blob: 5970a137044445daadbceedae4d124daea5e0bc2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
|
; config options
;server:
trust-anchor: ". 3600 IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
val-override-timestamp: "1437625000"
;stub-zone:
; name: "."
stub-addr: 198.41.0.4 # a.root-servers.net.
CONFIG_END
SCENARIO_BEGIN Test basic validation of NS cz. (two levels)
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 198.41.0.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN RRSIG NS 8 0 518400 20150802050000 20150723040000 1518 . JSoL4/wQXh7vzoY/m98WYbpr2/S66u4RQi/UhkSrR3JmPZaWRRERDFm6 RRrFY6GWt4CP61X9rvshuVT+0OhluXqYpEatoHEDgur+PKf3+dTAmcgQ 4RzsahwhQ42Y9fDgJ2nNVMcN97HEIH+qMv0FWjU9b7wJ2iYlDL1ZoAVu TKE=
SECTION ADDITIONAL
a.root-servers.net. 518400 IN A 198.41.0.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
. IN DNSKEY
SECTION ANSWER
. 172800 IN DNSKEY 256 3 8 AwEAAa67bQck1JjopOOFc+iMISFcp/osWrEst2wbKbuQSUWu77QC9UHL ipiHgWN7JlqVAEjKITZz49hhkLmOpmLK55pTq+RD2kwoyNWk9cvpc+tS nIxT7i93O+3oVeLYjMWrkDAz7K45rObbHDuSBwYZKrcSIUCZnCpNMUtn PFl/04cb
. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=
. 172800 IN RRSIG DNSKEY 8 0 172800 20150804235959 20150721000000 19036 . n9FwNj80Zik2Rr2zTB4F17ydFpiZfUIv8v/XAz4EbSgRxQgFT+TCz3FW i4O7tW5REXUVNHtULiS7fxKLsHZNDPev8DA20DXAw3eEIDi9pDi01O/e 4GnljpkPnP8d5zA62Dob4cxgmhjjFTvhIjtDsH5Dd4jmyHsgBboy4grZ uJNdsez76gD4Ad6WlosZn5Hj5JwqaxZlRph/6I3va4rkp4c32w5DwaQ7 WSne8ffMHX9r7Dn6EbT3FfvnXFDNPE1P6r+qzTzC0t+M/F4R3H+VOdqg cRJcBG6zGCh9ZErhAeoiJh1WAfpjpzx+TUMzqxZCjSC/XL+l2YMKVHtF 8WNg/w==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
cz. IN NS
SECTION AUTHORITY
cz. 172800 IN NS a.ns.nic.cz.
cz. 86400 IN DS 54576 10 2 397E50C85EDE9CDE33F363A9E66FD1B216D788F8DD438A57A423A386 869C8F06
cz. 86400 IN RRSIG DS 8 1 86400 20150802050000 20150723040000 1518 . fEz3NpYRzgeBjKrLMpht3KFOQ0t6U2wikIaOt1HcmFvurxtPkZVvqdb0 QBQfvh8DoEXDbvpcikzMIO9XYLzzs10X/m91ybGiWzcTVcU+prVGZJP9 zZrvYAIWrpxoC4deKD+vOoNZXGnLfffi6lmGn7QRZaH0LVKjn33cIaPQ 9EM=
SECTION ADDITIONAL
a.ns.nic.cz. 172800 IN A 194.0.12.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
cz. IN DS
SECTION ANSWER
cz. 86400 IN DS 54576 10 2 397E50C85EDE9CDE33F363A9E66FD1B216D788F8DD438A57A423A386 869C8F06
cz. 86400 IN RRSIG DS 8 1 86400 20150802050000 20150723040000 1518 . fEz3NpYRzgeBjKrLMpht3KFOQ0t6U2wikIaOt1HcmFvurxtPkZVvqdb0 QBQfvh8DoEXDbvpcikzMIO9XYLzzs10X/m91ybGiWzcTVcU+prVGZJP9 zZrvYAIWrpxoC4deKD+vOoNZXGnLfffi6lmGn7QRZaH0LVKjn33cIaPQ 9EM=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
cz. IN RRSIG
SECTION AUTHORITY
cz. 172800 IN NS a.ns.nic.cz.
cz. 86400 IN DS 54576 10 2 397E50C85EDE9CDE33F363A9E66FD1B216D788F8DD438A57A423A386 869C8F06
cz. 86400 IN RRSIG DS 8 1 86400 20150802050000 20150723040000 1518 . fEz3NpYRzgeBjKrLMpht3KFOQ0t6U2wikIaOt1HcmFvurxtPkZVvqdb0 QBQfvh8DoEXDbvpcikzMIO9XYLzzs10X/m91ybGiWzcTVcU+prVGZJP9 zZrvYAIWrpxoC4deKD+vOoNZXGnLfffi6lmGn7QRZaH0LVKjn33cIaPQ 9EM=
SECTION ADDITIONAL
a.ns.nic.cz. 172800 IN A 194.0.12.1
ENTRY_END
RANGE_END
;a.ns.nic.cz.
RANGE_BEGIN 0 100
ADDRESS 194.0.12.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
cz. IN DNSKEY
SECTION ANSWER
cz. 18000 IN DNSKEY 256 3 10 AwEAAbwKeyKB5fuLe16/N5MR6OoG/PO8uxEob7HoIjK0w0wNjwINYb2w edLtzhVlA4HJ0AUUBuZiNj41hlJ474SOBlsAA7BQdtbL1V0Ksk8IC5Z8 3ldU9Mp+ynkj9p9Cl2UOBmoVFYfkbwz0BsOptcXruYA52Ayc9rHrmDPI /0Y8gZAL
cz. 18000 IN DNSKEY 257 3 10 AwEAAay0hi4HN2r/BqMQTpIPIVDyjmyF+9ZWvr5Lewx+q+947o/GrRv4 FGFfkZxf9CFfYVUf0jG5Yq4i06pGVNwJl81HS9Ux2oeHRXUvgtLnl5He RVLL+zgI5byx9HSNr4bPO8ZEn5OjoayhkNyGSFr4VWrzQk/K02vLP4d1 cCEzUQy30eyZto2/tG5ZwCU/iRkS1PJOcOW98hiFIfFDZv1XjbEpqEYh T2PATs6rt+BKwSHKGISmg1PNdg+y0rItemYMWr1f9BGAdtTWoPCPCYPj OZMPoIyA4tMscD+ww54Jf/QNoHccY4hO1yHiuAXG7SUn8jo0IKQ9W7JJ xES0aqFCX/0=
cz. 18000 IN RRSIG DNSKEY 10 1 18000 20150802000000 20150719000000 54576 cz. K04ONpLX3wseqHhUu2QLBY7wzSUszVlut5mC6jpCAqbfhgIvGMnyoWP5 lKwSvCLmjie0j1HSv8Q4OmoYGz8L+P/FGAzK4LhMturHrDtHkpuGvQJ6 //UsHQhf4iwCg5tEeHI4ZvaMmqRZI3FhBnSh0OyFjGO73FRbBU9nDrOM sPB1iCUfRfZhQU0sB/rj82ykBUma280sO1aRp3gmQHc/SVNbFfCL1Z8D htBP6sy4Jh0z3Z40d4CFZ8ZCBsIloHO44/GvXGePtr2dW4gJsoU1619B Jz+6cuTRh5RJBiweUNb/nwjBP8fNRkzH1CbjomC2FpDMnBXw7jE1GUiY vLW9Gg==
cz. 18000 IN RRSIG DNSKEY 10 1 18000 20150805131929 20150723140842 39788 cz. KhyRPt4TYVYH7VAsfn39tY66+5P8bgZhG83d33oogLuqQEPgsxt/tu0c snrUA11Ub+4wOK3MslD5/gTyBuDtT9dk4FbRr3WeUZ4DNn5laYO3AcYx SAU3Vn3dZ8orWFxEwTKNhH5QthPdHj8p8097KRHiPo/DGEnFpYdocEws WJ4=
ENTRY_END
; a.ns.nic.cz.
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
cz. IN NS
SECTION ANSWER
cz. 18000 IN NS a.ns.nic.cz.
cz. 18000 IN NS b.ns.nic.cz.
cz. 18000 IN NS c.ns.nic.cz.
cz. 18000 IN NS d.ns.nic.cz.
cz. 18000 IN RRSIG NS 10 1 18000 20150802132511 20150721120844 39788 cz. pf5UzinUesHzGQTav/1NxGW0AifCmzLW3S8X9tWDRwx7XSKGac7QVXgp nMNyb/NiSho9oj+ZTaQpBZQaTri+brHT4W/nE0TofqZlyYiaABb9xgxJ LgjLkt+OVcJsM3a+q+QEGSt+skNlZVDQeR+sztbuORiZXAqhxumxD8iy zZ8=
SECTION ADDITIONAL
a.ns.nic.cz. 18000 IN A 194.0.12.1
b.ns.nic.cz. 18000 IN A 194.0.12.1
c.ns.nic.cz. 18000 IN A 194.0.12.1
d.ns.nic.cz. 18000 IN A 194.0.12.1
ENTRY_END
; a.ns.nic.cz.
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
cz. IN RRSIG
SECTION ANSWER
; It's okay to lie here as the resolver can't check if we have provided every RRSIG, because there is no RRSIG of RRSIGs
cz. 18000 IN RRSIG SOA 10 1 18000 20151221212655 20151208120941 37310 cz. ZsKG0TImVm+nAuWvn+Kg61WIet0E++Bt1mxIIywCxtZs/JQlhbjzFPvA ICdYLoqZ06JTwit1nD9xx6jdrfguSVB55G3LGuQiXz4JwEdCWhoVcC3Y Aq6jG1Eor3dhAF8dSIYkE21J3A6oC3O1rDYymKiXpkekFMaaBE0JEvUJ ut8=
ENTRY_END
RANGE_END
;STEP 0 TIME_PASSES ELAPSE 1000
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
cz. IN RRSIG
ENTRY_END
; check that it answers a query for RRSIG (unauthenticated)
; digests are swapped, i.e. signatures are invalid, server shouldn't use them later
STEP 2 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
cz. IN RRSIG
SECTION ANSWER
cz. 18000 IN RRSIG SOA 10 1 18000 20151221212655 20151208120941 37310 cz. ZsKG0TImVm+nAuWvn+Kg61WIet0E++Bt1mxIIywCxtZs/JQlhbjzFPvA ICdYLoqZ06JTwit1nD9xx6jdrfguSVB55G3LGuQiXz4JwEdCWhoVcC3Y Aq6jG1Eor3dhAF8dSIYkE21J3A6oC3O1rDYymKiXpkekFMaaBE0JEvUJ ut8=
ENTRY_END
STEP 3 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
cz. IN NS
ENTRY_END
; check that it answers a plain query
STEP 4 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
cz. IN NS
SECTION ANSWER
cz. 18000 IN NS a.ns.nic.cz.
cz. 18000 IN NS b.ns.nic.cz.
cz. 18000 IN NS c.ns.nic.cz.
cz. 18000 IN NS d.ns.nic.cz.
ENTRY_END
STEP 5 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
cz. IN NS
ENTRY_END
; recursion happens here.
STEP 6 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD NOERROR
SECTION QUESTION
cz. IN NS
SECTION ANSWER
cz. 18000 IN NS a.ns.nic.cz.
cz. 18000 IN NS b.ns.nic.cz.
cz. 18000 IN NS c.ns.nic.cz.
cz. 18000 IN NS d.ns.nic.cz.
cz. 18000 IN RRSIG NS 10 1 18000 20150802132511 20150721120844 39788 cz. pf5UzinUesHzGQTav/1NxGW0AifCmzLW3S8X9tWDRwx7XSKGac7QVXgp nMNyb/NiSho9oj+ZTaQpBZQaTri+brHT4W/nE0TofqZlyYiaABb9xgxJ LgjLkt+OVcJsM3a+q+QEGSt+skNlZVDQeR+sztbuORiZXAqhxumxD8iy zZ8=
ENTRY_END
SCENARIO_END
|