blob: f541c28dde12b7d3d42f80901ef30b896d7303f1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
|
do-ip6: no
; config options
; The island of trust is at example.com
;server:
trust-anchor: "example.com. IN DS 438 10 2 33F8133EB48EDB093839E985600EB7B7009EB5AC312D11CCA9007F6B 71D94D7B"
val-override-date: "20160308103040"
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN NSEC3 referral to unsigned subzone, no optout.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA SERVFAIL
SECTION QUESTION
ns.example.com. IN A
SECTION ANSWER
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA SERVFAIL
SECTION QUESTION
ns.example.com. IN AAAA
SECTION ANSWER
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. 3600 IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 10 2 3600 20251231235959 20160308093040 2843 example.com. boNVuXxyhW+Gmiu+4ip1QQvIGqFNVsFfg1v+ywgc4+37ieQ5t+qJsHVm fJITRZrJxYQ6T/MkZKhpxLCemgFeKU6syWwoCfypnGino2G1urvqThna WTImSPhY/QsOj1ALy51d9Q+Mb5vt69XJt6SQvtNf6imepIFOT6CPSfjx BJ4=
SECTION ADDITIONAL
ns.example.com. 3600 IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 10 3 3600 20251231235959 20160308093040 2843 example.com. VSq+DkxJYr9Z+uh3KgpyPNwtuim4WVXnTdhRW7HX90CP5tyOVjDDTehA UmCxB8iFjUFE3hlwDx0Y71g+8Oso1t0JGkvDtWf5RDx1w+4K/1pQ2JMG lZTh7juaGJzXtltxqBoY67z1FBp9MI59O0hkABtz1CElj9LrhDr9wQa4 OUo=
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 10 AwEAAcOHC7D2ZcG5M6MK5If/60+vvBM67BC8qUx04f6Kcvhx9GBMIMYz 87m6m2P5WKafW5AN1K9jY37m2fU/TdACQNzqu4wyVsOQefke/v2fgswg NgneP/C7cpyBVuK+8BUHjrorfLORClD3mbQMQldaaO2h6+OArAGHlFNI oFsuCjyR
example.com. 3600 IN DNSKEY 257 3 10 AwEAAc4VCSEu1C1lAxuZMC8tSyissZNXC2lgS3zNvAvFdLtAsSbhB1cj dLCtTWUv1Ki/T+iWn10iemLQJ0S6z8wK+a7maC3ELZP1qoSFln+FiAsZ xYK72/XDEYMMp01F0gxgzZ2alWx3WKm2mELXf/ezEx+7X2ZNbwum5TKt FxtvotmT
example.com. 3600 IN RRSIG DNSKEY 10 2 3600 20251231235959 20160308093040 438 example.com. cas8JKwtLUIItwOgrDrDG9pSkqiYw3r+8vyvt962kjHFBNG0D7AeegaO GMSWRziqA4L8xdgP750rLR5CRFQ9oPQlr/RWnsebGdJ3Yohwwa04HE6n OvR+o0u0oqNQ+P5KinxVKSv0Ru+BVMPHRDfIXN/FD5p9+nvIrnjXQlI3 vvM=
example.com. 3600 IN RRSIG DNSKEY 10 2 3600 20251231235959 20160308093040 2843 example.com. uDLTMMTvJCcetKr6THEJ8Rn0gMLPFZTbOGJBZyZ2E5F9KkPSS01Nm6/P e+j0R3ObYXodqnZIY19fzXJKS2dJktoXkqNLBW/SpWTlFzpfHKCvTbJS VLrJ/lrEunE5cgSAqBrbAAuJrFpX/gaavqokElnUv1Mki2agTH1dTZyn X8M=
SECTION AUTHORITY
example.com. 3600 IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 10 2 3600 20251231235959 20160308093040 2843 example.com. boNVuXxyhW+Gmiu+4ip1QQvIGqFNVsFfg1v+ywgc4+37ieQ5t+qJsHVm fJITRZrJxYQ6T/MkZKhpxLCemgFeKU6syWwoCfypnGino2G1urvqThna WTImSPhY/QsOj1ALy51d9Q+Mb5vt69XJt6SQvtNf6imepIFOT6CPSfjx BJ4=
SECTION ADDITIONAL
ns.example.com. 3600 IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 10 3 3600 20251231235959 20160308093040 2843 example.com. VSq+DkxJYr9Z+uh3KgpyPNwtuim4WVXnTdhRW7HX90CP5tyOVjDDTehA UmCxB8iFjUFE3hlwDx0Y71g+8Oso1t0JGkvDtWf5RDx1w+4K/1pQ2JMG lZTh7juaGJzXtltxqBoY67z1FBp9MI59O0hkABtz1CElj9LrhDr9wQa4 OUo=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
sub.example.com. IN DS
SECTION AUTHORITY
; sub.example.com. -> po0bgjsa0o6vivtr1pvp9ra8s54qpnsb.
PO0BGJSA0O6VIVTR1PVP9RA8S54QPNSB.example.com. 18000 IN NSEC3 1 0 10 A7AD1394BEB94E45 CO0J7N2E081RL10GCBQ31EDR3OE33LNC NS
PO0BGJSA0O6VIVTR1PVP9RA8S54QPNSB.example.com. 18000 IN RRSIG NSEC3 10 3 18000 20251231235959 20160308093040 2843 example.com. WepNJEmwXlC107N7E4G0qpUYBVLjLGcYSqJtFFyWU0n8wS9Mw6eH4IZY esAjOdkezqjwpDQny/z9GuTMtpKdIZvzEa8mHn9I/Bv6Gq2U9Yc5w0z8 jqRMi/0Rvy4IAAQoHZOntfcfx4ZRVd/55VeQaJevM2DQLaP6Z4e/rhPs cRs=
ENTRY_END
; refer to server one down
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
sub.example.com. IN A
SECTION AUTHORITY
sub.example.com. IN NS ns.sub.example.com.
; no DS here.
; sub.example.com. 3600 IN DS 38364 7 1 66DC14443014B2727261B50B447170DE18CF43A9
; sub.example.com. 3600 IN DS 38364 7 2 719A6680950A624D2C71A67981A7AF884C23E3C21074FF1CF8FB7EFE 20C52F97
; sub.example.com. 3600 IN RRSIG DS 10 3 3600 20251231235959 20160308101119 2843 example.com. nAH1Nc1yq6EfzKLq48mLOEo2ocQrxkDFVAYIl+7ZMQJ1ZXHSmwePVH+m MAxdJ8xMl9BV/EcScn3vgSG+GfKfpl6txCS59Hxc30k27x6ac/6vL+ll YS99nEZMkc9JpBk3gziLj6hH8qv0G84264lNWAP2XGv1jO/AYrXL6wti Lxg=
; sub.example.com. -> po0bgjsa0o6vivtr1pvp9ra8s54qpnsb.
PO0BGJSA0O6VIVTR1PVP9RA8S54QPNSB.example.com. 18000 IN NSEC3 1 0 10 A7AD1394BEB94E45 CO0J7N2E081RL10GCBQ31EDR3OE33LNC NS
PO0BGJSA0O6VIVTR1PVP9RA8S54QPNSB.example.com. 18000 IN RRSIG NSEC3 10 3 18000 20251231235959 20160308093040 2843 example.com. WepNJEmwXlC107N7E4G0qpUYBVLjLGcYSqJtFFyWU0n8wS9Mw6eH4IZY esAjOdkezqjwpDQny/z9GuTMtpKdIZvzEa8mHn9I/Bv6Gq2U9Yc5w0z8 jqRMi/0Rvy4IAAQoHZOntfcfx4ZRVd/55VeQaJevM2DQLaP6Z4e/rhPs cRs=
SECTION ADDITIONAL
ns.sub.example.com. IN A 1.2.3.10
ENTRY_END
RANGE_END
; ns.sub.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.10
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA REFUSED
SECTION QUESTION
ns.sub.example.com. IN A
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA REFUSED
SECTION QUESTION
ns.sub.example.com. IN AAAA
SECTION ANSWER
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA REFUSED
SECTION QUESTION
sub.example.com. IN NS
SECTION ANSWER
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
sub.example.com. IN DNSKEY
SECTION ANSWER
sub.example.com. 3600 IN DNSKEY 256 3 7 AwEAAfXXu2eDy9QsjLuHgEMWmG03TVauwmITCq520ANujsTZlPKyQKJe xyrYm61e0RuQJb5dB5JnE0O3YYJOpnrl8keieAqVt1efnNtcn8V1em48 et146ZYFAUb/PMdTOgd2XJnhVEWD3VsZbWNMCxP1KcJTATAaLDVCY//E sc9K3CvGUizNcSoTK2rGS73A6GqmvVNnGir6AQIZifkvb6PKzF/hVpS8 cgvKF/UP8hu+0Glbq1YYTFrXMUBzKUH+X19lRvk3eLHurSvGjDEM3ZO6 tp1QdpzIRPzYKENG+qs07dhgCZyb4zqwEycmL9/Vot0ByTGbeHvHN93P PrLxcM5zlVk=
sub.example.com. 3600 IN DNSKEY 257 3 7 AwEAAfTD+gzZ2g7c9VoOUR2ekQiPNEyqcyl0MZ4sD3bleU8D8hQdDgAI 1G38raY3xmNea8yLCQYF0x00QbmKtzMjpZqKfsCFZDX6lBV5dP8IwJ0D F6L4hjO819IInf6upH9tfQNnueflWyKzfg2zitV+ILZ4YtZViyCKqayw CSPE8OkFlszZyCESzhrXqoPdJ0oHdZCG4lOlRIgZfrMLC4yTI56iiwFc UsKy7BhNPW+hcc4r+0WB9BCpsiei/FjPMcyeMrx1W+s/xgW7/55Nq+dM PUn9v24uCptZUupn/7CRgMGM5DmWe94QIswAQjH2mXNfOgVPOiceLYzU mcNoKudvSUu1hbzJbVHA4UNWDm2vvsdsEzrOEzqO0ZVczLoZzWU4WpLf IlKm481OKkzAP9Y5F4iTTSIrbVcAuEW/iz5zfqWirgGniiTCszAie8lH u1EPBgGnfotqhq9IbNA6aKNUreJPLvJnds7J/aQmiSdm15pAq71B26X5 BmoZVhbNmh6MHXkq99EIt0yRMEOfPLRN7euza8Idd4mA+E8jpdgtYdJD LC7f2SoQxaN4RMr5MC/Z1ENQgLMYRkd87pEQycAlNAoWMPJMuoDNdwhV 15F8+pvkvfu5cm9FoEWvgS+onibUM9EC9L9EDdfDdW1Hf1QfUinVoMf/ Szf1urkPVNl0nNYF
sub.example.com. 3600 IN RRSIG DNSKEY 7 3 3600 20251231235959 20160308100552 27527 sub.example.com. yUIM3oBl8hkj8/NkHw79wpS0EHWTNA+tW8qDv3IhzpRXWQ78QjRvcLt/ PkoUpaVXydM4xwf61oy0C9nNhakiaTw99icmqbIRfOL4ZQAIEtyzKrP4 Dww/ySI8YJx5ebbEALueAOTQQG4VHk3hEfLlFgUOje01y8usi2QjiX84 uSLfW3DtHODNPWuumTBKrysWC8rs2jiXuDTcViP6IGZnZ1X4E9F8m3J6 gv7kOgqUJp9PRuwSQUuWBk2drl8psZzWuk99g/dnN1SY8B3iBc2DE4/S CHUYrHfdp5YjuKsSg8HTmPS83aks/TeKAogRZ5bEUyxO5VHMnywZUZtl YLuyJg==
sub.example.com. 3600 IN RRSIG DNSKEY 7 3 3600 20251231235959 20160308100552 38364 sub.example.com. ewivalJKy9ahD0p0ca871A3rM302OafX1qYe6K9CjBTvFFWl3JR+tEIY idHyVBwANAS4W2LxP2jrweQ3POL9+I/a3EvadWYnaVGrSHuQr42yPL44 jPO1SBkbTKCTHTlNDgllIaOiszkjZNwE9vTiKxz+5s1kVXnGHPGQfNts LVhFgWZmcZ9AlDbieAOjS2F/P7YWp3NG8lLR3v+JWaD1S+TgClwAFWAl kEOBQ0xltRQ7MFZ92cWudJ24FnYlBEpy51XmfYx3ExmCXpGF2vKYoLGR 76CvsC5anrsaYY1znfACrdt2tYvkEE+TwYuO6/Rm1Ay+whI5wzFWpWf2 xTysJEDcx6TK5rm9PpAiPcdbahhEZPyIm8SIbHSXs9X70wqNpZwtrez5 46F2lefZZ6z9q9+o9hicTXGgPz/nITQ693nbphAl/B713kXVhgeBIcX+ ZqjFnXYQBwliU6ae22hWsFl3l+lN0S7o0w2uzMZiChA0VP3H7LKSO1e2 G17Z1bfVfMZoM2hhLOJuWozLorPJR81DrIAO1JpIKGSxP6clBIE6lhjk hvRjQAmxt/rLsebhVNpXNAEkWwxM4OatK5d5zv2HlvL9QA8Nm4NlZ9Fu pKqoRKijUr1ny4O4nwb3aQVxwCP2+MHuH7XQOtpEFxWeoDPFbu9WIunb dONPnl9ZB8Y=
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.sub.example.com. IN A
SECTION ANSWER
www.sub.example.com. 3600 IN A 1.2.3.123
www.sub.example.com. 3600 IN RRSIG A 7 4 3600 20251231235959 20160308100552 27527 sub.example.com. h6RhBN/xWlVYrQVt0TNbFd2/6bvQx9oAYJFyKvzZZbcEbd2giEud1gcW B05TZDwK5p36GcyoGdA6DB9kEGFNqH44OqTsUqtOmqysFw2nsAHXGBId UetoOxT1JOvJlqd7qwC1cBhDmlRB+1u83PBCJyjb2nJ4HwEDSAf/5SRN DQJQmGTGD4FIb9ixHOH2Y3f6U2YaDz35RpJSko2j65erEcOH65dXsAiU OkKNh7g3esbQCGNnY85RyhCPGSFJ4MxLsIa+ZqTY9tvtKL0mDSrqd/51 bhNcKa2Dl99cDOwH3kXFqO+L+DdTXU5WbRxRe74SFzoum/lnyQhcrKN5 029iOA==
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.sub.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.sub.example.com. IN A
SECTION ANSWER
www.sub.example.com. IN A 1.2.3.123
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
SCENARIO_END
|