diff options
Diffstat (limited to '')
55 files changed, 3576 insertions, 0 deletions
diff --git a/tests/knot/semantic_check_data/cdnskey.cds b/tests/knot/semantic_check_data/cdnskey.cds new file mode 100644 index 0000000..6ce5610 --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.cds @@ -0,0 +1,123 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + dEDk41MHSAAoc2eboWOXxGQHYFj1gXuD/gfX + Qz6HEq44narP0IHuOWt4ni9HUhYDBuanPp7S + j/8nYnZc6gdpMg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + 1HFpOHudUJp7hvrsTmdX6qt+X0I4K9RYo/Uy + gpWbJBNhNsPVENVrw8AabhnPaETJGbreS/4T + slgbxM1Ks/erzA== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + EA9rtC9Ub4LPDwS6Q8wE4g9nGddbVrg9ivHN + oHQzUjTFlxtn8gFPaJkUfHwqwg3PsSVGagyx + Bjsool21k/TG7A== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144147 25752 example.com. + YLQPkC55O9bpQI/Hg/Ih91UkieeM3wtQvJMT + ro3QJ2eDImSyeoIbWsF+ghtoQ+6IUulXLu3k + PtDViOe2tfaL/Q== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + 1J1lDp/FQFgAGv7EFeDTAru7rUIcUCc7bkYj + 8OlczfdQjo9IfS5MFg6MqIrE/KPC18CDX1Ki + DzaCFaMGDlavjQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 25752 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + hRcbHnvrTqCb215+XsIn96tvHacV5d15lcnS + h91pg8Htes3H0vOoG98C5oWXoj7RM4V/tDoH + /0ahiLyRzRnvBA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 20197 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144147 20197 example.com. + JLKC5uLW1+JPkOyVcc8D6B6lCC/0FOlak/Qd + Na6Nb33hi9io1HMFI1eYiG7u7lxWmXsKnBo9 + ONROz+WYGds++Q== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144147 20197 example.com. + pgi1+O/TWU6WCmLLYEibCYj+RzbcOuodnF1i + wlBQxDZLTcGYG+1KEC0spZTN1nQncEfdeEKc + jnYQUa0izPQRnA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + MaFyQcB908WIXS+RiLeLXiKdjOo/R6tl9AM/ + 6xokhcvRqQzuyQeoH4snUvcht0m5ghz09Km7 + MPN0uzJcXIGg0Q== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144147 20197 example.com. + Vdo7aYGIByxiC85dyqLKrrNAYYDFBnKXm8uE + rYSXBMWiQoFHwzvlavyqhUWlEABfvYD0pUrX + PZ27Hz8rPFCSLQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + 9Llt7e4nm8uMLqliT2NZJINmAmLmKDYqjloj + Q3/wNI4K+J0RUmWpg3f6xODVkKjjuVnwpxkK + eWV9zqY4jUTAGg== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144147 25752 example.com. + lZSHyLdXGFvoL9fhk26y70ifFwui2A5bpdir + Su7VhfsnNdLgNuCceRXbYwxQaUyODCl7dcJ9 + UkRzq2eDs0evKQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144147 25752 example.com. + dDE1XApt4lZ9u20Z/vXwhJxE27AZJQzKwLkk + jpwEDVJo6/SdV2smB7s7+qmGnSKhIehVpUFX + wv3/3YaFxSTifQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.delete.both b/tests/knot/semantic_check_data/cdnskey.delete.both new file mode 100644 index 0000000..b3b840b --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.delete.both @@ -0,0 +1,113 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + uHjgn9WEMdw/d//q2ZhGF1GAQItK9UPyByET + VDuZgER/JBHuFd1/MMEkkFmCRneXuVudSnki + aXiza0GLV0ujfw== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + 39YAhtx1qe9sbJ/6N1fS7F4QLS9iqagdbQN4 + w6VRyMRrseRY16G2n3Th9yw1+R9aXOazb6iP + BL6azQJiUCZJ5g== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + EXv3vV7Njpz59INdubRpDsGANROKfEhqBzQ8 + zSL1vujpUOdaZWqmS3uoKusxHCghJacCFeUA + KQNrWNuZHT2S8g== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144234 36859 example.com. + LgXpsIgBZBO03iU6D2nqsbmal6AK51ev21Cj + PQFfFBLQ+ARqyE3k7mlTK4A+/UfIpWgpkKnz + St4SbtL3r6GK+g== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + l/Uak3BSxeoEO8n42GtZkS1aTdEV590rAuwS + Jvt8Gzyj1S5Aqx5Tytm+nb93ZtO3eSL2OpJg + p7tdmPjtHKxYpg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 36859 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + jNkK9sXUo8jTJ2snaD+3Mao2q0m5UjyZ7ykD + 6yQqTJ2xgldvTCyuu/YlSCoR9gli8pOGz+KT + 3YA9HjG46ob8ug== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 65430 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144234 65430 example.com. + id6EVGBrg2vZm6vIIGNhSukuI2Uv6/MzZiJk + C1N9k5P3zAP6Es9aLp9m4cR8qGIdUu3DZ3AU + ngKndEZvk5YUUg== ) + 3600 CDS 0 0 0 ( + 00 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + mDmiCviPRxQ1BiinR2+/lQ/KabHgIu/LSKZ2 + yZFsgiF8YF4IT8mJc/qiKVtaCWLK4Sszxk/F + P8kMTmTKORT40Q== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144234 65430 example.com. + O1KH8u+VPLnd5TwGPRbv7VpMss+Mjwr+nIOE + UxSS7unksPUldU0e9qXby0fydlN5LTf/L0sD + daMwGOA2fuD/dA== ) + 3600 CDNSKEY 0 3 0 ( + AA== + ) ; ZSK; alg = 0 ; key id = 768 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + Hj8WJNT51BdqA6szAI7sn8gZftHY6/1/Y7qQ + DRsunh1J1cNRuqHtLBnRKpVdteZ4znNKnavb + uoC6kzSzbRiJzQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144234 65430 example.com. + 7YGVqSgaiHXwY+GdMkUJXZyqkGvkfA8LliB6 + 6Nn4AvuETs4lX080MNq3dWmjI/tHSg5ptQz7 + Hukvd6cYWNgtBQ== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144234 36859 example.com. + SVatJA8FhwAotw625XttyhgD8Rcp4ukcidii + By06YX9e5rCgOHOvjsHwA57kBBzcZg0ZXAbF + SOhDdUQibKaRSg== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144234 36859 example.com. + D+r82Tvm8eGuYrJKVCUMw1Gz+tevXwE2IGoG + 7pXErKbDv13p/eFAPsRdUKtdmsOq4mHSxQuZ + GVGAULfJjcs3pQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.delete.invalid.cdnskey b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cdnskey new file mode 100644 index 0000000..366edaf --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cdnskey @@ -0,0 +1,113 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + wXvCukXPMbON0oD2nKINzyauQRgeYE/kIYKZ + pYaMwV5Z6yZ9SKSSy7oRBn7t1+rOmGI69NSx + 3WHXaRiLjcH1Sg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + XNdl4tiEhUPOpEgwGO2njssc8QMB8IeP5QDM + 9/LZJUPZ0hZ76F7fX9C3X3edgysEoDFR1HAE + JdTxkJ5Oqv7Xig== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + Or2a9ZLl2FnBmNM1KbUcgAjgLKRS6O9H4XmK + VAGM3QxutaTZuF1sjsz+kNh6yrT38eLm5B8M + PLCxUmkTSUmgeA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144623 39533 example.com. + 5SBXb1HpSfhPinO3hadK7E0lhRHwyUAsjZpy + /7jTO7/uUNXD6asY9V6kvOJmRgMpSeXFJKFw + +Vsyx0jifistyg== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + TQSEqjdF8egQ1YjZPdVXrX+pngPHTdCgwJFR + AefWVHOLsMADS3/LL5G+pZTSldB3j3Xo4Na/ + 1tsuCgNmV+58xA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 39533 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + VARBBNSEYzAbBYxgdQi/epYgWFaGnL49509p + CeZWg4LO4jhjVT7uyhsSQny2wyahP2Y37YeO + d+sY503BNpqzMQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 59324 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144623 59324 example.com. + YRhAwruTjWmu6drb4+iJ/QOwQg8dnGur8LH7 + bsn1ZCHQYNDHiIai8JqikqzkhEYKIK8HIqT8 + F2RY/LqFxKebjg== ) + 3600 CDS 0 0 0 ( + 00 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + cHTGBug23nTe/aS09JaakuG4wa9EEbWxL3gu + LQpCK8HV/JMsNSGqh1FsUlX92y4tSIvJn+Lx + vvdN+Qzh+zASHg== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144623 59324 example.com. + GU9Q/CipUscofDL6uhT2ZmhQoyApLX9zbyfN + dG5XW6sXYaB94hVSiT2DSyt19fyQwYoKK2Br + fJwy4pI890kKoQ== ) + 3600 CDNSKEY 0 3 0 ( + BA== + ) ; ZSK; alg = 0 ; key id = 1792 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + CXeUfFxa7aT2tivKLovVQ2CA0HYZxxlUrbm1 + voABTNkU7lb5W9Z7GQ/VDugd8QeKNK8YWOaQ + Tdl79jkL1rQKXw== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144623 59324 example.com. + sd+fzJmLLIoFIcbKCJ+rHE+tOs0PwHjjY9ml + Dsbel1k5sANI4xR8iMv6YAEhcpvb0S+8Nd7h + 7BT45SkKVtyFsQ== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144623 39533 example.com. + VGa9LkgVATBLHOwMBNc6g74iXCCSXnWWNs8O + ndoXk4ZMMRRkmaxSWXH2pBdJLZPL5f26aEVl + 4toVcsE722LoFA== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144623 39533 example.com. + i+94RvIQBBEOza7Y963huNEWYrqt/VT/eE1E + Gqx5kngvZgZ7wO8tcOsaE7ctb69SvgZwRR9c + RBgb2N6ezo9OxA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.delete.invalid.cds b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cds new file mode 100644 index 0000000..9d63eb9 --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cds @@ -0,0 +1,113 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + 1CRyeUic9BIwBWcjk95VQJktQng6f3dLQm64 + JwGGqivUM3Hgp7URguNIx0BsCvfo67NIpk7N + mMIFwMkMGOHmgg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + pB4+Z3ltuzY+/NkAeCb9LOS7Zlh7QLfHKimR + JPtvdOuIhd8vB0NZLzcYX0lIkrqyP3LadbrS + u8r9BMIlu4cKpg== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + x8XhP7r3/glI7AenoSLVmfqhZXQfj6YllgxA + jkVxExiM9OJZOPdyeDTuRyUD1PFiBOEsP7Wu + vNgWA9eyQFOslA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144646 56106 example.com. + TCn7V7sHR2TNY5ywyEpbYZMegZwTX+I/TPeO + 76D3WORu9pN0kJWjGPAebwTvL/a7p8xS8B9U + X9ivUVFORG+mJA== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + cOjtacSzGkoh6bO4clqYPM2y+g5ezQUtCNdx + iRqickHCvQnL9OM/h7V8txqEsSulG5ZCeW+O + LDhDQDUchpNv7A== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 56106 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + pB2mCNXFJ8e+UaMeMmy1LSCv6TJ92Fs3kFxY + I8NyZPyGvfePpMlzWZr7Bw7wS6G6Jhayhj94 + MMJ4lM/5+ZzVJw== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 45911 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144646 45911 example.com. + uOAPEzDkPNI9Uo2N+iiRkIb2p1Y0VhgqwUom + +Dssd6X0CEdQEmD8YQ43Cuq9ZNwk8Bm+lgm3 + X+ImdIKeE4MvNQ== ) + 3600 CDS 0 0 0 ( + 01 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144646 45911 example.com. + IN5tLpm7OKjIL4VpucR1ero1Gv5UEyVqjzB9 + rRJefwUtlZFKNaTbU0oQD33vQXEjUiIMr66b + zIC3Ju/YtYFDLg== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + f8VJa9GRwSWNmg0AR4nA3OD4X8im7BriZjME + 2ypYUOJkdIafolyb0LDz7XWTaVsFHQWO0z+J + 14g0CgCroTm3pQ== ) + 3600 CDNSKEY 0 3 0 ( + AA== + ) ; ZSK; alg = 0 ; key id = 768 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144646 45911 example.com. + 89oeIQuH82i2RYIj/fnX/71s8kspDHcI8lIa + R02OZZ9bF37bi6LbGkypdXpmxN9/rEjk4ThF + IHRX2USEPtl+wQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + Hgf4SgtoV0IHsF6feSP8YqeibPTtwZelLpLs + hux/D94MFKtYa6OseyzT3qIDdixav+mlI2ud + 0JyflYZ6MCBlxg== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144646 56106 example.com. + XdhVQ3Na3LsvdtT2HwdsM3ItiD3UH0HO6TZD + W6/jy8r0NA6fTN4b4oVr6wSqHAQIQVYUbWER + 7pav2Ek03LDa0Q== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144646 56106 example.com. + dVTxTNAfZy5sa0SW8eme+KMx3hByBnPIrRlF + zGDsGN1Xzw3OBhsTmuOwhbnZSnnvdBrhBOJw + 8eU/6zpcZypyFQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.invalid b/tests/knot/semantic_check_data/cdnskey.invalid new file mode 100644 index 0000000..6937db5 --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.invalid @@ -0,0 +1,123 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + fIUb0+hjrELDVphcGgDZemNVpq1TBgyTt184 + 9YnzaAhADynsscEd5iZRjuA5r7mlI/M9fFtU + l6wpEmqAs7sG5w== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + 86HnJEU3jP+bL9JmnY+2TGwna7DGtUVvgdhu + slzGQWN3EHb51vx1fHQGGfQlJ4P4ch5US3TE + 1rd/OKNUBE+p7w== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + 33SrrSRr8KwasK7qfxYAPxP//dj8Y9i95oza + 2Fwvt23QxfZS3TBLqMyMA6G/nmXyavUxsye8 + C+mks7QsS7HJCA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144725 7800 example.com. + WRb17ehBEEjIVl//Zw8vtDmbnTY6eLWe2KQ2 + +E+pCMEK0QE1qXwcethJ9PkM+gKFmN9RscXH + DjrmWIAfgndjsA== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + VxRHPS89GaMJvJ1xL8/HulwW75tDXUZ6nYlI + 8VCFOMB7vU+SoZhaaoZu4YcCZqzjzfZLl8Lt + SEaXZPQbnpkhyA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 7800 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + MWndPmlRdffYHO8Z2quMkXq80Nm3PNmWpTix + xJLJ71Oph+ta4XaTuiza6AQgVkCSzrfwoTuJ + UKHL13s4/IrRGg== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 46605 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144725 46605 example.com. + GRVgc202uXoxu8f36V/Tc4r9BzCKK07SCmS6 + MCJ+mXO7PCv4RIzN9Dp8t6sVuDb5smLe6cV6 + 5lgyPYJwr1TVJA== ) + 3600 CDS 53851 8 2 ( + 668159D684EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + r+OpHWsZ0enCPKtUIZFXSb/8YbLdfYb3Ihpt + n/5kAWbOkkkVzAJX2/sCrVExMCVcP/nFSIIf + hACGKBjTvuLFLA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144725 46605 example.com. + buNL2/GqYvtwcXMPSiOeaEB5L6r5InyVxzaJ + 1PaaJigmJHbdNKGFl8ijDiH7WBdQECb8M3oU + zeuWGebSLuy0AQ== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + wYB3zuX5/bt3Pg2nz9F0j6MK1bkY19QvDcRb + pk/0rHXLbSjTepbIwy8O0KbJndHy+a70fN5p + 3dBGN5J56KymFg== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144725 46605 example.com. + pXWJCUC0kKqWpjZetDhGJLNPpXGqc8sJZ9wY + HKs4Sd734p+Gr45vnJ94pGYjjtZi9bwPo2nF + DmFP5K3NLACG+Q== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144725 7800 example.com. + Khv6ptUd4l4SgJI/H+L6Ls/gQHnmmQJcg0fB + xv7zECmQfQFguVIJ1bmoz4jP26ejsNH1pG+o + Wz9U7I5oWsDzYg== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144725 7800 example.com. + z8omQAty9S0cNyFATnM8DZ+RbMly/7staAmc + RF+PmOp/E7FtdKOZe5+ega/+aQV9VpePYXMA + UwmIeeYYU2pAJQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.invalid.param b/tests/knot/semantic_check_data/cdnskey.invalid.param new file mode 100644 index 0000000..2814ddd --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.invalid.param @@ -0,0 +1,123 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + tBomI7xR670RBUw9IjNL2A5eMVKtYqDUdhiq + XJI3CFdb4j6plfdUF75SfaiCP70aLX8Atzxm + 2RAzpR6M2Q3gbQ== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + 8mHEeq/7fnXpM/CaOFsIqTKyTrixQVZr8V+P + Lwn641YbbKniEP+KacrJ7Ul2jt2jCT2cnxC0 + b9XicHENmd0phA== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + f8ZdC3vD/oIltQLyL4zBmwo9rRyijN183BGw + L6iZ6DnH4BASlUyrGa0IceRH4yD5pP+gnhCc + lBzWFgvtEIyPPQ== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144756 33730 example.com. + UK+oQx75Gdn82LKBzht8KxrtwPE5JCBhEMcR + hRhHTeMqRUjbbeEOSWRdjg/36329yNYrxC60 + l7bBcqolo9dDmw== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + kr0M2egbhUXhH0i6fYiSl+zRH1pU7XhamCdO + nPhMEgFa3CsGp61kCuZFulpY0ODh8WrAPZcO + qC0tCj5Bz7nWZQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 33730 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + 7fs6TMYYlkkxI1PCunVT9dxcxWVGXu1N7xVv + 2EUyVYMXSn/Z04URNTaxXcoWuDafy99G8rcT + oPycl2oOhc+s0w== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 60664 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144756 60664 example.com. + WpjHrB8ZfAhOSjq79gAaPEiQgSxvEatTi8nC + AYYpGs4dc1n54iYZ4IjCfMW/etlkZsMzXbVE + s6t+Dj/gJ3JKZg== ) + 3600 CDS 53851 4 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + IAgBYDhTIYQvmF2vUy72TWoRlPJQGyGErJuT + 0xxZDStaSfoAVM3Hr6VEqIq7R3B+Xel/urDM + WYUbIAinEnvpOw== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144756 60664 example.com. + IpzPg5fx+O1HUqjN0lR1Bbo6Zx/Lq1wrrJvv + Y518ooGelg8Q2wH7NgScsyhLY342+MHk0fKX + RcxRzfaFohiEZg== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + WMqSVG8Tcq7e5E2y8oHThr6Ip7ASu/35m10m + TzsEANrlFf0e1Z6XG5ca/6//NSolXoTu6jBx + 2kvnsX2bA222PA== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144756 60664 example.com. + LLGAWxuAhlKM/3i9+FFGngy6Zqo6NsxdXScR + wgVe3Ilw+3vU/Nih70uRE/xUjZpfFBOlMEk6 + EBSf/DJr6awY/A== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144756 33730 example.com. + mpcGxsR9c/K6wuaJCeFds1kg0af6Xj8K24o6 + FHzqn60w7HXXNnDjxS0jPTHpaVUkWhuKUcCR + 9EcvMW7uwVfULQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144756 33730 example.com. + gLwhcu1t0qloiWb5/XHuv0PAQZ+ChmDdMuMS + qS3hi0VPk9cscMjd7ZH7shJBH+9KKMI6YbMz + VGU4MSCj5/kT0A== ) diff --git a/tests/knot/semantic_check_data/cdnskey.nocdnskey b/tests/knot/semantic_check_data/cdnskey.nocdnskey new file mode 100644 index 0000000..a7bac63 --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.nocdnskey @@ -0,0 +1,101 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + 0JDLQ/bZj4SSmqvLPAzt1v/UUb8mfJQnuLC9 + B1CL4oRD45Hw00KgmbE7xgJVflYZJxfx7KIw + ydsB0/1/dMJzbA== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + Mnk/oSM7sdAhGYbWUMLpYFR1ahcvULo/8z42 + giRwzAX8HiqvxxkqRCFbvzYeRkZLLw0fYTeR + Mqit0zQuWuc0ow== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + qPQblbJyzHdmhqYhYx4wfUHWe3SYGUA65hZR + UFYcx99Vhs1CXUobjCk9NBedRbBHR04kQ5Bo + /72fhuCPJFIC1Q== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144854 39620 example.com. + H5So5m0YdxOBU3k0+pi6KOgPNF2V4hU+GLxa + c0JdGnALP4Wz6lWCdMRPXIaMjImb3TK9vFti + 89lB/2MMDe4dTw== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + 6R8b9KzH06NQ/4AUqrmp8rFmY0AmHpbW/vhj + xLul6ON720xvdeKBzi0nLSeTdUO8/gK8s8jh + RmJ8Fw279eXXZQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 39620 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + hfwsa6JnfqjMRma2PlO+gt8qqLytVIygLZHB + 5APAuz2cheZCMD8A2kyt5NziCCj6szmCK4oZ + fColPGaDgYtpmA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 6821 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144854 6821 example.com. + UbEQQoX5j1FVOqpkQBqckaG4WnCd7+4dBJax + 5sgjHQnfSSwKGfJx0zxd3ZbPCEKj+Ymrhpsm + nqfPzVRZhUPKuQ== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144854 6821 example.com. + Sc/K9xI1C9rzujnllO5o7sKoJiEKFUEfPxt8 + gsxs3sb9Q1s0/uSocrPc2OcaLgEzuFGS5FzA + fg7HcgZN63I5TA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + ykGu61Yjp24MJjp0wIYV20LSQ9ovRHT0zqp2 + CSvlROIVpbUGlNjAAKJdWwYJAqNUD571gJ7E + TkhrLEIX02ySqw== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144854 39620 example.com. + ye5pM/p8OWbdRNhLfbfWsY6lG8lr0Ae80LKv + rVOCMhAowrtKmDL6hUByovCV7MjCIYwGM26C + Vl9CRmrWwJEULw== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144854 39620 example.com. + JHP3TuxCuZ+N0lWtRI7Xl0qIcHSrn/X+WDUr + 0cVBfQTsFrAZs14bJhvw0zMGgONAgnFsXlxg + QmAqIPmpRvKtnA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.nocds b/tests/knot/semantic_check_data/cdnskey.nocds new file mode 100644 index 0000000..ecb3188 --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.nocds @@ -0,0 +1,110 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + GDfM/H4m+FRVp3M/KsOv//eMFaL1LnyrIi8O + pUSht1KyYDRoVqSL72XTy1aAJJ49Sd0uq+4U + acekI3Xi9OpvXg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + ICtOUMZr415dJb22HWsrjbYfW7q6hh6gxD2i + EikMQAkPncdBHHd7dCrjy1/4CPhixn/BnDfV + ZwF87k2Sa7EV8w== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + IokJy9LCiCaOPsluuBKYnwkesiPwsU/KZdA9 + jK25UmdfD1uU8AA63OOciTZQSv9NI+Q4nzl3 + LyqkRWFKToMz9A== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144849 42608 example.com. + kuhtgHhoeIwJ8IG08x+Tp5M7kQ+LzWoH/hTs + V17ZSyPD06YvMEmv9vdB+ATLd+j3uNYnMd4n + HW7Jh/ocOWg6+Q== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + p9BANIrBFV9hX2qwbzydeiubQkm9qstpzvUe + OFMDOEyyQxI+8s2nfHI76KmRliHuM7fOM9B5 + e8wNmEeVd9JJmQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 42608 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + 5sv4MetMS4KWSgyzvn658Prs0A8tLaWFhRJD + E9IznhGY2ogp8Z/uSIqh8QWzf1kQvfDUQiav + kOx4CNa3dSx/ZA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 8616 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144849 8616 example.com. + DeZBLj99QbyGhalCZ4UOmBJO/RLNgrPsAdaW + swYSg18lvE7jmLn9vxkUVZu0G6z43tulSb+a + lQT8m+U+PlusNA== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144849 8616 example.com. + IlysaALuak04Zbh0+104PHAuQgnYDBTLpvz+ + BgirzX9Vp+pg4yZVelAXsaDbcj2ZrXrwBjpo + +DHj53HmZygj4g== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + dJhB1Xmd3G1ueRVnFU+M4yc379LH0UrpBcNS + xHzjVd+vWtpNGPq03Wi3sczA9UUkXE0F5n22 + 6ZNR5XAswf+SYw== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144849 42608 example.com. + 3DTwpPojzX4r9ZWeKo+zmJw+2L/uqrtoAZEv + ncPJG0AGB9QVzjLFiRg0BV4GiDZCl2Hh4onl + OShOi5Nt0GXp5Q== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144849 42608 example.com. + 1m2PpD3S6/5x3Kkes+1JgbHtsm0xlnKrNCmF + xeBvCl55D98zSvs0DjfRjFowAg22nWJkvsWo + 3N1vnfFZpzmPPA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.nodnskey b/tests/knot/semantic_check_data/cdnskey.nodnskey new file mode 100644 index 0000000..461e05a --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.nodnskey @@ -0,0 +1,111 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + Tng1e4Zs8LvGZJqp75aBSX9Ci9bsncY+w8+K + rfYdoVe/Smq0I+Hgtygcq0Twc7llW0rwtZ8R + jQpbXbp+XNDi3g== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + OcKfgxtnriGsC/9wV9yI71wIVzR+71j3sZ3+ + ZGVqAo2bWR8QRULa5g5lQpIxlayN7w6xi6vV + IVWY3vauy59pPQ== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + CtZFcGvbco6ZreotcmfSYl8SlRdN/JiSuoOG + KtdauRz9+a+xkT2k1Wy6dADfLpwHwXL8yElg + /LdNXKEWK96HcQ== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144347 19649 example.com. + 6GVUlXemDUb6W9IID4qK+PPDSizeURGJEJlN + Hoof218/H/k8/BLNphFIGpdhCC2jHnAx2Nxd + Af65dTLtt7OBjQ== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + LiJCYpav6haPA3M3GhTZ/L6wtSqS7e9mwKsU + TdBkZ71RS8qmXsITLz5bFHMSy7K8mCuQIdTT + J3cGkbguNBqgJg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 19649 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + j18Cd+0frtc1WPeWn8bwdxYd9iTe7XsqTwnO + W46ZpPJPGBq/n31+7/N9TRAtXulE2r+rJDRF + mMooK5qrWOtqvw== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 24385 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144347 24385 example.com. + 8O0L6xxTnGMccrMSjaG2/MtljkSOls/BIwoX + eUmB9nJvDQNd8jg9XtNYUGG79dmysetBrNQl + TohQ1BEVGTJwig== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + CLjvJJOAZVToWUQQX06ySDkKo4QO4YcN2vhl + JZZ2a1hA2ranrzpeE8cslGKme5lxHKr8Y1ev + ffWfrz8KoQVW+A== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144347 24385 example.com. + TaPgzUzL+fPwEUNyusjCb6OZOF3DtlMNh3eY + ZTvogl2eRq84NA+mfzPmh0NXqVDbsVHGHq1B + mJoxuMtIt4G5Rg== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + 5sY/Q/1tP9qPMAHyQVMtbFQ0gO24rofCLg/D + /BaXTvjp5bnWhGuv1wFbSCyEreYr072Va08t + JdntIC8Prt/1MQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144347 24385 example.com. + UlLhm8Nb6g0jUIs1ldjW4OedzzLXDjCllRSm + +6WQuBK1uA7vboyqYVvLxxyFZCxgz6xV02iK + eawtsKsOnlfGCg== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144347 19649 example.com. + ZRDwnV+YyfKPI58ASagzoCo+qWTscYZZa6j+ + wr4axJ7jtIO6Firy4R1GlO6NXmN5vcjHAj90 + NZ26ezRgCMCFQQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144347 19649 example.com. + c5ILb+AR9BIinFp6mCogN+jwR8067Fm9LT9Y + AWaR3pqUC4d+Qdo4pkODLkmhAaSQLJCyPyYB + TQ7OFkQCC49MtA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.orphan.cdnskey b/tests/knot/semantic_check_data/cdnskey.orphan.cdnskey new file mode 100644 index 0000000..70241ab --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.orphan.cdnskey @@ -0,0 +1,135 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + pdj652v0OfPO/McP8sNpxoE+adY+Qim5je8m + TQPcudU3gm7I2L+YqU/ujX1NUOyhUAhzRng7 + m6nfrudJebq15g== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + 7/X57I7FmbSlgxxeaE3Xgoot7KxN6nxtDb0E + mEEZNwdLCpjgaftaXXXM3NaZ1W2sdoECCrlz + R4/75kqrmNpYPw== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + 0tcHIXXPEKy1tpc+Of6s2hTdQ5dGh1IoIoxY + se9paUUfhoF2oH5Pb8HP3rNyWLiTqXh4/lxV + vFLi4rR5zojxLA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144945 39996 example.com. + kbImDj5vgk5VG9MI+4HJ4FtwnJ4ykSbk8vNY + e49ibkZChGsTtIzLwdcNAmOk7w/em67FkGBi + oxqCj6b3G0C45w== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + R4pG7HF8CbXgbo4N6UqdSnE8CaClNUw6v/di + aScNknRS0eLPOKmpANe0tyiwBV1bRQyjpmxq + fgZ9Oxac7plIJw== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 39996 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + cJdrUmmcxe9JKHwHHAkJ8mO1J63Cm6Qoln56 + CUya+eWuF1A3u9L3wumvY2rAXvzBpplLXeUN + GIN0GgLHejH6QQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 56026 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144945 56026 example.com. + srEjUMAQ4Z/yc22bas+P0ly30IVbZaIIlli9 + H7avBz013fn90vDRDLiLuHAMvW++xdDJypcg + Sr+9I9+nv6jzRA== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + inhdpEZ+2W4EM1HSiVZdJa4xT5S319D0x3b5 + eJpskw/EV/Rx1X87FCr8FP18iBOszsWJjQQq + Z66eAxIhpBcb7A== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144945 56026 example.com. + TA7UxWd+j6bOXKPxo3XuKlIy87/HvIPGoELS + WQyrON5IURgGw/2YWD0M5xw852jl27USezzo + pai940D3+VGeOQ== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 CDNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + CSk6oHNIsj3XQgXpPtFOhf4dTv/Wu/vnJfJs + Lpc3IoApBMxrpSIzfM/c72JtjSVzjJcdo6kL + n71WM21CsMcQ4A== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144945 56026 example.com. + hsml4IaJtzvMdvaMTR3MzeCT5fMHJ46rCY0y + 8DTAvK7/Z6LHbF4G7yRh9ozwcyZbB006cMdc + 4XUFDtEPK62DGw== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144945 39996 example.com. + 1cNj6TJEHFxLXFYVt3RU3wC8Wz/F5bfjy8/W + jEJdrnVzo1ihmJWoY48e9MlvsGXnGe4+GUrl + HSS+2bsGOS7DyA== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144945 39996 example.com. + 5mtXYcvidkSnG12dZof3xSEaH2eOsV2fuBvb + 8Eb6XEuPfD9v5g2mweyZYrBtowEsTA9IOsly + 6AWT5PfZbNAe+Q== ) diff --git a/tests/knot/semantic_check_data/cdnskey.orphan.cds b/tests/knot/semantic_check_data/cdnskey.orphan.cds new file mode 100644 index 0000000..54732de --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.orphan.cds @@ -0,0 +1,138 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + ThTlvNtautK64IeJRxNCr5acLrRu8jXkTR3N + y5TlXrei2DIagbPja++4vLjhUJAcKTGndD+x + wgMrDpCY6pMAYQ== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + 3OJiG3v9Nq9OHkyysT3A6PNPRVn9sYTQkHNS + 6JL5BzLCQ+uYKJBCu0ZPxDlYpbYnO0HKQ7Ta + iZYCjm7vzqtvwA== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + 9vi3n2cVyr+ghB0ql4Wc8vhpLfAuclopapXw + BQV328nEwftj0okcPz4Z7Iye9by4X6NDd13x + vzWXDKjZCSxLJg== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144942 8996 example.com. + HP8iIlUO+EKFRgoHUrQWLcaX8oSGEb/tldEP + GcJKM+rGMeJvxXOJnjSskUm7AyRK1TKK4RqE + xaOHTgIz1uUkzw== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + bkP3kBcYNsUB6jpKA764AJeNBzGJjNIRPxDl + 2wK1O7I/bvZDILscWSMUsSRmxZuPWGLjevpp + Tve1UMe+dP9VIA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 8996 + 3600 DNSKEY 257 3 8 ( + AwEAAaulfU2biYVBiUsGwAyCXbA+gm0yWgH2 + Z71S16R2YNERlb0he9Od28DcFd0HbaKdFnw/ + CtX7Z2UWs6/IRu8QmHGn6SKDsLzZ5StdPsJD + KilfvSlEcQeqrRAncug1SnA5BogNQSD0/02Y + w5KDGn7ALCSYlNgOgy7l+D/urlkuxgsPWvqY + XnlxaIcKt96fndwmkfZ5eF+WAqxguaNcvm14 + 6NA53wRrWx8BQbcHk1R+WcQGqFcVOlifCs9z + V+87QJy2H660QKqOVDgt8PF8QmRRJqzOKpu2 + 9T+Vd1dM3zjBJ7deLaNH2E5p7Bbp1eeOCeOt + WpCG6XfaRmZIF3ZWVM6Ways= + ) ; KSK; alg = RSASHA256 ; key id = 56474 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + 1OgEqruDg7pI2dTIRMdP9ihhdl3wFngZW9bP + E4jMg4ByKKoKM/C1QN4Q+BQiQDkcprwE9vLf + D/cLgFNspjcBgQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 63865 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144942 63865 example.com. + 9d2q8pWH1AftoDmPq3DNblta3oPV+6ROZmVR + BvjHj7xJjI27aY514C0qNkQVhioe2mhQjikO + gyxvkWwBV/owPg== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 CDS 56474 8 2 ( + 260E7ADB07D1ECC40DEE79EFF6527CF7119C + 0AFC1CFA5DAC1ADFE342568CF32D ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + E7iVsJZjRyGbjMUADsi9Chz74+t1W75zTPmm + MYVD77dkRHiEpN41MJB6Z7Fn1lNOE6f8q2B5 + iL/3UXULB1vpwA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144942 63865 example.com. + fsMqYcBDcTBtaDEqDTYrHHivnuQKb629drhm + 77RFfBxFJAxlq176PzaddA++zHfWsBgIlJzy + VHFy3S3huuyfaQ== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + hhpJcQ4cMcq9fLNtZrTEVAMGB2bjMwcDvv4C + Sss9wWDBNxIVOsi4x3j/08PZTqbfmYePWtK8 + k2R5GOOK1lpVlw== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144942 63865 example.com. + xU82j/dJf8oBd1Ti2lHH0YoxBvgCQo2MOdwJ + yOc6fDrT/c39rCMT//VoDmmKj3SavQ92ABBt + 18JqxCXK7+tnYQ== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144942 8996 example.com. + D3O6XOYrOT1tlCieJJvw7zys0ClqXcCvs5+D + qSEpKcE6RNNeJG2d3SJg95fbO+eTkw30MROF + ajnNh5xJ+8xsMQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144942 8996 example.com. + sGBFze6wRGj8n0B8izUNHO2ufA72sR55U3OQ + RLYTx2XqBRvdmapMKK6QDu/6lmwqgYMbjiBJ + XqDLv/1RP4DisQ== ) diff --git a/tests/knot/semantic_check_data/cname_extra_01.zone b/tests/knot/semantic_check_data/cname_extra_01.zone new file mode 100644 index 0000000..ae3f27a --- /dev/null +++ b/tests/knot/semantic_check_data/cname_extra_01.zone @@ -0,0 +1,18 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111218 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + MX 10 mail + +dns1 A 192.0.2.1 + +; error CNAME, node contains other records +email CNAME mail + A 192.0.2.2 diff --git a/tests/knot/semantic_check_data/cname_extra_02.signed b/tests/knot/semantic_check_data/cname_extra_02.signed new file mode 100644 index 0000000..724a8da --- /dev/null +++ b/tests/knot/semantic_check_data/cname_extra_02.signed @@ -0,0 +1,76 @@ +email.example.com. 3600 IN CNAME mail.example.com. + 3600 RRSIG CNAME 7 3 3600 ( + 20840201000000 20160224073150 29600 example.com. + IxkF8oqOEzhlZDSRBIi4448EGvQwxm0QDFE3 + JExA4Byx2QaJvXo8LoCeyQxS/f9E6bXpXQk2 + 4dgQxUrRZqnKEA== ) + 86400 NSEC example.com. CNAME RRSIG NSEC A + 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224073150 29600 example.com. + iKA+5qsYA7A7JN7Df99aJnToYESjqordQgVj + yMS/1RVBYEGE4y3ggehzAxvc8bsNYnUwGeGt + vse5dMVKCcIaPA== ) +; CNAME extra record A +email.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224073150 29600 example.com. + DummySignatureDEADBEEFToYESjqordQgVj + yMS/1RVBYEGE4y3ggehzAxvc8bsNYnUwGeGt + vse5dMVKCcIaPA== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224073150 29600 example.com. + MT+QgXcsDzkrFgncNwFyH8lwXiOTpj1rnPgs + OUIOfIhyJyzT1hpozAHt+IWOPHUkKjBN1C5y + SwyTnlqwJtG0yw== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224073150 29600 example.com. + Mr0Gu7PUu9PsUBflhd8tMhcQ9+ve+z561/ml + kP6PL0MHgLg7V8KVmL2tc7+JAhSOVSpJ4BGQ + c9HKD15lFDFEgw== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224073150 29600 example.com. + oEMpoEhi86OM/SdyobPEh90zF3c3FhOgv68j + paD5BLUsAntf3qU+KoIMb9iVglp+VTGrg0Ol + XdJ2D/xSMA+XHA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224073150 29600 example.com. + WOtx+LBKbS2MOahlpDJMqgeH1TI5dZoQitmA + SOkDRlJgfPsiKeiaGMrnWN9xnPZOVr9MsInE + sKYjh6EZM1nuBQ== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224073150 31323 example.com. + nL4eJLv62C56wexu10DMPHqXCXSE/3vRe4es + 4e0e1CkY9bdj+LgLfgs7CH7UDNXFX2CxKxHd + mL4sp5AtaA8fnQ== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224073150 29600 example.com. + nn2dG+ORbcNQWHT87ijfOddx0SKCSE+8hAxt + SiQQpxAzPw13CZmnbYas8uvFFtth6U689V3h + rMzzZcxQEA1z8w== ) + 86400 NSEC email.example.com. A RRSIG NSEC + 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224073150 29600 example.com. + BFz1Z7dbBNgHXDOaufuCoIzGHbwyLUrA+Wad + QBPD9xCYkXHoHfvVOhtEeMR19Rz+fi6ottJI + 4AWItiobBC/DAQ== ) diff --git a/tests/knot/semantic_check_data/cname_multiple.zone b/tests/knot/semantic_check_data/cname_multiple.zone new file mode 100644 index 0000000..971c34f --- /dev/null +++ b/tests/knot/semantic_check_data/cname_multiple.zone @@ -0,0 +1,15 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111214 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + NS dns1 + +dns1 A 192.0.2.1 + +email CNAME mail +email CNAME mail2 diff --git a/tests/knot/semantic_check_data/different_signer_name.signed b/tests/knot/semantic_check_data/different_signer_name.signed new file mode 100644 index 0000000..ff92f7b --- /dev/null +++ b/tests/knot/semantic_check_data/different_signer_name.signed @@ -0,0 +1,52 @@ +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008164859 49259 example.com. + UH4IJhLwxWI9g2vycAuGAHm5XzsW5LKr6xeI + aoaiMeb1pepw9vAWEUO1Byimg7FfhvYpt7+J + IhYCvpBb6u3ucA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008164859 49259 example.com. + ou6B0AgSUxs7//b+c+Gm3XjC83TpgGvRwj9d + F48TEZCMRpdvtVNc1hDnNKa8oXA16TafbkqN + Z0ekrEo2LlN+hw== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008164859 49259 example.com. + uCzqU8DU8ZMt3t/h0jwZjdVgSj33HhwtGwhE + ZglZ0gUVDVLndP5Q+psqlz2jBmiXIN16s/+b + di0crJ9LULq0NA== ) + 3600 DNSKEY 256 3 13 ( + qWpA6ejmc17FHZTN/YoYX4WdNN32LC2IlBmm + n2Yoi16OQ1e2ztEusvQaSwzEMbN2pIzfTIlF + YQQ1gzLQAhWIpg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 49259 + 3600 DNSKEY 257 3 13 ( + rHQi5BOkLnSsZh1v9saRZ38MkzYLL0oGbAK2 + Dp86tH3lpDqPoR7LM98gyBLZgp81m0YHAYnf + 2yK617XStIPw+A== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 3753 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008164859 3753 example.com. + 81C/yn0gxkwOMUWNZPszGow4UyDuDn1V4WQJ + NXJfNiTvT6edQ0rQakhJPGgVyH4LIwWJV8Uk + fOubCv7BBgu0wg== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008164859 49259 example.com. + x6z2ftS2deCBR9HJeIazQNrDdzw0lEE04UYp + npUe2zkIx6aH7MvvgZIjcFTwPOVsI00u7gaU + AzuxODSma50TXQ== ) + 86400 NSEC example.com. A RRSIG NSEC +; different signer name in RRSIG + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008164859 49259 different.com. + K/URrUmli54Noy0E3REXBo/g0LZ/8gneyVfa + FrGXLB0kvQydPyceL+BFIoJP6d/Gs/0qkUjT + vMQfvF0x3bFS3w== ) diff --git a/tests/knot/semantic_check_data/dname_apex_nsec3.signed b/tests/knot/semantic_check_data/dname_apex_nsec3.signed new file mode 100644 index 0000000..287fe35 --- /dev/null +++ b/tests/knot/semantic_check_data/dname_apex_nsec3.signed @@ -0,0 +1,23 @@ +;; Zone dump (Knot DNS 2.6.0) +example.com. 3600 SOA dns1.com. hostmaster.com. 2010111216 21600 3600 604800 86400 +example.com. 3600 NS dns1.com. +example.com. 3600 DNAME bar.example.com. +example.com. 0 CDNSKEY 257 3 13 p3J5T0YFTf9IGjHFhS5oFGGBDOjs25Tz29eT5sAK7WxXoapa4Vw3C9zBH/BdDH1RmeUR6OHPY1+x2NiouNm05g== +example.com. 0 CDS 2073 13 2 B345AF792A41656301EC57A4CE7E03C02A5E3C8F422FAB2FCD67C25649DB1285 +example.com. 3600 DNSKEY 256 3 13 UthmrB0FXNo/yZ3N0cnG/OJxG0FR7CT6KadbK4n22rMzfwq87jnobJ0xOpC7aEpGgDbypR0rK+KIAbRv4Prfeg== +example.com. 3600 DNSKEY 257 3 13 p3J5T0YFTf9IGjHFhS5oFGGBDOjs25Tz29eT5sAK7WxXoapa4Vw3C9zBH/BdDH1RmeUR6OHPY1+x2NiouNm05g== +example.com. 0 NSEC3PARAM 1 0 10 90E4D95759B9FB50 +;; DNSSEC signatures +example.com. 3600 RRSIG NS 13 2 3600 20670924135857 20171006122857 46856 example.com. I2YeGSYvj56eHe7bkbnOpziu18gAdwMGEH5ZAGiuZzL37M2lRB/2rtAxWpxP1G1+idFXahAx6q2X5pK1o/yZWQ== +example.com. 3600 RRSIG SOA 13 2 3600 20670924135857 20171006122857 46856 example.com. NULugLRW6r+y6AAJS2tcFt5BBWJMMxq3q0wvYirSvzzt5A6vwWC2ocJ2A2kftoDrIQWYHl1ppsxHTMsvw3NKfQ== +example.com. 3600 RRSIG DNAME 13 2 3600 20670924135857 20171006122857 46856 example.com. PhUAnuLYFE3ySc9mMoExr+WoGf6it4/571GhjYyhgfUWQs1pE8WJismYG9NFle6Q3OlmDJSEWQwHBHxQmOeyKw== +example.com. 3600 RRSIG DNSKEY 13 2 3600 20670924135857 20171006122857 2073 example.com. ZnhiPDiX/3RUW5rdLO8pKcIe+orbYloDD1mxhmfvfJ52IGdCV+okDu2M559pUB8Ihb/6H9DDl1qO5lTVGpVEMg== +example.com. 0 RRSIG NSEC3PARAM 13 2 0 20670924135857 20171006122857 46856 example.com. DxyzDQGkONU+NTxBswKZRWc3kPQxH929PaD5S4g6MoH6EJ/X52mb5om0oXpXLuOTEo2Cij8c3aghLN2h3eiw5Q== +example.com. 0 RRSIG CDS 13 2 0 20670924135857 20171006122857 46856 example.com. 8tPTolSZPvZUSpIs+nb4x/QRrNFgZG0jqqWWnQH8zy3CRS4L91SU5Z08aVz632n35toWv+uqG8LXI0sLKm6M4g== +example.com. 0 RRSIG CDNSKEY 13 2 0 20670924135857 20171006122857 46856 example.com. 80MTgMHXqc8Eb+3LPjl9fJ6sjNR40MPVKUfD/Qw0mzWHjz8ZOUDxNZViHnmyoz4JoorrO5b2yAx+ojpt+FyQLg== +;; DNSSEC NSEC3 chain +9sq7g935u0bb7md3rn34uh1aknnjhf1k.example.com. 86400 NSEC3 1 0 10 90E4D95759B9FB50 9SQ7G935U0BB7MD3RN34UH1AKNNJHF1K NS SOA DNAME RRSIG DNSKEY NSEC3PARAM CDS CDNSKEY +;; DNSSEC NSEC3 signatures +9sq7g935u0bb7md3rn34uh1aknnjhf1k.example.com. 86400 RRSIG NSEC3 13 3 86400 20670924135857 20171006122857 46856 example.com. sFlwNYgq6HoBDlXp9vC0Ck5uJ76rJyf4zfdQmTnJ8aB/44XvDoQ+tGIn4ilVN2SxzyT1A4c/nWOyMMCVhjXARg== +;; Written 17 records +;; Time 2017-10-06 15:58:57 CEST diff --git a/tests/knot/semantic_check_data/dname_children.zone b/tests/knot/semantic_check_data/dname_children.zone new file mode 100644 index 0000000..5758833 --- /dev/null +++ b/tests/knot/semantic_check_data/dname_children.zone @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111214 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + NS dns1 + +dns1 A 192.0.2.1 + AAAA 2001:DB8::1 + +foo DNAME bar +bar.foo A 192.0.0.1 diff --git a/tests/knot/semantic_check_data/dname_extra_ns.zone b/tests/knot/semantic_check_data/dname_extra_ns.zone new file mode 100644 index 0000000..e188742 --- /dev/null +++ b/tests/knot/semantic_check_data/dname_extra_ns.zone @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111214 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + NS dns1 + +dns1 A 192.0.2.1 + AAAA 2001:DB8::1 + +foo DNAME bar +foo NS dns1 diff --git a/tests/knot/semantic_check_data/dname_multiple.zone b/tests/knot/semantic_check_data/dname_multiple.zone new file mode 100644 index 0000000..2a6c0a2 --- /dev/null +++ b/tests/knot/semantic_check_data/dname_multiple.zone @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111214 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + NS dns1 + +dns1 A 192.0.2.1 + AAAA 2001:DB8::1 + +foo DNAME bar1 +foo DNAME bar2 diff --git a/tests/knot/semantic_check_data/dnskey_param_error.signed b/tests/knot/semantic_check_data/dnskey_param_error.signed new file mode 100644 index 0000000..1a2e936 --- /dev/null +++ b/tests/knot/semantic_check_data/dnskey_param_error.signed @@ -0,0 +1,70 @@ +; Zone without any semantic error + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + W9EprjaR4loSnNW96h4rLsquPDw3LHYvD05k + djkQofHSkMNZAJ7Q+eA3Fs2ik5fnJFM7wi5C + MtFsV2TfqMJFmg== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + I9Je1S7XhZIW9C0fWE8NwFLC2rhHklddNYBO + dxVKL/lxENU4jPPBwZBGrcYn2WVHgkIzjG0n + EOHONAgRFPi3Xw== ) + 3600 DNSKEY 1 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 5 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + vO2UQiTN/CNUZOmSEg8kJlR/UqiAZHc4qMwj + 9u31sbPmOMuni+ZGuVCFFoEMtZerIkkQowkB + sXJFkvCP5oF2rA== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 31323 example.com. + Z+aaLu4rmzekfhlj6A0ClREloRi8MloRHf/3 + Dlw/RYY1hrOCfcZKEY6AXeVdUwESEsSkSOco + CbhyGHH10dKAAg== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160229083110 29600 example.com. + d69kc52VdALI8fbdbflsVsltc1m7bI6QsJ5U + IDE9fy5VqcufZecZMKuozPDuF2vBA8ADFIRU + OfYgKs6YNIOLWg== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 1 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + D24JCtCcNzwsY1FXVliAjxMm+x95N2eUTXn0 + M8NK5glSk1yLtnAUKzHxpRExAJLGUiaG4yPu + 2yGZuqwNvJztzw== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + F7y+xW/C7iICgmZeYrF4e7Yx4kWZAZPAMzlu + PtWVuf37ySg1VfEWcQcDP04vF2rXVUqSMEcj + bqUVN5W8Hoazxw== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160229083110 29600 example.com. + MoYrL/lToC4AHo6KCZRiBRmCMWHUAx2Xt32A + P4lDpwA+wiBWkCZSfVTh60AosS/BIGtBb2BK + mszMx8CLBvkjRg== ) diff --git a/tests/knot/semantic_check_data/duplicate.signature b/tests/knot/semantic_check_data/duplicate.signature new file mode 100644 index 0000000..77bf21f --- /dev/null +++ b/tests/knot/semantic_check_data/duplicate.signature @@ -0,0 +1,19 @@ +;; Zone dump (Knot DNS 2.5.0-dev) +example.com. 3600 SOA dns1.example.com. hostmaster.example.com. 2010112269 10800 3600 1209600 7200 +example.com. 3600 NS dns1.example.com. +example.com. 3600 DNSKEY 256 3 7 AwEAAd0e6EjJ0PgChDpbjB9QtvJ0ZqwKC/j7wlEOOB9owqefH/taZ37w6QR8Ysvvv2058AflDcCP3qlaOXp+ogq7AhayA+K4kc/UQyTPCe2jXKlX9IB0KAsr8nO9UEXzjYuyBw80Ry86Xxmj7OGYRu8eRm3ruOjVJy8hCrEQ7680an303Iu3Ixnmo8lPTPPMg4dbFXZ/RW6Sanrr/Sy6fre87XY58yywqX9lZOh5eqBeZG9WvU/HycrDkx5AcwD5etVk98tVTnofShY34ePZWDmRHEtvBpMzNObdomgM5we+DawC6P+Z8PFeGz+OgN7WVzkjm+MmYAk1aIeLQyNIE8SyMts= +example.com. 3600 DNSKEY 257 3 7 AwEAAea81n0wL09ZMejh806rJ0Km3MYC+ySPWnOmV70nEmONbnduRPpXWjYSqFmH5kldfNdCH403kI/YCMYDYBAPFPbhxuZuVBaJJqOQVsI4rpwj+XiANfGFAq9pZ0oA8iH7gSoNUCf6+g2hcP0ajYoqCjUZ7ZZQNytV/x6foW5t5PbyPNeAU1AEKxk2VSg1TMfkccZqTIx1ofS0N102Z4tOBn26judPqLc0tXMCJc7wgekqG04IGe7UWfk9xWtwo2SbtX9diErF8DJ93C17OWkb04n1xCm3i8/XZadA/HrBjfX/NvlHF8qnUQzzxN7UGrvBD4hE12R9ICj4YNFZViOTdvs= +dns1.example.com. 3600 A 192.0.2.1 +;; DNSSEC signatures +example.com. 3600 RRSIG NS 7 2 3600 20170403124401 20170403124311 40703 example.com. ltKNDw2O/sIwQUsv3UCKqOtZYvWNJ0mHo2xDxpzZXfAiMbgR4k7jBIkpSEpcBiBlH7EvWom7CYVigPu8Y+j/Jq4uv+wmVF47OVY3YZvuzfprWj+iOQwPlfDJfUPx+U+73SSsZ21B5/+auB5cada730B4gQKmldleVGg5aov4H2+BpEyrsSs2o79qiXNBzLPqrZEmT0nfUAvQC8xhFV/71I8Q5qtfa3vO6DLSOBmBUtAlGKqfpWoZ2w+QDdA6rtOe0haizTZUtghL2ut47bdTR253brhUccL6nnLc5//jTUBToIhmG/p698xLnU9BYnuHIi74xsb3hVr5b46W5gAGKw== +example.com. 3600 RRSIG SOA 7 2 3600 20170403124401 20170403124311 40703 example.com. E9a+I8HDh6ycTVkFgOWkzbH7PWds7ewp1M5lUci13ZzMVWsJeFW7t1tLnnOtvz2H8pq5/BevPB8iZBA7rHH7GxoQ5P8xrxAO6HvuRZT8O4kYAWRZ0QHhMIvY8f6VqTyoOmzgIGt0nJ3BL/XJgxIiFrsiLyih6+dkckEu62F22+FFvlv49ufKkCo+EUQPCzo7ZYODc8xKWo97SmaADzjfz7Hq9UPHraUgLhNkfBDbI9YPCGKaJaAiqCBy/6ih3SyHxVPLcIz95okeo5AJVszFIS+8pNPZssJBpWsLKYyAGzs2dsliRwS9z+a3wkHXJIfbLX+r3kGhcG4lQMYDz9SrFA== +example.com. 7200 RRSIG NSEC 7 2 7200 20170403124401 20170403124311 40703 example.com. poh0BT+nUD3sM05axVGC+k7jj1r3YVNcx4bn/0cviNxzCqLY9RGgImPWsmkTgbJpmCox9SHzpTqL8acIQDNZaciNH9WeYKvn7wkap3z6jtCuQRezM3nUx7E37fzbnNC8MUoWkV37y3FSmtiza9l1isrE5dGkNMOsBcPvIp5wrbQ+dH4cMdcgQuW+NDjee6czIeeYtyarBWhq30S2lxroh8VXlrFDTcbiIY4UoGzJDfevvsonNFQXc+p7qq2fU1fyU1e3Ugty9I23g6fLhLcrmflVbYpcgE8/02K4asu5D7x/dOq21OU/jJfeudk66l6CVw7c3Qh/N63jRn8SsCj0Sg== +example.com. 3600 RRSIG DNSKEY 7 2 3600 20170403124401 20170403124311 5154 example.com. RmAPllqg+CEX+vj5KKmXGYsF8vqbqLoXSYqSOSWbvgWRazKaQU98fpJWdrmqylkR6Xa1fnbvliP4N/0MGremNejsNPvMsJ4GvpyM75Mb4BEf5mwwikW6xov9V/n1AN9grWofj/r5evsZYcxIR7naM9oxV6qJvy8fFIjthG805MO18bYk1/Och2x9TgUf6DTqKNBHQjk1AfrhVvpuLjdNnNT16Ak3izrCLOm2tuNTaflkYkD0n06ZIAsz1krJWztpncA2csnKQmdybSL95wZnFeb6nkmq+P5vk3PuTENIMURYMCNfzBHogLfbVG5HpDhaHkcM2zSe1qATbp9xRZujLw== +dns1.example.com. 3600 RRSIG A 7 3 3600 20170403124401 20170403124311 40703 example.com. iYfVT+HPDqMyH9f8aLrzNK6sOCoo38tlRJ5tjiko0DOpsWp20LLgVQLvKsTs3SfdC0gYzMVQCgzfDMbAgrEvmm4ZEQT/NSUhcO2t08f6pABn6GSdoswFupi0LGdQmgj/MbOET02OTALh9I6g3Ir1+bF+C10GS/8CYqffO/52IEJylc6AzDCwAjfkI/55hsuv2H8Wp5cqEG5yAlL4fK+U2zQWEuAGOtGbEuzeKcEDV6iiAuFge7ClW+CbB3gQxEhDdx5TQNNAcpzHmum5yfsfcFkIezZqIzEvOQWg1nJVcLvYnuBqyMWv/uGbG4CxTDy49U9JB/6QfilMk38VVcitZA== +dns1.example.com. 7200 RRSIG NSEC 7 3 7200 20170403124401 20170403124311 40703 example.com. gtRE8TafAp50tzk3rAub93X69pp4J7uPzXPM0UAAp97oVMqcqvuZh80fICLmKl7xShvBx+AYfV+2CoeMW66CXVHTP8CyIjLyi32EGgL75Y2xs55/lEOaMl8hREgxniopCWGX/5vjmY0SBdGWVQVyeQeb0DbTXFWQNw/1LUPueoM1zqGcHFKFt5Y1GidboUEDsNeCmG3ZzGV9/v9sVUezzDK53uaHm8Ojz6E4N7kg6qXDF32ZAxs0dDjh46bsaTNvMLCEXqO2imHx9Omc2wYyCt/roMoeYiulXQ7yHYt0yQuCYwqxxMqJ4z9jvLNdLxH3YZYV0CVUrNgNC/5vtUILsQ== +dns1.example.com. 3600 RRSIG A 7 3 3600 20170216152943 20170216152853 45258 example.com. j7H3N22L+tqfwuSd4GhIwMyjrFSY3+kypIcOvg0Ipbj4pAHsJOJTiW454Ueq54G/0ntoHxgmGLv3d/EV9prMPPQz8eqtRcYFip2NuEF9bJsIG3SMy+0HolPK+8D7B0MOGFA2TExKNknS7sJy/Jn/yQrf7BHubC61zWnqB+vN7MNlJASXEvy3008oi4FScSsrAVIrZK+z7utY4exkCVfELC7flGenoyPDFR12y8WpN/Tk6q1H37x+EKaQgFj361Bm6f/InPKW8Npn/SNCIJ2DvSWAnj6+2n1mse0sC+rKhRIDMDopu7JzTjpVs9U/p9BY5dtH/3YvST4Vz3syqd1unA== +;; DNSSEC NSEC chain +example.com. 7200 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 7200 NSEC example.com. A RRSIG NSEC +;; Written 13 records +;; Time 2017-04-03 14:43:12 CEST diff --git a/tests/knot/semantic_check_data/glue_apex_both.missing b/tests/knot/semantic_check_data/glue_apex_both.missing new file mode 100644 index 0000000..74e37f6 --- /dev/null +++ b/tests/knot/semantic_check_data/glue_apex_both.missing @@ -0,0 +1,14 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + NS dns2 + +; missing glue for dns1 and dns2 diff --git a/tests/knot/semantic_check_data/glue_apex_one.missing b/tests/knot/semantic_check_data/glue_apex_one.missing new file mode 100644 index 0000000..47ee797 --- /dev/null +++ b/tests/knot/semantic_check_data/glue_apex_one.missing @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + NS dns2 + +dns1 A 192.0.2.1 + +; missing glue for dns2 diff --git a/tests/knot/semantic_check_data/glue_besides.missing b/tests/knot/semantic_check_data/glue_besides.missing new file mode 100644 index 0000000..38ad890 --- /dev/null +++ b/tests/knot/semantic_check_data/glue_besides.missing @@ -0,0 +1,17 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + +dns1 A 192.0.2.1 + +deleg NS dns2 + +; missing glue for dns2 diff --git a/tests/knot/semantic_check_data/glue_deleg.missing b/tests/knot/semantic_check_data/glue_deleg.missing new file mode 100644 index 0000000..291b450 --- /dev/null +++ b/tests/knot/semantic_check_data/glue_deleg.missing @@ -0,0 +1,17 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + +dns1 A 192.0.2.1 + +deleg NS ns1.deleg + +; missing glue for ns1.deleg diff --git a/tests/knot/semantic_check_data/glue_in_apex.missing b/tests/knot/semantic_check_data/glue_in_apex.missing new file mode 100644 index 0000000..a02f6bf --- /dev/null +++ b/tests/knot/semantic_check_data/glue_in_apex.missing @@ -0,0 +1,13 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS @ + +; missing glue for @ diff --git a/tests/knot/semantic_check_data/glue_in_deleg.valid b/tests/knot/semantic_check_data/glue_in_deleg.valid new file mode 100644 index 0000000..42adf6b --- /dev/null +++ b/tests/knot/semantic_check_data/glue_in_deleg.valid @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS ns2.d + +d NS ns1.d +ns1.d A 1.2.3.4 + +; glue below another delegation is not mandatory diff --git a/tests/knot/semantic_check_data/glue_no_foreign.valid b/tests/knot/semantic_check_data/glue_no_foreign.valid new file mode 100644 index 0000000..4cdcbe0 --- /dev/null +++ b/tests/knot/semantic_check_data/glue_no_foreign.valid @@ -0,0 +1,13 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS foreign. + +; glue for foreign. is not mandatory diff --git a/tests/knot/semantic_check_data/glue_wildcard.valid b/tests/knot/semantic_check_data/glue_wildcard.valid new file mode 100644 index 0000000..9e36b5e --- /dev/null +++ b/tests/knot/semantic_check_data/glue_wildcard.valid @@ -0,0 +1,22 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + +dns1 A 1.2.3.4 + +abc NS a.ns.abc +deleg1 NS a.ns.abc +deleg2 NS a.ns.ns.ns.ns.xyz + +; wildcard glue + +*.ns.abc AAAA ::1 +*.ns.xyz AAAA ::2 diff --git a/tests/knot/semantic_check_data/invalid_ds.signed b/tests/knot/semantic_check_data/invalid_ds.signed new file mode 100644 index 0000000..2435014 --- /dev/null +++ b/tests/knot/semantic_check_data/invalid_ds.signed @@ -0,0 +1,106 @@ + + +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + 3600 IN DS 60485 5 3 ( 2BB183AF5F22588179A53B0A + 98631FAD1A292118 ) + 3600 IN DS 60485 5 7 ( 2BB183AF5F22588179A53B0A + 98631FAD1A292118 ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + 6DFJITU5VML86QNKU9FO2LJDDQQTQPVT + A RRSIG ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 IN NSEC3 1 1 10 - ( + UI312KQOP1NG8IQEIEFNPSLA94KB5Q92 + A RRSIG ) +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + KElp8dLKBKFzgEFV8r5aP9pCyYUD+Z8rLBA9 + KkCDm1y82x5T/Cu5UXuZJwhvDGDzwPqoY5Dr + Qbiek52n6umbEw== ) + +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DPwNyH7r/4wIBfTGxikNv4pY7omY6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + bGk1vLxVuJpcEy7n0gPvQVzfanbvINLJLcbD + eeie4sXZZAOwu6oQZy6kd8tvKtV4mL0OJzpH + XCO6BdZkmk/aQA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + roe4aBp4G3TqQ4x5eRxbVIjApIh17gXDjfOY + zvRFLOkrwqKz3eX9WrRiCk3bYNn8s1fuenaQ + OSV1D5SL7utX5w== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + c1yhXb8wRGYndpVqG61+lHAAbZg+JcVYGPX3 + Fw0jYigN4G+P0+VUCqPLkC4yfJylzuefyGfk + TUmriM3ihfXxIg== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 31323 example.com. + mZiLLTzbdaj7EJ8uj3TwvcvAfaMxYjyavlGT + qpa+cElfvBDm7R6MF4MaEQ9aZ2ylMt1lppjq + YyYRaaQC6yhm4g== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160302125715 29600 example.com. + K3PkVYZZV8QvZFtDsz9+ZfiM9wDkFu/eO2S5 + tAtCXd1fktcW44TLWL0qADfFEEcMotvzLqv1 + YJrD7TvrFDot8Q== ) + + + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + vlzRtVFa44pRtdD8XZcgDa6021uA9A3TnNEw + 5jRnor4aoftUuVQNAanQMCgrWk63d14XZ2d0 + lqhxunAbh08dsQ== ) + +www.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + NWFuYaSEg3z3K4l/fHu/X9dK+rDZ177BbCNN + ZeFTPCAdOnX0nw1CQys629k7Vzdv1pHaanmy + 0Ru0tX9R65NlKw== ) + + diff --git a/tests/knot/semantic_check_data/missing.signed b/tests/knot/semantic_check_data/missing.signed new file mode 100644 index 0000000..75c7d22 --- /dev/null +++ b/tests/knot/semantic_check_data/missing.signed @@ -0,0 +1,20 @@ +;; Zone dump (Knot DNS 2.5.0-dev) +example.com. 3600 SOA dns1.example.com. hostmaster.example.com. 1081539379 3600 300 3600000 3600 +example.com. 3600 NS dns1.example.com. +example.com. 3600 DNSKEY 256 3 7 AwEAAaBgc4O+4UWd7mzSyelnPb/le/x0q/E90B/xnlf56kgEFMvEGz++o6CMRXr5JfgyxDDsahxTwFoWu30KJry4MjgcwlETM63DFpIYtyDBsi8TlQFEp5NDrlYUWlPGiPfywZBVkHGFMcFct+5/ZalTzYIP39tDytZcPZ/IgQRQZA9qeHYIw51YX9IlNMalHFCtJyrpzCdo22FY/vwBwSbdCa+vzkH1Uu8JkIqyAvAGkuwVisgpMpzWhvJNi5WSAnQfwOcsYCftINAHdRXtuqyG+uU/RDcZ2psx+woi+mYzEPeYV9MEqWpDyIz7jS7e1hK/1o05+qY8Eu2gt4enRj9BQr0= +example.com. 3600 DNSKEY 256 3 7 AwEAAfcfJSUnim+cR3YEc4VfdJ5W65GNlK0LQaAh6vAejH7uol8VYmXdlyz+wlhad+DyRM5Jl+XJVFMMyFUqWx+Q63DPRtl+TlN/2pWU2gsNHUoovFhFpdX1cQMVoxr2QLgsm1ASTeqvZV8Dn0xAlNRihNv877sTySjveaH0JpuVCMpe5DB1zVbAzLgDqFKAvwJCumdycp7RzMi9PqS1XtsEInKi+X/zZteTJbDO7l+tFt9/NgFxiaLgNo8Gz2oVBTQvAbjCDEi2mPA/YJrpOGZWNkB2L9HFSfzZih8BbgUI3Fh4lhS8XCVrfVV7K9YR2F5NBVi7h0Mk15hzNsSS7tRK1FM= +example.com. 3600 DNSKEY 257 3 7 AwEAAcjdwuJkjM8G5rk967z1cJqF88BqpvN2GN/6Tj1XA5AbIx+33qy5JI6K43ehlT/neLizOCk/JyXaw8gcjQaDKcIy0vKysXvI6yK4PNgHTdzQunBqGTfvPDlXKCle550R/DJF2OZH/T7jgX2GhQlem6UB3A23n24YP50IzAmXK9RYdE/dMFXU5jEz+CjcHNkB8ZCb2VrKE9RDjY88vr6lyM2kPbvBtx4UaUSEzwlDMRc3Wf+dBWKm6mKWAPsHZM/cux+S2mca/cxEA1ngCgBBbm7824WjTXgDs14QWuwruMTqLPDujUYND5kbsiuhQsfEFGVq2UyhGEZG/NoIEEg7qLc= +dns1.example.com. 3600 AAAA 2001:db8::3 +;; DNSSEC signatures +example.com. 3600 RRSIG NS 7 2 3600 20840201000000 20160302125715 7242 example.com. B/6k7YAQGkiz6IkssLZblExgMZBE+Flkhv/leVgvM4RLPPpQ2znouYyrSbVCcU5irA7PFLbee5Mn1aWj2S57L8yGJjHBuamQSIO0GcvGcmXi1CrdaYXSofo3PtnKpM8/mG3+8RCUL5YhoxhTK4Y5gJrYGPkRPKsBTw2Qd2TUJFebtYgCuGN8Q3UwbeYPw89rNbqC3a7zsGwJoZKgDnm3NwCWcv6NRTcQA/H5v6T0/QvYbZpBMrjl3EiAWOccdUlQnALngGSzbJ2GnmK933VXYhuAoSKEN6thauOBSLkdCh9afkUzo/t7xhTJszo0F1uuavs8PYf3HjmdnMwdPMkUuQ== +example.com. 3600 RRSIG SOA 7 2 3600 20840201000000 20160302125715 7242 example.com. dHmPqRl9snHFavwkkAFZqHDmvUrI3+e+dmEexqgW9txr30fbrkeGAp6ApdZlqJiDTJ/2q0UoyQxSYe/BzgV4gEBgTTgfmC7m9eHVLTD70KMlNuvwC4jkh1vWT1Zn6IFUsQtJ+54XfRTe/2VHyeK7saqsA/ARRZGOzk6To8CWxNCApUdLZMQO9UTX7uVcXKkPvfMvlhx1fmn4OE8ntwbY1oPosQb987N8V8x9Rb2hINr4DCkXNDydDZAh4vsZO0DHPlmyfkyNguQDmdgnDz1CVbJzguy8tqeMGT7CrwU8AmX3JADQTHoxjnWEidLLUa/gNDRFcRc5YMcdZyImHqdNZQ== +example.com. 3600 RRSIG NSEC 7 2 3600 20840201000000 20160302125715 7242 example.com. bjw2G/BwF2xTP/QSkKqdr7byUS+nqMvfppuhZmH0VcysAKN2oqsV51bn7gWej6dnx0svtX7nCOlwdDFSCMJld5BGZFnAfhS+XVc/wTeZGMi1BkeJxlT3UbGLhf2DuLLyL969HPltL527vSysjBEmi7OsTlH+wXD6SW35ZClajNSRLjxrRpVHTGpA5uyyysHRYNXAKS3+SSc1N/Fovjgzi68exWD0BKTGia7Nf9Fn+bqvhbYh+pMHA7djPFJIsER3OCBx7H1KMxl6rap7Q3rC0I289xnnsOqRh/GnzSVgvobKWozOOs9XXNg+w9ioSos+kbzTxxSEvLKqNBgCbLjUHg== +example.com. 3600 RRSIG DNSKEY 7 2 3600 20840201000000 20160302125715 37855 example.com. EHXazcQ27b5Cjqd1T8TAui2PrUqEq7cBxk45OA8BfBDmOuH2vXFVL+juCM2gCvQ+0oZmcJmpkjMCxUqQekXgxRy21PlEzJfR3VHRDSYCSogR9cCLw9T9OiFXugZAtYcLVXVHddKu0+t5yeQqdStgLBiz9EmeuPFYd/h/BxKI8FGx/TjHNzd06SKgxlZAT/vCGhEswgSIpxJm4Ju561vT2/Hh+NmD4jIKVf0OUSkfRVRbxpzMs0HaZx6s0T2mcL8so/rEXjSIORkw56Q7x3EmYQDxNJjoNo4nHKT0/pciCey+vHj9pxxaiave8wLBG96JpgJgSV7BG8TTbE2q62wX1Q== +dns1.example.com. 3600 RRSIG AAAA 7 3 3600 20840201000000 20160302125715 7242 example.com. h0oZ7ghuhANB27zD+M1m0NyVUHND7g2qI1IfEKDjMzZ34wyqM0xWLm/Izln86ol4naDvJU3a7hsJS/95DdvW/s711Oi2nKhX/Hkjvnzu8WVcf5DvEKYQe/fyZ676hnwviKqFzwmfTAKgIuSvt2uZzJkpcyL8ZE6O/GdPrcR6rTuuDI30F4zXIWPmuMNLR2qJv59DwM0tZScLdmRGKGnZNpdxDvtbCsZrXBUPrOE5XpAw+fe8+oL3UEeKQZq8qFhVvegl4TAuk1a8CS+zG4E1ABQKp86J1h0G4l/ajmWqq2T59lHsBAOuX0IbKHEHIJzwRd9EV7LM59EtJVacx8ZCkw== +dns1.example.com. 3600 RRSIG NSEC 7 3 3600 20840201000000 20160302125715 7242 example.com. Pq6F6akEhyIqch7vwWJ5C53FW1UW/Y8vseFqB6tzql5bnIYjEwikgiWR85uvSUNGvsjHbadBYiVh2i68k80ws/2LecQCvguSH+rMkqqY9go+pBh3pdiNlJaJZp3zJQ6+E35xOA+p0G5t84Et3satJl3OcpVthrdBKuotpDg4P+nOpfLHkI3FO5vehxs71HmESQli5JllhPNMH6WZfWsP74D4DgRjUpIK9hGznCeuZxJT5+S5wL4fzqb+P20W30bsQqMbo9GNdPy5AdbwZoEKJVoN3HC/sv03ScQzWUxjamHCQOeZFys25fFlh7+JU1xYSb3V/fPhUUuf7OsBVvn7+g== +mail.example.com. 7200 RRSIG NSEC 7 3 7200 20840201000000 20160302125715 19578 example.com. gjNXoKVddN+Z3MmHXxs0v4Gv/3zaTAg0mBSLkSp8Ion6qKj/aR2y50QhNfZGVEZSmyerDiaVpfPMN+q9mwx+6xmv4/G97DkadXBYt5IXGR1fXhMCF+RLJb5ePYjQKSk2TfRMJAlk1Mowfvlp8rXFrT576y2F+IXKbpiJOdRt/13Wo5IUbw6LLFDOeZ3fUiZtBmoWTTjBnrGWYdb+ePcSXID+qM5TmRXqIOFceJvt/RhGZ5LYAchgM2sZDf4Asacxg6Z6vS2cA1opTLMAIu+cuEmq61cSJxWHblfXIpPMXFG+4i+nkCxEFxWyxt9edlAeHS/l2AiHQl5QeuzwEjFI2g== +;; DNSSEC NSEC chain +example.com. 3600 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 3600 NSEC example.com. AAAA RRSIG NSEC +;; Written 14 records +;; Time 2017-03-31 15:38:20 CEST diff --git a/tests/knot/semantic_check_data/no_error_delegaton_bitmap.signed b/tests/knot/semantic_check_data/no_error_delegaton_bitmap.signed new file mode 100644 index 0000000..abbf088 --- /dev/null +++ b/tests/knot/semantic_check_data/no_error_delegaton_bitmap.signed @@ -0,0 +1,61 @@ +; Zone without any semantic error + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008173446 32411 example.com. + /R/djqaZWRo1zCmz7B58/93D8ZxJoZAAKEbH + xuCsAJ5dm2ubvtgvqmhNXMqdVBvpb2OPdBX8 + VF1j9RsjuE7ORQ== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008173446 32411 example.com. + AmyqpqMfMEztA9S1Urv6yEtKd5yc6kkSedRU + uLp7velyCkipFzWgpzRVDqn+wp2ZaHig0Fod + kryw3j4yHOLlHA== ) + 86400 NSEC deleg.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008173446 32411 example.com. + 9tR3kL4pVEYsHzt888pbP0TtS/npeApAEUfZ + L5rXQE0WqBLQGtyEPYxujFuaruvxH0SgLl6r + n6MKCEB07DjhTA== ) + 3600 DNSKEY 256 3 13 ( + C7v6eelCoXgBoUjHe/gKdsnWNw04GH7PpYMo + 2hF5jaeq1zkLSXkF2xS/04MgBTFFYuDU+LGt + 8kMKNc8o2wH2jQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 32411 + 3600 DNSKEY 257 3 13 ( + m6KdGBizfDaUhcW+nIHuRdufZFcSYlZ5Xoky + +GcH23OxZtPzPwKwpg5rTx+RCRPlVpmwyiW3 + aC69n0Q8mr8NpA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 60051 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008173446 60051 example.com. + SD4149dui/vuky4G6wiJQLUw5b8XpG+Cy/cf + +9CSbuKWHRcC1K0wVEw6xyEah6eD/7Sh0eFA + EECgej5etJbL3A== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + 86400 NSEC dns1.example.com. NS RRSIG NSEC + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008173446 32411 example.com. + HFA1XBdjaUvb8lbyhXVDYxTUn8Nr2HNC5ktc + kPBW2AGMQiVUtyR3vPxUIiusxsQn+uyRL2QC + NBG3ANo5exT8ug== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008173446 32411 example.com. + 4NLhmO0Sa3yk1ZikWSRYEX0FpHK0NkTGk++h + RHJO3E9M6Og1am/PiPf67DAe/2n4ANItC/SH + u/1WSvYQV7OZqg== ) + 86400 NSEC example.com. A RRSIG NSEC + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008173446 32411 example.com. + pQgr7WzGpL8gbbAcbeYEIYBLq8lCAuE9NaUf + itYKBFh7Cbg4YrLOoeAV6v6V4tfZPpmNpd2U + 9VUrY9es4QfX6Q== ) diff --git a/tests/knot/semantic_check_data/no_error_nsec3_delegation.signed b/tests/knot/semantic_check_data/no_error_nsec3_delegation.signed new file mode 100644 index 0000000..86c3300 --- /dev/null +++ b/tests/knot/semantic_check_data/no_error_nsec3_delegation.signed @@ -0,0 +1,73 @@ +; Zone without any semantic error + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008173641 61552 example.com. + E7WaHxspFd9oLMw+olrSJ3vmjJvFTVvycLZK + vP/u22jSBPzXzJA6+j5jL6wYQqNkiByBvn/V + cfgTEzpm5WCw+Q== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008173641 61552 example.com. + ZVRKA8Dbs8tijcRN/bffIspeKxYOsQLwUaa/ + Q3XQ0jxbc33bTixwV6xs2KnKNKnVqUZnXrLy + VrnmgXrZwdWlng== ) + 3600 DNSKEY 256 3 13 ( + ZSeDf0EC0JPTMCCt7Q6PRXUwBJ/nSlad9A6v + 977MybwCcQ8zN79P0gPFIxlhJJdzNqhgjFlf + vivXOUDulSSI9A== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 61552 + 3600 DNSKEY 257 3 13 ( + /QdSjuxZryoyD7klTN88pnMRdHr3kJoJV5y+ + W/a0T+3BAOrcr5K+ruLumK7h22EU/lvqGzkH + qwbNQou89M96cw== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 42777 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008173641 42777 example.com. + g/MtgDB9/NQo4u6IhIITpgVATHc6TSgkAw2G + ts/usjOM/QSgpHQ8eLxn94krqln5BoPXexeg + BEWzg1yy+hKKFA== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 13 2 0 ( + 20601231235959 20201008173641 61552 example.com. + 7dziD/TwhhSCFcjG0XcxB8FJuz8g94pjzRWM + WTN+ZSrhm8LICEmZV1PeQwu77w5WpGWE5DI5 + ea078nTwL2hR7Q== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008173641 61552 example.com. + URGzLYXySdeOtXWW5ph64pNedd7/cq0WYcbd + nArHBIN2S08knOfV/OHOMDaR7WufUbIF8bPQ + FxDkURlAhZbH9A== ) +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 + A RRSIG ) + 86400 RRSIG NSEC3 13 3 86400 ( + 20601231235959 20201008173641 61552 example.com. + Gsq0CIrN0FlxLeKvuUDc+8RqSQtnQxzx80Pe + eoyDaFw1tbe6Q7YEAM2GxxHqTEHrT3oel0sY + Tv+VlMmKkvXjBQ== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + NS ) + 86400 RRSIG NSEC3 13 3 86400 ( + 20601231235959 20201008173641 61552 example.com. + EoUde8+mJp+ZehVCZmwzm3FJqJ6A/FU3C4xE + kY/v1Rv04o+U1lP7OEb/IEKXwiJp6lRtNV+4 + 5IoHIj2SS3VVFw== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + 86400 RRSIG NSEC3 13 3 86400 ( + 20601231235959 20201008173641 61552 example.com. + 7Oi01mTqe1ZmshYh8fY5xjB29wn3ZIUWQlk5 + vpxY6ExbIPS9hxEW+E7ZqIkIe+G24dN0uxUv + Ru9+TF8J0FmliA== ) diff --git a/tests/knot/semantic_check_data/no_error_nsec3_optout.signed b/tests/knot/semantic_check_data/no_error_nsec3_optout.signed new file mode 100644 index 0000000..162d8bb --- /dev/null +++ b/tests/knot/semantic_check_data/no_error_nsec3_optout.signed @@ -0,0 +1,73 @@ +; Zone without any semantic error + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111221 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008173847 50991 example.com. + Sx+KLjF5CXA72DpzNAPGTnvxgVkYnFTby5iB + s9W3jKGzAulrULc1vQT+3qlwcn5QEbSF5hgn + 1END5XSBda09+w== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008173847 50991 example.com. + zVKNLQD7rZGMyvDgve6owlzFJMSlYl5ipNQK + csRD1zxDFuHleXvQCm8FIUycDNfMWhHNc2s9 + 4egmySesIYU0uQ== ) + 3600 DNSKEY 256 3 13 ( + fsusYo6WwsvIRG0sUChUxT/+OVjbsIstAUKt + 9K1XUJhVohQ5vcl+ouVNHI3Y2qS/QG+GUydo + 3V07g6mj8RkXUQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 50991 + 3600 DNSKEY 257 3 13 ( + MGFyaDr1XwpvtG9aI0YQqTb04vq4OdlQmshL + pevx+/Zyyy/ObA1+5TaxiMMW/awpr+Oe+BCU + nlO/vkwdE+Y5TA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 13472 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008173847 13472 example.com. + WrFYEyOsZRdS3dycDhEO2taiDWExHP6u9B82 + vsEuKPReSdRo9J7rh73/7lLJnCy3s2nIF/3w + JI+YSujbCi6hLA== ) + 0 NSEC3PARAM 1 0 10 7A148F1404032E16 + 0 RRSIG NSEC3PARAM 13 2 0 ( + 20601231235959 20201008173847 50991 example.com. + sqHv1vGfOvCrJZAModjKOQdggsI+q1554oWk + 8uP8aDNcqMIFsJNYnAaKw+tUwQ3a3qwNrtnB + oJwKCvEdodfzew== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008173847 50991 example.com. + BHxNoR/8eDuOf0uro0FhAr32lvLPXVHYtkJk + hLytkaJE8TeZrbmvQqOZPQFvpd+bKXEVfaPX + BNghbFskO8wlUw== ) +bgv0lkamjsoec22arugdnlttcb70af7u.example.com. 86400 IN NSEC3 1 0 10 7A148F1404032E16 ( + S57MPBJ9OEOU9OH6HSV2ANMCV8BHLRMR + NS SOA RRSIG DNSKEY NSEC3PARAM ) + 86400 RRSIG NSEC3 13 3 86400 ( + 20601231235959 20201008173847 50991 example.com. + 154MoFdP2smx09KBMiy36uNh+I7FVcwqUkHv + 2Tq6CpJJvsZcTH0TBx2rwQ0UEARbVg1fsEZw + S3mCUat1VTbhVg== ) +036n766anb525cqa642tmm3r4occikb7.example.com. 86400 IN NSEC3 1 0 10 7A148F1404032E16 ( + BGV0LKAMJSOEC22ARUGDNLTTCB70AF7U + A RRSIG ) + 86400 RRSIG NSEC3 13 3 86400 ( + 20601231235959 20201008173847 50991 example.com. + TS1jDhhKnv4QbWLzdvKbE0y4TduOJD8Tk+Ns + vvGv4x2cpNyqhbueaN2Uko+OAEmYQJYPfK/y + msRbeh57E0qsBQ== ) +s57mpbj9oeou9oh6hsv2anmcv8bhlrmr.example.com. 86400 IN NSEC3 1 0 10 7A148F1404032E16 ( + 036N766ANB525CQA642TMM3R4OCCIKB7 + NS ) + 86400 RRSIG NSEC3 13 3 86400 ( + 20601231235959 20201008173847 50991 example.com. + 0ET1wQ/5K9JEqb0U2moyZ2g3H5UVlORB3o83 + brB22Sr/SKklbtWaixENYKli0m3j1RohtDeM + dSm0rS8vPG3FUA== ) diff --git a/tests/knot/semantic_check_data/no_rrsig.signed b/tests/knot/semantic_check_data/no_rrsig.signed new file mode 100644 index 0000000..6a3161b --- /dev/null +++ b/tests/knot/semantic_check_data/no_rrsig.signed @@ -0,0 +1,48 @@ +dns1.example.com. 3600 IN A 192.0.2.1 + 86400 NSEC example.com. A NSEC +; missing RRSIGs + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224081310 29600 example.com. + ieEKhIV69ywg+YFSqdz0t17eE+PLl1eR4kpv + Mq6Q6TfjC7V5/PcFW6KRoP50RFp4m4cD0E7T + GpmpnPF++QV1Vw== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224081310 29600 example.com. + kYbAbCGzyWPBEfc0TH1calUiKsZi12MH3TNV + 7vtjOvIYEqeNmuJkrw899a7nOPNoahB6h7o/ + DXuRlFqYYCC16Q== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224081310 29600 example.com. + PchT9RWRkLCMxWAQ3ut6LZlh4MYT4CkAPThQ + cnIn0ORi/fVgGzlifQ88xfEdEr1ZoXk9PlhT + 5b+wocBOl2HhGg== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224081310 29600 example.com. + JLcSyR8KgSicUou0c7Zs7Ol1DYiaQ8Lfyort + 8a+5OP3em3r3NH1nJkiVfs8+xdvUcGlGkbib + RKlfRWiIcOEalQ== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224081310 31323 example.com. + EQMX5DPXhwa+blMRkzl+swUW3BtzpGJ5tGEU + hkH7bJfM51gIAO5qnUO/mMPnEA8b4dc20nnZ + 8j8lETDjqBLgDQ== ) diff --git a/tests/knot/semantic_check_data/no_rrsig_with_delegation.signed b/tests/knot/semantic_check_data/no_rrsig_with_delegation.signed new file mode 100644 index 0000000..2c36b9b --- /dev/null +++ b/tests/knot/semantic_check_data/no_rrsig_with_delegation.signed @@ -0,0 +1,61 @@ +ns.deleg.example.com. 3600 IN A 192.168.0.2 +deleg.example.com. 3600 IN NS ns.deleg.example.com. + 86400 NSEC dns1.example.com. NS NSEC +; missing RRSIG for NSEC record + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224081610 29600 example.com. + HhnlCtlIaZFVklpzVUnzm6AzFd65CSc4WCJL + f2o7Gkevu+HTnkiPN6gqtERC/BKJz1EKd2fC + KDyLxXw6KeTRAw== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224081610 29600 example.com. + rcHuZd9wTYykzis+9Z8uyqD8V9h22szf2bmE + GYNyJBlHZO0sOmys31xnvDfQ9sdk9hf1TUfB + 9ACGIF5lDHBEog== ) + 86400 NSEC deleg.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224081610 29600 example.com. + YGSe1OINjOY3I8BY1EoxcOJsDZ/DjGCT5nqY + J6BBjTcbT5S1W61SN50xc2sGB4Q8F2KTotAe + arzn4DGDt9mOMw== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224081610 29600 example.com. + rdmqHOUXqhwrJusNt/7FTV+AtO/v6Md3LXzj + /QzR/pCADNC6ZA+FvqaOycnUxoryKk7PY3pM + 5ispCMuEx/1OGA== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224081610 31323 example.com. + jELyXsaJx+G4heZJ96dyE12hSyTNFazwWDkq + 1Mkja9/bTTdYAd+t8fhf/c35bUiTVJWMivJe + +YcCwqGf2U+2zw== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224081610 29600 example.com. + ln2xuvghOWBDOfyk19Wwtv3oc8+1go3WQuMf + vel5x/uHVx6voNA25cpFIQ6nPlCo8pmd5R3w + paMxgoQtBkzBcA== ) + 86400 NSEC example.com. A RRSIG NSEC + 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224081610 29600 example.com. + EEKcIegUeyn/1FIgxHV+gSX3b/ygQPAcjD8g + aCt1yiO0B1xmVm09RJNxzCLaTKxQENhxIoUZ + 2l7250pBQnrlAQ== ) diff --git a/tests/knot/semantic_check_data/ns_apex.missing b/tests/knot/semantic_check_data/ns_apex.missing new file mode 100644 index 0000000..fd7b7be --- /dev/null +++ b/tests/knot/semantic_check_data/ns_apex.missing @@ -0,0 +1,11 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111214 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + +; missing NS in apex diff --git a/tests/knot/semantic_check_data/nsec3_chain_01.signed b/tests/knot/semantic_check_data/nsec3_chain_01.signed new file mode 100644 index 0000000..cd90b9f --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_chain_01.signed @@ -0,0 +1,80 @@ +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 + A RRSIG ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ ; wrong next record + NS ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) +; RRSIGs for NSEC3s +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229140652 29600 example.com. + PjEM7Bxxb7w67366fKCLkR9BVFAL0RI8RJCZ + 5aqoMVuy+ui7MLKxKT2LfeTHgBw1Cww1bbJw + Ip2zu0/ZGPfKzA== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229140652 29600 example.com. + DUMMYDUMMYDUMMYgc7Jx/FgAlruRjwsS/YJa + sZRspDGZhSqK2daV5K0lmK+XL8BoOtp7aXtq + VER5XcWLOebCdw== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229140652 29600 example.com. + XsJa0IUE2ddTohJmiuNVd/Po1ZOK0PDCuU7/ + CS0/wiZ5ZlxPdVUAYXuC7HhGH+ZPsqwZ4oUU + ToDbFqfdzmC1XQ== ) + +; other zone data without error +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160229140652 29600 example.com. + u5QMvOSkZBUM5tLiEAq3A+x4Ha17ZsNUYqeI + SuYA1+NbaBDxAtT6scB9aeA4lOTQ0TZvpGFE + YF/XxGtqvwdZ8g== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160229140652 29600 example.com. + ELZOh4iS9DpAafa8NTaI/eNL3Qwy+lsmgrzF + 7jaoR5yOURl/RZSJY+m9Peaq4ALcROdGJ0O4 + miSpdTIZsBSGZg== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229140652 29600 example.com. + sjxCP/grgOR+4vmXw7HU/hGSx5dS5QxM00IA + gZNJ6Lqf+4OSL3TEa1/qqRSFTl5uv3rqh5W4 + 8p2JoT1ZkcJj6w== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229140652 31323 example.com. + jrH48r1iPFRfbyIZWcARQrejVgrE9v8qqt4R + uPHjz5t7PYmZYH544SI9HtaWGkIJ9jzlxr5l + ikCWo1we50y9Lg== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160229140652 29600 example.com. + yIXzhQw8c/c/in+doXX5JmqoGiqoYD2Hhw6d + /aGXc5QLQqxyATXln02vkwt1d7DK/ha1vkfx + bvGdduXDQ7YZ+g== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160229140652 29600 example.com. + aMRzV/1+m9wQHWezSiwkmDEbnS85wB9dA5x/ + u2P7NPsgwMnRdfpVIMfaVhSJH88i5OlLTvL1 + sSK+RADpuoqnLA== ) diff --git a/tests/knot/semantic_check_data/nsec3_chain_02.signed b/tests/knot/semantic_check_data/nsec3_chain_02.signed new file mode 100644 index 0000000..ca70cfa --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_chain_02.signed @@ -0,0 +1,94 @@ +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + 6DFJITU5VML86QNKU9FO2LJDDQQTQPVT + A RRSIG ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ ; wrong next + A RRSIG ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + NS ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 ; wrong next + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + oErbN3Xw+0zAqkz5KC5nOsINblBc4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature+Z8rLBA9 + KkCDm1y82x5T/Cu5UXuZJwhvDGDzwPqoY5Dr + Qbiek52n6umbEw== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + ep1TVqEISn2ZOiBtizK2eyuuhsYyD37X9Bw2 + 9JOkecZnmzCwBqfMCBvRYmNRpMd512+ZnW/I + 1vIViE7CGwkHyA== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySginature6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + bGk1vLxVuJpcEy7n0gPvQVzfanbvINLJLcbD + eeie4sXZZAOwu6oQZy6kd8tvKtV4mL0OJzpH + XCO6BdZkmk/aQA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + roe4aBp4G3TqQ4x5eRxbVIjApIh17gXDjfOY + zvRFLOkrwqKz3eX9WrRiCk3bYNn8s1fuenaQ + OSV1D5SL7utX5w== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + c1yhXb8wRGYndpVqG61+lHAAbZg+JcVYGPX3 + Fw0jYigN4G+P0+VUCqPLkC4yfJylzuefyGfk + TUmriM3ihfXxIg== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 31323 example.com. + mZiLLTzbdaj7EJ8uj3TwvcvAfaMxYjyavlGT + qpa+cElfvBDm7R6MF4MaEQ9aZ2ylMt1lppjq + YyYRaaQC6yhm4g== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160302125715 29600 example.com. + K3PkVYZZV8QvZFtDsz9+ZfiM9wDkFu/eO2S5 + tAtCXd1fktcW44TLWL0qADfFEEcMotvzLqv1 + YJrD7TvrFDot8Q== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + vlzRtVFa44pRtdD8XZcgDa6021uA9A3TnNEw + 5jRnor4aoftUuVQNAanQMCgrWk63d14XZ2d0 + lqhxunAbh08dsQ== ) + +www.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + NWFuYaSEg3z3K4l/fHu/X9dK+rDZ177BbCNN + ZeFTPCAdOnX0nw1CQys629k7Vzdv1pHaanmy + 0Ru0tX9R65NlKw== ) diff --git a/tests/knot/semantic_check_data/nsec3_chain_03.signed b/tests/knot/semantic_check_data/nsec3_chain_03.signed new file mode 100644 index 0000000..80112f8 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_chain_03.signed @@ -0,0 +1,94 @@ +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A ; wrong next + A RRSIG ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 + A RRSIG ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + 6DFJITU5VML86QNKU9FO2LJDDQQTQPVT ; wrong next + NS ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + KElp8dLKBKFzgEFV8r5aP9pCyYUD+Z8rLBA9 + KkCDm1y82x5T/Cu5UXuZJwhvDGDzwPqoY5Dr + Qbiek52n6umbEw== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignatureD37X9Bw2 + 9JOkecZnmzCwBqfMCBvRYmNRpMd512+ZnW/I + 1vIViE7CGwkHyA== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DPwNyH7r/4wIBfTGxikNv4pY7omY6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + bGk1vLxVuJpcEy7n0gPvQVzfanbvINLJLcbD + eeie4sXZZAOwu6oQZy6kd8tvKtV4mL0OJzpH + XCO6BdZkmk/aQA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + roe4aBp4G3TqQ4x5eRxbVIjApIh17gXDjfOY + zvRFLOkrwqKz3eX9WrRiCk3bYNn8s1fuenaQ + OSV1D5SL7utX5w== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + c1yhXb8wRGYndpVqG61+lHAAbZg+JcVYGPX3 + Fw0jYigN4G+P0+VUCqPLkC4yfJylzuefyGfk + TUmriM3ihfXxIg== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 31323 example.com. + mZiLLTzbdaj7EJ8uj3TwvcvAfaMxYjyavlGT + qpa+cElfvBDm7R6MF4MaEQ9aZ2ylMt1lppjq + YyYRaaQC6yhm4g== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160302125715 29600 example.com. + K3PkVYZZV8QvZFtDsz9+ZfiM9wDkFu/eO2S5 + tAtCXd1fktcW44TLWL0qADfFEEcMotvzLqv1 + YJrD7TvrFDot8Q== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + vlzRtVFa44pRtdD8XZcgDa6021uA9A3TnNEw + 5jRnor4aoftUuVQNAanQMCgrWk63d14XZ2d0 + lqhxunAbh08dsQ== ) + +www.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + NWFuYaSEg3z3K4l/fHu/X9dK+rDZ177BbCNN + ZeFTPCAdOnX0nw1CQys629k7Vzdv1pHaanmy + 0Ru0tX9R65NlKw== ) diff --git a/tests/knot/semantic_check_data/nsec3_ds.signed b/tests/knot/semantic_check_data/nsec3_ds.signed new file mode 100644 index 0000000..c2220ca --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_ds.signed @@ -0,0 +1,110 @@ + + +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + 3600 IN DS 60485 5 2 ( 4EFB4310DB01A42E7882E102 + 7A73CC28E2E0FE938F2D5888 + A0DA0005B99E7FF8 ) +deleg.example.com. 3600 IN RRSIG DS 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + 6DFJITU5VML86QNKU9FO2LJDDQQTQPVT + A RRSIG ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 IN NSEC3 1 1 10 - ( + UI312KQOP1NG8IQEIEFNPSLA94KB5Q92 + A RRSIG ) +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + KElp8dLKBKFzgEFV8r5aP9pCyYUD+Z8rLBA9 + KkCDm1y82x5T/Cu5UXuZJwhvDGDzwPqoY5Dr + Qbiek52n6umbEw== ) + +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DPwNyH7r/4wIBfTGxikNv4pY7omY6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + bGk1vLxVuJpcEy7n0gPvQVzfanbvINLJLcbD + eeie4sXZZAOwu6oQZy6kd8tvKtV4mL0OJzpH + XCO6BdZkmk/aQA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + roe4aBp4G3TqQ4x5eRxbVIjApIh17gXDjfOY + zvRFLOkrwqKz3eX9WrRiCk3bYNn8s1fuenaQ + OSV1D5SL7utX5w== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + c1yhXb8wRGYndpVqG61+lHAAbZg+JcVYGPX3 + Fw0jYigN4G+P0+VUCqPLkC4yfJylzuefyGfk + TUmriM3ihfXxIg== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 31323 example.com. + mZiLLTzbdaj7EJ8uj3TwvcvAfaMxYjyavlGT + qpa+cElfvBDm7R6MF4MaEQ9aZ2ylMt1lppjq + YyYRaaQC6yhm4g== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160302125715 29600 example.com. + K3PkVYZZV8QvZFtDsz9+ZfiM9wDkFu/eO2S5 + tAtCXd1fktcW44TLWL0qADfFEEcMotvzLqv1 + YJrD7TvrFDot8Q== ) + + + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + vlzRtVFa44pRtdD8XZcgDa6021uA9A3TnNEw + 5jRnor4aoftUuVQNAanQMCgrWk63d14XZ2d0 + lqhxunAbh08dsQ== ) + +www.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + NWFuYaSEg3z3K4l/fHu/X9dK+rDZ177BbCNN + ZeFTPCAdOnX0nw1CQys629k7Vzdv1pHaanmy + 0Ru0tX9R65NlKw== ) + + diff --git a/tests/knot/semantic_check_data/nsec3_missing.signed b/tests/knot/semantic_check_data/nsec3_missing.signed new file mode 100644 index 0000000..4974956 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_missing.signed @@ -0,0 +1,120 @@ + +; extra record without corresponding NSEC3 +extra.example.com. 3600 IN A 1.2.3.4 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature12345678 + 123456789123456789123456789123456789 + lqhxunAbh08dsQ== ) +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + 6DFJITU5VML86QNKU9FO2LJDDQQTQPVT + A RRSIG ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 + A RRSIG ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + UI312KQOP1NG8IQEIEFNPSLA94KB5Q92 + NS ) +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN A 1.2.3.4 +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG A 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DPwNyH7r/4wIBfTGxikNv4pY7omY6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + + +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + KElp8dLKBKFzgEFV8r5aP9pCyYUD+Z8rLBA9 + KkCDm1y82x5T/Cu5UXuZJwhvDGDzwPqoY5Dr + Qbiek52n6umbEw== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignatureD37X9Bw2 + 9JOkecZnmzCwBqfMCBvRYmNRpMd512+ZnW/I + 1vIViE7CGwkHyA== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DPwNyH7r/4wIBfTGxikNv4pY7omY6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + bGk1vLxVuJpcEy7n0gPvQVzfanbvINLJLcbD + eeie4sXZZAOwu6oQZy6kd8tvKtV4mL0OJzpH + XCO6BdZkmk/aQA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + roe4aBp4G3TqQ4x5eRxbVIjApIh17gXDjfOY + zvRFLOkrwqKz3eX9WrRiCk3bYNn8s1fuenaQ + OSV1D5SL7utX5w== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + c1yhXb8wRGYndpVqG61+lHAAbZg+JcVYGPX3 + Fw0jYigN4G+P0+VUCqPLkC4yfJylzuefyGfk + TUmriM3ihfXxIg== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 31323 example.com. + mZiLLTzbdaj7EJ8uj3TwvcvAfaMxYjyavlGT + qpa+cElfvBDm7R6MF4MaEQ9aZ2ylMt1lppjq + YyYRaaQC6yhm4g== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160302125715 29600 example.com. + K3PkVYZZV8QvZFtDsz9+ZfiM9wDkFu/eO2S5 + tAtCXd1fktcW44TLWL0qADfFEEcMotvzLqv1 + YJrD7TvrFDot8Q== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + vlzRtVFa44pRtdD8XZcgDa6021uA9A3TnNEw + 5jRnor4aoftUuVQNAanQMCgrWk63d14XZ2d0 + lqhxunAbh08dsQ== ) + +www.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + NWFuYaSEg3z3K4l/fHu/X9dK+rDZ177BbCNN + ZeFTPCAdOnX0nw1CQys629k7Vzdv1pHaanmy + 0Ru0tX9R65NlKw== ) + + diff --git a/tests/knot/semantic_check_data/nsec3_optout.signed b/tests/knot/semantic_check_data/nsec3_optout.signed new file mode 100644 index 0000000..c9caa5d --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_optout.signed @@ -0,0 +1,81 @@ + +; insecure delegation, not covered by NSEC3 or opt-out +zzz.example.com. 3600 IN NS zzz.example.com. + 3600 A 192.0.2.1 + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + W9EprjaR4loSnNW96h4rLsquPDw3LHYvD05k + djkQofHSkMNZAJ7Q+eA3Fs2ik5fnJFM7wi5C + MtFsV2TfqMJFmg== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + I9Je1S7XhZIW9C0fWE8NwFLC2rhHklddNYBO + dxVKL/lxENU4jPPBwZBGrcYn2WVHgkIzjG0n + EOHONAgRFPi3Xw== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + vO2UQiTN/CNUZOmSEg8kJlR/UqiAZHc4qMwj + 9u31sbPmOMuni+ZGuVCFFoEMtZerIkkQowkB + sXJFkvCP5oF2rA== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 31323 example.com. + Z+aaLu4rmzekfhlj6A0ClREloRi8MloRHf/3 + Dlw/RYY1hrOCfcZKEY6AXeVdUwESEsSkSOco + CbhyGHH10dKAAg== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160229083110 29600 example.com. + d69kc52VdALI8fbdbflsVsltc1m7bI6QsJ5U + IDE9fy5VqcufZecZMKuozPDuF2vBA8ADFIRU + OfYgKs6YNIOLWg== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 + A RRSIG ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + D24JCtCcNzwsY1FXVliAjxMm+x95N2eUTXn0 + M8NK5glSk1yLtnAUKzHxpRExAJLGUiaG4yPu + 2yGZuqwNvJztzw== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + NS ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + jRNMrWLfS4yzRHQOBxs6/GKWIzx6AZV5lyCm + 7bYTV9wS3owDJSQhJ7lft0WbBmUMtV3tP9Xr + Yc+yW48p2Vr+QQ== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + F7y+xW/C7iICgmZeYrF4e7Yx4kWZAZPAMzlu + PtWVuf37ySg1VfEWcQcDP04vF2rXVUqSMEcj + bqUVN5W8Hoazxw== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160229083110 29600 example.com. + MoYrL/lToC4AHo6KCZRiBRmCMWHUAx2Xt32A + P4lDpwA+wiBWkCZSfVTh60AosS/BIGtBb2BK + mszMx8CLBvkjRg== ) diff --git a/tests/knot/semantic_check_data/nsec3_param_invalid.signed b/tests/knot/semantic_check_data/nsec3_param_invalid.signed new file mode 100644 index 0000000..c7d8d6d --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_param_invalid.signed @@ -0,0 +1,70 @@ +; Zone without any semantic error + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + W9EprjaR4loSnNW96h4rLsquPDw3LHYvD05k + djkQofHSkMNZAJ7Q+eA3Fs2ik5fnJFM7wi5C + MtFsV2TfqMJFmg== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + I9Je1S7XhZIW9C0fWE8NwFLC2rhHklddNYBO + dxVKL/lxENU4jPPBwZBGrcYn2WVHgkIzjG0n + EOHONAgRFPi3Xw== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + vO2UQiTN/CNUZOmSEg8kJlR/UqiAZHc4qMwj + 9u31sbPmOMuni+ZGuVCFFoEMtZerIkkQowkB + sXJFkvCP5oF2rA== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 31323 example.com. + Z+aaLu4rmzekfhlj6A0ClREloRi8MloRHf/3 + Dlw/RYY1hrOCfcZKEY6AXeVdUwESEsSkSOco + CbhyGHH10dKAAg== ) + 0 NSEC3PARAM 1 4 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160229083110 29600 example.com. + d69kc52VdALI8fbdbflsVsltc1m7bI6QsJ5U + IDE9fy5VqcufZecZMKuozPDuF2vBA8ADFIRU + OfYgKs6YNIOLWg== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 1 15 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + D24JCtCcNzwsY1FXVliAjxMm+x95N2eUTXn0 + M8NK5glSk1yLtnAUKzHxpRExAJLGUiaG4yPu + 2yGZuqwNvJztzw== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 4 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + F7y+xW/C7iICgmZeYrF4e7Yx4kWZAZPAMzlu + PtWVuf37ySg1VfEWcQcDP04vF2rXVUqSMEcj + bqUVN5W8Hoazxw== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160229083110 29600 example.com. + MoYrL/lToC4AHo6KCZRiBRmCMWHUAx2Xt32A + P4lDpwA+wiBWkCZSfVTh60AosS/BIGtBb2BK + mszMx8CLBvkjRg== ) diff --git a/tests/knot/semantic_check_data/nsec3_wrong_bitmap_01.signed b/tests/knot/semantic_check_data/nsec3_wrong_bitmap_01.signed new file mode 100644 index 0000000..a3024d8 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_wrong_bitmap_01.signed @@ -0,0 +1,70 @@ +; example.com -- missing DNSKEY in type bitmap +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG NSEC3PARAM ) +; dns1.example.com +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + li23VC44fumpMHhKwWug2J1C2fwCMiwgofYO + DKydNYsJyYTlyi8ezLJ2KoBlCtOc4Fp0NbqS + aN8CKWh7fQVnkQ== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + Y8olY2OClZgC+QHnOhY52LONVOcctOnl8jNY + /c7sCHZO4TdPPDHDhpbVntQD+Vc4fUTx+cXY + GrF5sLbhddBJXg== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + fx2rZzhyYrp1b4tNH1SmM852VbGEeZdKrD+f + ZoInny1m8sovb1J9ORtVbGkOYOnInDMLWMCX + fghHC2MafuFV+Q== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160225083237 31323 example.com. + TcNU6AlrYhJLrNlkfOPJzO6A77j6C39IPoP4 + OfmY2ClA5Vx2JO0vQ4bIHR7GIW8fiMe6M6tt + ZwQImhVWdG414A== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160225083237 29600 example.com. + iY0WB0dN1hQXoctaMwvvXzn7paQt5xUyucT3 + xwo6HAI8Y+OJlecUfOpkkQ9lqIfsqPTXmgbY + RieoZGrWR6ZvaQ== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160225083237 29600 example.com. + QptUkTNS7umNQ5V6Z9DyGl6z+rG7G3TFmHG8 + p9HGaKifSxjwSFW0nZ9/s86XHQ8ql5+bQmPa + xw39ntBmQLVxfg== ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160225083237 29600 example.com. + CPx6000z5m1zUUpVhki1u9U7P/WMr7PUJAk3 + G0w3v+/Lw56mDzYzNuTpPzS0noe0LKuecqRu + m99KpLyLOx+9QA== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160225083237 29600 example.com. + m2z+hx+8hTA7Phu6QzGJrq+o4MiURpda3fYm + 0wTDmXtfPKsHmojGr3kBlvUMg16s2gpvNyCL + MSlnJ+7KCkI+Mw== ) diff --git a/tests/knot/semantic_check_data/nsec3_wrong_bitmap_02.signed b/tests/knot/semantic_check_data/nsec3_wrong_bitmap_02.signed new file mode 100644 index 0000000..e3e4940 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_wrong_bitmap_02.signed @@ -0,0 +1,70 @@ +; example.com +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) +; dns1.example.com -- extra type in bitmap - NSEC +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG NSEC) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + li23VC44fumpMHhKwWug2J1C2fwCMiwgofYO + DKydNYsJyYTlyi8ezLJ2KoBlCtOc4Fp0NbqS + aN8CKWh7fQVnkQ== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + Y8olY2OClZgC+QHnOhY52LONVOcctOnl8jNY + /c7sCHZO4TdPPDHDhpbVntQD+Vc4fUTx+cXY + GrF5sLbhddBJXg== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + fx2rZzhyYrp1b4tNH1SmM852VbGEeZdKrD+f + ZoInny1m8sovb1J9ORtVbGkOYOnInDMLWMCX + fghHC2MafuFV+Q== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160225083237 31323 example.com. + TcNU6AlrYhJLrNlkfOPJzO6A77j6C39IPoP4 + OfmY2ClA5Vx2JO0vQ4bIHR7GIW8fiMe6M6tt + ZwQImhVWdG414A== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160225083237 29600 example.com. + iY0WB0dN1hQXoctaMwvvXzn7paQt5xUyucT3 + xwo6HAI8Y+OJlecUfOpkkQ9lqIfsqPTXmgbY + RieoZGrWR6ZvaQ== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160225083237 29600 example.com. + QptUkTNS7umNQ5V6Z9DyGl6z+rG7G3TFmHG8 + p9HGaKifSxjwSFW0nZ9/s86XHQ8ql5+bQmPa + xw39ntBmQLVxfg== ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160225083237 29600 example.com. + CPx6000z5m1zUUpVhki1u9U7P/WMr7PUJAk3 + G0w3v+/Lw56mDzYzNuTpPzS0noe0LKuecqRu + m99KpLyLOx+9QA== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160225083237 29600 example.com. + m2z+hx+8hTA7Phu6QzGJrq+o4MiURpda3fYm + 0wTDmXtfPKsHmojGr3kBlvUMg16s2gpvNyCL + MSlnJ+7KCkI+Mw== ) diff --git a/tests/knot/semantic_check_data/nsec_broken_chain_01.signed b/tests/knot/semantic_check_data/nsec_broken_chain_01.signed new file mode 100644 index 0000000..cb41dce --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_broken_chain_01.signed @@ -0,0 +1,72 @@ +; not coherent NSEC chain +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC example.com. A RRSIG NSEC +www.example.com. 86400 NSEC example.com. A RRSIG NSEC + +; signatures for NSECs +example.com. 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224082919 29600 example.com. + FHLUUQTvnVboNzGoQVLpwQAcB+fUEF5xQqMQ + oKhE86sdvlQUiEfUpv2PJ9y3YfXHeYxJUtvm + cY14UkYqsdP3fA== ) +dns1.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + FDPJTLixRBZtMFLqk5wfYTSLnLMZiLtN7uTA + COEqyphK33oW+7XJzfG6ADvwGewY4hTCPQkk + cEg+DBI7qZ88NA== ) +www.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + FDPJTLixRBZtMFLqk5wfYTSLnLMZiLtN7uTA + COEqyphK33oW+7XJzfG6ADvwGewY4hTCPQkk + cEg+DBI7qZ88NA== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + xJIoENJ4d24FIVd9ZSGpQlcWN4zuriU90r/H + +ufcM2qtWcOGR1M1LVNIAWEVJEcD2dBGA2w1 + B7Cx+BILQRev8w== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + vBffD+/kBuxUHfeXKYBVYxeMIbuW5f8BstRM + XJnC1GTGfdNvb8NknHuv5fEytBmnnpH6f9pC + iWLeZzFR1+aJBA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + LMyY8+vWsFB7CziWt8rnR5jfg4Loe/xzy4TQ + /ITEDbz5pkoadG+0mqTHQ0F5XCe6ZJPamcyr + kcMw0GqUzOVb9w== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 31323 example.com. + tpHcGRuIkul47hHXVpNAOL48c5YYMsaIJkFE + rlQi9wU4TCiukdJkLuPk7ykk9XrxbiCB/FwD + o63Vcqyy3gZfvA== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + HlfZThngg+1xglDUh8kjDtzVn5D5a9T3emMt + Uxfryu9va7bj+xoK4gLADGau69GCZxJNSvwK + TAGEqGRYFSY9Ew== ) +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + FLR8e2k6u7dhQA1xZ3YMxkvuktoydXC+ZNwl + xzW9hLpF3oKoqqY/V+kw7m2OMgnOEu2jWN4Q + EETdmMeQzkiuNw== ) diff --git a/tests/knot/semantic_check_data/nsec_broken_chain_02.signed b/tests/knot/semantic_check_data/nsec_broken_chain_02.signed new file mode 100644 index 0000000..5c5f004 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_broken_chain_02.signed @@ -0,0 +1,65 @@ +; not coherent NSEC chain +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC www.example.com. A RRSIG NSEC +www.example.com. 86400 NSEC www.example.com. A RRSIG NSEC + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008171141 31772 example.com. + Qwf3qgLbSvE4PmUVU8rpIASe0v1T1K0ie3Lw + g+6o3tpBS8vWcmHMUiKns/6rAvoum7vHQRmO + dH7X3Pp1/X3xCw== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008171141 31772 example.com. + 92/D4j7CUCKkykxMzdjfJoaNrMwO93OQtZlB + APsfcEyYl+W0sSnow/2RgYvKfX+kdcmp5VXD + vQxTGC0VqdMwCQ== ) + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008171141 31772 example.com. + shdsucYBfD8/zV1h1QgUBiC7VgYdFxFEcF1k + FQfY+UHkfD/AyOkiFPQxysimgzqJn2/z5Q+v + GT1CzzzemgzoXw== ) + 3600 DNSKEY 256 3 13 ( + /4RnFpCmaYIIrL/zP1T6LvfhXdpun0ZyYDKL + ho0zuUD+RMDe31IQCzr9AuSn1BAIQWIunxFs + EaTSlvpiUd+CAg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 31772 + 3600 DNSKEY 257 3 13 ( + /KEwa6qUWHdkpEMGX55UaIvl7do5l2IADCDq + iNnawoCLu7Tm4MU6ylzYS1htz1mTd8Zcuzl0 + gkRe4FXwOmOzvQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 14119 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008171141 14119 example.com. + FPftK2atu4GMOspSR24p5iIvmq2VKgPJMUTu + 5RiwflEf8UgD7s2WFe7A6/JLurwEhqa/313T + eEURk7m313h4jQ== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008171141 31772 example.com. + +Xvcx4bZ536B8DtNwzurqmPPoDVdtS5nlRhQ + pMZ+OLsHECDnFaI50dSw4F1/c3DERz1ktM0+ + QCC96MZ7QdAYQw== ) + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008171141 31772 example.com. + 64MPHHZG8wrbAtk+LY/5ISicI1vU7V19q9lF + wOm0mcpvoBERyDwadgZpmHsvin1sRt/LZYDr + iBKxcnaviHfULg== ) +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008171141 31772 example.com. + +/+14BFYf5Iq9IIeX1Oz5XqxsaPaw3T6PTPH + neJz6N9QhnI6aKkGZFYBuqY0Zhmcr52zbhPi + 1yZAUTP7OvouhA== ) + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008171141 31772 example.com. + fPqL9hFml35JLmfX3MA32hMnMhh9UA1Mc2OZ + nY+0j4wTtVR0PVMWHOv9UaULzTCM+5mlpFXm + nRUMj8sMTGzFzw== ) diff --git a/tests/knot/semantic_check_data/nsec_missing.signed b/tests/knot/semantic_check_data/nsec_missing.signed new file mode 100644 index 0000000..e901607 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_missing.signed @@ -0,0 +1,67 @@ +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC example.com. A RRSIG NSEC +; missing NSEC for www.example.com. + +; signatures for NSECs +example.com. 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224082919 29600 example.com. + FHLUUQTvnVboNzGoQVLpwQAcB+fUEF5xQqMQ + oKhE86sdvlQUiEfUpv2PJ9y3YfXHeYxJUtvm + cY14UkYqsdP3fA== ) +dns1.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + GF3mqBf6Ny481XSbEor1uTzQZtT2DSA/3jU2 + ZcLXXhlmHG3nI/PB49lG+17O83rDrbhcYc8G + cHEbLIGNr/6+Mw== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + xJIoENJ4d24FIVd9ZSGpQlcWN4zuriU90r/H + +ufcM2qtWcOGR1M1LVNIAWEVJEcD2dBGA2w1 + B7Cx+BILQRev8w== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + vBffD+/kBuxUHfeXKYBVYxeMIbuW5f8BstRM + XJnC1GTGfdNvb8NknHuv5fEytBmnnpH6f9pC + iWLeZzFR1+aJBA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + LMyY8+vWsFB7CziWt8rnR5jfg4Loe/xzy4TQ + /ITEDbz5pkoadG+0mqTHQ0F5XCe6ZJPamcyr + kcMw0GqUzOVb9w== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 31323 example.com. + tpHcGRuIkul47hHXVpNAOL48c5YYMsaIJkFE + rlQi9wU4TCiukdJkLuPk7ykk9XrxbiCB/FwD + o63Vcqyy3gZfvA== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + HlfZThngg+1xglDUh8kjDtzVn5D5a9T3emMt + Uxfryu9va7bj+xoK4gLADGau69GCZxJNSvwK + TAGEqGRYFSY9Ew== ) + +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + FLR8e2k6u7dhQA1xZ3YMxkvuktoydXC+ZNwl + xzW9hLpF3oKoqqY/V+kw7m2OMgnOEu2jWN4Q + EETdmMeQzkiuNw== ) diff --git a/tests/knot/semantic_check_data/nsec_multiple.signed b/tests/knot/semantic_check_data/nsec_multiple.signed new file mode 100644 index 0000000..0cd6aec --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_multiple.signed @@ -0,0 +1,66 @@ +; not coherent NSEC chain +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC www.example.com. A RRSIG NSEC +www.example.com. 86400 NSEC example.com. A RRSIG NSEC +www.example.com. 86400 NSEC www.example.com. A RRSIG NSEC + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008170543 19445 example.com. + dEcgYVtA8cRE8ErOZGO/aaMat99+KuJdKoDc + 0+8fauQ3dcTUHVg2I+v4hdizjlmAJzGXJN+7 + 6ssZgcvXCnWOsQ== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008170543 19445 example.com. + 2OEk6Lpt+1c58vnCEHBrV7//7gyoo1bGJSHo + k+oWaF9Uh07XVkVWznq6mmCErqukUPLnW1Bn + rysjk4i5Yflqkg== ) + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008170543 19445 example.com. + icB72dzHg9d9klcTL/mW53mGIX6KzF0GLWUt + DKLCcu2Ailyp3kdM64dyJxRYTr7F7KfxyHi4 + 3KJtphYNEA6ZWA== ) + 3600 DNSKEY 256 3 13 ( + H1roLYze5AZ+ouWMduBJtoJ8N5BPFdF3n6Pv + +Nfw5bNHUtCzgvMhmtX2gcRlmZ70Ycv1C/U+ + mCvLWVdfJm08lA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 19445 + 3600 DNSKEY 257 3 13 ( + MSWkrHjEr7zi143oQdRthBBzl70MXeILunB7 + 8j55a5a9+Q39YKaIiRM4zyCV6WTXpm9H6eOS + RRgdQqGNL1gsKQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 23836 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008170543 23836 example.com. + ejlk2L0CVBWuAxr1g+qivdvyIXqzp3+9U0tu + a2geLUtaVx8ErYnIvUug15S54g75+lZoZ1uK + l2WFWuy751kIsw== ) +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008170543 19445 example.com. + 8k4wk4+kCs1kO3+8sL6zZdpkHw0U58oua/Ur + C8CHo6TjlLx/jRrLdQKcFy5H7gBMcJY76SDs + mT91HuWH+BpwNA== ) + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008170543 19445 example.com. + 3XbwYx32/Y8sLtQ+dW1lg+s1eaOSZlmkdJeO + IsLOAF6U9kq/2zrUTYCtFBMfqs5yYDEISK6X + W5UfBBdFRdYzgw== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008170543 19445 example.com. + DDTolVJ5Mxfm8srRVi/SRu0+5y3OBTQCVFuQ + ywdv4IahQoE11pjXRCBUXvroTeDgoHrmD7PD + b1aIBxHLiC/2pg== ) + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008170543 19445 example.com. + DDhuGYMEij4vbJZlscX3os8qj/wgq55w63jc + 8mPr/LquDr6o6lrEYdcnZl4Rz22snnF2+po1 + 3SEjRSJ0ROmTbw== ) diff --git a/tests/knot/semantic_check_data/nsec_wrong_bitmap_01.signed b/tests/knot/semantic_check_data/nsec_wrong_bitmap_01.signed new file mode 100644 index 0000000..058a0a3 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_wrong_bitmap_01.signed @@ -0,0 +1,73 @@ +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC www.example.com. A RRSIG NSEC + +; extra AAAA type in NSEC bitmap +www.example.com. 86400 NSEC example.com. A RRSIG NSEC AAAA +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + FLR8e2k6u7dhQA1xZ3YMxkvuktoydXC+ZNwl + xzW9hLpF3oKoqqY/V+kw7m2OMgnOEu2jWN4Q + EETdmMeQzkiuNw== ) + +; signatures for NSECs +example.com. 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224082919 29600 example.com. + FHLUUQTvnVboNzGoQVLpwQAcB+fUEF5xQqMQ + oKhE86sdvlQUiEfUpv2PJ9y3YfXHeYxJUtvm + cY14UkYqsdP3fA== ) +dns1.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + GF3mqBf6Ny481XSbEor1uTzQZtT2DSA/3jU2 + ZcLXXhlmHG3nI/PB49lG+17O83rDrbhcYc8G + cHEbLIGNr/6+Mw== ) +www.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + FDPJTLixRBZtMFLqk5wfYTSLnLMZiLtN7uTA + COEqyphK33oW+7XJzfG6ADvwGewY4hTCPQkk + cEg+DBI7qZ88NA== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + xJIoENJ4d24FIVd9ZSGpQlcWN4zuriU90r/H + +ufcM2qtWcOGR1M1LVNIAWEVJEcD2dBGA2w1 + B7Cx+BILQRev8w== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + vBffD+/kBuxUHfeXKYBVYxeMIbuW5f8BstRM + XJnC1GTGfdNvb8NknHuv5fEytBmnnpH6f9pC + iWLeZzFR1+aJBA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + LMyY8+vWsFB7CziWt8rnR5jfg4Loe/xzy4TQ + /ITEDbz5pkoadG+0mqTHQ0F5XCe6ZJPamcyr + kcMw0GqUzOVb9w== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 31323 example.com. + tpHcGRuIkul47hHXVpNAOL48c5YYMsaIJkFE + rlQi9wU4TCiukdJkLuPk7ykk9XrxbiCB/FwD + o63Vcqyy3gZfvA== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + HlfZThngg+1xglDUh8kjDtzVn5D5a9T3emMt + Uxfryu9va7bj+xoK4gLADGau69GCZxJNSvwK + TAGEqGRYFSY9Ew== ) diff --git a/tests/knot/semantic_check_data/nsec_wrong_bitmap_02.signed b/tests/knot/semantic_check_data/nsec_wrong_bitmap_02.signed new file mode 100644 index 0000000..dafdc92 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_wrong_bitmap_02.signed @@ -0,0 +1,73 @@ +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC www.example.com. A RRSIG NSEC + +; missing A type in NSEC bitmap +www.example.com. 86400 NSEC example.com. RRSIG NSEC +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + FLR8e2k6u7dhQA1xZ3YMxkvuktoydXC+ZNwl + xzW9hLpF3oKoqqY/V+kw7m2OMgnOEu2jWN4Q + EETdmMeQzkiuNw== ) + +; signatures for NSECs +example.com. 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224082919 29600 example.com. + FHLUUQTvnVboNzGoQVLpwQAcB+fUEF5xQqMQ + oKhE86sdvlQUiEfUpv2PJ9y3YfXHeYxJUtvm + cY14UkYqsdP3fA== ) +dns1.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + GF3mqBf6Ny481XSbEor1uTzQZtT2DSA/3jU2 + ZcLXXhlmHG3nI/PB49lG+17O83rDrbhcYc8G + cHEbLIGNr/6+Mw== ) +www.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + FDPJTLixRBZtMFLqk5wfYTSLnLMZiLtN7uTA + COEqyphK33oW+7XJzfG6ADvwGewY4hTCPQkk + cEg+DBI7qZ88NA== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + xJIoENJ4d24FIVd9ZSGpQlcWN4zuriU90r/H + +ufcM2qtWcOGR1M1LVNIAWEVJEcD2dBGA2w1 + B7Cx+BILQRev8w== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + vBffD+/kBuxUHfeXKYBVYxeMIbuW5f8BstRM + XJnC1GTGfdNvb8NknHuv5fEytBmnnpH6f9pC + iWLeZzFR1+aJBA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + LMyY8+vWsFB7CziWt8rnR5jfg4Loe/xzy4TQ + /ITEDbz5pkoadG+0mqTHQ0F5XCe6ZJPamcyr + kcMw0GqUzOVb9w== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 31323 example.com. + tpHcGRuIkul47hHXVpNAOL48c5YYMsaIJkFE + rlQi9wU4TCiukdJkLuPk7ykk9XrxbiCB/FwD + o63Vcqyy3gZfvA== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + HlfZThngg+1xglDUh8kjDtzVn5D5a9T3emMt + Uxfryu9va7bj+xoK4gLADGau69GCZxJNSvwK + TAGEqGRYFSY9Ew== ) diff --git a/tests/knot/semantic_check_data/rrsig_rdata_ttl.signed b/tests/knot/semantic_check_data/rrsig_rdata_ttl.signed new file mode 100644 index 0000000..28b118c --- /dev/null +++ b/tests/knot/semantic_check_data/rrsig_rdata_ttl.signed @@ -0,0 +1,52 @@ +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008172615 16105 example.com. + UkbSKt1soIfnM7ZkNAfOcS4D3eHBzMQOef1d + bFK+ne+MtJsKEGM9brUD23v0f0CdvteVkeNS + 2oRrfrb3avZ08A== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008172615 16105 example.com. + Mu/BsXIC10V5uRFUGR42/ntmT5eYt4192AQe + a5zdWnLo7A3GYHlPcOcZRMdqvsa3SAPOK2Br + UmFkHsWTawhWJQ== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008172615 16105 example.com. + IexJzu8x2GxGzGrWlceYZmUbry2D+E67py6B + /7j2K5IPjNQVGKbItfvqjQTUm+eVrdcwFbyK + iiEuVeU7qG5hIw== ) + 3600 DNSKEY 256 3 13 ( + tGxruia7b3JYm32MDdFLYX1M1e44DQJmXpVM + EWDjcNulSNY5sWR/zgDzhqiQSKEKCFolwhB/ + MFVIF71WNjE65Q== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 16105 + 3600 DNSKEY 257 3 13 ( + 24gAMJg6uXIBEdWkrAXmwP6znng79lTelLDg + WxeHbXriSxVPLSTYxrp7SO1FUi2N03v1RXcn + 5jONJdQYlxLtSg== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 17031 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008172615 17031 example.com. + Tm4MkXCDkavltvRYnEp/enJzzjyjX3EgI8yY + OF2VuJY8uQHD0/uzZF3JTmXj7pkGShAUpFKI + Uzn5e3jrGqtMGA== ) +dns1.example.com. 3600 IN A 192.0.2.1 +; wrong RRSIG original-ttl + 3600 RRSIG A 13 3 600 ( + 20601231235959 20201008172615 16105 example.com. + 7J01Zyly+ky0F94kfaDtERQDVyxhHexzqETa + qgsemJkH0pP9FKsEY/dTkeZUwCY4EFZeps7C + AOKyGTKdqR5N7Q== ) + 86400 NSEC example.com. A RRSIG NSEC + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008172615 16105 example.com. + 0evb+3+rXrrx0f8Za//w6q2acUZPvYbW+Ezj + BoJFvwBYHrhyiiVHlfUzmr/jJh9cTEdxPnL3 + ow6ZUsfF0HJ4hg== ) diff --git a/tests/knot/semantic_check_data/rrsig_signed.signed b/tests/knot/semantic_check_data/rrsig_signed.signed new file mode 100644 index 0000000..2798026 --- /dev/null +++ b/tests/knot/semantic_check_data/rrsig_signed.signed @@ -0,0 +1,62 @@ +dns1.example.com. 86400 RRSIG RRSIG 7 3 86400 ( + 20840201000000 20160201000000 29600 example.com. + DummySignatureDEADBEEF8ijooV1IMfEtki + kLbaIvFcgZbPvTnXXHyesHO2OPiRsc7zF576 + Z6prBT8CkMM7bw== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160201000000 29600 example.com. + kINKkWiBvb9Dpb0vghlLhXyObSzsYYNsOqe9 + pWJN4lI4F2O3T6biPTQPsq3mYMR+6x9gPr6v + ysEPHlGtLdTLag== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160201000000 29600 example.com. + LkagMndC+wJGlQycPDvNmCZ0/QuBB7Zo4UVZ + He5jzQrE3Hnq8tn+/QfJ/yn62qCZ87DETwTT + rGaLqOTYRb1isg== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160201000000 29600 example.com. + YDJ1tQvNlv8Y7cGioq8nkbaETx7wmyJKqa0B + 8hDLClYA4nf9UtyVXqZCISa2PlgRdBc5GEEh + U5BuLr4wYXqEFA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160201000000 29600 example.com. + FPOm8y3e09jh0fv0ZaOecWbdIXDAoERVKdjz + qsg1Etop1n6nDhO/lW3pwOUe02Zq2vretu2W + DozlDr5E6ZoqPA== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160201000000 31323 example.com. + cZTevjvA8UO9Tqet/pbsN0Peep6aN8heyxMK + XP/Twsj4u0DeClKeIN7pd7Gi7Aac/UV2dev/ + x/90SM22VQVpeQ== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160201000000 29600 example.com. + f24sVhH1P/0mEMYTMbFLrWmJtl6kqZF6yzaS + TcyK6JhVM4sDT//YnjizJGsTVGSCelz3FxMj + LdiUm9AD05uY6A== ) + 86400 NSEC example.com. A RRSIG NSEC + 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160201000000 29600 example.com. + FgQ4VD1yDeA+uvJ+o8e1F28ijooV1IMfEtki + kLbaIvFcgZbPvTnXXHyesHO2OPiRsc7zF576 + Z6prBT8CkMM7bw== ) diff --git a/tests/knot/semantic_check_data/rrsig_ttl.signed b/tests/knot/semantic_check_data/rrsig_ttl.signed new file mode 100644 index 0000000..1aeef78 --- /dev/null +++ b/tests/knot/semantic_check_data/rrsig_ttl.signed @@ -0,0 +1,52 @@ +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008165912 34876 example.com. + NaUbzn4tb3bsVI4O2YgrefFtZPJSYlLKbVKB + HyIqwfQjwdkbIKZ5tqH/IGJagvj8oxeStwF/ + vEoG9c/o/MNs4g== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008165912 34876 example.com. + YZqxQKpj3kxfRHxoQda1z9JD9nmX8uNJTBGV + qdMMU3cPOVamTzOqymseQYjBPaaeoxL1kyqk + K2w/ixOUCFp8qg== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008165912 34876 example.com. + 88QLNDpFWd2FIag2vcKGvY1HQFVeOaRIiMU5 + 2VZfLFOPBmuTniTcnPvCt76i5ObPVsWdwJhM + /7NVMxoRPfMC1w== ) + 3600 DNSKEY 256 3 13 ( + 9+7buhxES5wZQZ54+O1qQGuRcKz3P3URZwws + 30CacknPsdcWAy7RN1yYmUjP80geUrxJVQt3 + boo1BwFW4Rnnsg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 34876 + 3600 DNSKEY 257 3 13 ( + eYNrBYFUn5JIhTlS3N0i2aFj1YE8127h3tlb + VJP9JAfMMxQT+Mg6lwDpUa0oQkNFbEoHhqrD + 0pcMvp4VeMgJ7g== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 36952 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008165912 36952 example.com. + AVF7u7FzDx2ORApl74nP2hcJd4Szs1o1LXH5 + OWe6JULh80kITEb9zogpCryQu41bYSZYuxMk + yeblfo1OEI2DZg== ) +dns1.example.com. 3600 IN A 192.0.2.1 +; TTL of RRSIG differs from original-ttl + 600 RRSIG A 13 3 3600 ( + 20601231235959 20201008165912 34876 example.com. + +PPg6tDZVS2mbxWXOtVEYTQtjK+CkwRk/WFZ + dWgX3rzHPQ9AIexC9vKbXdont3s0xdHpcV/8 + +Sf+N2h44ZTwMQ== ) + 86400 NSEC example.com. A RRSIG NSEC + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008165912 34876 example.com. + OCjWQ/5e4SUIWgR84IJLlghKyuowctiZ+b0q + eXB0o2qpcWoX6wfxzMlYxGtpgyq3OWKF+R8H + UBVCdT+qBt5VOA== ) |