summaryrefslogtreecommitdiffstats
path: root/tests/integration/deckard/sets/resolver/val_iter_high.rpl
diff options
context:
space:
mode:
Diffstat (limited to 'tests/integration/deckard/sets/resolver/val_iter_high.rpl')
-rw-r--r--tests/integration/deckard/sets/resolver/val_iter_high.rpl239
1 files changed, 239 insertions, 0 deletions
diff --git a/tests/integration/deckard/sets/resolver/val_iter_high.rpl b/tests/integration/deckard/sets/resolver/val_iter_high.rpl
new file mode 100644
index 0000000..179eda3
--- /dev/null
+++ b/tests/integration/deckard/sets/resolver/val_iter_high.rpl
@@ -0,0 +1,239 @@
+do-ip6: no
+
+query-minimization: off
+; config options
+; The island of trust is at example.com
+;server:
+ trust-anchor: "example.com. 86400 IN DS 56216 13 2 60E5A8A0A2959A0E65A79A6C149FF5E1D68C866C5F5462DB21032AF5185B728A"
+val-override-date: "20210501000000"
+; target-fetch-policy: "0 0 0 0 0"
+; fake-sha1: yes
+
+;stub-zone:
+; name: "."
+ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
+query-minimization: off
+CONFIG_END
+
+SCENARIO_BEGIN Test validating NSEC3 with too many iterations
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+ ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+K.ROOT-SERVERS.NET. IN A
+SECTION ANSWER
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.gtld-servers.net. IN A
+SECTION ANSWER
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+ ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com. IN NS ns1.example.com.
+SECTION ADDITIONAL
+ns1.example.com. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns1.example.com.
+RANGE_BEGIN 0 100
+ ADDRESS 1.2.3.4
+;;; Generated by starting knotd with this simple zone file and then querying it with kdig.
+;$ORIGIN example.com.
+;$TTL 86400
+;@ SOA ns1.example.com. hostmaster.example.com. (
+; 1 ; serial
+; 21600 ; refresh after 6 hours
+; 3600 ; retry after 1 hour
+; 604800 ; expire after 1 week
+; 86400 ) ; minimum TTL of 1 day
+;@ NS ns1.example.com.
+;ns1.example.com. A 1.2.3.4
+;*.wild.example.com. TXT "wildcard"
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com. 86400 NS ns1.example.com.
+example.com. 86400 RRSIG NS 13 2 86400 20210514155807 20210430142807 28964 example.com. k80kgr7N/MPVZhv4MT8CqEQBUG1Oth9buWh6d7nwO64DR7f7WJnH1yvBeQcFSXBxQcv/f0V8SJzqdcD6EmWzsw==
+SECTION ADDITIONAL
+ns1.example.com. 86400 A 1.2.3.4
+ns1.example.com. 86400 RRSIG A 13 3 86400 20210514155807 20210430142807 28964 example.com. sGykdbHcEy4gnMAhIu4KGA96KS5hZKNM/C3yr61gyOOqgkV+6nAzuLBYvGxe4AexM/qA/Zpv0IyLg7bi9iufhg==
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com. 86400 DNSKEY 256 3 13 MN1ctIwG9m3p1fuH3Vn18XFLz4k6TUy1uXg/BF+7i+NrMkfbm4PLhhWflVElgowiQv/2103uHcW7a78ZaNP44g==
+example.com. 86400 DNSKEY 257 3 13 d7yF/Xsdi0i8bUwN8FyCOIu9XGuoVlyuW2ZtVXEfdfwDpJxoHPjG3DImr8iLK2PMu75SMqj8+nwsP9dHiKYo9A==
+example.com. 86400 RRSIG DNSKEY 13 2 86400 20210514155807 20210430142807 56216 example.com. BiPljLSmTP+uY5YrQ9mzxZhDsE33Bz3tBZaED8O+U3bmAfXNnZ1h8yN0FqOrJ7iRxmfK3ffNIgl3eANYi29z7A==
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns1.example.com. IN A
+SECTION ANSWER
+ns1.example.com. 86400 A 1.2.3.4
+ns1.example.com. 86400 RRSIG A 13 3 86400 20210514155807 20210430142807 28964 example.com. sGykdbHcEy4gnMAhIu4KGA96KS5hZKNM/C3yr61gyOOqgkV+6nAzuLBYvGxe4AexM/qA/Zpv0IyLg7bi9iufhg==
+ENTRY_END
+
+; response to the simple query of interest
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+nxdomain.example.com. IN A
+SECTION AUTHORITY
+example.com. 86400 SOA ns1.example.com. hostmaster.example.com. 3 21600 3600 604800 86400
+1cl7h356uun3lupr5ul5ok6puohj998d.example.com. 86400 NSEC3 1 0 65535 D7F1DC453FCD0B67 cf2t29nn8sqbpn6p9d1euo8k1emtvg6d NS SOA RRSIG DNSKEY NSEC3PARAM CDS CDNSKEY
+cf2t29nn8sqbpn6p9d1euo8k1emtvg6d.example.com. 86400 NSEC3 1 0 65535 D7F1DC453FCD0B67 marb4pbbo27u50b2jb062rmee7hu5h0d
+example.com. 86400 RRSIG SOA 13 2 86400 20210514161125 20210430144125 28964 example.com. cepCaZukRNjqLn52iIiH3I7C9MzosmjOaBNIgcmre8owxYyUC0Ur/lkNt0PVIGYYNGq0ZxstynleoZfebu+Hag==
+1cl7h356uun3lupr5ul5ok6puohj998d.example.com. 86400 RRSIG NSEC3 13 3 86400 20210514161125 20210430144125 28964 example.com. +L2sxEcpXKOurY/KM5jL3WsaoNl3fuQYSfkF0hat/Qi7cVCFMmVVPa5nuuAaE4L6dYDyuVnJ7CkSZaJD0cYQXA==
+cf2t29nn8sqbpn6p9d1euo8k1emtvg6d.example.com. 86400 RRSIG NSEC3 13 3 86400 20210514161125 20210430144125 28964 example.com. I8qbPSgWDvKstK2b1QZs9ukdih1+mYLmdtZg+Y4gLJscpSgss8Ydz8L8jyvNTb079QwajT5FKPHRHJxGZZiCkQ==
+ENTRY_END
+
+; response to the wildcard query of interest
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+foo.wild.example.com. IN TXT
+SECTION ANSWER
+foo.wild.example.com. 86400 TXT "wildcard"
+foo.wild.example.com. 86400 RRSIG TXT 13 3 86400 20210514161125 20210430144125 28964 example.com. sN/uAISiZueMg3yoRqnHpRw5Qayb0HDxht8XVvyY/C1H/DO6cBvyskTyBIU7S1B+hIOvaIKUAqd9D1+VIr58bA==
+SECTION AUTHORITY
+ti6egnlv8nsi9js84c1mv3ec7sq4293g.example.com. 86400 NSEC3 1 0 65535 D7F1DC453FCD0B67 1cl7h356uun3lupr5ul5ok6puohj998d TXT RRSIG
+ti6egnlv8nsi9js84c1mv3ec7sq4293g.example.com. 86400 RRSIG NSEC3 13 3 86400 20210514161125 20210430144125 28964 example.com. zeA5x5Fcqcvqq8deQT93Fa8ZOtgLA+zIZ/uKED5e4vjtNEg5cCJ6/4+YM4/ztwYnkSzkkKbzrzF7qanJNSlk3w==
+ENTRY_END
+RANGE_END
+
+
+STEP 10 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+ns1.example.com. IN A
+ENTRY_END
+
+; recursion happens here
+STEP 11 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD NOERROR
+SECTION QUESTION
+ns1.example.com. IN A
+SECTION ANSWER
+ns1.example.com. 86400 IN A 1.2.3.4
+ENTRY_END
+
+; now simple non-existing entry
+STEP 21 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+nxdomain.example.com. IN A
+ENTRY_END
+
+; it should get downgraded
+STEP 22 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+nxdomain.example.com. IN A
+SECTION AUTHORITY
+example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. 3 21600 3600 604800 86400
+ENTRY_END
+
+; more difficult: positive wildcard expansion
+STEP 31 QUERY
+ENTRY_BEGIN
+REPLY RD AD
+SECTION QUESTION
+foo.wild.example.com. IN TXT
+ENTRY_END
+
+STEP 32 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+foo.wild.example.com. IN TXT
+SECTION ANSWER
+foo.wild.example.com. 86400 TXT "wildcard"
+ENTRY_END
+
+SCENARIO_END