . kam1hKBwoeTPR0wpvPs2Jyik3hB+Q0Ek4rpD3BNhUa+gTbBk1Z0q5yEs RFVsp6EZlpcP357QiipC2wrPfd3SunGVTVfAD4h6gn1/e5mPN4kJJfOa nMgwZQATF/vilnGu2+5Xtup3blFhg43UJB//iyTcn8c+phMaySbyT5uG xXaM1Gv2maHeJQNOB8cwFWHpYy/Uoph5rpEcZoxGjGkTLNE8pvhlSAgB wYEtMvli3KJH6hjBnOzhMAtOl+ZHy3VFo/UVm/Lwyzmlg+OQ8LCz+NY0 kmAH8z7ZNKZMxyvBpLzxAU2O+j4uSmp5ENuLcqvEyofr2xrq5Fm7OSoH qZvQ1A==
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.local.nsec.example. IN A
+SECTION ANSWER
+a.local.nsec.example.	3600	IN	A	10.6.6.6
+a.local.nsec.example.	3600	IN	RRSIG	A 8 2 3600 20170418134059 20170319134059 41524 . KMkFd5M1F8wVtVhXUnyPZMhY6dGj3g54tX+wgRiGSnqlRICCUdc8NCKG w+lJ1HvDrfNduth5De82MwCfgu2qORDGRF1H0DaoLlYOzy7pNPV1kA9R sXals6EyoFw0pEJkdW/pI5/EJz611c5Oy94iz5LbhkM/kwosmtK1ln3Z N+zGGDRj8xAaWsvmAvPXQoIJhHEblPp/Mcs4V6vX0b7plfkdDxa0hCgf 4UYipsqHo6BXksCEkRznIlDWym9jpVqD7TNAIbO/03TpvhnD50C0Wusb k75cTy24NDD7PTmAZwBlT6qZGnODdc1/ECTnq3kYniN6ceevMZQYEVqw S9haUg==
+SECTION AUTHORITY
+explicita2.nsec.example. 0	IN	NSEC	ns. A RRSIG NSEC
+explicita2.nsec.example. 0	IN	RRSIG	NSEC 8 3 0 20170418145253 20170319145253 41524 . kam1hKBwoeTPR0wpvPs2Jyik3hB+Q0Ek4rpD3BNhUa+gTbBk1Z0q5yEs RFVsp6EZlpcP357QiipC2wrPfd3SunGVTVfAD4h6gn1/e5mPN4kJJfOa nMgwZQATF/vilnGu2+5Xtup3blFhg43UJB//iyTcn8c+phMaySbyT5uG xXaM1Gv2maHeJQNOB8cwFWHpYy/Uoph5rpEcZoxGjGkTLNE8pvhlSAgB wYEtMvli3KJH6hjBnOzhMAtOl+ZHy3VFo/UVm/Lwyzmlg+OQ8LCz+NY0 kmAH8z7ZNKZMxyvBpLzxAU2O+j4uSmp5ENuLcqvEyofr2xrq5Fm7OSoH qZvQ1A==
+ENTRY_END
+
+; Missing NSEC covering the wildcard.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+missing-nsec.local.nsec.example.   IN      A
+SECTION ANSWER
+missing-nsec.local.nsec.example. 3600 IN A	10.6.6.6
+missing-nsec.local.nsec.example. 3600 IN RRSIG	A 8 2 3600 20170418134059 20170319134059 41524 . KMkFd5M1F8wVtVhXUnyPZMhY6dGj3g54tX+wgRiGSnqlRICCUdc8NCKG w+lJ1HvDrfNduth5De82MwCfgu2qORDGRF1H0DaoLlYOzy7pNPV1kA9R sXals6EyoFw0pEJkdW/pI5/EJz611c5Oy94iz5LbhkM/kwosmtK1ln3Z N+zGGDRj8xAaWsvmAvPXQoIJhHEblPp/Mcs4V6vX0b7plfkdDxa0hCgf 4UYipsqHo6BXksCEkRznIlDWym9jpVqD7TNAIbO/03TpvhnD50C0Wusb k75cTy24NDD7PTmAZwBlT6qZGnODdc1/ECTnq3kYniN6ceevMZQYEVqw S9haUg==
+ENTRY_END
+
+; kresd will detect validation failure and query for RRSIG
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+missing-nsec.local.nsec.example.     IN      RRSIG
+SECTION ANSWER
+missing-nsec.local.nsec.example. 3600 IN RRSIG	A 8 2 3600 20170418134059 20170319134059 41524 . KMkFd5M1F8wVtVhXUnyPZMhY6dGj3g54tX+wgRiGSnqlRICCUdc8NCKG w+lJ1HvDrfNduth5De82MwCfgu2qORDGRF1H0DaoLlYOzy7pNPV1kA9R sXals6EyoFw0pEJkdW/pI5/EJz611c5Oy94iz5LbhkM/kwosmtK1ln3Z N+zGGDRj8xAaWsvmAvPXQoIJhHEblPp/Mcs4V6vX0b7plfkdDxa0hCgf 4UYipsqHo6BXksCEkRznIlDWym9jpVqD7TNAIbO/03TpvhnD50C0Wusb k75cTy24NDD7PTmAZwBlT6qZGnODdc1/ECTnq3kYniN6ceevMZQYEVqw S9haUg==
+ENTRY_END
+
+; NSEC record was attached to another answer created by copying wildcard data to different owner name
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+incorrect.name.example. IN A
+SECTION ANSWER
+incorrect.name.example. 3600 IN A	10.6.6.6
+incorrect.name.example. 3600 IN RRSIG	A 8 2 3600 20170418134059 20170319134059 41524 . KMkFd5M1F8wVtVhXUnyPZMhY6dGj3g54tX+wgRiGSnqlRICCUdc8NCKG w+lJ1HvDrfNduth5De82MwCfgu2qORDGRF1H0DaoLlYOzy7pNPV1kA9R sXals6EyoFw0pEJkdW/pI5/EJz611c5Oy94iz5LbhkM/kwosmtK1ln3Z N+zGGDRj8xAaWsvmAvPXQoIJhHEblPp/Mcs4V6vX0b7plfkdDxa0hCgf 4UYipsqHo6BXksCEkRznIlDWym9jpVqD7TNAIbO/03TpvhnD50C0Wusb k75cTy24NDD7PTmAZwBlT6qZGnODdc1/ECTnq3kYniN6ceevMZQYEVqw S9haUg==
+SECTION AUTHORITY
+explicita2.nsec.example. 0	IN	NSEC	ns. A RRSIG NSEC
+explicita2.nsec.example. 0	IN	RRSIG	NSEC 8 3 0 20170418145253 20170319145253 41524 . kam1hKBwoeTPR0wpvPs2Jyik3hB+Q0Ek4rpD3BNhUa+gTbBk1Z0q5yEs RFVsp6EZlpcP357QiipC2wrPfd3SunGVTVfAD4h6gn1/e5mPN4kJJfOa nMgwZQATF/vilnGu2+5Xtup3blFhg43UJB//iyTcn8c+phMaySbyT5uG xXaM1Gv2maHeJQNOB8cwFWHpYy/Uoph5rpEcZoxGjGkTLNE8pvhlSAgB wYEtMvli3KJH6hjBnOzhMAtOl+ZHy3VFo/UVm/Lwyzmlg+OQ8LCz+NY0 kmAH8z7ZNKZMxyvBpLzxAU2O+j4uSmp5ENuLcqvEyofr2xrq5Fm7OSoH qZvQ1A==
+ENTRY_END
+
+; kresd will detect validation failure and query for RRSIG
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+incorrect.name.example. IN RRSIG
+SECTION ANSWER
+incorrect.name.example. 3600 IN RRSIG	A 8 2 3600 20170418134059 20170319134059 41524 . KMkFd5M1F8wVtVhXUnyPZMhY6dGj3g54tX+wgRiGSnqlRICCUdc8NCKG w+lJ1HvDrfNduth5De82MwCfgu2qORDGRF1H0DaoLlYOzy7pNPV1kA9R sXals6EyoFw0pEJkdW/pI5/EJz611c5Oy94iz5LbhkM/kwosmtK1ln3Z N+zGGDRj8xAaWsvmAvPXQoIJhHEblPp/Mcs4V6vX0b7plfkdDxa0hCgf 4UYipsqHo6BXksCEkRznIlDWym9jpVqD7TNAIbO/03TpvhnD50C0Wusb k75cTy24NDD7PTmAZwBlT6qZGnODdc1/ECTnq3kYniN6ceevMZQYEVqw S9haUg==
+ENTRY_END
+
+; explicita.nsec.example.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+explicita.nsec.example. IN A
+SECTION ANSWER
+explicita.nsec.example.	3600	IN	A	203.0.113.1
+explicita.nsec.example.	3600	IN	RRSIG	A 8 3 3600 20170418134059 20170319134059 41524 . Nn0DZ1gwzj0FLrgmoeePfKJbvJvTpwtmw6CPehUHyNW7pUOYG8HE45qt tcvx4LWvzYAKy9TY6B7c4D5eMu8+rXXyLg21DX3zFKABEYIeMaJPqPpF WxYqhbP0qQwI/w29B7n3blzzbMOkNvNI4y4RZyBqyqBBfKu/xXYljZG2 MyDlRyEAeV1vewMdhlr6TJoclE6PqYvxiMuXc1f9Nu/TwB22Pp29OTrN A3HFieYVbfWM1F3HtoO6aAk2FVCEveYQOsQ81mgweMKF2OMIK4rjCwlL ffziuSYwF5TcheNATYlaQQZTxKhKsdmGM4BZNprQ/MzoutqIS7j7Vdxs O4N+1Q==
+ENTRY_END
+
+; explicita2.nsec.example. - fake answer attempting to replace explicit record with wildcard data
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+explicita2.nsec.example. IN A
+SECTION ANSWER
+; this was copied from wildcard answer for a.local.nsec.example. IN A
+explicits2.nsec.example.	3600	IN	A	10.6.6.6
+explicita2.nsec.example.	3600	IN	RRSIG	A 8 2 3600 20170418134059 20170319134059 41524 . KMkFd5M1F8wVtVhXUnyPZMhY6dGj3g54tX+wgRiGSnqlRICCUdc8NCKG w+lJ1HvDrfNduth5De82MwCfgu2qORDGRF1H0DaoLlYOzy7pNPV1kA9R sXals6EyoFw0pEJkdW/pI5/EJz611c5Oy94iz5LbhkM/kwosmtK1ln3Z N+zGGDRj8xAaWsvmAvPXQoIJhHEblPp/Mcs4V6vX0b7plfkdDxa0hCgf 4UYipsqHo6BXksCEkRznIlDWym9jpVqD7TNAIbO/03TpvhnD50C0Wusb k75cTy24NDD7PTmAZwBlT6qZGnODdc1/ECTnq3kYniN6ceevMZQYEVqw S9haUg==
+SECTION AUTHORITY
+explicita2.nsec.example. 0	IN	NSEC	ns. A RRSIG NSEC
+explicita2.nsec.example. 0	IN	RRSIG	NSEC 8 3 0 20170418145253 20170319145253 41524 . kam1hKBwoeTPR0wpvPs2Jyik3hB+Q0Ek4rpD3BNhUa+gTbBk1Z0q5yEs RFVsp6EZlpcP357QiipC2wrPfd3SunGVTVfAD4h6gn1/e5mPN4kJJfOa nMgwZQATF/vilnGu2+5Xtup3blFhg43UJB//iyTcn8c+phMaySbyT5uG xXaM1Gv2maHeJQNOB8cwFWHpYy/Uoph5rpEcZoxGjGkTLNE8pvhlSAgB wYEtMvli3KJH6hjBnOzhMAtOl+ZHy3VFo/UVm/Lwyzmlg+OQ8LCz+NY0 kmAH8z7ZNKZMxyvBpLzxAU2O+j4uSmp5ENuLcqvEyofr2xrq5Fm7OSoH qZvQ1A==
+ENTRY_END
+
+RANGE_END
+
+STEP 10 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.local.nsec.example. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 11 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+a.local.nsec.example. IN A
+SECTION ANSWER
+a.local.nsec.example.	3600	IN	A	10.6.6.6
+a.local.nsec.example.	3600	IN	RRSIG	A 8 2 3600 20170418134059 20170319134059 41524 . KMkFd5M1F8wVtVhXUnyPZMhY6dGj3g54tX+wgRiGSnqlRICCUdc8NCKG w+lJ1HvDrfNduth5De82MwCfgu2qORDGRF1H0DaoLlYOzy7pNPV1kA9R sXals6EyoFw0pEJkdW/pI5/EJz611c5Oy94iz5LbhkM/kwosmtK1ln3Z N+zGGDRj8xAaWsvmAvPXQoIJhHEblPp/Mcs4V6vX0b7plfkdDxa0hCgf 4UYipsqHo6BXksCEkRznIlDWym9jpVqD7TNAIbO/03TpvhnD50C0Wusb k75cTy24NDD7PTmAZwBlT6qZGnODdc1/ECTnq3kYniN6ceevMZQYEVqw S9haUg==
+SECTION AUTHORITY
+explicita2.nsec.example. 0	IN	NSEC	ns. A RRSIG NSEC
+explicita2.nsec.example. 0	IN	RRSIG	NSEC 8 3 0 20170418145253 20170319145253 41524 . kam1hKBwoeTPR0wpvPs2Jyik3hB+Q0Ek4rpD3BNhUa+gTbBk1Z0q5yEs RFVsp6EZlpcP357QiipC2wrPfd3SunGVTVfAD4h6gn1/e5mPN4kJJfOa nMgwZQATF/vilnGu2+5Xtup3blFhg43UJB//iyTcn8c+phMaySbyT5uG xXaM1Gv2maHeJQNOB8cwFWHpYy/Uoph5rpEcZoxGjGkTLNE8pvhlSAgB wYEtMvli3KJH6hjBnOzhMAtOl+ZHy3VFo/UVm/Lwyzmlg+OQ8LCz+NY0 kmAH8z7ZNKZMxyvBpLzxAU2O+j4uSmp5ENuLcqvEyofr2xrq5Fm7OSoH qZvQ1A==
+ENTRY_END
+
+; test answer from cache
+STEP 12 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.local.nsec.example. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 13 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+a.local.nsec.example. IN A
+SECTION ANSWER
+a.local.nsec.example.	3600	IN	A	10.6.6.6
+a.local.nsec.example.	3600	IN	RRSIG	A 8 2 3600 20170418134059 20170319134059 41524 . KMkFd5M1F8wVtVhXUnyPZMhY6dGj3g54tX+wgRiGSnqlRICCUdc8NCKG w+lJ1HvDrfNduth5De82MwCfgu2qORDGRF1H0DaoLlYOzy7pNPV1kA9R sXals6EyoFw0pEJkdW/pI5/EJz611c5Oy94iz5LbhkM/kwosmtK1ln3Z N+zGGDRj8xAaWsvmAvPXQoIJhHEblPp/Mcs4V6vX0b7plfkdDxa0hCgf 4UYipsqHo6BXksCEkRznIlDWym9jpVqD7TNAIbO/03TpvhnD50C0Wusb k75cTy24NDD7PTmAZwBlT6qZGnODdc1/ECTnq3kYniN6ceevMZQYEVqw S9haUg==
+SECTION AUTHORITY
+explicita2.nsec.example. 0	IN	NSEC	ns. A RRSIG NSEC
+explicita2.nsec.example. 0	IN	RRSIG	NSEC 8 3 0 20170418145253 20170319145253 41524 . kam1hKBwoeTPR0wpvPs2Jyik3hB+Q0Ek4rpD3BNhUa+gTbBk1Z0q5yEs RFVsp6EZlpcP357QiipC2wrPfd3SunGVTVfAD4h6gn1/e5mPN4kJJfOa nMgwZQATF/vilnGu2+5Xtup3blFhg43UJB//iyTcn8c+phMaySbyT5uG xXaM1Gv2maHeJQNOB8cwFWHpYy/Uoph5rpEcZoxGjGkTLNE8pvhlSAgB wYEtMvli3KJH6hjBnOzhMAtOl+ZHy3VFo/UVm/Lwyzmlg+OQ8LCz+NY0 kmAH8z7ZNKZMxyvBpLzxAU2O+j4uSmp5ENuLcqvEyofr2xrq5Fm7OSoH qZvQ1A==
+ENTRY_END
+
+; missing-nsec.local.nsec.example. is covered by explicita2.nsec.example. -> ns.
+; and then the *.nsec.example. wildcard applies (both from the last answer above)
+; kresd by default caches even zero-TTL records for 5 seconds, so let's expire those,
+; so that the aggressive cache won't use them.
+STEP 19 TIME_PASSES ELAPSE 10
+
+; NSEC record is missing
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+missing-nsec.local.nsec.example. IN A
+ENTRY_END
+
+STEP 21 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+missing-nsec.local.nsec.example. IN A
+ENTRY_END
+
+STEP 22 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+missing-nsec.local.nsec.example. IN A
+ENTRY_END
+
+; test answer from cache
+STEP 23 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+missing-nsec.local.nsec.example. IN A
+ENTRY_END
+
+
+; NSEC answer was copied to another name in the same zone
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+incorrect.name.example. IN A
+ENTRY_END
+
+STEP 31 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+incorrect.name.example. IN A
+ENTRY_END
+
+; test answer from cache
+STEP 32 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+incorrect.name.example. IN A
+ENTRY_END
+
+STEP 33 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+incorrect.name.example. IN A
+ENTRY_END
+
+; explicitly defined records gets properly validated even with cached wildcard
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD DO AD
+SECTION QUESTION
+explicita.nsec.example. IN A
+ENTRY_END
+
+STEP 41 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO AD
+SECTION QUESTION
+explicita.nsec.example. IN A
+SECTION ANSWER
+explicita.nsec.example.	3600	IN	A	203.0.113.1
+explicita.nsec.example.	3600	IN	RRSIG	A 8 3 3600 20170418134059 20170319134059 41524 . Nn0DZ1gwzj0FLrgmoeePfKJbvJvTpwtmw6CPehUHyNW7pUOYG8HE45qt tcvx4LWvzYAKy9TY6B7c4D5eMu8+rXXyLg21DX3zFKABEYIeMaJPqPpF WxYqhbP0qQwI/w29B7n3blzzbMOkNvNI4y4RZyBqyqBBfKu/xXYljZG2 MyDlRyEAeV1vewMdhlr6TJoclE6PqYvxiMuXc1f9Nu/TwB22Pp29OTrN A3HFieYVbfWM1F3HtoO6aAk2FVCEveYQOsQ81mgweMKF2OMIK4rjCwlL ffziuSYwF5TcheNATYlaQQZTxKhKsdmGM4BZNprQ/MzoutqIS7j7Vdxs O4N+1Q==
+ENTRY_END
+
+; test answer from cache
+STEP 42 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+explicita.nsec.example. IN A
+ENTRY_END
+
+STEP 43 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA DO AD
+SECTION QUESTION
+explicita.nsec.example. IN A
+SECTION ANSWER
+explicita.nsec.example.	3600	IN	A	203.0.113.1
+explicita.nsec.example.	3600	IN	RRSIG	A 8 3 3600 20170418134059 20170319134059 41524 . Nn0DZ1gwzj0FLrgmoeePfKJbvJvTpwtmw6CPehUHyNW7pUOYG8HE45qt tcvx4LWvzYAKy9TY6B7c4D5eMu8+rXXyLg21DX3zFKABEYIeMaJPqPpF WxYqhbP0qQwI/w29B7n3blzzbMOkNvNI4y4RZyBqyqBBfKu/xXYljZG2 MyDlRyEAeV1vewMdhlr6TJoclE6PqYvxiMuXc1f9Nu/TwB22Pp29OTrN A3HFieYVbfWM1F3HtoO6aAk2FVCEveYQOsQ81mgweMKF2OMIK4rjCwlL ffziuSYwF5TcheNATYlaQQZTxKhKsdmGM4BZNprQ/MzoutqIS7j7Vdxs O4N+1Q==
+ENTRY_END
+
+; check that explicit record cannot be masked by wildcard
+STEP 50 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+explicita2.nsec.example. IN A
+ENTRY_END
+
+STEP 51 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+explicita2.nsec.example. IN A
+ENTRY_END
+
+; it has to work even if wildcard is not in the cache
+STEP 53 TIME_PASSES ELAPSE 4000
+
+STEP 54 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+explicita2.nsec.example. IN A
+ENTRY_END
+
+STEP 55 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+explicita2.nsec.example. IN A
+ENTRY_END
+
+SCENARIO_END
-- 
cgit v1.2.3