diff options
Diffstat (limited to 'tests/integration/deckard/sets/resolver/val_iter_high.rpl')
-rw-r--r-- | tests/integration/deckard/sets/resolver/val_iter_high.rpl | 239 |
1 files changed, 239 insertions, 0 deletions
diff --git a/tests/integration/deckard/sets/resolver/val_iter_high.rpl b/tests/integration/deckard/sets/resolver/val_iter_high.rpl new file mode 100644 index 0000000..179eda3 --- /dev/null +++ b/tests/integration/deckard/sets/resolver/val_iter_high.rpl @@ -0,0 +1,239 @@ +do-ip6: no + +query-minimization: off +; config options +; The island of trust is at example.com +;server: + trust-anchor: "example.com. 86400 IN DS 56216 13 2 60E5A8A0A2959A0E65A79A6C149FF5E1D68C866C5F5462DB21032AF5185B728A" +val-override-date: "20210501000000" +; target-fetch-policy: "0 0 0 0 0" +; fake-sha1: yes + +;stub-zone: +; name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +query-minimization: off +CONFIG_END + +SCENARIO_BEGIN Test validating NSEC3 with too many iterations + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN A +SECTION ANSWER +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns1.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +;;; Generated by starting knotd with this simple zone file and then querying it with kdig. +;$ORIGIN example.com. +;$TTL 86400 +;@ SOA ns1.example.com. hostmaster.example.com. ( +; 1 ; serial +; 21600 ; refresh after 6 hours +; 3600 ; retry after 1 hour +; 604800 ; expire after 1 week +; 86400 ) ; minimum TTL of 1 day +;@ NS ns1.example.com. +;ns1.example.com. A 1.2.3.4 +;*.wild.example.com. TXT "wildcard" + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. 86400 NS ns1.example.com. +example.com. 86400 RRSIG NS 13 2 86400 20210514155807 20210430142807 28964 example.com. k80kgr7N/MPVZhv4MT8CqEQBUG1Oth9buWh6d7nwO64DR7f7WJnH1yvBeQcFSXBxQcv/f0V8SJzqdcD6EmWzsw== +SECTION ADDITIONAL +ns1.example.com. 86400 A 1.2.3.4 +ns1.example.com. 86400 RRSIG A 13 3 86400 20210514155807 20210430142807 28964 example.com. sGykdbHcEy4gnMAhIu4KGA96KS5hZKNM/C3yr61gyOOqgkV+6nAzuLBYvGxe4AexM/qA/Zpv0IyLg7bi9iufhg== +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 86400 DNSKEY 256 3 13 MN1ctIwG9m3p1fuH3Vn18XFLz4k6TUy1uXg/BF+7i+NrMkfbm4PLhhWflVElgowiQv/2103uHcW7a78ZaNP44g== +example.com. 86400 DNSKEY 257 3 13 d7yF/Xsdi0i8bUwN8FyCOIu9XGuoVlyuW2ZtVXEfdfwDpJxoHPjG3DImr8iLK2PMu75SMqj8+nwsP9dHiKYo9A== +example.com. 86400 RRSIG DNSKEY 13 2 86400 20210514155807 20210430142807 56216 example.com. BiPljLSmTP+uY5YrQ9mzxZhDsE33Bz3tBZaED8O+U3bmAfXNnZ1h8yN0FqOrJ7iRxmfK3ffNIgl3eANYi29z7A== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. 86400 A 1.2.3.4 +ns1.example.com. 86400 RRSIG A 13 3 86400 20210514155807 20210430142807 28964 example.com. sGykdbHcEy4gnMAhIu4KGA96KS5hZKNM/C3yr61gyOOqgkV+6nAzuLBYvGxe4AexM/qA/Zpv0IyLg7bi9iufhg== +ENTRY_END + +; response to the simple query of interest +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NXDOMAIN +SECTION QUESTION +nxdomain.example.com. IN A +SECTION AUTHORITY +example.com. 86400 SOA ns1.example.com. hostmaster.example.com. 3 21600 3600 604800 86400 +1cl7h356uun3lupr5ul5ok6puohj998d.example.com. 86400 NSEC3 1 0 65535 D7F1DC453FCD0B67 cf2t29nn8sqbpn6p9d1euo8k1emtvg6d NS SOA RRSIG DNSKEY NSEC3PARAM CDS CDNSKEY +cf2t29nn8sqbpn6p9d1euo8k1emtvg6d.example.com. 86400 NSEC3 1 0 65535 D7F1DC453FCD0B67 marb4pbbo27u50b2jb062rmee7hu5h0d +example.com. 86400 RRSIG SOA 13 2 86400 20210514161125 20210430144125 28964 example.com. cepCaZukRNjqLn52iIiH3I7C9MzosmjOaBNIgcmre8owxYyUC0Ur/lkNt0PVIGYYNGq0ZxstynleoZfebu+Hag== +1cl7h356uun3lupr5ul5ok6puohj998d.example.com. 86400 RRSIG NSEC3 13 3 86400 20210514161125 20210430144125 28964 example.com. +L2sxEcpXKOurY/KM5jL3WsaoNl3fuQYSfkF0hat/Qi7cVCFMmVVPa5nuuAaE4L6dYDyuVnJ7CkSZaJD0cYQXA== +cf2t29nn8sqbpn6p9d1euo8k1emtvg6d.example.com. 86400 RRSIG NSEC3 13 3 86400 20210514161125 20210430144125 28964 example.com. I8qbPSgWDvKstK2b1QZs9ukdih1+mYLmdtZg+Y4gLJscpSgss8Ydz8L8jyvNTb079QwajT5FKPHRHJxGZZiCkQ== +ENTRY_END + +; response to the wildcard query of interest +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +foo.wild.example.com. IN TXT +SECTION ANSWER +foo.wild.example.com. 86400 TXT "wildcard" +foo.wild.example.com. 86400 RRSIG TXT 13 3 86400 20210514161125 20210430144125 28964 example.com. sN/uAISiZueMg3yoRqnHpRw5Qayb0HDxht8XVvyY/C1H/DO6cBvyskTyBIU7S1B+hIOvaIKUAqd9D1+VIr58bA== +SECTION AUTHORITY +ti6egnlv8nsi9js84c1mv3ec7sq4293g.example.com. 86400 NSEC3 1 0 65535 D7F1DC453FCD0B67 1cl7h356uun3lupr5ul5ok6puohj998d TXT RRSIG +ti6egnlv8nsi9js84c1mv3ec7sq4293g.example.com. 86400 RRSIG NSEC3 13 3 86400 20210514161125 20210430144125 28964 example.com. zeA5x5Fcqcvqq8deQT93Fa8ZOtgLA+zIZ/uKED5e4vjtNEg5cCJ6/4+YM4/ztwYnkSzkkKbzrzF7qanJNSlk3w== +ENTRY_END +RANGE_END + + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD AD +SECTION QUESTION +ns1.example.com. IN A +ENTRY_END + +; recursion happens here +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. 86400 IN A 1.2.3.4 +ENTRY_END + +; now simple non-existing entry +STEP 21 QUERY +ENTRY_BEGIN +REPLY RD AD +SECTION QUESTION +nxdomain.example.com. IN A +ENTRY_END + +; it should get downgraded +STEP 22 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +nxdomain.example.com. IN A +SECTION AUTHORITY +example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. 3 21600 3600 604800 86400 +ENTRY_END + +; more difficult: positive wildcard expansion +STEP 31 QUERY +ENTRY_BEGIN +REPLY RD AD +SECTION QUESTION +foo.wild.example.com. IN TXT +ENTRY_END + +STEP 32 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +foo.wild.example.com. IN TXT +SECTION ANSWER +foo.wild.example.com. 86400 TXT "wildcard" +ENTRY_END + +SCENARIO_END |