diff options
Diffstat (limited to 'tests/knot/semantic_check_data')
58 files changed, 3504 insertions, 0 deletions
diff --git a/tests/knot/semantic_check_data/cdnskey.cds b/tests/knot/semantic_check_data/cdnskey.cds new file mode 100644 index 0000000..6ce5610 --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.cds @@ -0,0 +1,123 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + dEDk41MHSAAoc2eboWOXxGQHYFj1gXuD/gfX + Qz6HEq44narP0IHuOWt4ni9HUhYDBuanPp7S + j/8nYnZc6gdpMg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + 1HFpOHudUJp7hvrsTmdX6qt+X0I4K9RYo/Uy + gpWbJBNhNsPVENVrw8AabhnPaETJGbreS/4T + slgbxM1Ks/erzA== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + EA9rtC9Ub4LPDwS6Q8wE4g9nGddbVrg9ivHN + oHQzUjTFlxtn8gFPaJkUfHwqwg3PsSVGagyx + Bjsool21k/TG7A== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144147 25752 example.com. + YLQPkC55O9bpQI/Hg/Ih91UkieeM3wtQvJMT + ro3QJ2eDImSyeoIbWsF+ghtoQ+6IUulXLu3k + PtDViOe2tfaL/Q== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + 1J1lDp/FQFgAGv7EFeDTAru7rUIcUCc7bkYj + 8OlczfdQjo9IfS5MFg6MqIrE/KPC18CDX1Ki + DzaCFaMGDlavjQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 25752 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + hRcbHnvrTqCb215+XsIn96tvHacV5d15lcnS + h91pg8Htes3H0vOoG98C5oWXoj7RM4V/tDoH + /0ahiLyRzRnvBA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 20197 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144147 20197 example.com. + JLKC5uLW1+JPkOyVcc8D6B6lCC/0FOlak/Qd + Na6Nb33hi9io1HMFI1eYiG7u7lxWmXsKnBo9 + ONROz+WYGds++Q== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144147 20197 example.com. + pgi1+O/TWU6WCmLLYEibCYj+RzbcOuodnF1i + wlBQxDZLTcGYG+1KEC0spZTN1nQncEfdeEKc + jnYQUa0izPQRnA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + MaFyQcB908WIXS+RiLeLXiKdjOo/R6tl9AM/ + 6xokhcvRqQzuyQeoH4snUvcht0m5ghz09Km7 + MPN0uzJcXIGg0Q== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144147 20197 example.com. + Vdo7aYGIByxiC85dyqLKrrNAYYDFBnKXm8uE + rYSXBMWiQoFHwzvlavyqhUWlEABfvYD0pUrX + PZ27Hz8rPFCSLQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + 9Llt7e4nm8uMLqliT2NZJINmAmLmKDYqjloj + Q3/wNI4K+J0RUmWpg3f6xODVkKjjuVnwpxkK + eWV9zqY4jUTAGg== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144147 25752 example.com. + lZSHyLdXGFvoL9fhk26y70ifFwui2A5bpdir + Su7VhfsnNdLgNuCceRXbYwxQaUyODCl7dcJ9 + UkRzq2eDs0evKQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144147 25752 example.com. + dDE1XApt4lZ9u20Z/vXwhJxE27AZJQzKwLkk + jpwEDVJo6/SdV2smB7s7+qmGnSKhIehVpUFX + wv3/3YaFxSTifQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.delete.both b/tests/knot/semantic_check_data/cdnskey.delete.both new file mode 100644 index 0000000..b3b840b --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.delete.both @@ -0,0 +1,113 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + uHjgn9WEMdw/d//q2ZhGF1GAQItK9UPyByET + VDuZgER/JBHuFd1/MMEkkFmCRneXuVudSnki + aXiza0GLV0ujfw== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + 39YAhtx1qe9sbJ/6N1fS7F4QLS9iqagdbQN4 + w6VRyMRrseRY16G2n3Th9yw1+R9aXOazb6iP + BL6azQJiUCZJ5g== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + EXv3vV7Njpz59INdubRpDsGANROKfEhqBzQ8 + zSL1vujpUOdaZWqmS3uoKusxHCghJacCFeUA + KQNrWNuZHT2S8g== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144234 36859 example.com. + LgXpsIgBZBO03iU6D2nqsbmal6AK51ev21Cj + PQFfFBLQ+ARqyE3k7mlTK4A+/UfIpWgpkKnz + St4SbtL3r6GK+g== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + l/Uak3BSxeoEO8n42GtZkS1aTdEV590rAuwS + Jvt8Gzyj1S5Aqx5Tytm+nb93ZtO3eSL2OpJg + p7tdmPjtHKxYpg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 36859 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + jNkK9sXUo8jTJ2snaD+3Mao2q0m5UjyZ7ykD + 6yQqTJ2xgldvTCyuu/YlSCoR9gli8pOGz+KT + 3YA9HjG46ob8ug== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 65430 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144234 65430 example.com. + id6EVGBrg2vZm6vIIGNhSukuI2Uv6/MzZiJk + C1N9k5P3zAP6Es9aLp9m4cR8qGIdUu3DZ3AU + ngKndEZvk5YUUg== ) + 3600 CDS 0 0 0 ( + 00 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + mDmiCviPRxQ1BiinR2+/lQ/KabHgIu/LSKZ2 + yZFsgiF8YF4IT8mJc/qiKVtaCWLK4Sszxk/F + P8kMTmTKORT40Q== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144234 65430 example.com. + O1KH8u+VPLnd5TwGPRbv7VpMss+Mjwr+nIOE + UxSS7unksPUldU0e9qXby0fydlN5LTf/L0sD + daMwGOA2fuD/dA== ) + 3600 CDNSKEY 0 3 0 ( + AA== + ) ; ZSK; alg = 0 ; key id = 768 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + Hj8WJNT51BdqA6szAI7sn8gZftHY6/1/Y7qQ + DRsunh1J1cNRuqHtLBnRKpVdteZ4znNKnavb + uoC6kzSzbRiJzQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144234 65430 example.com. + 7YGVqSgaiHXwY+GdMkUJXZyqkGvkfA8LliB6 + 6Nn4AvuETs4lX080MNq3dWmjI/tHSg5ptQz7 + Hukvd6cYWNgtBQ== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144234 36859 example.com. + SVatJA8FhwAotw625XttyhgD8Rcp4ukcidii + By06YX9e5rCgOHOvjsHwA57kBBzcZg0ZXAbF + SOhDdUQibKaRSg== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144234 36859 example.com. + D+r82Tvm8eGuYrJKVCUMw1Gz+tevXwE2IGoG + 7pXErKbDv13p/eFAPsRdUKtdmsOq4mHSxQuZ + GVGAULfJjcs3pQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.delete.invalid.cdnskey b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cdnskey new file mode 100644 index 0000000..366edaf --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cdnskey @@ -0,0 +1,113 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + wXvCukXPMbON0oD2nKINzyauQRgeYE/kIYKZ + pYaMwV5Z6yZ9SKSSy7oRBn7t1+rOmGI69NSx + 3WHXaRiLjcH1Sg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + XNdl4tiEhUPOpEgwGO2njssc8QMB8IeP5QDM + 9/LZJUPZ0hZ76F7fX9C3X3edgysEoDFR1HAE + JdTxkJ5Oqv7Xig== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + Or2a9ZLl2FnBmNM1KbUcgAjgLKRS6O9H4XmK + VAGM3QxutaTZuF1sjsz+kNh6yrT38eLm5B8M + PLCxUmkTSUmgeA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144623 39533 example.com. + 5SBXb1HpSfhPinO3hadK7E0lhRHwyUAsjZpy + /7jTO7/uUNXD6asY9V6kvOJmRgMpSeXFJKFw + +Vsyx0jifistyg== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + TQSEqjdF8egQ1YjZPdVXrX+pngPHTdCgwJFR + AefWVHOLsMADS3/LL5G+pZTSldB3j3Xo4Na/ + 1tsuCgNmV+58xA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 39533 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + VARBBNSEYzAbBYxgdQi/epYgWFaGnL49509p + CeZWg4LO4jhjVT7uyhsSQny2wyahP2Y37YeO + d+sY503BNpqzMQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 59324 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144623 59324 example.com. + YRhAwruTjWmu6drb4+iJ/QOwQg8dnGur8LH7 + bsn1ZCHQYNDHiIai8JqikqzkhEYKIK8HIqT8 + F2RY/LqFxKebjg== ) + 3600 CDS 0 0 0 ( + 00 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + cHTGBug23nTe/aS09JaakuG4wa9EEbWxL3gu + LQpCK8HV/JMsNSGqh1FsUlX92y4tSIvJn+Lx + vvdN+Qzh+zASHg== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144623 59324 example.com. + GU9Q/CipUscofDL6uhT2ZmhQoyApLX9zbyfN + dG5XW6sXYaB94hVSiT2DSyt19fyQwYoKK2Br + fJwy4pI890kKoQ== ) + 3600 CDNSKEY 0 3 0 ( + BA== + ) ; ZSK; alg = 0 ; key id = 1792 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + CXeUfFxa7aT2tivKLovVQ2CA0HYZxxlUrbm1 + voABTNkU7lb5W9Z7GQ/VDugd8QeKNK8YWOaQ + Tdl79jkL1rQKXw== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144623 59324 example.com. + sd+fzJmLLIoFIcbKCJ+rHE+tOs0PwHjjY9ml + Dsbel1k5sANI4xR8iMv6YAEhcpvb0S+8Nd7h + 7BT45SkKVtyFsQ== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144623 39533 example.com. + VGa9LkgVATBLHOwMBNc6g74iXCCSXnWWNs8O + ndoXk4ZMMRRkmaxSWXH2pBdJLZPL5f26aEVl + 4toVcsE722LoFA== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144623 39533 example.com. + i+94RvIQBBEOza7Y963huNEWYrqt/VT/eE1E + Gqx5kngvZgZ7wO8tcOsaE7ctb69SvgZwRR9c + RBgb2N6ezo9OxA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.delete.invalid.cds b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cds new file mode 100644 index 0000000..9d63eb9 --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cds @@ -0,0 +1,113 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + 1CRyeUic9BIwBWcjk95VQJktQng6f3dLQm64 + JwGGqivUM3Hgp7URguNIx0BsCvfo67NIpk7N + mMIFwMkMGOHmgg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + pB4+Z3ltuzY+/NkAeCb9LOS7Zlh7QLfHKimR + JPtvdOuIhd8vB0NZLzcYX0lIkrqyP3LadbrS + u8r9BMIlu4cKpg== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + x8XhP7r3/glI7AenoSLVmfqhZXQfj6YllgxA + jkVxExiM9OJZOPdyeDTuRyUD1PFiBOEsP7Wu + vNgWA9eyQFOslA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144646 56106 example.com. + TCn7V7sHR2TNY5ywyEpbYZMegZwTX+I/TPeO + 76D3WORu9pN0kJWjGPAebwTvL/a7p8xS8B9U + X9ivUVFORG+mJA== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + cOjtacSzGkoh6bO4clqYPM2y+g5ezQUtCNdx + iRqickHCvQnL9OM/h7V8txqEsSulG5ZCeW+O + LDhDQDUchpNv7A== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 56106 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + pB2mCNXFJ8e+UaMeMmy1LSCv6TJ92Fs3kFxY + I8NyZPyGvfePpMlzWZr7Bw7wS6G6Jhayhj94 + MMJ4lM/5+ZzVJw== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 45911 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144646 45911 example.com. + uOAPEzDkPNI9Uo2N+iiRkIb2p1Y0VhgqwUom + +Dssd6X0CEdQEmD8YQ43Cuq9ZNwk8Bm+lgm3 + X+ImdIKeE4MvNQ== ) + 3600 CDS 0 0 0 ( + 01 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144646 45911 example.com. + IN5tLpm7OKjIL4VpucR1ero1Gv5UEyVqjzB9 + rRJefwUtlZFKNaTbU0oQD33vQXEjUiIMr66b + zIC3Ju/YtYFDLg== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + f8VJa9GRwSWNmg0AR4nA3OD4X8im7BriZjME + 2ypYUOJkdIafolyb0LDz7XWTaVsFHQWO0z+J + 14g0CgCroTm3pQ== ) + 3600 CDNSKEY 0 3 0 ( + AA== + ) ; ZSK; alg = 0 ; key id = 768 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144646 45911 example.com. + 89oeIQuH82i2RYIj/fnX/71s8kspDHcI8lIa + R02OZZ9bF37bi6LbGkypdXpmxN9/rEjk4ThF + IHRX2USEPtl+wQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + Hgf4SgtoV0IHsF6feSP8YqeibPTtwZelLpLs + hux/D94MFKtYa6OseyzT3qIDdixav+mlI2ud + 0JyflYZ6MCBlxg== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144646 56106 example.com. + XdhVQ3Na3LsvdtT2HwdsM3ItiD3UH0HO6TZD + W6/jy8r0NA6fTN4b4oVr6wSqHAQIQVYUbWER + 7pav2Ek03LDa0Q== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144646 56106 example.com. + dVTxTNAfZy5sa0SW8eme+KMx3hByBnPIrRlF + zGDsGN1Xzw3OBhsTmuOwhbnZSnnvdBrhBOJw + 8eU/6zpcZypyFQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.invalid b/tests/knot/semantic_check_data/cdnskey.invalid new file mode 100644 index 0000000..6937db5 --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.invalid @@ -0,0 +1,123 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + fIUb0+hjrELDVphcGgDZemNVpq1TBgyTt184 + 9YnzaAhADynsscEd5iZRjuA5r7mlI/M9fFtU + l6wpEmqAs7sG5w== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + 86HnJEU3jP+bL9JmnY+2TGwna7DGtUVvgdhu + slzGQWN3EHb51vx1fHQGGfQlJ4P4ch5US3TE + 1rd/OKNUBE+p7w== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + 33SrrSRr8KwasK7qfxYAPxP//dj8Y9i95oza + 2Fwvt23QxfZS3TBLqMyMA6G/nmXyavUxsye8 + C+mks7QsS7HJCA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144725 7800 example.com. + WRb17ehBEEjIVl//Zw8vtDmbnTY6eLWe2KQ2 + +E+pCMEK0QE1qXwcethJ9PkM+gKFmN9RscXH + DjrmWIAfgndjsA== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + VxRHPS89GaMJvJ1xL8/HulwW75tDXUZ6nYlI + 8VCFOMB7vU+SoZhaaoZu4YcCZqzjzfZLl8Lt + SEaXZPQbnpkhyA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 7800 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + MWndPmlRdffYHO8Z2quMkXq80Nm3PNmWpTix + xJLJ71Oph+ta4XaTuiza6AQgVkCSzrfwoTuJ + UKHL13s4/IrRGg== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 46605 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144725 46605 example.com. + GRVgc202uXoxu8f36V/Tc4r9BzCKK07SCmS6 + MCJ+mXO7PCv4RIzN9Dp8t6sVuDb5smLe6cV6 + 5lgyPYJwr1TVJA== ) + 3600 CDS 53851 8 2 ( + 668159D684EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + r+OpHWsZ0enCPKtUIZFXSb/8YbLdfYb3Ihpt + n/5kAWbOkkkVzAJX2/sCrVExMCVcP/nFSIIf + hACGKBjTvuLFLA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144725 46605 example.com. + buNL2/GqYvtwcXMPSiOeaEB5L6r5InyVxzaJ + 1PaaJigmJHbdNKGFl8ijDiH7WBdQECb8M3oU + zeuWGebSLuy0AQ== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + wYB3zuX5/bt3Pg2nz9F0j6MK1bkY19QvDcRb + pk/0rHXLbSjTepbIwy8O0KbJndHy+a70fN5p + 3dBGN5J56KymFg== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144725 46605 example.com. + pXWJCUC0kKqWpjZetDhGJLNPpXGqc8sJZ9wY + HKs4Sd734p+Gr45vnJ94pGYjjtZi9bwPo2nF + DmFP5K3NLACG+Q== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144725 7800 example.com. + Khv6ptUd4l4SgJI/H+L6Ls/gQHnmmQJcg0fB + xv7zECmQfQFguVIJ1bmoz4jP26ejsNH1pG+o + Wz9U7I5oWsDzYg== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144725 7800 example.com. + z8omQAty9S0cNyFATnM8DZ+RbMly/7staAmc + RF+PmOp/E7FtdKOZe5+ega/+aQV9VpePYXMA + UwmIeeYYU2pAJQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.invalid.param b/tests/knot/semantic_check_data/cdnskey.invalid.param new file mode 100644 index 0000000..2814ddd --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.invalid.param @@ -0,0 +1,123 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + tBomI7xR670RBUw9IjNL2A5eMVKtYqDUdhiq + XJI3CFdb4j6plfdUF75SfaiCP70aLX8Atzxm + 2RAzpR6M2Q3gbQ== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + 8mHEeq/7fnXpM/CaOFsIqTKyTrixQVZr8V+P + Lwn641YbbKniEP+KacrJ7Ul2jt2jCT2cnxC0 + b9XicHENmd0phA== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + f8ZdC3vD/oIltQLyL4zBmwo9rRyijN183BGw + L6iZ6DnH4BASlUyrGa0IceRH4yD5pP+gnhCc + lBzWFgvtEIyPPQ== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144756 33730 example.com. + UK+oQx75Gdn82LKBzht8KxrtwPE5JCBhEMcR + hRhHTeMqRUjbbeEOSWRdjg/36329yNYrxC60 + l7bBcqolo9dDmw== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + kr0M2egbhUXhH0i6fYiSl+zRH1pU7XhamCdO + nPhMEgFa3CsGp61kCuZFulpY0ODh8WrAPZcO + qC0tCj5Bz7nWZQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 33730 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + 7fs6TMYYlkkxI1PCunVT9dxcxWVGXu1N7xVv + 2EUyVYMXSn/Z04URNTaxXcoWuDafy99G8rcT + oPycl2oOhc+s0w== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 60664 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144756 60664 example.com. + WpjHrB8ZfAhOSjq79gAaPEiQgSxvEatTi8nC + AYYpGs4dc1n54iYZ4IjCfMW/etlkZsMzXbVE + s6t+Dj/gJ3JKZg== ) + 3600 CDS 53851 4 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + IAgBYDhTIYQvmF2vUy72TWoRlPJQGyGErJuT + 0xxZDStaSfoAVM3Hr6VEqIq7R3B+Xel/urDM + WYUbIAinEnvpOw== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144756 60664 example.com. + IpzPg5fx+O1HUqjN0lR1Bbo6Zx/Lq1wrrJvv + Y518ooGelg8Q2wH7NgScsyhLY342+MHk0fKX + RcxRzfaFohiEZg== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + WMqSVG8Tcq7e5E2y8oHThr6Ip7ASu/35m10m + TzsEANrlFf0e1Z6XG5ca/6//NSolXoTu6jBx + 2kvnsX2bA222PA== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144756 60664 example.com. + LLGAWxuAhlKM/3i9+FFGngy6Zqo6NsxdXScR + wgVe3Ilw+3vU/Nih70uRE/xUjZpfFBOlMEk6 + EBSf/DJr6awY/A== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144756 33730 example.com. + mpcGxsR9c/K6wuaJCeFds1kg0af6Xj8K24o6 + FHzqn60w7HXXNnDjxS0jPTHpaVUkWhuKUcCR + 9EcvMW7uwVfULQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144756 33730 example.com. + gLwhcu1t0qloiWb5/XHuv0PAQZ+ChmDdMuMS + qS3hi0VPk9cscMjd7ZH7shJBH+9KKMI6YbMz + VGU4MSCj5/kT0A== ) diff --git a/tests/knot/semantic_check_data/cdnskey.nocdnskey b/tests/knot/semantic_check_data/cdnskey.nocdnskey new file mode 100644 index 0000000..a7bac63 --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.nocdnskey @@ -0,0 +1,101 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + 0JDLQ/bZj4SSmqvLPAzt1v/UUb8mfJQnuLC9 + B1CL4oRD45Hw00KgmbE7xgJVflYZJxfx7KIw + ydsB0/1/dMJzbA== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + Mnk/oSM7sdAhGYbWUMLpYFR1ahcvULo/8z42 + giRwzAX8HiqvxxkqRCFbvzYeRkZLLw0fYTeR + Mqit0zQuWuc0ow== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + qPQblbJyzHdmhqYhYx4wfUHWe3SYGUA65hZR + UFYcx99Vhs1CXUobjCk9NBedRbBHR04kQ5Bo + /72fhuCPJFIC1Q== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144854 39620 example.com. + H5So5m0YdxOBU3k0+pi6KOgPNF2V4hU+GLxa + c0JdGnALP4Wz6lWCdMRPXIaMjImb3TK9vFti + 89lB/2MMDe4dTw== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + 6R8b9KzH06NQ/4AUqrmp8rFmY0AmHpbW/vhj + xLul6ON720xvdeKBzi0nLSeTdUO8/gK8s8jh + RmJ8Fw279eXXZQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 39620 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + hfwsa6JnfqjMRma2PlO+gt8qqLytVIygLZHB + 5APAuz2cheZCMD8A2kyt5NziCCj6szmCK4oZ + fColPGaDgYtpmA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 6821 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144854 6821 example.com. + UbEQQoX5j1FVOqpkQBqckaG4WnCd7+4dBJax + 5sgjHQnfSSwKGfJx0zxd3ZbPCEKj+Ymrhpsm + nqfPzVRZhUPKuQ== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144854 6821 example.com. + Sc/K9xI1C9rzujnllO5o7sKoJiEKFUEfPxt8 + gsxs3sb9Q1s0/uSocrPc2OcaLgEzuFGS5FzA + fg7HcgZN63I5TA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + ykGu61Yjp24MJjp0wIYV20LSQ9ovRHT0zqp2 + CSvlROIVpbUGlNjAAKJdWwYJAqNUD571gJ7E + TkhrLEIX02ySqw== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144854 39620 example.com. + ye5pM/p8OWbdRNhLfbfWsY6lG8lr0Ae80LKv + rVOCMhAowrtKmDL6hUByovCV7MjCIYwGM26C + Vl9CRmrWwJEULw== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144854 39620 example.com. + JHP3TuxCuZ+N0lWtRI7Xl0qIcHSrn/X+WDUr + 0cVBfQTsFrAZs14bJhvw0zMGgONAgnFsXlxg + QmAqIPmpRvKtnA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.nocds b/tests/knot/semantic_check_data/cdnskey.nocds new file mode 100644 index 0000000..ecb3188 --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.nocds @@ -0,0 +1,110 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + GDfM/H4m+FRVp3M/KsOv//eMFaL1LnyrIi8O + pUSht1KyYDRoVqSL72XTy1aAJJ49Sd0uq+4U + acekI3Xi9OpvXg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + ICtOUMZr415dJb22HWsrjbYfW7q6hh6gxD2i + EikMQAkPncdBHHd7dCrjy1/4CPhixn/BnDfV + ZwF87k2Sa7EV8w== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + IokJy9LCiCaOPsluuBKYnwkesiPwsU/KZdA9 + jK25UmdfD1uU8AA63OOciTZQSv9NI+Q4nzl3 + LyqkRWFKToMz9A== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144849 42608 example.com. + kuhtgHhoeIwJ8IG08x+Tp5M7kQ+LzWoH/hTs + V17ZSyPD06YvMEmv9vdB+ATLd+j3uNYnMd4n + HW7Jh/ocOWg6+Q== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + p9BANIrBFV9hX2qwbzydeiubQkm9qstpzvUe + OFMDOEyyQxI+8s2nfHI76KmRliHuM7fOM9B5 + e8wNmEeVd9JJmQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 42608 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + 5sv4MetMS4KWSgyzvn658Prs0A8tLaWFhRJD + E9IznhGY2ogp8Z/uSIqh8QWzf1kQvfDUQiav + kOx4CNa3dSx/ZA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 8616 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144849 8616 example.com. + DeZBLj99QbyGhalCZ4UOmBJO/RLNgrPsAdaW + swYSg18lvE7jmLn9vxkUVZu0G6z43tulSb+a + lQT8m+U+PlusNA== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144849 8616 example.com. + IlysaALuak04Zbh0+104PHAuQgnYDBTLpvz+ + BgirzX9Vp+pg4yZVelAXsaDbcj2ZrXrwBjpo + +DHj53HmZygj4g== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + dJhB1Xmd3G1ueRVnFU+M4yc379LH0UrpBcNS + xHzjVd+vWtpNGPq03Wi3sczA9UUkXE0F5n22 + 6ZNR5XAswf+SYw== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144849 42608 example.com. + 3DTwpPojzX4r9ZWeKo+zmJw+2L/uqrtoAZEv + ncPJG0AGB9QVzjLFiRg0BV4GiDZCl2Hh4onl + OShOi5Nt0GXp5Q== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144849 42608 example.com. + 1m2PpD3S6/5x3Kkes+1JgbHtsm0xlnKrNCmF + xeBvCl55D98zSvs0DjfRjFowAg22nWJkvsWo + 3N1vnfFZpzmPPA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.nodnskey b/tests/knot/semantic_check_data/cdnskey.nodnskey new file mode 100644 index 0000000..461e05a --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.nodnskey @@ -0,0 +1,111 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + Tng1e4Zs8LvGZJqp75aBSX9Ci9bsncY+w8+K + rfYdoVe/Smq0I+Hgtygcq0Twc7llW0rwtZ8R + jQpbXbp+XNDi3g== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + OcKfgxtnriGsC/9wV9yI71wIVzR+71j3sZ3+ + ZGVqAo2bWR8QRULa5g5lQpIxlayN7w6xi6vV + IVWY3vauy59pPQ== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + CtZFcGvbco6ZreotcmfSYl8SlRdN/JiSuoOG + KtdauRz9+a+xkT2k1Wy6dADfLpwHwXL8yElg + /LdNXKEWK96HcQ== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144347 19649 example.com. + 6GVUlXemDUb6W9IID4qK+PPDSizeURGJEJlN + Hoof218/H/k8/BLNphFIGpdhCC2jHnAx2Nxd + Af65dTLtt7OBjQ== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + LiJCYpav6haPA3M3GhTZ/L6wtSqS7e9mwKsU + TdBkZ71RS8qmXsITLz5bFHMSy7K8mCuQIdTT + J3cGkbguNBqgJg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 19649 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + j18Cd+0frtc1WPeWn8bwdxYd9iTe7XsqTwnO + W46ZpPJPGBq/n31+7/N9TRAtXulE2r+rJDRF + mMooK5qrWOtqvw== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 24385 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144347 24385 example.com. + 8O0L6xxTnGMccrMSjaG2/MtljkSOls/BIwoX + eUmB9nJvDQNd8jg9XtNYUGG79dmysetBrNQl + TohQ1BEVGTJwig== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + CLjvJJOAZVToWUQQX06ySDkKo4QO4YcN2vhl + JZZ2a1hA2ranrzpeE8cslGKme5lxHKr8Y1ev + ffWfrz8KoQVW+A== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144347 24385 example.com. + TaPgzUzL+fPwEUNyusjCb6OZOF3DtlMNh3eY + ZTvogl2eRq84NA+mfzPmh0NXqVDbsVHGHq1B + mJoxuMtIt4G5Rg== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + 5sY/Q/1tP9qPMAHyQVMtbFQ0gO24rofCLg/D + /BaXTvjp5bnWhGuv1wFbSCyEreYr072Va08t + JdntIC8Prt/1MQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144347 24385 example.com. + UlLhm8Nb6g0jUIs1ldjW4OedzzLXDjCllRSm + +6WQuBK1uA7vboyqYVvLxxyFZCxgz6xV02iK + eawtsKsOnlfGCg== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144347 19649 example.com. + ZRDwnV+YyfKPI58ASagzoCo+qWTscYZZa6j+ + wr4axJ7jtIO6Firy4R1GlO6NXmN5vcjHAj90 + NZ26ezRgCMCFQQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144347 19649 example.com. + c5ILb+AR9BIinFp6mCogN+jwR8067Fm9LT9Y + AWaR3pqUC4d+Qdo4pkODLkmhAaSQLJCyPyYB + TQ7OFkQCC49MtA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.orphan.cdnskey b/tests/knot/semantic_check_data/cdnskey.orphan.cdnskey new file mode 100644 index 0000000..70241ab --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.orphan.cdnskey @@ -0,0 +1,135 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + pdj652v0OfPO/McP8sNpxoE+adY+Qim5je8m + TQPcudU3gm7I2L+YqU/ujX1NUOyhUAhzRng7 + m6nfrudJebq15g== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + 7/X57I7FmbSlgxxeaE3Xgoot7KxN6nxtDb0E + mEEZNwdLCpjgaftaXXXM3NaZ1W2sdoECCrlz + R4/75kqrmNpYPw== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + 0tcHIXXPEKy1tpc+Of6s2hTdQ5dGh1IoIoxY + se9paUUfhoF2oH5Pb8HP3rNyWLiTqXh4/lxV + vFLi4rR5zojxLA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144945 39996 example.com. + kbImDj5vgk5VG9MI+4HJ4FtwnJ4ykSbk8vNY + e49ibkZChGsTtIzLwdcNAmOk7w/em67FkGBi + oxqCj6b3G0C45w== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + R4pG7HF8CbXgbo4N6UqdSnE8CaClNUw6v/di + aScNknRS0eLPOKmpANe0tyiwBV1bRQyjpmxq + fgZ9Oxac7plIJw== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 39996 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + cJdrUmmcxe9JKHwHHAkJ8mO1J63Cm6Qoln56 + CUya+eWuF1A3u9L3wumvY2rAXvzBpplLXeUN + GIN0GgLHejH6QQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 56026 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144945 56026 example.com. + srEjUMAQ4Z/yc22bas+P0ly30IVbZaIIlli9 + H7avBz013fn90vDRDLiLuHAMvW++xdDJypcg + Sr+9I9+nv6jzRA== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + inhdpEZ+2W4EM1HSiVZdJa4xT5S319D0x3b5 + eJpskw/EV/Rx1X87FCr8FP18iBOszsWJjQQq + Z66eAxIhpBcb7A== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144945 56026 example.com. + TA7UxWd+j6bOXKPxo3XuKlIy87/HvIPGoELS + WQyrON5IURgGw/2YWD0M5xw852jl27USezzo + pai940D3+VGeOQ== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 CDNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + CSk6oHNIsj3XQgXpPtFOhf4dTv/Wu/vnJfJs + Lpc3IoApBMxrpSIzfM/c72JtjSVzjJcdo6kL + n71WM21CsMcQ4A== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144945 56026 example.com. + hsml4IaJtzvMdvaMTR3MzeCT5fMHJ46rCY0y + 8DTAvK7/Z6LHbF4G7yRh9ozwcyZbB006cMdc + 4XUFDtEPK62DGw== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144945 39996 example.com. + 1cNj6TJEHFxLXFYVt3RU3wC8Wz/F5bfjy8/W + jEJdrnVzo1ihmJWoY48e9MlvsGXnGe4+GUrl + HSS+2bsGOS7DyA== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144945 39996 example.com. + 5mtXYcvidkSnG12dZof3xSEaH2eOsV2fuBvb + 8Eb6XEuPfD9v5g2mweyZYrBtowEsTA9IOsly + 6AWT5PfZbNAe+Q== ) diff --git a/tests/knot/semantic_check_data/cdnskey.orphan.cds b/tests/knot/semantic_check_data/cdnskey.orphan.cds new file mode 100644 index 0000000..54732de --- /dev/null +++ b/tests/knot/semantic_check_data/cdnskey.orphan.cds @@ -0,0 +1,138 @@ +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + ThTlvNtautK64IeJRxNCr5acLrRu8jXkTR3N + y5TlXrei2DIagbPja++4vLjhUJAcKTGndD+x + wgMrDpCY6pMAYQ== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + 3OJiG3v9Nq9OHkyysT3A6PNPRVn9sYTQkHNS + 6JL5BzLCQ+uYKJBCu0ZPxDlYpbYnO0HKQ7Ta + iZYCjm7vzqtvwA== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + 9vi3n2cVyr+ghB0ql4Wc8vhpLfAuclopapXw + BQV328nEwftj0okcPz4Z7Iye9by4X6NDd13x + vzWXDKjZCSxLJg== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144942 8996 example.com. + HP8iIlUO+EKFRgoHUrQWLcaX8oSGEb/tldEP + GcJKM+rGMeJvxXOJnjSskUm7AyRK1TKK4RqE + xaOHTgIz1uUkzw== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + bkP3kBcYNsUB6jpKA764AJeNBzGJjNIRPxDl + 2wK1O7I/bvZDILscWSMUsSRmxZuPWGLjevpp + Tve1UMe+dP9VIA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 8996 + 3600 DNSKEY 257 3 8 ( + AwEAAaulfU2biYVBiUsGwAyCXbA+gm0yWgH2 + Z71S16R2YNERlb0he9Od28DcFd0HbaKdFnw/ + CtX7Z2UWs6/IRu8QmHGn6SKDsLzZ5StdPsJD + KilfvSlEcQeqrRAncug1SnA5BogNQSD0/02Y + w5KDGn7ALCSYlNgOgy7l+D/urlkuxgsPWvqY + XnlxaIcKt96fndwmkfZ5eF+WAqxguaNcvm14 + 6NA53wRrWx8BQbcHk1R+WcQGqFcVOlifCs9z + V+87QJy2H660QKqOVDgt8PF8QmRRJqzOKpu2 + 9T+Vd1dM3zjBJ7deLaNH2E5p7Bbp1eeOCeOt + WpCG6XfaRmZIF3ZWVM6Ways= + ) ; KSK; alg = RSASHA256 ; key id = 56474 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + 1OgEqruDg7pI2dTIRMdP9ihhdl3wFngZW9bP + E4jMg4ByKKoKM/C1QN4Q+BQiQDkcprwE9vLf + D/cLgFNspjcBgQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 63865 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144942 63865 example.com. + 9d2q8pWH1AftoDmPq3DNblta3oPV+6ROZmVR + BvjHj7xJjI27aY514C0qNkQVhioe2mhQjikO + gyxvkWwBV/owPg== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 CDS 56474 8 2 ( + 260E7ADB07D1ECC40DEE79EFF6527CF7119C + 0AFC1CFA5DAC1ADFE342568CF32D ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + E7iVsJZjRyGbjMUADsi9Chz74+t1W75zTPmm + MYVD77dkRHiEpN41MJB6Z7Fn1lNOE6f8q2B5 + iL/3UXULB1vpwA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144942 63865 example.com. + fsMqYcBDcTBtaDEqDTYrHHivnuQKb629drhm + 77RFfBxFJAxlq176PzaddA++zHfWsBgIlJzy + VHFy3S3huuyfaQ== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + hhpJcQ4cMcq9fLNtZrTEVAMGB2bjMwcDvv4C + Sss9wWDBNxIVOsi4x3j/08PZTqbfmYePWtK8 + k2R5GOOK1lpVlw== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144942 63865 example.com. + xU82j/dJf8oBd1Ti2lHH0YoxBvgCQo2MOdwJ + yOc6fDrT/c39rCMT//VoDmmKj3SavQ92ABBt + 18JqxCXK7+tnYQ== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144942 8996 example.com. + D3O6XOYrOT1tlCieJJvw7zys0ClqXcCvs5+D + qSEpKcE6RNNeJG2d3SJg95fbO+eTkw30MROF + ajnNh5xJ+8xsMQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144942 8996 example.com. + sGBFze6wRGj8n0B8izUNHO2ufA72sR55U3OQ + RLYTx2XqBRvdmapMKK6QDu/6lmwqgYMbjiBJ + XqDLv/1RP4DisQ== ) diff --git a/tests/knot/semantic_check_data/cname_extra_01.zone b/tests/knot/semantic_check_data/cname_extra_01.zone new file mode 100644 index 0000000..ae3f27a --- /dev/null +++ b/tests/knot/semantic_check_data/cname_extra_01.zone @@ -0,0 +1,18 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111218 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + MX 10 mail + +dns1 A 192.0.2.1 + +; error CNAME, node contains other records +email CNAME mail + A 192.0.2.2 diff --git a/tests/knot/semantic_check_data/cname_extra_02.signed b/tests/knot/semantic_check_data/cname_extra_02.signed new file mode 100644 index 0000000..724a8da --- /dev/null +++ b/tests/knot/semantic_check_data/cname_extra_02.signed @@ -0,0 +1,76 @@ +email.example.com. 3600 IN CNAME mail.example.com. + 3600 RRSIG CNAME 7 3 3600 ( + 20840201000000 20160224073150 29600 example.com. + IxkF8oqOEzhlZDSRBIi4448EGvQwxm0QDFE3 + JExA4Byx2QaJvXo8LoCeyQxS/f9E6bXpXQk2 + 4dgQxUrRZqnKEA== ) + 86400 NSEC example.com. CNAME RRSIG NSEC A + 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224073150 29600 example.com. + iKA+5qsYA7A7JN7Df99aJnToYESjqordQgVj + yMS/1RVBYEGE4y3ggehzAxvc8bsNYnUwGeGt + vse5dMVKCcIaPA== ) +; CNAME extra record A +email.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224073150 29600 example.com. + DummySignatureDEADBEEFToYESjqordQgVj + yMS/1RVBYEGE4y3ggehzAxvc8bsNYnUwGeGt + vse5dMVKCcIaPA== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224073150 29600 example.com. + MT+QgXcsDzkrFgncNwFyH8lwXiOTpj1rnPgs + OUIOfIhyJyzT1hpozAHt+IWOPHUkKjBN1C5y + SwyTnlqwJtG0yw== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224073150 29600 example.com. + Mr0Gu7PUu9PsUBflhd8tMhcQ9+ve+z561/ml + kP6PL0MHgLg7V8KVmL2tc7+JAhSOVSpJ4BGQ + c9HKD15lFDFEgw== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224073150 29600 example.com. + oEMpoEhi86OM/SdyobPEh90zF3c3FhOgv68j + paD5BLUsAntf3qU+KoIMb9iVglp+VTGrg0Ol + XdJ2D/xSMA+XHA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224073150 29600 example.com. + WOtx+LBKbS2MOahlpDJMqgeH1TI5dZoQitmA + SOkDRlJgfPsiKeiaGMrnWN9xnPZOVr9MsInE + sKYjh6EZM1nuBQ== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224073150 31323 example.com. + nL4eJLv62C56wexu10DMPHqXCXSE/3vRe4es + 4e0e1CkY9bdj+LgLfgs7CH7UDNXFX2CxKxHd + mL4sp5AtaA8fnQ== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224073150 29600 example.com. + nn2dG+ORbcNQWHT87ijfOddx0SKCSE+8hAxt + SiQQpxAzPw13CZmnbYas8uvFFtth6U689V3h + rMzzZcxQEA1z8w== ) + 86400 NSEC email.example.com. A RRSIG NSEC + 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224073150 29600 example.com. + BFz1Z7dbBNgHXDOaufuCoIzGHbwyLUrA+Wad + QBPD9xCYkXHoHfvVOhtEeMR19Rz+fi6ottJI + 4AWItiobBC/DAQ== ) diff --git a/tests/knot/semantic_check_data/cname_multiple.zone b/tests/knot/semantic_check_data/cname_multiple.zone new file mode 100644 index 0000000..971c34f --- /dev/null +++ b/tests/knot/semantic_check_data/cname_multiple.zone @@ -0,0 +1,15 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111214 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + NS dns1 + +dns1 A 192.0.2.1 + +email CNAME mail +email CNAME mail2 diff --git a/tests/knot/semantic_check_data/delegation.signed b/tests/knot/semantic_check_data/delegation.signed new file mode 100644 index 0000000..2007216 --- /dev/null +++ b/tests/knot/semantic_check_data/delegation.signed @@ -0,0 +1,43 @@ +; Delegation NS and glue signed despite mustn't. + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 NS dns1.example.com. + 0 NSEC3PARAM 1 0 10 - + +example.com. 3600 DNSKEY 257 3 13 Yk8KOmyVzOij3x+Zs+eT4J2Up9+ipwXEKOhL9fTYY/DU10yIQt+zYm02UFZJX2oVTdHBCajpBFsZLH2X4ho1yw== +example.com. 3600 DNSKEY 256 3 13 tCoteOM+A4o/A9uxgLyDg3HOg2DClU+3d+1XPQRtTfuaEFOGIpyH6qiFUv2b4DYuvmMyTkL99nxvyhA8yo0Cgg== +example.com. 3600 RRSIG DNSKEY 13 2 3600 20400406103150 20210205090150 25674 example.com. 4tMK6g2B0ITXf2haSSuH45nO53GlpZQ97ofC5Pd/S38oeNzWmhfxIBaGtb597qxRA2NC7rYtGsscLrCa0sthMA== +example.com. 3600 RRSIG NS 13 2 3600 20400406102301 20210205085301 61806 example.com. TrCJZgu1hVoUK532mmhQpZcEcPdw4FezPCymtUuQH9XjZNBn3DP/OhM8NvAbtailiOIX/djosTC2cNDlqSoVCQ== +example.com. 3600 RRSIG SOA 13 2 3600 20400406102301 20210205085301 61806 example.com. h/+XG/WWQsoAuzOM2wiulY8TOslYTj4MyP7Rjj3VXx8frlheIN84yH7NL6Xgt3ibQJpJl7rujkDuoTBH+snnCw== +example.com. 0 RRSIG NSEC3PARAM 13 2 0 20400406102301 20210205085301 61806 example.com. TYk9hqD6hWA8YH/G3VeggrUHb7CwX3ut5GGiAOcl9o8I0gdMIOu8E1uUukexvJsZAt1Fbcjc7ZIbsUmvgs2MVg== +deleg.example.com. 3600 RRSIG NS 13 3 3600 20400406102301 20210205085301 61806 example.com. /Xg/3viyTMyd88hcByGifSMHGo3up83exBQQt4FC6qexZffRyNiLrHOfnoz/2LqFMg/oDVCsvqaEomiMM6FlZw== +dns1.example.com. 3600 RRSIG A 13 3 3600 20400406102301 20210205085301 61806 example.com. zc6VOVGfgoB9C8/0WPHOVrdikBzK6xh25UtrdIYuSzcPWbFlWSsV3+xS1q20MBDb2dj635jcyBWRep+287rDLA== +deleg.example.com. 3600 RRSIG A 13 3 3600 20400406103429 20210205090429 61806 example.com. 8hcIsHOARI1XXMcPXwtlmQC071+FBH+I0a6CufDbE7nPa38brBKomqTjiYF26K1KZ4IQASw5vvF0lFg3eEOZog== + +deleg.example.com. 3600 NS deleg.example.com. +deleg.example.com. 3600 A 192.0.2.1 +dns1.example.com. 3600 A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008173641 61552 example.com. + URGzLYXySdeOtXWW5ph64pNedd7/cq0WYcbd + nArHBIN2S08knOfV/OHOMDaR7WufUbIF8bPQ + FxDkURlAhZbH9A== ) +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 3600 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 + A RRSIG ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 3600 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + NS RRSIG ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 3600 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +20g1gol477ro51rk9a9nfd54tfqal7iq.example.com. 3600 RRSIG NSEC3 13 3 3600 20400406102301 20210205085301 61806 example.com. LUBULY9667EsrOHecNjp2QkW9JJW1fOSyTmleWul7vGFwuNC1mKVUQu3H3V5ndtwzU1YD69oa6eI2DOERmiJXg== +mjv836rjqej5ubghvksq7n44rso3q938.example.com. 3600 RRSIG NSEC3 13 3 3600 20400406105733 20210205092733 61806 example.com. zYuSttG565eDv3FPeKfZs4FNuJHD204/8nv8cNx+9iqbxMdh5s1XJx4nolWyiOJcBq+G8CmtiuJK6plUs7x67w== +utqvuhu2blk3dhmrr5t1hd9vteohqt0a.example.com. 3600 RRSIG NSEC3 13 3 3600 20400406102301 20210205085301 61806 example.com. aMivM0YOs4Il/WRWqf3SRzh21nZXau7VIJOpX2NK46qxBCW41N/+J7rXaeAT15ayWNjCHP1YoDwyuC/lVZtCqg== diff --git a/tests/knot/semantic_check_data/different_signer_name.signed b/tests/knot/semantic_check_data/different_signer_name.signed new file mode 100644 index 0000000..ff92f7b --- /dev/null +++ b/tests/knot/semantic_check_data/different_signer_name.signed @@ -0,0 +1,52 @@ +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008164859 49259 example.com. + UH4IJhLwxWI9g2vycAuGAHm5XzsW5LKr6xeI + aoaiMeb1pepw9vAWEUO1Byimg7FfhvYpt7+J + IhYCvpBb6u3ucA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008164859 49259 example.com. + ou6B0AgSUxs7//b+c+Gm3XjC83TpgGvRwj9d + F48TEZCMRpdvtVNc1hDnNKa8oXA16TafbkqN + Z0ekrEo2LlN+hw== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008164859 49259 example.com. + uCzqU8DU8ZMt3t/h0jwZjdVgSj33HhwtGwhE + ZglZ0gUVDVLndP5Q+psqlz2jBmiXIN16s/+b + di0crJ9LULq0NA== ) + 3600 DNSKEY 256 3 13 ( + qWpA6ejmc17FHZTN/YoYX4WdNN32LC2IlBmm + n2Yoi16OQ1e2ztEusvQaSwzEMbN2pIzfTIlF + YQQ1gzLQAhWIpg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 49259 + 3600 DNSKEY 257 3 13 ( + rHQi5BOkLnSsZh1v9saRZ38MkzYLL0oGbAK2 + Dp86tH3lpDqPoR7LM98gyBLZgp81m0YHAYnf + 2yK617XStIPw+A== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 3753 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008164859 3753 example.com. + 81C/yn0gxkwOMUWNZPszGow4UyDuDn1V4WQJ + NXJfNiTvT6edQ0rQakhJPGgVyH4LIwWJV8Uk + fOubCv7BBgu0wg== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008164859 49259 example.com. + x6z2ftS2deCBR9HJeIazQNrDdzw0lEE04UYp + npUe2zkIx6aH7MvvgZIjcFTwPOVsI00u7gaU + AzuxODSma50TXQ== ) + 86400 NSEC example.com. A RRSIG NSEC +; different signer name in RRSIG + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008164859 49259 different.com. + K/URrUmli54Noy0E3REXBo/g0LZ/8gneyVfa + FrGXLB0kvQydPyceL+BFIoJP6d/Gs/0qkUjT + vMQfvF0x3bFS3w== ) diff --git a/tests/knot/semantic_check_data/dname_apex_nsec3.signed b/tests/knot/semantic_check_data/dname_apex_nsec3.signed new file mode 100644 index 0000000..b083ce9 --- /dev/null +++ b/tests/knot/semantic_check_data/dname_apex_nsec3.signed @@ -0,0 +1,25 @@ +; Zone without any semantic error + +;; Zone dump (Knot DNS 2.6.0) +example.com. 3600 SOA dns1.com. hostmaster.com. 2010111217 21600 3600 604800 86400 +example.com. 3600 NS dns1.com. +example.com. 3600 DNAME bar.example.com. +example.com. 0 CDNSKEY 257 3 13 Yk8KOmyVzOij3x+Zs+eT4J2Up9+ipwXEKOhL9fTYY/DU10yIQt+zYm02UFZJX2oVTdHBCajpBFsZLH2X4ho1yw== +example.com. 0 CDS 25674 13 2 2EC05563A3537BD32EA3EB92C44794C644F249EE440785CF28207B903E35322D +example.com. 3600 DNSKEY 256 3 13 tCoteOM+A4o/A9uxgLyDg3HOg2DClU+3d+1XPQRtTfuaEFOGIpyH6qiFUv2b4DYuvmMyTkL99nxvyhA8yo0Cgg== +example.com. 3600 DNSKEY 257 3 13 Yk8KOmyVzOij3x+Zs+eT4J2Up9+ipwXEKOhL9fTYY/DU10yIQt+zYm02UFZJX2oVTdHBCajpBFsZLH2X4ho1yw== +example.com. 0 NSEC3PARAM 1 0 10 151E9F1094FE188F +;; DNSSEC signatures +example.com. 3600 RRSIG NS 13 2 3600 20400406111136 20210205094136 61806 example.com. WIlxYlV/hn9mfojITrVbIV+Giy9b5pAKofkw62Yli+jIspQ3dC/WWLrM5Y4HcQwTfNp7yuhIS0jPzkuy0xuAxg== +example.com. 3600 RRSIG SOA 13 2 3600 20400406111136 20210205094136 61806 example.com. z71ipK0zBRKKokzXdoZdtkxGC75MJbwmICNjSfd+IX/hneIGvFE7mTose1Zbb0WGgKRdUMEoii7hLZLrx7waqg== +example.com. 3600 RRSIG DNAME 13 2 3600 20400406111136 20210205094136 61806 example.com. 5tIYeBwbwpVF0X5ZLoSpHeB8IYLU5/2fFYXqvctZYqTO24T0EBfu+++j66VSERAI38xf2Z0KkYcwx1XeIeivBQ== +example.com. 3600 RRSIG DNSKEY 13 2 3600 20400406111136 20210205094136 25674 example.com. X3n5YVkjpSpK+IOCkhv/wFmF5WIPHUR2LXkNME84i5S4efvQiRRq/jgqos2f7OgfSi/9Q2Q2x6BiMQ1vx/R+Pw== +example.com. 0 RRSIG NSEC3PARAM 13 2 0 20400406111136 20210205094136 61806 example.com. gogp8pZycFopDodl4IOfpaKCbLqXw2v+5DcV2YwmHr/pMwrc28bClQxw4HVGcYQ13HpC9kKmzmcrn3dEumTb3A== +example.com. 0 RRSIG CDS 13 2 0 20400406111136 20210205094136 25674 example.com. zRQEFycg2sNVVB4TOZO8QcMwRwSA7tHJqkc1l9V+WtEdJY8UvYpYPPgAn9FjWMzzhvRMlws89TBSsQzqCemHiQ== +example.com. 0 RRSIG CDNSKEY 13 2 0 20400406111136 20210205094136 25674 example.com. hLOpPxmKXU//dmQoE5OdCqzWkkJsuBHa8QITWB/A3Tc2CXQTaqFKqTspZvTLOAYKNaSVu6BOLWM7Fi2Bq3I0mQ== +;; DNSSEC NSEC3 chain +ple28jlp3q5anh045ssk9f3u7ltd4qlc.example.com. 3600 NSEC3 1 1 10 151E9F1094FE188F ple28jlp3q5anh045ssk9f3u7ltd4qlc NS SOA DNAME RRSIG DNSKEY NSEC3PARAM CDS CDNSKEY +;; DNSSEC NSEC3 signatures +ple28jlp3q5anh045ssk9f3u7ltd4qlc.example.com. 3600 RRSIG NSEC3 13 3 3600 20400406111136 20210205094136 61806 example.com. C3JeKvcKdQO3zTJqg5Z114jTd36tgF7PIL2kCs7X6VnCaVe7E5NtwUuLMLFIw/gUqaLDbE7vQwHMK3Psl536aA== +;; Written 17 records +;; Time 2017-10-06 15:58:57 CEST diff --git a/tests/knot/semantic_check_data/dname_children.zone b/tests/knot/semantic_check_data/dname_children.zone new file mode 100644 index 0000000..5758833 --- /dev/null +++ b/tests/knot/semantic_check_data/dname_children.zone @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111214 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + NS dns1 + +dns1 A 192.0.2.1 + AAAA 2001:DB8::1 + +foo DNAME bar +bar.foo A 192.0.0.1 diff --git a/tests/knot/semantic_check_data/dname_extra_ns.zone b/tests/knot/semantic_check_data/dname_extra_ns.zone new file mode 100644 index 0000000..e188742 --- /dev/null +++ b/tests/knot/semantic_check_data/dname_extra_ns.zone @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111214 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + NS dns1 + +dns1 A 192.0.2.1 + AAAA 2001:DB8::1 + +foo DNAME bar +foo NS dns1 diff --git a/tests/knot/semantic_check_data/dname_multiple.zone b/tests/knot/semantic_check_data/dname_multiple.zone new file mode 100644 index 0000000..2a6c0a2 --- /dev/null +++ b/tests/knot/semantic_check_data/dname_multiple.zone @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111214 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + NS dns1 + +dns1 A 192.0.2.1 + AAAA 2001:DB8::1 + +foo DNAME bar1 +foo DNAME bar2 diff --git a/tests/knot/semantic_check_data/dnskey_param_error.signed b/tests/knot/semantic_check_data/dnskey_param_error.signed new file mode 100644 index 0000000..1a2e936 --- /dev/null +++ b/tests/knot/semantic_check_data/dnskey_param_error.signed @@ -0,0 +1,70 @@ +; Zone without any semantic error + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + W9EprjaR4loSnNW96h4rLsquPDw3LHYvD05k + djkQofHSkMNZAJ7Q+eA3Fs2ik5fnJFM7wi5C + MtFsV2TfqMJFmg== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + I9Je1S7XhZIW9C0fWE8NwFLC2rhHklddNYBO + dxVKL/lxENU4jPPBwZBGrcYn2WVHgkIzjG0n + EOHONAgRFPi3Xw== ) + 3600 DNSKEY 1 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 5 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + vO2UQiTN/CNUZOmSEg8kJlR/UqiAZHc4qMwj + 9u31sbPmOMuni+ZGuVCFFoEMtZerIkkQowkB + sXJFkvCP5oF2rA== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 31323 example.com. + Z+aaLu4rmzekfhlj6A0ClREloRi8MloRHf/3 + Dlw/RYY1hrOCfcZKEY6AXeVdUwESEsSkSOco + CbhyGHH10dKAAg== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160229083110 29600 example.com. + d69kc52VdALI8fbdbflsVsltc1m7bI6QsJ5U + IDE9fy5VqcufZecZMKuozPDuF2vBA8ADFIRU + OfYgKs6YNIOLWg== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 1 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + D24JCtCcNzwsY1FXVliAjxMm+x95N2eUTXn0 + M8NK5glSk1yLtnAUKzHxpRExAJLGUiaG4yPu + 2yGZuqwNvJztzw== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + F7y+xW/C7iICgmZeYrF4e7Yx4kWZAZPAMzlu + PtWVuf37ySg1VfEWcQcDP04vF2rXVUqSMEcj + bqUVN5W8Hoazxw== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160229083110 29600 example.com. + MoYrL/lToC4AHo6KCZRiBRmCMWHUAx2Xt32A + P4lDpwA+wiBWkCZSfVTh60AosS/BIGtBb2BK + mszMx8CLBvkjRg== ) diff --git a/tests/knot/semantic_check_data/duplicate.signature b/tests/knot/semantic_check_data/duplicate.signature new file mode 100644 index 0000000..77bf21f --- /dev/null +++ b/tests/knot/semantic_check_data/duplicate.signature @@ -0,0 +1,19 @@ +;; Zone dump (Knot DNS 2.5.0-dev) +example.com. 3600 SOA dns1.example.com. hostmaster.example.com. 2010112269 10800 3600 1209600 7200 +example.com. 3600 NS dns1.example.com. +example.com. 3600 DNSKEY 256 3 7 AwEAAd0e6EjJ0PgChDpbjB9QtvJ0ZqwKC/j7wlEOOB9owqefH/taZ37w6QR8Ysvvv2058AflDcCP3qlaOXp+ogq7AhayA+K4kc/UQyTPCe2jXKlX9IB0KAsr8nO9UEXzjYuyBw80Ry86Xxmj7OGYRu8eRm3ruOjVJy8hCrEQ7680an303Iu3Ixnmo8lPTPPMg4dbFXZ/RW6Sanrr/Sy6fre87XY58yywqX9lZOh5eqBeZG9WvU/HycrDkx5AcwD5etVk98tVTnofShY34ePZWDmRHEtvBpMzNObdomgM5we+DawC6P+Z8PFeGz+OgN7WVzkjm+MmYAk1aIeLQyNIE8SyMts= +example.com. 3600 DNSKEY 257 3 7 AwEAAea81n0wL09ZMejh806rJ0Km3MYC+ySPWnOmV70nEmONbnduRPpXWjYSqFmH5kldfNdCH403kI/YCMYDYBAPFPbhxuZuVBaJJqOQVsI4rpwj+XiANfGFAq9pZ0oA8iH7gSoNUCf6+g2hcP0ajYoqCjUZ7ZZQNytV/x6foW5t5PbyPNeAU1AEKxk2VSg1TMfkccZqTIx1ofS0N102Z4tOBn26judPqLc0tXMCJc7wgekqG04IGe7UWfk9xWtwo2SbtX9diErF8DJ93C17OWkb04n1xCm3i8/XZadA/HrBjfX/NvlHF8qnUQzzxN7UGrvBD4hE12R9ICj4YNFZViOTdvs= +dns1.example.com. 3600 A 192.0.2.1 +;; DNSSEC signatures +example.com. 3600 RRSIG NS 7 2 3600 20170403124401 20170403124311 40703 example.com. ltKNDw2O/sIwQUsv3UCKqOtZYvWNJ0mHo2xDxpzZXfAiMbgR4k7jBIkpSEpcBiBlH7EvWom7CYVigPu8Y+j/Jq4uv+wmVF47OVY3YZvuzfprWj+iOQwPlfDJfUPx+U+73SSsZ21B5/+auB5cada730B4gQKmldleVGg5aov4H2+BpEyrsSs2o79qiXNBzLPqrZEmT0nfUAvQC8xhFV/71I8Q5qtfa3vO6DLSOBmBUtAlGKqfpWoZ2w+QDdA6rtOe0haizTZUtghL2ut47bdTR253brhUccL6nnLc5//jTUBToIhmG/p698xLnU9BYnuHIi74xsb3hVr5b46W5gAGKw== +example.com. 3600 RRSIG SOA 7 2 3600 20170403124401 20170403124311 40703 example.com. E9a+I8HDh6ycTVkFgOWkzbH7PWds7ewp1M5lUci13ZzMVWsJeFW7t1tLnnOtvz2H8pq5/BevPB8iZBA7rHH7GxoQ5P8xrxAO6HvuRZT8O4kYAWRZ0QHhMIvY8f6VqTyoOmzgIGt0nJ3BL/XJgxIiFrsiLyih6+dkckEu62F22+FFvlv49ufKkCo+EUQPCzo7ZYODc8xKWo97SmaADzjfz7Hq9UPHraUgLhNkfBDbI9YPCGKaJaAiqCBy/6ih3SyHxVPLcIz95okeo5AJVszFIS+8pNPZssJBpWsLKYyAGzs2dsliRwS9z+a3wkHXJIfbLX+r3kGhcG4lQMYDz9SrFA== +example.com. 7200 RRSIG NSEC 7 2 7200 20170403124401 20170403124311 40703 example.com. poh0BT+nUD3sM05axVGC+k7jj1r3YVNcx4bn/0cviNxzCqLY9RGgImPWsmkTgbJpmCox9SHzpTqL8acIQDNZaciNH9WeYKvn7wkap3z6jtCuQRezM3nUx7E37fzbnNC8MUoWkV37y3FSmtiza9l1isrE5dGkNMOsBcPvIp5wrbQ+dH4cMdcgQuW+NDjee6czIeeYtyarBWhq30S2lxroh8VXlrFDTcbiIY4UoGzJDfevvsonNFQXc+p7qq2fU1fyU1e3Ugty9I23g6fLhLcrmflVbYpcgE8/02K4asu5D7x/dOq21OU/jJfeudk66l6CVw7c3Qh/N63jRn8SsCj0Sg== +example.com. 3600 RRSIG DNSKEY 7 2 3600 20170403124401 20170403124311 5154 example.com. RmAPllqg+CEX+vj5KKmXGYsF8vqbqLoXSYqSOSWbvgWRazKaQU98fpJWdrmqylkR6Xa1fnbvliP4N/0MGremNejsNPvMsJ4GvpyM75Mb4BEf5mwwikW6xov9V/n1AN9grWofj/r5evsZYcxIR7naM9oxV6qJvy8fFIjthG805MO18bYk1/Och2x9TgUf6DTqKNBHQjk1AfrhVvpuLjdNnNT16Ak3izrCLOm2tuNTaflkYkD0n06ZIAsz1krJWztpncA2csnKQmdybSL95wZnFeb6nkmq+P5vk3PuTENIMURYMCNfzBHogLfbVG5HpDhaHkcM2zSe1qATbp9xRZujLw== +dns1.example.com. 3600 RRSIG A 7 3 3600 20170403124401 20170403124311 40703 example.com. iYfVT+HPDqMyH9f8aLrzNK6sOCoo38tlRJ5tjiko0DOpsWp20LLgVQLvKsTs3SfdC0gYzMVQCgzfDMbAgrEvmm4ZEQT/NSUhcO2t08f6pABn6GSdoswFupi0LGdQmgj/MbOET02OTALh9I6g3Ir1+bF+C10GS/8CYqffO/52IEJylc6AzDCwAjfkI/55hsuv2H8Wp5cqEG5yAlL4fK+U2zQWEuAGOtGbEuzeKcEDV6iiAuFge7ClW+CbB3gQxEhDdx5TQNNAcpzHmum5yfsfcFkIezZqIzEvOQWg1nJVcLvYnuBqyMWv/uGbG4CxTDy49U9JB/6QfilMk38VVcitZA== +dns1.example.com. 7200 RRSIG NSEC 7 3 7200 20170403124401 20170403124311 40703 example.com. gtRE8TafAp50tzk3rAub93X69pp4J7uPzXPM0UAAp97oVMqcqvuZh80fICLmKl7xShvBx+AYfV+2CoeMW66CXVHTP8CyIjLyi32EGgL75Y2xs55/lEOaMl8hREgxniopCWGX/5vjmY0SBdGWVQVyeQeb0DbTXFWQNw/1LUPueoM1zqGcHFKFt5Y1GidboUEDsNeCmG3ZzGV9/v9sVUezzDK53uaHm8Ojz6E4N7kg6qXDF32ZAxs0dDjh46bsaTNvMLCEXqO2imHx9Omc2wYyCt/roMoeYiulXQ7yHYt0yQuCYwqxxMqJ4z9jvLNdLxH3YZYV0CVUrNgNC/5vtUILsQ== +dns1.example.com. 3600 RRSIG A 7 3 3600 20170216152943 20170216152853 45258 example.com. j7H3N22L+tqfwuSd4GhIwMyjrFSY3+kypIcOvg0Ipbj4pAHsJOJTiW454Ueq54G/0ntoHxgmGLv3d/EV9prMPPQz8eqtRcYFip2NuEF9bJsIG3SMy+0HolPK+8D7B0MOGFA2TExKNknS7sJy/Jn/yQrf7BHubC61zWnqB+vN7MNlJASXEvy3008oi4FScSsrAVIrZK+z7utY4exkCVfELC7flGenoyPDFR12y8WpN/Tk6q1H37x+EKaQgFj361Bm6f/InPKW8Npn/SNCIJ2DvSWAnj6+2n1mse0sC+rKhRIDMDopu7JzTjpVs9U/p9BY5dtH/3YvST4Vz3syqd1unA== +;; DNSSEC NSEC chain +example.com. 7200 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 7200 NSEC example.com. A RRSIG NSEC +;; Written 13 records +;; Time 2017-04-03 14:43:12 CEST diff --git a/tests/knot/semantic_check_data/glue_apex_both.missing b/tests/knot/semantic_check_data/glue_apex_both.missing new file mode 100644 index 0000000..74e37f6 --- /dev/null +++ b/tests/knot/semantic_check_data/glue_apex_both.missing @@ -0,0 +1,14 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + NS dns2 + +; missing glue for dns1 and dns2 diff --git a/tests/knot/semantic_check_data/glue_apex_one.missing b/tests/knot/semantic_check_data/glue_apex_one.missing new file mode 100644 index 0000000..47ee797 --- /dev/null +++ b/tests/knot/semantic_check_data/glue_apex_one.missing @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + NS dns2 + +dns1 A 192.0.2.1 + +; missing glue for dns2 diff --git a/tests/knot/semantic_check_data/glue_besides.missing b/tests/knot/semantic_check_data/glue_besides.missing new file mode 100644 index 0000000..38ad890 --- /dev/null +++ b/tests/knot/semantic_check_data/glue_besides.missing @@ -0,0 +1,17 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + +dns1 A 192.0.2.1 + +deleg NS dns2 + +; missing glue for dns2 diff --git a/tests/knot/semantic_check_data/glue_deleg.missing b/tests/knot/semantic_check_data/glue_deleg.missing new file mode 100644 index 0000000..291b450 --- /dev/null +++ b/tests/knot/semantic_check_data/glue_deleg.missing @@ -0,0 +1,17 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + +dns1 A 192.0.2.1 + +deleg NS ns1.deleg + +; missing glue for ns1.deleg diff --git a/tests/knot/semantic_check_data/glue_in_apex.missing b/tests/knot/semantic_check_data/glue_in_apex.missing new file mode 100644 index 0000000..a02f6bf --- /dev/null +++ b/tests/knot/semantic_check_data/glue_in_apex.missing @@ -0,0 +1,13 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS @ + +; missing glue for @ diff --git a/tests/knot/semantic_check_data/glue_in_deleg.valid b/tests/knot/semantic_check_data/glue_in_deleg.valid new file mode 100644 index 0000000..42adf6b --- /dev/null +++ b/tests/knot/semantic_check_data/glue_in_deleg.valid @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS ns2.d + +d NS ns1.d +ns1.d A 1.2.3.4 + +; glue below another delegation is not mandatory diff --git a/tests/knot/semantic_check_data/glue_no_foreign.valid b/tests/knot/semantic_check_data/glue_no_foreign.valid new file mode 100644 index 0000000..4cdcbe0 --- /dev/null +++ b/tests/knot/semantic_check_data/glue_no_foreign.valid @@ -0,0 +1,13 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS foreign. + +; glue for foreign. is not mandatory diff --git a/tests/knot/semantic_check_data/glue_wildcard.valid b/tests/knot/semantic_check_data/glue_wildcard.valid new file mode 100644 index 0000000..9e36b5e --- /dev/null +++ b/tests/knot/semantic_check_data/glue_wildcard.valid @@ -0,0 +1,22 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111217 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + + NS dns1 + +dns1 A 1.2.3.4 + +abc NS a.ns.abc +deleg1 NS a.ns.abc +deleg2 NS a.ns.ns.ns.ns.xyz + +; wildcard glue + +*.ns.abc AAAA ::1 +*.ns.xyz AAAA ::2 diff --git a/tests/knot/semantic_check_data/invalid_ds.signed b/tests/knot/semantic_check_data/invalid_ds.signed new file mode 100644 index 0000000..2435014 --- /dev/null +++ b/tests/knot/semantic_check_data/invalid_ds.signed @@ -0,0 +1,106 @@ + + +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + 3600 IN DS 60485 5 3 ( 2BB183AF5F22588179A53B0A + 98631FAD1A292118 ) + 3600 IN DS 60485 5 7 ( 2BB183AF5F22588179A53B0A + 98631FAD1A292118 ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + 6DFJITU5VML86QNKU9FO2LJDDQQTQPVT + A RRSIG ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 IN NSEC3 1 1 10 - ( + UI312KQOP1NG8IQEIEFNPSLA94KB5Q92 + A RRSIG ) +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + KElp8dLKBKFzgEFV8r5aP9pCyYUD+Z8rLBA9 + KkCDm1y82x5T/Cu5UXuZJwhvDGDzwPqoY5Dr + Qbiek52n6umbEw== ) + +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DPwNyH7r/4wIBfTGxikNv4pY7omY6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + bGk1vLxVuJpcEy7n0gPvQVzfanbvINLJLcbD + eeie4sXZZAOwu6oQZy6kd8tvKtV4mL0OJzpH + XCO6BdZkmk/aQA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + roe4aBp4G3TqQ4x5eRxbVIjApIh17gXDjfOY + zvRFLOkrwqKz3eX9WrRiCk3bYNn8s1fuenaQ + OSV1D5SL7utX5w== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + c1yhXb8wRGYndpVqG61+lHAAbZg+JcVYGPX3 + Fw0jYigN4G+P0+VUCqPLkC4yfJylzuefyGfk + TUmriM3ihfXxIg== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 31323 example.com. + mZiLLTzbdaj7EJ8uj3TwvcvAfaMxYjyavlGT + qpa+cElfvBDm7R6MF4MaEQ9aZ2ylMt1lppjq + YyYRaaQC6yhm4g== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160302125715 29600 example.com. + K3PkVYZZV8QvZFtDsz9+ZfiM9wDkFu/eO2S5 + tAtCXd1fktcW44TLWL0qADfFEEcMotvzLqv1 + YJrD7TvrFDot8Q== ) + + + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + vlzRtVFa44pRtdD8XZcgDa6021uA9A3TnNEw + 5jRnor4aoftUuVQNAanQMCgrWk63d14XZ2d0 + lqhxunAbh08dsQ== ) + +www.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + NWFuYaSEg3z3K4l/fHu/X9dK+rDZ177BbCNN + ZeFTPCAdOnX0nw1CQys629k7Vzdv1pHaanmy + 0Ru0tX9R65NlKw== ) + + diff --git a/tests/knot/semantic_check_data/missing.signed b/tests/knot/semantic_check_data/missing.signed new file mode 100644 index 0000000..75c7d22 --- /dev/null +++ b/tests/knot/semantic_check_data/missing.signed @@ -0,0 +1,20 @@ +;; Zone dump (Knot DNS 2.5.0-dev) +example.com. 3600 SOA dns1.example.com. hostmaster.example.com. 1081539379 3600 300 3600000 3600 +example.com. 3600 NS dns1.example.com. +example.com. 3600 DNSKEY 256 3 7 AwEAAaBgc4O+4UWd7mzSyelnPb/le/x0q/E90B/xnlf56kgEFMvEGz++o6CMRXr5JfgyxDDsahxTwFoWu30KJry4MjgcwlETM63DFpIYtyDBsi8TlQFEp5NDrlYUWlPGiPfywZBVkHGFMcFct+5/ZalTzYIP39tDytZcPZ/IgQRQZA9qeHYIw51YX9IlNMalHFCtJyrpzCdo22FY/vwBwSbdCa+vzkH1Uu8JkIqyAvAGkuwVisgpMpzWhvJNi5WSAnQfwOcsYCftINAHdRXtuqyG+uU/RDcZ2psx+woi+mYzEPeYV9MEqWpDyIz7jS7e1hK/1o05+qY8Eu2gt4enRj9BQr0= +example.com. 3600 DNSKEY 256 3 7 AwEAAfcfJSUnim+cR3YEc4VfdJ5W65GNlK0LQaAh6vAejH7uol8VYmXdlyz+wlhad+DyRM5Jl+XJVFMMyFUqWx+Q63DPRtl+TlN/2pWU2gsNHUoovFhFpdX1cQMVoxr2QLgsm1ASTeqvZV8Dn0xAlNRihNv877sTySjveaH0JpuVCMpe5DB1zVbAzLgDqFKAvwJCumdycp7RzMi9PqS1XtsEInKi+X/zZteTJbDO7l+tFt9/NgFxiaLgNo8Gz2oVBTQvAbjCDEi2mPA/YJrpOGZWNkB2L9HFSfzZih8BbgUI3Fh4lhS8XCVrfVV7K9YR2F5NBVi7h0Mk15hzNsSS7tRK1FM= +example.com. 3600 DNSKEY 257 3 7 AwEAAcjdwuJkjM8G5rk967z1cJqF88BqpvN2GN/6Tj1XA5AbIx+33qy5JI6K43ehlT/neLizOCk/JyXaw8gcjQaDKcIy0vKysXvI6yK4PNgHTdzQunBqGTfvPDlXKCle550R/DJF2OZH/T7jgX2GhQlem6UB3A23n24YP50IzAmXK9RYdE/dMFXU5jEz+CjcHNkB8ZCb2VrKE9RDjY88vr6lyM2kPbvBtx4UaUSEzwlDMRc3Wf+dBWKm6mKWAPsHZM/cux+S2mca/cxEA1ngCgBBbm7824WjTXgDs14QWuwruMTqLPDujUYND5kbsiuhQsfEFGVq2UyhGEZG/NoIEEg7qLc= +dns1.example.com. 3600 AAAA 2001:db8::3 +;; DNSSEC signatures +example.com. 3600 RRSIG NS 7 2 3600 20840201000000 20160302125715 7242 example.com. B/6k7YAQGkiz6IkssLZblExgMZBE+Flkhv/leVgvM4RLPPpQ2znouYyrSbVCcU5irA7PFLbee5Mn1aWj2S57L8yGJjHBuamQSIO0GcvGcmXi1CrdaYXSofo3PtnKpM8/mG3+8RCUL5YhoxhTK4Y5gJrYGPkRPKsBTw2Qd2TUJFebtYgCuGN8Q3UwbeYPw89rNbqC3a7zsGwJoZKgDnm3NwCWcv6NRTcQA/H5v6T0/QvYbZpBMrjl3EiAWOccdUlQnALngGSzbJ2GnmK933VXYhuAoSKEN6thauOBSLkdCh9afkUzo/t7xhTJszo0F1uuavs8PYf3HjmdnMwdPMkUuQ== +example.com. 3600 RRSIG SOA 7 2 3600 20840201000000 20160302125715 7242 example.com. dHmPqRl9snHFavwkkAFZqHDmvUrI3+e+dmEexqgW9txr30fbrkeGAp6ApdZlqJiDTJ/2q0UoyQxSYe/BzgV4gEBgTTgfmC7m9eHVLTD70KMlNuvwC4jkh1vWT1Zn6IFUsQtJ+54XfRTe/2VHyeK7saqsA/ARRZGOzk6To8CWxNCApUdLZMQO9UTX7uVcXKkPvfMvlhx1fmn4OE8ntwbY1oPosQb987N8V8x9Rb2hINr4DCkXNDydDZAh4vsZO0DHPlmyfkyNguQDmdgnDz1CVbJzguy8tqeMGT7CrwU8AmX3JADQTHoxjnWEidLLUa/gNDRFcRc5YMcdZyImHqdNZQ== +example.com. 3600 RRSIG NSEC 7 2 3600 20840201000000 20160302125715 7242 example.com. bjw2G/BwF2xTP/QSkKqdr7byUS+nqMvfppuhZmH0VcysAKN2oqsV51bn7gWej6dnx0svtX7nCOlwdDFSCMJld5BGZFnAfhS+XVc/wTeZGMi1BkeJxlT3UbGLhf2DuLLyL969HPltL527vSysjBEmi7OsTlH+wXD6SW35ZClajNSRLjxrRpVHTGpA5uyyysHRYNXAKS3+SSc1N/Fovjgzi68exWD0BKTGia7Nf9Fn+bqvhbYh+pMHA7djPFJIsER3OCBx7H1KMxl6rap7Q3rC0I289xnnsOqRh/GnzSVgvobKWozOOs9XXNg+w9ioSos+kbzTxxSEvLKqNBgCbLjUHg== +example.com. 3600 RRSIG DNSKEY 7 2 3600 20840201000000 20160302125715 37855 example.com. EHXazcQ27b5Cjqd1T8TAui2PrUqEq7cBxk45OA8BfBDmOuH2vXFVL+juCM2gCvQ+0oZmcJmpkjMCxUqQekXgxRy21PlEzJfR3VHRDSYCSogR9cCLw9T9OiFXugZAtYcLVXVHddKu0+t5yeQqdStgLBiz9EmeuPFYd/h/BxKI8FGx/TjHNzd06SKgxlZAT/vCGhEswgSIpxJm4Ju561vT2/Hh+NmD4jIKVf0OUSkfRVRbxpzMs0HaZx6s0T2mcL8so/rEXjSIORkw56Q7x3EmYQDxNJjoNo4nHKT0/pciCey+vHj9pxxaiave8wLBG96JpgJgSV7BG8TTbE2q62wX1Q== +dns1.example.com. 3600 RRSIG AAAA 7 3 3600 20840201000000 20160302125715 7242 example.com. h0oZ7ghuhANB27zD+M1m0NyVUHND7g2qI1IfEKDjMzZ34wyqM0xWLm/Izln86ol4naDvJU3a7hsJS/95DdvW/s711Oi2nKhX/Hkjvnzu8WVcf5DvEKYQe/fyZ676hnwviKqFzwmfTAKgIuSvt2uZzJkpcyL8ZE6O/GdPrcR6rTuuDI30F4zXIWPmuMNLR2qJv59DwM0tZScLdmRGKGnZNpdxDvtbCsZrXBUPrOE5XpAw+fe8+oL3UEeKQZq8qFhVvegl4TAuk1a8CS+zG4E1ABQKp86J1h0G4l/ajmWqq2T59lHsBAOuX0IbKHEHIJzwRd9EV7LM59EtJVacx8ZCkw== +dns1.example.com. 3600 RRSIG NSEC 7 3 3600 20840201000000 20160302125715 7242 example.com. Pq6F6akEhyIqch7vwWJ5C53FW1UW/Y8vseFqB6tzql5bnIYjEwikgiWR85uvSUNGvsjHbadBYiVh2i68k80ws/2LecQCvguSH+rMkqqY9go+pBh3pdiNlJaJZp3zJQ6+E35xOA+p0G5t84Et3satJl3OcpVthrdBKuotpDg4P+nOpfLHkI3FO5vehxs71HmESQli5JllhPNMH6WZfWsP74D4DgRjUpIK9hGznCeuZxJT5+S5wL4fzqb+P20W30bsQqMbo9GNdPy5AdbwZoEKJVoN3HC/sv03ScQzWUxjamHCQOeZFys25fFlh7+JU1xYSb3V/fPhUUuf7OsBVvn7+g== +mail.example.com. 7200 RRSIG NSEC 7 3 7200 20840201000000 20160302125715 19578 example.com. gjNXoKVddN+Z3MmHXxs0v4Gv/3zaTAg0mBSLkSp8Ion6qKj/aR2y50QhNfZGVEZSmyerDiaVpfPMN+q9mwx+6xmv4/G97DkadXBYt5IXGR1fXhMCF+RLJb5ePYjQKSk2TfRMJAlk1Mowfvlp8rXFrT576y2F+IXKbpiJOdRt/13Wo5IUbw6LLFDOeZ3fUiZtBmoWTTjBnrGWYdb+ePcSXID+qM5TmRXqIOFceJvt/RhGZ5LYAchgM2sZDf4Asacxg6Z6vS2cA1opTLMAIu+cuEmq61cSJxWHblfXIpPMXFG+4i+nkCxEFxWyxt9edlAeHS/l2AiHQl5QeuzwEjFI2g== +;; DNSSEC NSEC chain +example.com. 3600 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 3600 NSEC example.com. AAAA RRSIG NSEC +;; Written 14 records +;; Time 2017-03-31 15:38:20 CEST diff --git a/tests/knot/semantic_check_data/no_error_delegation_bitmap.signed b/tests/knot/semantic_check_data/no_error_delegation_bitmap.signed new file mode 100644 index 0000000..abbf088 --- /dev/null +++ b/tests/knot/semantic_check_data/no_error_delegation_bitmap.signed @@ -0,0 +1,61 @@ +; Zone without any semantic error + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008173446 32411 example.com. + /R/djqaZWRo1zCmz7B58/93D8ZxJoZAAKEbH + xuCsAJ5dm2ubvtgvqmhNXMqdVBvpb2OPdBX8 + VF1j9RsjuE7ORQ== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008173446 32411 example.com. + AmyqpqMfMEztA9S1Urv6yEtKd5yc6kkSedRU + uLp7velyCkipFzWgpzRVDqn+wp2ZaHig0Fod + kryw3j4yHOLlHA== ) + 86400 NSEC deleg.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008173446 32411 example.com. + 9tR3kL4pVEYsHzt888pbP0TtS/npeApAEUfZ + L5rXQE0WqBLQGtyEPYxujFuaruvxH0SgLl6r + n6MKCEB07DjhTA== ) + 3600 DNSKEY 256 3 13 ( + C7v6eelCoXgBoUjHe/gKdsnWNw04GH7PpYMo + 2hF5jaeq1zkLSXkF2xS/04MgBTFFYuDU+LGt + 8kMKNc8o2wH2jQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 32411 + 3600 DNSKEY 257 3 13 ( + m6KdGBizfDaUhcW+nIHuRdufZFcSYlZ5Xoky + +GcH23OxZtPzPwKwpg5rTx+RCRPlVpmwyiW3 + aC69n0Q8mr8NpA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 60051 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008173446 60051 example.com. + SD4149dui/vuky4G6wiJQLUw5b8XpG+Cy/cf + +9CSbuKWHRcC1K0wVEw6xyEah6eD/7Sh0eFA + EECgej5etJbL3A== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + 86400 NSEC dns1.example.com. NS RRSIG NSEC + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008173446 32411 example.com. + HFA1XBdjaUvb8lbyhXVDYxTUn8Nr2HNC5ktc + kPBW2AGMQiVUtyR3vPxUIiusxsQn+uyRL2QC + NBG3ANo5exT8ug== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008173446 32411 example.com. + 4NLhmO0Sa3yk1ZikWSRYEX0FpHK0NkTGk++h + RHJO3E9M6Og1am/PiPf67DAe/2n4ANItC/SH + u/1WSvYQV7OZqg== ) + 86400 NSEC example.com. A RRSIG NSEC + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008173446 32411 example.com. + pQgr7WzGpL8gbbAcbeYEIYBLq8lCAuE9NaUf + itYKBFh7Cbg4YrLOoeAV6v6V4tfZPpmNpd2U + 9VUrY9es4QfX6Q== ) diff --git a/tests/knot/semantic_check_data/no_error_nsec3_optout.signed b/tests/knot/semantic_check_data/no_error_nsec3_optout.signed new file mode 100644 index 0000000..a03f4ea --- /dev/null +++ b/tests/knot/semantic_check_data/no_error_nsec3_optout.signed @@ -0,0 +1,29 @@ +; Zone without any semantic error + +;; Zone dump (Knot DNS 3.1.dev.1612270066.d215637a6) +example.com. 3600 SOA dns1.example.com. hostmaster.example.com. 2010111222 21600 3600 604800 86400 +example.com. 3600 NS dns1.example.com. +example.com. 0 CDNSKEY 257 3 13 Yk8KOmyVzOij3x+Zs+eT4J2Up9+ipwXEKOhL9fTYY/DU10yIQt+zYm02UFZJX2oVTdHBCajpBFsZLH2X4ho1yw== +example.com. 0 CDS 25674 13 2 2EC05563A3537BD32EA3EB92C44794C644F249EE440785CF28207B903E35322D +example.com. 3600 DNSKEY 256 3 13 tCoteOM+A4o/A9uxgLyDg3HOg2DClU+3d+1XPQRtTfuaEFOGIpyH6qiFUv2b4DYuvmMyTkL99nxvyhA8yo0Cgg== +example.com. 3600 DNSKEY 257 3 13 Yk8KOmyVzOij3x+Zs+eT4J2Up9+ipwXEKOhL9fTYY/DU10yIQt+zYm02UFZJX2oVTdHBCajpBFsZLH2X4ho1yw== +example.com. 0 NSEC3PARAM 1 0 10 151E9F1094FE188F +deleg.example.com. 3600 NS deleg.example.com. +deleg.example.com. 3600 A 192.0.2.1 +dns1.example.com. 3600 A 192.0.2.1 +;; DNSSEC signatures +example.com. 3600 RRSIG NS 13 2 3600 20400406110811 20210205093811 61806 example.com. VD3IclxLUSi1tgv4+FJ+9e3EWiRny6de1y4jUFn1Ama8+Cl2vZO2Jc34Q9MKY/S9m4id7Xe8MtkkrKThQcaaXw== +example.com. 3600 RRSIG SOA 13 2 3600 20400406110811 20210205093811 61806 example.com. BniH53lEM1hYGcorTmqF7At3+neZkifPT1sM15nGlQUQ6RfkPxh7Uy8Pj3PxLL5v7WDTyFGbLVThEFWZUh/h6w== +example.com. 3600 RRSIG DNSKEY 13 2 3600 20400406110811 20210205093811 25674 example.com. 3FSDEJ9f54++FX/EHWXXnbHW8iJPaDG4kc7qf772y62dtqTfAvb22lq2yKzCOaRFFwpPKEdcS4OEkhx0IbC27w== +example.com. 0 RRSIG NSEC3PARAM 13 2 0 20400406110811 20210205093811 61806 example.com. BTT+7Gj8V2pATxogxJ8xEO5eiVHoVIDxdK60zDS3MWNcbUc/n9vJR8NrCECel9egQUWrejawikO4DkyQxLZpkw== +example.com. 0 RRSIG CDS 13 2 0 20400406110811 20210205093811 25674 example.com. h43kZiM1EFETWQEtMM8Xls/RFDsAkLIpLf+DUnJ+zzxv37xpGvtf/s//3ew9qEhouBnGh/1FWtNr8vjhzh0tsg== +example.com. 0 RRSIG CDNSKEY 13 2 0 20400406110811 20210205093811 25674 example.com. 4mf7C/zyWoFRllUEaLHpdxJdlbEQXIRKNH6JOH3sTKSQMGj1SMmkWm9qlO9tVaUm1ggB6r8TPWgrAUBG+4A9gQ== +dns1.example.com. 3600 RRSIG A 13 3 3600 20400406110811 20210205093811 61806 example.com. lMj63MgZYiCl6Fdf0Q5C4/K99AAXTqCI9HSBQcrc7qiZDjRpZXzBUO8yv7+5JSMIo/A3tJtQL/12VFPGZ9NQ5w== +;; DNSSEC NSEC3 chain +ple28jlp3q5anh045ssk9f3u7ltd4qlc.example.com. 3600 NSEC3 1 1 10 151E9F1094FE188F rvcd9h11kcnenarqcmtmrhusdmb24rm4 NS SOA RRSIG DNSKEY NSEC3PARAM CDS CDNSKEY +rvcd9h11kcnenarqcmtmrhusdmb24rm4.example.com. 3600 NSEC3 1 1 10 151E9F1094FE188F ple28jlp3q5anh045ssk9f3u7ltd4qlc A RRSIG +;; DNSSEC NSEC3 signatures +ple28jlp3q5anh045ssk9f3u7ltd4qlc.example.com. 3600 RRSIG NSEC3 13 3 3600 20400406110811 20210205093811 61806 example.com. 7AdxaQLQ16ORwtf3t9lNQrzOP1BKu0TOIiKfx8/7o0JKoVtDYjqTC+ilWSD/Mbfb6PI6ND3NQKsIbnApOa2SUA== +rvcd9h11kcnenarqcmtmrhusdmb24rm4.example.com. 3600 RRSIG NSEC3 13 3 3600 20400406110811 20210205093811 61806 example.com. bOUzqzuIhV/SPyXiFOgsJbnS77dijFWcLDY/0X3r9aNiAo3/vSE4OTT0f6CkcBQDka+LjIoRaE7NIaTMl24fdg== +;; Written 21 records +;; Time 2021-02-05 12:08:11 CET diff --git a/tests/knot/semantic_check_data/no_rrsig.signed b/tests/knot/semantic_check_data/no_rrsig.signed new file mode 100644 index 0000000..6a3161b --- /dev/null +++ b/tests/knot/semantic_check_data/no_rrsig.signed @@ -0,0 +1,48 @@ +dns1.example.com. 3600 IN A 192.0.2.1 + 86400 NSEC example.com. A NSEC +; missing RRSIGs + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224081310 29600 example.com. + ieEKhIV69ywg+YFSqdz0t17eE+PLl1eR4kpv + Mq6Q6TfjC7V5/PcFW6KRoP50RFp4m4cD0E7T + GpmpnPF++QV1Vw== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224081310 29600 example.com. + kYbAbCGzyWPBEfc0TH1calUiKsZi12MH3TNV + 7vtjOvIYEqeNmuJkrw899a7nOPNoahB6h7o/ + DXuRlFqYYCC16Q== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224081310 29600 example.com. + PchT9RWRkLCMxWAQ3ut6LZlh4MYT4CkAPThQ + cnIn0ORi/fVgGzlifQ88xfEdEr1ZoXk9PlhT + 5b+wocBOl2HhGg== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224081310 29600 example.com. + JLcSyR8KgSicUou0c7Zs7Ol1DYiaQ8Lfyort + 8a+5OP3em3r3NH1nJkiVfs8+xdvUcGlGkbib + RKlfRWiIcOEalQ== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224081310 31323 example.com. + EQMX5DPXhwa+blMRkzl+swUW3BtzpGJ5tGEU + hkH7bJfM51gIAO5qnUO/mMPnEA8b4dc20nnZ + 8j8lETDjqBLgDQ== ) diff --git a/tests/knot/semantic_check_data/no_rrsig_with_delegation.signed b/tests/knot/semantic_check_data/no_rrsig_with_delegation.signed new file mode 100644 index 0000000..2c36b9b --- /dev/null +++ b/tests/knot/semantic_check_data/no_rrsig_with_delegation.signed @@ -0,0 +1,61 @@ +ns.deleg.example.com. 3600 IN A 192.168.0.2 +deleg.example.com. 3600 IN NS ns.deleg.example.com. + 86400 NSEC dns1.example.com. NS NSEC +; missing RRSIG for NSEC record + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224081610 29600 example.com. + HhnlCtlIaZFVklpzVUnzm6AzFd65CSc4WCJL + f2o7Gkevu+HTnkiPN6gqtERC/BKJz1EKd2fC + KDyLxXw6KeTRAw== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224081610 29600 example.com. + rcHuZd9wTYykzis+9Z8uyqD8V9h22szf2bmE + GYNyJBlHZO0sOmys31xnvDfQ9sdk9hf1TUfB + 9ACGIF5lDHBEog== ) + 86400 NSEC deleg.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224081610 29600 example.com. + YGSe1OINjOY3I8BY1EoxcOJsDZ/DjGCT5nqY + J6BBjTcbT5S1W61SN50xc2sGB4Q8F2KTotAe + arzn4DGDt9mOMw== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224081610 29600 example.com. + rdmqHOUXqhwrJusNt/7FTV+AtO/v6Md3LXzj + /QzR/pCADNC6ZA+FvqaOycnUxoryKk7PY3pM + 5ispCMuEx/1OGA== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224081610 31323 example.com. + jELyXsaJx+G4heZJ96dyE12hSyTNFazwWDkq + 1Mkja9/bTTdYAd+t8fhf/c35bUiTVJWMivJe + +YcCwqGf2U+2zw== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224081610 29600 example.com. + ln2xuvghOWBDOfyk19Wwtv3oc8+1go3WQuMf + vel5x/uHVx6voNA25cpFIQ6nPlCo8pmd5R3w + paMxgoQtBkzBcA== ) + 86400 NSEC example.com. A RRSIG NSEC + 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224081610 29600 example.com. + EEKcIegUeyn/1FIgxHV+gSX3b/ygQPAcjD8g + aCt1yiO0B1xmVm09RJNxzCLaTKxQENhxIoUZ + 2l7250pBQnrlAQ== ) diff --git a/tests/knot/semantic_check_data/ns_apex.missing b/tests/knot/semantic_check_data/ns_apex.missing new file mode 100644 index 0000000..fd7b7be --- /dev/null +++ b/tests/knot/semantic_check_data/ns_apex.missing @@ -0,0 +1,11 @@ +$ORIGIN example.com. +$TTL 3600 + +@ IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111214 ; serial + 6h ; refresh + 1h ; retry + 1w ; expire + 1d ) ; minimum + +; missing NS in apex diff --git a/tests/knot/semantic_check_data/nsec3_chain_01.signed b/tests/knot/semantic_check_data/nsec3_chain_01.signed new file mode 100644 index 0000000..cd90b9f --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_chain_01.signed @@ -0,0 +1,80 @@ +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 + A RRSIG ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ ; wrong next record + NS ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) +; RRSIGs for NSEC3s +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229140652 29600 example.com. + PjEM7Bxxb7w67366fKCLkR9BVFAL0RI8RJCZ + 5aqoMVuy+ui7MLKxKT2LfeTHgBw1Cww1bbJw + Ip2zu0/ZGPfKzA== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229140652 29600 example.com. + DUMMYDUMMYDUMMYgc7Jx/FgAlruRjwsS/YJa + sZRspDGZhSqK2daV5K0lmK+XL8BoOtp7aXtq + VER5XcWLOebCdw== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229140652 29600 example.com. + XsJa0IUE2ddTohJmiuNVd/Po1ZOK0PDCuU7/ + CS0/wiZ5ZlxPdVUAYXuC7HhGH+ZPsqwZ4oUU + ToDbFqfdzmC1XQ== ) + +; other zone data without error +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160229140652 29600 example.com. + u5QMvOSkZBUM5tLiEAq3A+x4Ha17ZsNUYqeI + SuYA1+NbaBDxAtT6scB9aeA4lOTQ0TZvpGFE + YF/XxGtqvwdZ8g== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160229140652 29600 example.com. + ELZOh4iS9DpAafa8NTaI/eNL3Qwy+lsmgrzF + 7jaoR5yOURl/RZSJY+m9Peaq4ALcROdGJ0O4 + miSpdTIZsBSGZg== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229140652 29600 example.com. + sjxCP/grgOR+4vmXw7HU/hGSx5dS5QxM00IA + gZNJ6Lqf+4OSL3TEa1/qqRSFTl5uv3rqh5W4 + 8p2JoT1ZkcJj6w== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229140652 31323 example.com. + jrH48r1iPFRfbyIZWcARQrejVgrE9v8qqt4R + uPHjz5t7PYmZYH544SI9HtaWGkIJ9jzlxr5l + ikCWo1we50y9Lg== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160229140652 29600 example.com. + yIXzhQw8c/c/in+doXX5JmqoGiqoYD2Hhw6d + /aGXc5QLQqxyATXln02vkwt1d7DK/ha1vkfx + bvGdduXDQ7YZ+g== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160229140652 29600 example.com. + aMRzV/1+m9wQHWezSiwkmDEbnS85wB9dA5x/ + u2P7NPsgwMnRdfpVIMfaVhSJH88i5OlLTvL1 + sSK+RADpuoqnLA== ) diff --git a/tests/knot/semantic_check_data/nsec3_chain_02.signed b/tests/knot/semantic_check_data/nsec3_chain_02.signed new file mode 100644 index 0000000..ca70cfa --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_chain_02.signed @@ -0,0 +1,94 @@ +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + 6DFJITU5VML86QNKU9FO2LJDDQQTQPVT + A RRSIG ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ ; wrong next + A RRSIG ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + NS ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 ; wrong next + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + oErbN3Xw+0zAqkz5KC5nOsINblBc4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature+Z8rLBA9 + KkCDm1y82x5T/Cu5UXuZJwhvDGDzwPqoY5Dr + Qbiek52n6umbEw== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + ep1TVqEISn2ZOiBtizK2eyuuhsYyD37X9Bw2 + 9JOkecZnmzCwBqfMCBvRYmNRpMd512+ZnW/I + 1vIViE7CGwkHyA== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySginature6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + bGk1vLxVuJpcEy7n0gPvQVzfanbvINLJLcbD + eeie4sXZZAOwu6oQZy6kd8tvKtV4mL0OJzpH + XCO6BdZkmk/aQA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + roe4aBp4G3TqQ4x5eRxbVIjApIh17gXDjfOY + zvRFLOkrwqKz3eX9WrRiCk3bYNn8s1fuenaQ + OSV1D5SL7utX5w== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + c1yhXb8wRGYndpVqG61+lHAAbZg+JcVYGPX3 + Fw0jYigN4G+P0+VUCqPLkC4yfJylzuefyGfk + TUmriM3ihfXxIg== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 31323 example.com. + mZiLLTzbdaj7EJ8uj3TwvcvAfaMxYjyavlGT + qpa+cElfvBDm7R6MF4MaEQ9aZ2ylMt1lppjq + YyYRaaQC6yhm4g== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160302125715 29600 example.com. + K3PkVYZZV8QvZFtDsz9+ZfiM9wDkFu/eO2S5 + tAtCXd1fktcW44TLWL0qADfFEEcMotvzLqv1 + YJrD7TvrFDot8Q== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + vlzRtVFa44pRtdD8XZcgDa6021uA9A3TnNEw + 5jRnor4aoftUuVQNAanQMCgrWk63d14XZ2d0 + lqhxunAbh08dsQ== ) + +www.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + NWFuYaSEg3z3K4l/fHu/X9dK+rDZ177BbCNN + ZeFTPCAdOnX0nw1CQys629k7Vzdv1pHaanmy + 0Ru0tX9R65NlKw== ) diff --git a/tests/knot/semantic_check_data/nsec3_chain_03.signed b/tests/knot/semantic_check_data/nsec3_chain_03.signed new file mode 100644 index 0000000..80112f8 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_chain_03.signed @@ -0,0 +1,94 @@ +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A ; wrong next + A RRSIG ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 + A RRSIG ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + 6DFJITU5VML86QNKU9FO2LJDDQQTQPVT ; wrong next + NS ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + KElp8dLKBKFzgEFV8r5aP9pCyYUD+Z8rLBA9 + KkCDm1y82x5T/Cu5UXuZJwhvDGDzwPqoY5Dr + Qbiek52n6umbEw== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignatureD37X9Bw2 + 9JOkecZnmzCwBqfMCBvRYmNRpMd512+ZnW/I + 1vIViE7CGwkHyA== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DPwNyH7r/4wIBfTGxikNv4pY7omY6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + bGk1vLxVuJpcEy7n0gPvQVzfanbvINLJLcbD + eeie4sXZZAOwu6oQZy6kd8tvKtV4mL0OJzpH + XCO6BdZkmk/aQA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + roe4aBp4G3TqQ4x5eRxbVIjApIh17gXDjfOY + zvRFLOkrwqKz3eX9WrRiCk3bYNn8s1fuenaQ + OSV1D5SL7utX5w== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + c1yhXb8wRGYndpVqG61+lHAAbZg+JcVYGPX3 + Fw0jYigN4G+P0+VUCqPLkC4yfJylzuefyGfk + TUmriM3ihfXxIg== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 31323 example.com. + mZiLLTzbdaj7EJ8uj3TwvcvAfaMxYjyavlGT + qpa+cElfvBDm7R6MF4MaEQ9aZ2ylMt1lppjq + YyYRaaQC6yhm4g== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160302125715 29600 example.com. + K3PkVYZZV8QvZFtDsz9+ZfiM9wDkFu/eO2S5 + tAtCXd1fktcW44TLWL0qADfFEEcMotvzLqv1 + YJrD7TvrFDot8Q== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + vlzRtVFa44pRtdD8XZcgDa6021uA9A3TnNEw + 5jRnor4aoftUuVQNAanQMCgrWk63d14XZ2d0 + lqhxunAbh08dsQ== ) + +www.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + NWFuYaSEg3z3K4l/fHu/X9dK+rDZ177BbCNN + ZeFTPCAdOnX0nw1CQys629k7Vzdv1pHaanmy + 0Ru0tX9R65NlKw== ) diff --git a/tests/knot/semantic_check_data/nsec3_ds.signed b/tests/knot/semantic_check_data/nsec3_ds.signed new file mode 100644 index 0000000..ad5da7c --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_ds.signed @@ -0,0 +1,57 @@ + + +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + 3600 IN DS 60485 5 2 ( 4EFB4310DB01A42E7882E102 + 7A73CC28E2E0FE938F2D5888 + A0DA0005B99E7FF8 ) +deleg.example.com. 3600 IN RRSIG DS 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 3600 IN NSEC3 1 0 10 - ( + 6DFJITU5VML86QNKU9FO2LJDDQQTQPVT + A RRSIG ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 3600 IN NSEC3 1 1 10 - ( + UI312KQOP1NG8IQEIEFNPSLA94KB5Q92 + A RRSIG ) +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 3600 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 3600 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +20g1gol477ro51rk9a9nfd54tfqal7iq.example.com. 3600 RRSIG NSEC3 13 3 3600 20400406101515 20210205084515 61806 example.com. k2hYD9qbLM8cRuN1fcLar/GsSufK/5oQYxRnE9bUDiKvC1WhCDF3pee6MSqybb3LoNkQUeOgGV4jdzvslzDlhQ== +6dfjitu5vml86qnku9fo2ljddqqtqpvt.example.com. 3600 RRSIG NSEC3 13 3 3600 20400406101515 20210205084515 61806 example.com. fGQRezo0T9Hd1tGJqhCXPyLONKSxOPmX1Kl7MjD1OVDLg9l5Ei9DmhrpCFxahXMBGIA4yy1J7mSK3PqelPMyFw== +ui312kqop1ng8iqeiefnpsla94kb5q92.example.com. 3600 RRSIG NSEC3 13 3 3600 20400406101515 20210205084515 61806 example.com. 6AmfjUgzO4Ew9FmW6koVhQ+98Vd7xI7kpFXwj8wb4ObmuM8uFu6tpvcT/jDcUduFuUb//DS5fS9fXraLNL8JUQ== +utqvuhu2blk3dhmrr5t1hd9vteohqt0a.example.com. 3600 RRSIG NSEC3 13 3 3600 20400406101515 20210205084515 61806 example.com. WMvFzIf9Ekvr0UVRzbZpxUAjT2Sf2KgsXek6iG786Iw6nZ/rzPVNlfNLhWvdqQmi5LEDp03UExshDlPz3JgOkQ== + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 NS dns1.example.com. + 0 NSEC3PARAM 1 0 10 - +dns1.example.com. 3600 IN A 192.0.2.1 +www.example.com. 3600 IN A 192.0.2.1 + +example.com. 3600 DNSKEY 257 3 13 Yk8KOmyVzOij3x+Zs+eT4J2Up9+ipwXEKOhL9fTYY/DU10yIQt+zYm02UFZJX2oVTdHBCajpBFsZLH2X4ho1yw== +example.com. 3600 DNSKEY 256 3 13 tCoteOM+A4o/A9uxgLyDg3HOg2DClU+3d+1XPQRtTfuaEFOGIpyH6qiFUv2b4DYuvmMyTkL99nxvyhA8yo0Cgg== +example.com. 3600 RRSIG DNSKEY 13 2 3600 20400405162736 20210204145736 25674 example.com. 5nIsRsT30KNhPS/i8rNhT/C3uPli0jb+7fLYL+eHKggTHk5UK69Z5EHA/ISKnbEOMIQA3QJ98XNreLJk+sTZ4w== + +example.com. 3600 RRSIG NS 13 2 3600 20400405162736 20210204145736 61806 example.com. nzKbYNX9cbrf3zNMSRK4ftG/p4DLn/uB3BM29txIj0nyKxL1cmK0wsTltGmwLzJTegBy/LV1VtMudDLWEFU3sQ== +example.com. 3600 RRSIG SOA 13 2 3600 20400405162736 20210204145736 61806 example.com. HvtxfzCSLHjFSHuAyO+KKymy/vxOGLS8T1DuhfAoUtweHv1zVeYfbFOfCdcfs15PKO31ldqwWRvFWAhM+3hnrA== +example.com. 0 RRSIG NSEC3PARAM 13 2 0 20400405162736 20210204145736 61806 example.com. 8uDKYTVd+XuYFyzf/aNm6kMjZhbI8r+22v1AuuYYqgP5aH6/ZFXusczSGkPdcauVIgKLV1I7dBBQkQm2LNIqAA== +deleg.example.com. 3600 RRSIG A 13 3 3600 20400405162736 20210204145736 61806 example.com. beD3O8cnCQ+8HWZpn35gFrR2tLkb9tGpe143BfUA0aOkAr2PdK9CUBs47uSyWAATYoa11gtxxdFUzW6coa7l/w== +deleg.example.com. 3600 RRSIG NS 13 3 3600 20400405162736 20210204145736 61806 example.com. HJCAXBevueFA2BOP6eOnsbP1X+2VUQRGXRcYI2SDqqq4U2DQHWQMOfI+pKVpkfdc8D6qDYnFZSg6II/dDJQ0AQ== +deleg.example.com. 3600 RRSIG DS 13 3 3600 20400405162736 20210204145736 61806 example.com. DhZsh6wiPACEUz7GY4WpvcIrMOF+sU27kJAGKaCcpxv9jQBY7Jpf/otRf+yn+Bmm32RZUr5swSXMXAvDtCj6qA== +dns1.example.com. 3600 RRSIG A 13 3 3600 20400405162736 20210204145736 61806 example.com. z/pEp4EcGkmy+niefZRLgRo1LraBlJABdgpSo94cYEqJM3GBMHsPZeAKmqnMAYA5Nz0hQtTplqS3rsJHJJdQ7w== +www.example.com. 3600 RRSIG A 13 3 3600 20400405162736 20210204145736 61806 example.com. FpOwodJYlk3NxEEjGvY75r8Ptef13P4Um9N74NxV1QWQlqtBhg+1bndvaY376uBFVDFGsEiDFEgIoFL0Ao+PeA== + + diff --git a/tests/knot/semantic_check_data/nsec3_missing.signed b/tests/knot/semantic_check_data/nsec3_missing.signed new file mode 100644 index 0000000..4974956 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_missing.signed @@ -0,0 +1,120 @@ + +; extra record without corresponding NSEC3 +extra.example.com. 3600 IN A 1.2.3.4 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature12345678 + 123456789123456789123456789123456789 + lqhxunAbh08dsQ== ) +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + 6DFJITU5VML86QNKU9FO2LJDDQQTQPVT + A RRSIG ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 + A RRSIG ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + UI312KQOP1NG8IQEIEFNPSLA94KB5Q92 + NS ) +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN A 1.2.3.4 +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG A 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DPwNyH7r/4wIBfTGxikNv4pY7omY6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + + +UI312KQOP1NG8IQEIEFNPSLA94KB5Q92.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignature4ey0Qcln + uquQZT+z2HIdCE9HeslAkTlu/Xt78vF4+3db + t2Vno21DkteA+w== ) +6DFJITU5VML86QNKU9FO2LJDDQQTQPVT.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + KElp8dLKBKFzgEFV8r5aP9pCyYUD+Z8rLBA9 + KkCDm1y82x5T/Cu5UXuZJwhvDGDzwPqoY5Dr + Qbiek52n6umbEw== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DummySignatureDummySignatureD37X9Bw2 + 9JOkecZnmzCwBqfMCBvRYmNRpMd512+ZnW/I + 1vIViE7CGwkHyA== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160302125715 29600 example.com. + DPwNyH7r/4wIBfTGxikNv4pY7omY6IqpQS6Q + jtTNuStA+5gk98dvcgRjluxqo/+ZlZz4V53f + 1y506ytGbX/q4Q== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + bGk1vLxVuJpcEy7n0gPvQVzfanbvINLJLcbD + eeie4sXZZAOwu6oQZy6kd8tvKtV4mL0OJzpH + XCO6BdZkmk/aQA== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + roe4aBp4G3TqQ4x5eRxbVIjApIh17gXDjfOY + zvRFLOkrwqKz3eX9WrRiCk3bYNn8s1fuenaQ + OSV1D5SL7utX5w== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 29600 example.com. + c1yhXb8wRGYndpVqG61+lHAAbZg+JcVYGPX3 + Fw0jYigN4G+P0+VUCqPLkC4yfJylzuefyGfk + TUmriM3ihfXxIg== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160302125715 31323 example.com. + mZiLLTzbdaj7EJ8uj3TwvcvAfaMxYjyavlGT + qpa+cElfvBDm7R6MF4MaEQ9aZ2ylMt1lppjq + YyYRaaQC6yhm4g== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160302125715 29600 example.com. + K3PkVYZZV8QvZFtDsz9+ZfiM9wDkFu/eO2S5 + tAtCXd1fktcW44TLWL0qADfFEEcMotvzLqv1 + YJrD7TvrFDot8Q== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 + +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + vlzRtVFa44pRtdD8XZcgDa6021uA9A3TnNEw + 5jRnor4aoftUuVQNAanQMCgrWk63d14XZ2d0 + lqhxunAbh08dsQ== ) + +www.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160302125715 29600 example.com. + NWFuYaSEg3z3K4l/fHu/X9dK+rDZ177BbCNN + ZeFTPCAdOnX0nw1CQys629k7Vzdv1pHaanmy + 0Ru0tX9R65NlKw== ) + + diff --git a/tests/knot/semantic_check_data/nsec3_optout.signed b/tests/knot/semantic_check_data/nsec3_optout.signed new file mode 100644 index 0000000..c9caa5d --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_optout.signed @@ -0,0 +1,81 @@ + +; insecure delegation, not covered by NSEC3 or opt-out +zzz.example.com. 3600 IN NS zzz.example.com. + 3600 A 192.0.2.1 + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + W9EprjaR4loSnNW96h4rLsquPDw3LHYvD05k + djkQofHSkMNZAJ7Q+eA3Fs2ik5fnJFM7wi5C + MtFsV2TfqMJFmg== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + I9Je1S7XhZIW9C0fWE8NwFLC2rhHklddNYBO + dxVKL/lxENU4jPPBwZBGrcYn2WVHgkIzjG0n + EOHONAgRFPi3Xw== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + vO2UQiTN/CNUZOmSEg8kJlR/UqiAZHc4qMwj + 9u31sbPmOMuni+ZGuVCFFoEMtZerIkkQowkB + sXJFkvCP5oF2rA== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 31323 example.com. + Z+aaLu4rmzekfhlj6A0ClREloRi8MloRHf/3 + Dlw/RYY1hrOCfcZKEY6AXeVdUwESEsSkSOco + CbhyGHH10dKAAg== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160229083110 29600 example.com. + d69kc52VdALI8fbdbflsVsltc1m7bI6QsJ5U + IDE9fy5VqcufZecZMKuozPDuF2vBA8ADFIRU + OfYgKs6YNIOLWg== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938 + A RRSIG ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + D24JCtCcNzwsY1FXVliAjxMm+x95N2eUTXn0 + M8NK5glSk1yLtnAUKzHxpRExAJLGUiaG4yPu + 2yGZuqwNvJztzw== ) +MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + NS ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + jRNMrWLfS4yzRHQOBxs6/GKWIzx6AZV5lyCm + 7bYTV9wS3owDJSQhJ7lft0WbBmUMtV3tP9Xr + Yc+yW48p2Vr+QQ== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + F7y+xW/C7iICgmZeYrF4e7Yx4kWZAZPAMzlu + PtWVuf37ySg1VfEWcQcDP04vF2rXVUqSMEcj + bqUVN5W8Hoazxw== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160229083110 29600 example.com. + MoYrL/lToC4AHo6KCZRiBRmCMWHUAx2Xt32A + P4lDpwA+wiBWkCZSfVTh60AosS/BIGtBb2BK + mszMx8CLBvkjRg== ) diff --git a/tests/knot/semantic_check_data/nsec3_optout_ent.all b/tests/knot/semantic_check_data/nsec3_optout_ent.all new file mode 100644 index 0000000..5ebd917 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_optout_ent.all @@ -0,0 +1,15 @@ +example.com. 3600 SOA dns1.com. hostmaster.com. 2010111217 21600 3600 604800 86400 +example.com. 3600 NS dns1.com. +example.com. 3600 DNSKEY 256 3 13 tCoteOM+A4o/A9uxgLyDg3HOg2DClU+3d+1XPQRtTfuaEFOGIpyH6qiFUv2b4DYuvmMyTkL99nxvyhA8yo0Cgg== +example.com. 3600 DNSKEY 257 3 13 Yk8KOmyVzOij3x+Zs+eT4J2Up9+ipwXEKOhL9fTYY/DU10yIQt+zYm02UFZJX2oVTdHBCajpBFsZLH2X4ho1yw== +example.com. 0 NSEC3PARAM 1 0 10 151E9F1094FE188F +deleg1.ent.example.com. 3600 NS glue.outofzone.net. +deleg2.ent.example.com. 3600 NS glue.outofzone.net. + +example.com. 3600 RRSIG NS 13 2 3600 20400410173442 20210209160442 61806 example.com. laxHzto10anAyWXb/IqVEoBsybVmb/aCMb4SdxEC3YiJFj1IX9rxChVnuXrQ5zgr1f6YaRyc/DDTP8NFvwyTWg== +example.com. 3600 RRSIG SOA 13 2 3600 20400410173442 20210209160442 61806 example.com. /eNl2bkB/SJ6qBX+Jpm5KTXIs5Xi978JWRN2jtbEh5Z9udy7liS73oMkBLlJ33amKc7Gwfqi2+SgdHHud4j0Ug== +example.com. 3600 RRSIG DNSKEY 13 2 3600 20400410173442 20210209160442 25674 example.com. TpePckJM7GcsE72vbfSf49LzEM1chUFIiKBN0VyCHdB3YFpRH5d8Qx+XWh8Vs9AuLoKMWTQ0UD4kZK8yF70N4A== +example.com. 0 RRSIG NSEC3PARAM 13 2 0 20400410173442 20210209160442 61806 example.com. RfPCpoA94H+dm7fqxhZ+GIf4fQwzN19yJVbhmEOtx6if9U/H6mJalvoy4d5UD/L2bferTBbie4I/TzAIXgVETQ== + +ple28jlp3q5anh045ssk9f3u7ltd4qlc.example.com. 3600 NSEC3 1 1 10 151E9F1094FE188F ple28jlp3q5anh045ssk9f3u7ltd4qlc NS SOA RRSIG DNSKEY NSEC3PARAM +ple28jlp3q5anh045ssk9f3u7ltd4qlc.example.com. 3600 RRSIG NSEC3 13 3 3600 20400410181548 20210209164548 61806 example.com. EBPlHXYdARm1T0TaYadx0ETwC6w0g5J1yPR6LB3ur9IItcEWRONhqDrNwUbYGbW5c4nWep/hnJYdmMFq1bTfiw== diff --git a/tests/knot/semantic_check_data/nsec3_optout_ent.invalid b/tests/knot/semantic_check_data/nsec3_optout_ent.invalid new file mode 100644 index 0000000..114d5d7 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_optout_ent.invalid @@ -0,0 +1,18 @@ +example.com. 3600 SOA dns1.com. hostmaster.com. 2010111217 21600 3600 604800 86400 +example.com. 3600 NS dns1.com. +example.com. 3600 DNSKEY 256 3 13 tCoteOM+A4o/A9uxgLyDg3HOg2DClU+3d+1XPQRtTfuaEFOGIpyH6qiFUv2b4DYuvmMyTkL99nxvyhA8yo0Cgg== +example.com. 3600 DNSKEY 257 3 13 Yk8KOmyVzOij3x+Zs+eT4J2Up9+ipwXEKOhL9fTYY/DU10yIQt+zYm02UFZJX2oVTdHBCajpBFsZLH2X4ho1yw== +example.com. 0 NSEC3PARAM 1 0 10 151E9F1094FE188F +deleg1.ent.example.com. 3600 NS glue.outofzone.net. +deleg2.ent.example.com. 3600 NS glue.outofzone.net. + +example.com. 3600 RRSIG NS 13 2 3600 20400410173442 20210209160442 61806 example.com. laxHzto10anAyWXb/IqVEoBsybVmb/aCMb4SdxEC3YiJFj1IX9rxChVnuXrQ5zgr1f6YaRyc/DDTP8NFvwyTWg== +example.com. 3600 RRSIG SOA 13 2 3600 20400410173442 20210209160442 61806 example.com. /eNl2bkB/SJ6qBX+Jpm5KTXIs5Xi978JWRN2jtbEh5Z9udy7liS73oMkBLlJ33amKc7Gwfqi2+SgdHHud4j0Ug== +example.com. 3600 RRSIG DNSKEY 13 2 3600 20400410173442 20210209160442 25674 example.com. TpePckJM7GcsE72vbfSf49LzEM1chUFIiKBN0VyCHdB3YFpRH5d8Qx+XWh8Vs9AuLoKMWTQ0UD4kZK8yF70N4A== +example.com. 0 RRSIG NSEC3PARAM 13 2 0 20400410173442 20210209160442 61806 example.com. RfPCpoA94H+dm7fqxhZ+GIf4fQwzN19yJVbhmEOtx6if9U/H6mJalvoy4d5UD/L2bferTBbie4I/TzAIXgVETQ== + +gtr2v0c3d7eqh7ob8rbad7ta90tq8lci.example.com. 3600 NSEC3 1 1 10 151E9F1094FE188F ple28jlp3q5anh045ssk9f3u7ltd4qlc NS +ple28jlp3q5anh045ssk9f3u7ltd4qlc.example.com. 3600 NSEC3 1 1 10 151E9F1094FE188F gtr2v0c3d7eqh7ob8rbad7ta90tq8lci NS SOA RRSIG DNSKEY NSEC3PARAM + +gtr2v0c3d7eqh7ob8rbad7ta90tq8lci.example.com. 3600 RRSIG NSEC3 13 3 3600 20400410173442 20210209160442 61806 example.com. gb3uKByt54iwCsd284xzOVnnpN97r7ARz6UacMdm2Xs4M8t6Ao9bRG7jvbNpFCALfaU/xDQF7K3v31iKBeVwjw== +ple28jlp3q5anh045ssk9f3u7ltd4qlc.example.com. 3600 RRSIG NSEC3 13 3 3600 20400410173442 20210209160442 61806 example.com. kpuFRuzOhsG5zy0Sdql0AB44IDUtf9ccTwJXdULoIqUNKeRqvgWJ7ekEhBKvntVHlBQZPescgPMvvq7PLcA2Dw== diff --git a/tests/knot/semantic_check_data/nsec3_optout_ent.valid b/tests/knot/semantic_check_data/nsec3_optout_ent.valid new file mode 100644 index 0000000..c9fe657 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_optout_ent.valid @@ -0,0 +1,20 @@ +example.com. 3600 SOA dns1.com. hostmaster.com. 2010111217 21600 3600 604800 86400 +example.com. 3600 NS dns1.com. +example.com. 3600 DNSKEY 256 3 13 tCoteOM+A4o/A9uxgLyDg3HOg2DClU+3d+1XPQRtTfuaEFOGIpyH6qiFUv2b4DYuvmMyTkL99nxvyhA8yo0Cgg== +example.com. 3600 DNSKEY 257 3 13 Yk8KOmyVzOij3x+Zs+eT4J2Up9+ipwXEKOhL9fTYY/DU10yIQt+zYm02UFZJX2oVTdHBCajpBFsZLH2X4ho1yw== +example.com. 0 NSEC3PARAM 1 0 10 151E9F1094FE188F +deleg1.ent.example.com. 3600 NS glue.outofzone.net. +deleg2.ent.example.com. 3600 NS glue.outofzone.net. + +example.com. 3600 RRSIG NS 13 2 3600 20400410173236 20210209160236 61806 example.com. C4ierSNpy03xjH5rQEfb01wCj4SVIzX9b15FVEMIbn3lmDo5jXO6stOrW8Z7OjoVuCaRi1Qj997TeCYqOxNXSQ== +example.com. 3600 RRSIG SOA 13 2 3600 20400410173236 20210209160236 61806 example.com. NNyQzYOcPbfEsqv61I78MuMguN/KIFi/wSJc940pj7rv+riA3J+XVzpaHSSh//q8CmrvpBAk2g8KsQG/6kOXmg== +example.com. 3600 RRSIG DNSKEY 13 2 3600 20400410173236 20210209160236 25674 example.com. ZY3nxZJeOfSOEhs02mfhQgt6N1EgZubtPp3HuV69gStFSu4aCLi8a2aseQGilOFW64dOAYNm3LL/WqhPi7MZ1Q== +example.com. 0 RRSIG NSEC3PARAM 13 2 0 20400410173236 20210209160236 61806 example.com. JITs/EH8nLaFRidlkT6+mcTwEpjgp2TMjb9fU5TBIlKn94og8YtOWFbNmzdEYBKlGLlkg8LwY2ortrSoRHS6Hw== + +ej69a9a2k2j0ntktmdvihrv5ao8fl1jt.example.com. 3600 NSEC3 1 1 10 151E9F1094FE188F gtr2v0c3d7eqh7ob8rbad7ta90tq8lci +gtr2v0c3d7eqh7ob8rbad7ta90tq8lci.example.com. 3600 NSEC3 1 1 10 151E9F1094FE188F ple28jlp3q5anh045ssk9f3u7ltd4qlc NS +ple28jlp3q5anh045ssk9f3u7ltd4qlc.example.com. 3600 NSEC3 1 1 10 151E9F1094FE188F ej69a9a2k2j0ntktmdvihrv5ao8fl1jt NS SOA RRSIG DNSKEY NSEC3PARAM + +ej69a9a2k2j0ntktmdvihrv5ao8fl1jt.example.com. 3600 RRSIG NSEC3 13 3 3600 20400410173236 20210209160236 61806 example.com. yatL/lbFSUyN4UyRtMXymxsiqhOXHp+N+pTI/zNOc0NXCdaaLceh+tZHlc+E4napRfP53XXEhuGavjShTIJ/+g== +gtr2v0c3d7eqh7ob8rbad7ta90tq8lci.example.com. 3600 RRSIG NSEC3 13 3 3600 20400410173236 20210209160236 61806 example.com. 20XNZrfJ4l/JIDjCbsba3mUOrNyOxJ2VuCju/yLc0XbdzqMcKJR87g3u967GEnoYY5f5+rJt/IHsuJWHcLApCQ== +ple28jlp3q5anh045ssk9f3u7ltd4qlc.example.com. 3600 RRSIG NSEC3 13 3 3600 20400410173236 20210209160236 61806 example.com. eLRo9y8Rxf157qcciWM/LSUbtjYks2zLO5xQ9Ff5bidHc9m2XEqjWxqdPZz5gurEf+uPnM8mnix36X4YH4ZXwg== diff --git a/tests/knot/semantic_check_data/nsec3_param_invalid.signed b/tests/knot/semantic_check_data/nsec3_param_invalid.signed new file mode 100644 index 0000000..c7d8d6d --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_param_invalid.signed @@ -0,0 +1,70 @@ +; Zone without any semantic error + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + W9EprjaR4loSnNW96h4rLsquPDw3LHYvD05k + djkQofHSkMNZAJ7Q+eA3Fs2ik5fnJFM7wi5C + MtFsV2TfqMJFmg== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + I9Je1S7XhZIW9C0fWE8NwFLC2rhHklddNYBO + dxVKL/lxENU4jPPBwZBGrcYn2WVHgkIzjG0n + EOHONAgRFPi3Xw== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 29600 example.com. + vO2UQiTN/CNUZOmSEg8kJlR/UqiAZHc4qMwj + 9u31sbPmOMuni+ZGuVCFFoEMtZerIkkQowkB + sXJFkvCP5oF2rA== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160229083110 31323 example.com. + Z+aaLu4rmzekfhlj6A0ClREloRi8MloRHf/3 + Dlw/RYY1hrOCfcZKEY6AXeVdUwESEsSkSOco + CbhyGHH10dKAAg== ) + 0 NSEC3PARAM 1 4 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160229083110 29600 example.com. + d69kc52VdALI8fbdbflsVsltc1m7bI6QsJ5U + IDE9fy5VqcufZecZMKuozPDuF2vBA8ADFIRU + OfYgKs6YNIOLWg== ) +deleg.example.com. 3600 IN NS deleg.example.com. + 3600 A 192.0.2.1 +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 1 15 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + D24JCtCcNzwsY1FXVliAjxMm+x95N2eUTXn0 + M8NK5glSk1yLtnAUKzHxpRExAJLGUiaG4yPu + 2yGZuqwNvJztzw== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 4 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) + 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160229083110 29600 example.com. + F7y+xW/C7iICgmZeYrF4e7Yx4kWZAZPAMzlu + PtWVuf37ySg1VfEWcQcDP04vF2rXVUqSMEcj + bqUVN5W8Hoazxw== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160229083110 29600 example.com. + MoYrL/lToC4AHo6KCZRiBRmCMWHUAx2Xt32A + P4lDpwA+wiBWkCZSfVTh60AosS/BIGtBb2BK + mszMx8CLBvkjRg== ) diff --git a/tests/knot/semantic_check_data/nsec3_wrong_bitmap_01.signed b/tests/knot/semantic_check_data/nsec3_wrong_bitmap_01.signed new file mode 100644 index 0000000..a3024d8 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_wrong_bitmap_01.signed @@ -0,0 +1,70 @@ +; example.com -- missing DNSKEY in type bitmap +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG NSEC3PARAM ) +; dns1.example.com +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + li23VC44fumpMHhKwWug2J1C2fwCMiwgofYO + DKydNYsJyYTlyi8ezLJ2KoBlCtOc4Fp0NbqS + aN8CKWh7fQVnkQ== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + Y8olY2OClZgC+QHnOhY52LONVOcctOnl8jNY + /c7sCHZO4TdPPDHDhpbVntQD+Vc4fUTx+cXY + GrF5sLbhddBJXg== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + fx2rZzhyYrp1b4tNH1SmM852VbGEeZdKrD+f + ZoInny1m8sovb1J9ORtVbGkOYOnInDMLWMCX + fghHC2MafuFV+Q== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160225083237 31323 example.com. + TcNU6AlrYhJLrNlkfOPJzO6A77j6C39IPoP4 + OfmY2ClA5Vx2JO0vQ4bIHR7GIW8fiMe6M6tt + ZwQImhVWdG414A== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160225083237 29600 example.com. + iY0WB0dN1hQXoctaMwvvXzn7paQt5xUyucT3 + xwo6HAI8Y+OJlecUfOpkkQ9lqIfsqPTXmgbY + RieoZGrWR6ZvaQ== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160225083237 29600 example.com. + QptUkTNS7umNQ5V6Z9DyGl6z+rG7G3TFmHG8 + p9HGaKifSxjwSFW0nZ9/s86XHQ8ql5+bQmPa + xw39ntBmQLVxfg== ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160225083237 29600 example.com. + CPx6000z5m1zUUpVhki1u9U7P/WMr7PUJAk3 + G0w3v+/Lw56mDzYzNuTpPzS0noe0LKuecqRu + m99KpLyLOx+9QA== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160225083237 29600 example.com. + m2z+hx+8hTA7Phu6QzGJrq+o4MiURpda3fYm + 0wTDmXtfPKsHmojGr3kBlvUMg16s2gpvNyCL + MSlnJ+7KCkI+Mw== ) diff --git a/tests/knot/semantic_check_data/nsec3_wrong_bitmap_02.signed b/tests/knot/semantic_check_data/nsec3_wrong_bitmap_02.signed new file mode 100644 index 0000000..e3e4940 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec3_wrong_bitmap_02.signed @@ -0,0 +1,70 @@ +; example.com +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - ( + 20G1GOL477RO51RK9A9NFD54TFQAL7IQ + NS SOA RRSIG DNSKEY NSEC3PARAM ) +; dns1.example.com -- extra type in bitmap - NSEC +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - ( + UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A + A RRSIG NSEC) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + li23VC44fumpMHhKwWug2J1C2fwCMiwgofYO + DKydNYsJyYTlyi8ezLJ2KoBlCtOc4Fp0NbqS + aN8CKWh7fQVnkQ== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + Y8olY2OClZgC+QHnOhY52LONVOcctOnl8jNY + /c7sCHZO4TdPPDHDhpbVntQD+Vc4fUTx+cXY + GrF5sLbhddBJXg== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160225083237 29600 example.com. + fx2rZzhyYrp1b4tNH1SmM852VbGEeZdKrD+f + ZoInny1m8sovb1J9ORtVbGkOYOnInDMLWMCX + fghHC2MafuFV+Q== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160225083237 31323 example.com. + TcNU6AlrYhJLrNlkfOPJzO6A77j6C39IPoP4 + OfmY2ClA5Vx2JO0vQ4bIHR7GIW8fiMe6M6tt + ZwQImhVWdG414A== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 2 0 ( + 20840201000000 20160225083237 29600 example.com. + iY0WB0dN1hQXoctaMwvvXzn7paQt5xUyucT3 + xwo6HAI8Y+OJlecUfOpkkQ9lqIfsqPTXmgbY + RieoZGrWR6ZvaQ== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160225083237 29600 example.com. + QptUkTNS7umNQ5V6Z9DyGl6z+rG7G3TFmHG8 + p9HGaKifSxjwSFW0nZ9/s86XHQ8ql5+bQmPa + xw39ntBmQLVxfg== ) + +20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160225083237 29600 example.com. + CPx6000z5m1zUUpVhki1u9U7P/WMr7PUJAk3 + G0w3v+/Lw56mDzYzNuTpPzS0noe0LKuecqRu + m99KpLyLOx+9QA== ) +UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 RRSIG NSEC3 7 3 86400 ( + 20840201000000 20160225083237 29600 example.com. + m2z+hx+8hTA7Phu6QzGJrq+o4MiURpda3fYm + 0wTDmXtfPKsHmojGr3kBlvUMg16s2gpvNyCL + MSlnJ+7KCkI+Mw== ) diff --git a/tests/knot/semantic_check_data/nsec_broken_chain_01.signed b/tests/knot/semantic_check_data/nsec_broken_chain_01.signed new file mode 100644 index 0000000..cb41dce --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_broken_chain_01.signed @@ -0,0 +1,72 @@ +; not coherent NSEC chain +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC example.com. A RRSIG NSEC +www.example.com. 86400 NSEC example.com. A RRSIG NSEC + +; signatures for NSECs +example.com. 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224082919 29600 example.com. + FHLUUQTvnVboNzGoQVLpwQAcB+fUEF5xQqMQ + oKhE86sdvlQUiEfUpv2PJ9y3YfXHeYxJUtvm + cY14UkYqsdP3fA== ) +dns1.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + FDPJTLixRBZtMFLqk5wfYTSLnLMZiLtN7uTA + COEqyphK33oW+7XJzfG6ADvwGewY4hTCPQkk + cEg+DBI7qZ88NA== ) +www.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + FDPJTLixRBZtMFLqk5wfYTSLnLMZiLtN7uTA + COEqyphK33oW+7XJzfG6ADvwGewY4hTCPQkk + cEg+DBI7qZ88NA== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + xJIoENJ4d24FIVd9ZSGpQlcWN4zuriU90r/H + +ufcM2qtWcOGR1M1LVNIAWEVJEcD2dBGA2w1 + B7Cx+BILQRev8w== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + vBffD+/kBuxUHfeXKYBVYxeMIbuW5f8BstRM + XJnC1GTGfdNvb8NknHuv5fEytBmnnpH6f9pC + iWLeZzFR1+aJBA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + LMyY8+vWsFB7CziWt8rnR5jfg4Loe/xzy4TQ + /ITEDbz5pkoadG+0mqTHQ0F5XCe6ZJPamcyr + kcMw0GqUzOVb9w== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 31323 example.com. + tpHcGRuIkul47hHXVpNAOL48c5YYMsaIJkFE + rlQi9wU4TCiukdJkLuPk7ykk9XrxbiCB/FwD + o63Vcqyy3gZfvA== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + HlfZThngg+1xglDUh8kjDtzVn5D5a9T3emMt + Uxfryu9va7bj+xoK4gLADGau69GCZxJNSvwK + TAGEqGRYFSY9Ew== ) +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + FLR8e2k6u7dhQA1xZ3YMxkvuktoydXC+ZNwl + xzW9hLpF3oKoqqY/V+kw7m2OMgnOEu2jWN4Q + EETdmMeQzkiuNw== ) diff --git a/tests/knot/semantic_check_data/nsec_broken_chain_02.signed b/tests/knot/semantic_check_data/nsec_broken_chain_02.signed new file mode 100644 index 0000000..5c5f004 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_broken_chain_02.signed @@ -0,0 +1,65 @@ +; not coherent NSEC chain +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC www.example.com. A RRSIG NSEC +www.example.com. 86400 NSEC www.example.com. A RRSIG NSEC + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008171141 31772 example.com. + Qwf3qgLbSvE4PmUVU8rpIASe0v1T1K0ie3Lw + g+6o3tpBS8vWcmHMUiKns/6rAvoum7vHQRmO + dH7X3Pp1/X3xCw== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008171141 31772 example.com. + 92/D4j7CUCKkykxMzdjfJoaNrMwO93OQtZlB + APsfcEyYl+W0sSnow/2RgYvKfX+kdcmp5VXD + vQxTGC0VqdMwCQ== ) + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008171141 31772 example.com. + shdsucYBfD8/zV1h1QgUBiC7VgYdFxFEcF1k + FQfY+UHkfD/AyOkiFPQxysimgzqJn2/z5Q+v + GT1CzzzemgzoXw== ) + 3600 DNSKEY 256 3 13 ( + /4RnFpCmaYIIrL/zP1T6LvfhXdpun0ZyYDKL + ho0zuUD+RMDe31IQCzr9AuSn1BAIQWIunxFs + EaTSlvpiUd+CAg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 31772 + 3600 DNSKEY 257 3 13 ( + /KEwa6qUWHdkpEMGX55UaIvl7do5l2IADCDq + iNnawoCLu7Tm4MU6ylzYS1htz1mTd8Zcuzl0 + gkRe4FXwOmOzvQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 14119 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008171141 14119 example.com. + FPftK2atu4GMOspSR24p5iIvmq2VKgPJMUTu + 5RiwflEf8UgD7s2WFe7A6/JLurwEhqa/313T + eEURk7m313h4jQ== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008171141 31772 example.com. + +Xvcx4bZ536B8DtNwzurqmPPoDVdtS5nlRhQ + pMZ+OLsHECDnFaI50dSw4F1/c3DERz1ktM0+ + QCC96MZ7QdAYQw== ) + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008171141 31772 example.com. + 64MPHHZG8wrbAtk+LY/5ISicI1vU7V19q9lF + wOm0mcpvoBERyDwadgZpmHsvin1sRt/LZYDr + iBKxcnaviHfULg== ) +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008171141 31772 example.com. + +/+14BFYf5Iq9IIeX1Oz5XqxsaPaw3T6PTPH + neJz6N9QhnI6aKkGZFYBuqY0Zhmcr52zbhPi + 1yZAUTP7OvouhA== ) + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008171141 31772 example.com. + fPqL9hFml35JLmfX3MA32hMnMhh9UA1Mc2OZ + nY+0j4wTtVR0PVMWHOv9UaULzTCM+5mlpFXm + nRUMj8sMTGzFzw== ) diff --git a/tests/knot/semantic_check_data/nsec_missing.signed b/tests/knot/semantic_check_data/nsec_missing.signed new file mode 100644 index 0000000..e901607 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_missing.signed @@ -0,0 +1,67 @@ +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC example.com. A RRSIG NSEC +; missing NSEC for www.example.com. + +; signatures for NSECs +example.com. 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224082919 29600 example.com. + FHLUUQTvnVboNzGoQVLpwQAcB+fUEF5xQqMQ + oKhE86sdvlQUiEfUpv2PJ9y3YfXHeYxJUtvm + cY14UkYqsdP3fA== ) +dns1.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + GF3mqBf6Ny481XSbEor1uTzQZtT2DSA/3jU2 + ZcLXXhlmHG3nI/PB49lG+17O83rDrbhcYc8G + cHEbLIGNr/6+Mw== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + xJIoENJ4d24FIVd9ZSGpQlcWN4zuriU90r/H + +ufcM2qtWcOGR1M1LVNIAWEVJEcD2dBGA2w1 + B7Cx+BILQRev8w== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + vBffD+/kBuxUHfeXKYBVYxeMIbuW5f8BstRM + XJnC1GTGfdNvb8NknHuv5fEytBmnnpH6f9pC + iWLeZzFR1+aJBA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + LMyY8+vWsFB7CziWt8rnR5jfg4Loe/xzy4TQ + /ITEDbz5pkoadG+0mqTHQ0F5XCe6ZJPamcyr + kcMw0GqUzOVb9w== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 31323 example.com. + tpHcGRuIkul47hHXVpNAOL48c5YYMsaIJkFE + rlQi9wU4TCiukdJkLuPk7ykk9XrxbiCB/FwD + o63Vcqyy3gZfvA== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + HlfZThngg+1xglDUh8kjDtzVn5D5a9T3emMt + Uxfryu9va7bj+xoK4gLADGau69GCZxJNSvwK + TAGEqGRYFSY9Ew== ) + +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + FLR8e2k6u7dhQA1xZ3YMxkvuktoydXC+ZNwl + xzW9hLpF3oKoqqY/V+kw7m2OMgnOEu2jWN4Q + EETdmMeQzkiuNw== ) diff --git a/tests/knot/semantic_check_data/nsec_multiple.signed b/tests/knot/semantic_check_data/nsec_multiple.signed new file mode 100644 index 0000000..0cd6aec --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_multiple.signed @@ -0,0 +1,66 @@ +; not coherent NSEC chain +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC www.example.com. A RRSIG NSEC +www.example.com. 86400 NSEC example.com. A RRSIG NSEC +www.example.com. 86400 NSEC www.example.com. A RRSIG NSEC + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008170543 19445 example.com. + dEcgYVtA8cRE8ErOZGO/aaMat99+KuJdKoDc + 0+8fauQ3dcTUHVg2I+v4hdizjlmAJzGXJN+7 + 6ssZgcvXCnWOsQ== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008170543 19445 example.com. + 2OEk6Lpt+1c58vnCEHBrV7//7gyoo1bGJSHo + k+oWaF9Uh07XVkVWznq6mmCErqukUPLnW1Bn + rysjk4i5Yflqkg== ) + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008170543 19445 example.com. + icB72dzHg9d9klcTL/mW53mGIX6KzF0GLWUt + DKLCcu2Ailyp3kdM64dyJxRYTr7F7KfxyHi4 + 3KJtphYNEA6ZWA== ) + 3600 DNSKEY 256 3 13 ( + H1roLYze5AZ+ouWMduBJtoJ8N5BPFdF3n6Pv + +Nfw5bNHUtCzgvMhmtX2gcRlmZ70Ycv1C/U+ + mCvLWVdfJm08lA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 19445 + 3600 DNSKEY 257 3 13 ( + MSWkrHjEr7zi143oQdRthBBzl70MXeILunB7 + 8j55a5a9+Q39YKaIiRM4zyCV6WTXpm9H6eOS + RRgdQqGNL1gsKQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 23836 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008170543 23836 example.com. + ejlk2L0CVBWuAxr1g+qivdvyIXqzp3+9U0tu + a2geLUtaVx8ErYnIvUug15S54g75+lZoZ1uK + l2WFWuy751kIsw== ) +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008170543 19445 example.com. + 8k4wk4+kCs1kO3+8sL6zZdpkHw0U58oua/Ur + C8CHo6TjlLx/jRrLdQKcFy5H7gBMcJY76SDs + mT91HuWH+BpwNA== ) + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008170543 19445 example.com. + 3XbwYx32/Y8sLtQ+dW1lg+s1eaOSZlmkdJeO + IsLOAF6U9kq/2zrUTYCtFBMfqs5yYDEISK6X + W5UfBBdFRdYzgw== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201008170543 19445 example.com. + DDTolVJ5Mxfm8srRVi/SRu0+5y3OBTQCVFuQ + ywdv4IahQoE11pjXRCBUXvroTeDgoHrmD7PD + b1aIBxHLiC/2pg== ) + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008170543 19445 example.com. + DDhuGYMEij4vbJZlscX3os8qj/wgq55w63jc + 8mPr/LquDr6o6lrEYdcnZl4Rz22snnF2+po1 + 3SEjRSJ0ROmTbw== ) diff --git a/tests/knot/semantic_check_data/nsec_wrong_bitmap_01.signed b/tests/knot/semantic_check_data/nsec_wrong_bitmap_01.signed new file mode 100644 index 0000000..058a0a3 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_wrong_bitmap_01.signed @@ -0,0 +1,73 @@ +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC www.example.com. A RRSIG NSEC + +; extra AAAA type in NSEC bitmap +www.example.com. 86400 NSEC example.com. A RRSIG NSEC AAAA +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + FLR8e2k6u7dhQA1xZ3YMxkvuktoydXC+ZNwl + xzW9hLpF3oKoqqY/V+kw7m2OMgnOEu2jWN4Q + EETdmMeQzkiuNw== ) + +; signatures for NSECs +example.com. 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224082919 29600 example.com. + FHLUUQTvnVboNzGoQVLpwQAcB+fUEF5xQqMQ + oKhE86sdvlQUiEfUpv2PJ9y3YfXHeYxJUtvm + cY14UkYqsdP3fA== ) +dns1.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + GF3mqBf6Ny481XSbEor1uTzQZtT2DSA/3jU2 + ZcLXXhlmHG3nI/PB49lG+17O83rDrbhcYc8G + cHEbLIGNr/6+Mw== ) +www.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + FDPJTLixRBZtMFLqk5wfYTSLnLMZiLtN7uTA + COEqyphK33oW+7XJzfG6ADvwGewY4hTCPQkk + cEg+DBI7qZ88NA== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + xJIoENJ4d24FIVd9ZSGpQlcWN4zuriU90r/H + +ufcM2qtWcOGR1M1LVNIAWEVJEcD2dBGA2w1 + B7Cx+BILQRev8w== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + vBffD+/kBuxUHfeXKYBVYxeMIbuW5f8BstRM + XJnC1GTGfdNvb8NknHuv5fEytBmnnpH6f9pC + iWLeZzFR1+aJBA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + LMyY8+vWsFB7CziWt8rnR5jfg4Loe/xzy4TQ + /ITEDbz5pkoadG+0mqTHQ0F5XCe6ZJPamcyr + kcMw0GqUzOVb9w== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 31323 example.com. + tpHcGRuIkul47hHXVpNAOL48c5YYMsaIJkFE + rlQi9wU4TCiukdJkLuPk7ykk9XrxbiCB/FwD + o63Vcqyy3gZfvA== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + HlfZThngg+1xglDUh8kjDtzVn5D5a9T3emMt + Uxfryu9va7bj+xoK4gLADGau69GCZxJNSvwK + TAGEqGRYFSY9Ew== ) diff --git a/tests/knot/semantic_check_data/nsec_wrong_bitmap_02.signed b/tests/knot/semantic_check_data/nsec_wrong_bitmap_02.signed new file mode 100644 index 0000000..dafdc92 --- /dev/null +++ b/tests/knot/semantic_check_data/nsec_wrong_bitmap_02.signed @@ -0,0 +1,73 @@ +example.com. 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY +dns1.example.com. 86400 NSEC www.example.com. A RRSIG NSEC + +; missing A type in NSEC bitmap +www.example.com. 86400 NSEC example.com. RRSIG NSEC +www.example.com. 3600 IN A 192.0.2.2 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + FLR8e2k6u7dhQA1xZ3YMxkvuktoydXC+ZNwl + xzW9hLpF3oKoqqY/V+kw7m2OMgnOEu2jWN4Q + EETdmMeQzkiuNw== ) + +; signatures for NSECs +example.com. 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160224082919 29600 example.com. + FHLUUQTvnVboNzGoQVLpwQAcB+fUEF5xQqMQ + oKhE86sdvlQUiEfUpv2PJ9y3YfXHeYxJUtvm + cY14UkYqsdP3fA== ) +dns1.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + GF3mqBf6Ny481XSbEor1uTzQZtT2DSA/3jU2 + ZcLXXhlmHG3nI/PB49lG+17O83rDrbhcYc8G + cHEbLIGNr/6+Mw== ) +www.example.com. 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160224082919 29600 example.com. + FDPJTLixRBZtMFLqk5wfYTSLnLMZiLtN7uTA + COEqyphK33oW+7XJzfG6ADvwGewY4hTCPQkk + cEg+DBI7qZ88NA== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + xJIoENJ4d24FIVd9ZSGpQlcWN4zuriU90r/H + +ufcM2qtWcOGR1M1LVNIAWEVJEcD2dBGA2w1 + B7Cx+BILQRev8w== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + vBffD+/kBuxUHfeXKYBVYxeMIbuW5f8BstRM + XJnC1GTGfdNvb8NknHuv5fEytBmnnpH6f9pC + iWLeZzFR1+aJBA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 29600 example.com. + LMyY8+vWsFB7CziWt8rnR5jfg4Loe/xzy4TQ + /ITEDbz5pkoadG+0mqTHQ0F5XCe6ZJPamcyr + kcMw0GqUzOVb9w== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160224082919 31323 example.com. + tpHcGRuIkul47hHXVpNAOL48c5YYMsaIJkFE + rlQi9wU4TCiukdJkLuPk7ykk9XrxbiCB/FwD + o63Vcqyy3gZfvA== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160224082919 29600 example.com. + HlfZThngg+1xglDUh8kjDtzVn5D5a9T3emMt + Uxfryu9va7bj+xoK4gLADGau69GCZxJNSvwK + TAGEqGRYFSY9Ew== ) diff --git a/tests/knot/semantic_check_data/rrsig_rdata_ttl.signed b/tests/knot/semantic_check_data/rrsig_rdata_ttl.signed new file mode 100644 index 0000000..28b118c --- /dev/null +++ b/tests/knot/semantic_check_data/rrsig_rdata_ttl.signed @@ -0,0 +1,52 @@ +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008172615 16105 example.com. + UkbSKt1soIfnM7ZkNAfOcS4D3eHBzMQOef1d + bFK+ne+MtJsKEGM9brUD23v0f0CdvteVkeNS + 2oRrfrb3avZ08A== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008172615 16105 example.com. + Mu/BsXIC10V5uRFUGR42/ntmT5eYt4192AQe + a5zdWnLo7A3GYHlPcOcZRMdqvsa3SAPOK2Br + UmFkHsWTawhWJQ== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008172615 16105 example.com. + IexJzu8x2GxGzGrWlceYZmUbry2D+E67py6B + /7j2K5IPjNQVGKbItfvqjQTUm+eVrdcwFbyK + iiEuVeU7qG5hIw== ) + 3600 DNSKEY 256 3 13 ( + tGxruia7b3JYm32MDdFLYX1M1e44DQJmXpVM + EWDjcNulSNY5sWR/zgDzhqiQSKEKCFolwhB/ + MFVIF71WNjE65Q== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 16105 + 3600 DNSKEY 257 3 13 ( + 24gAMJg6uXIBEdWkrAXmwP6znng79lTelLDg + WxeHbXriSxVPLSTYxrp7SO1FUi2N03v1RXcn + 5jONJdQYlxLtSg== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 17031 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008172615 17031 example.com. + Tm4MkXCDkavltvRYnEp/enJzzjyjX3EgI8yY + OF2VuJY8uQHD0/uzZF3JTmXj7pkGShAUpFKI + Uzn5e3jrGqtMGA== ) +dns1.example.com. 3600 IN A 192.0.2.1 +; wrong RRSIG original-ttl + 3600 RRSIG A 13 3 600 ( + 20601231235959 20201008172615 16105 example.com. + 7J01Zyly+ky0F94kfaDtERQDVyxhHexzqETa + qgsemJkH0pP9FKsEY/dTkeZUwCY4EFZeps7C + AOKyGTKdqR5N7Q== ) + 86400 NSEC example.com. A RRSIG NSEC + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008172615 16105 example.com. + 0evb+3+rXrrx0f8Za//w6q2acUZPvYbW+Ezj + BoJFvwBYHrhyiiVHlfUzmr/jJh9cTEdxPnL3 + ow6ZUsfF0HJ4hg== ) diff --git a/tests/knot/semantic_check_data/rrsig_signed.signed b/tests/knot/semantic_check_data/rrsig_signed.signed new file mode 100644 index 0000000..2798026 --- /dev/null +++ b/tests/knot/semantic_check_data/rrsig_signed.signed @@ -0,0 +1,62 @@ +dns1.example.com. 86400 RRSIG RRSIG 7 3 86400 ( + 20840201000000 20160201000000 29600 example.com. + DummySignatureDEADBEEF8ijooV1IMfEtki + kLbaIvFcgZbPvTnXXHyesHO2OPiRsc7zF576 + Z6prBT8CkMM7bw== ) + +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 7 2 3600 ( + 20840201000000 20160201000000 29600 example.com. + kINKkWiBvb9Dpb0vghlLhXyObSzsYYNsOqe9 + pWJN4lI4F2O3T6biPTQPsq3mYMR+6x9gPr6v + ysEPHlGtLdTLag== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 7 2 3600 ( + 20840201000000 20160201000000 29600 example.com. + LkagMndC+wJGlQycPDvNmCZ0/QuBB7Zo4UVZ + He5jzQrE3Hnq8tn+/QfJ/yn62qCZ87DETwTT + rGaLqOTYRb1isg== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 7 2 86400 ( + 20840201000000 20160201000000 29600 example.com. + YDJ1tQvNlv8Y7cGioq8nkbaETx7wmyJKqa0B + 8hDLClYA4nf9UtyVXqZCISa2PlgRdBc5GEEh + U5BuLr4wYXqEFA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz + oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35 + MFwieWYfDdgUnPxyKMM= + ) ; ZSK; alg = NSEC3RSASHA1; key id = 29600 + 3600 DNSKEY 257 3 7 ( + AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04 + exG41EtzILS2waabEM5byhRkoylbv91q6HY+ + JH9YXitS21LMD0Hqp1s= + ) ; KSK; alg = NSEC3RSASHA1; key id = 31323 + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160201000000 29600 example.com. + FPOm8y3e09jh0fv0ZaOecWbdIXDAoERVKdjz + qsg1Etop1n6nDhO/lW3pwOUe02Zq2vretu2W + DozlDr5E6ZoqPA== ) + 3600 RRSIG DNSKEY 7 2 3600 ( + 20840201000000 20160201000000 31323 example.com. + cZTevjvA8UO9Tqet/pbsN0Peep6aN8heyxMK + XP/Twsj4u0DeClKeIN7pd7Gi7Aac/UV2dev/ + x/90SM22VQVpeQ== ) +dns1.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 7 3 3600 ( + 20840201000000 20160201000000 29600 example.com. + f24sVhH1P/0mEMYTMbFLrWmJtl6kqZF6yzaS + TcyK6JhVM4sDT//YnjizJGsTVGSCelz3FxMj + LdiUm9AD05uY6A== ) + 86400 NSEC example.com. A RRSIG NSEC + 86400 RRSIG NSEC 7 3 86400 ( + 20840201000000 20160201000000 29600 example.com. + FgQ4VD1yDeA+uvJ+o8e1F28ijooV1IMfEtki + kLbaIvFcgZbPvTnXXHyesHO2OPiRsc7zF576 + Z6prBT8CkMM7bw== ) diff --git a/tests/knot/semantic_check_data/rrsig_ttl.signed b/tests/knot/semantic_check_data/rrsig_ttl.signed new file mode 100644 index 0000000..1aeef78 --- /dev/null +++ b/tests/knot/semantic_check_data/rrsig_ttl.signed @@ -0,0 +1,52 @@ +example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. ( + 2010111220 ; serial + 21600 ; refresh (6 hours) + 3600 ; retry (1 hour) + 604800 ; expire (1 week) + 86400 ; minimum (1 day) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201008165912 34876 example.com. + NaUbzn4tb3bsVI4O2YgrefFtZPJSYlLKbVKB + HyIqwfQjwdkbIKZ5tqH/IGJagvj8oxeStwF/ + vEoG9c/o/MNs4g== ) + 3600 NS dns1.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201008165912 34876 example.com. + YZqxQKpj3kxfRHxoQda1z9JD9nmX8uNJTBGV + qdMMU3cPOVamTzOqymseQYjBPaaeoxL1kyqk + K2w/ixOUCFp8qg== ) + 86400 NSEC dns1.example.com. NS SOA RRSIG NSEC DNSKEY + 86400 RRSIG NSEC 13 2 86400 ( + 20601231235959 20201008165912 34876 example.com. + 88QLNDpFWd2FIag2vcKGvY1HQFVeOaRIiMU5 + 2VZfLFOPBmuTniTcnPvCt76i5ObPVsWdwJhM + /7NVMxoRPfMC1w== ) + 3600 DNSKEY 256 3 13 ( + 9+7buhxES5wZQZ54+O1qQGuRcKz3P3URZwws + 30CacknPsdcWAy7RN1yYmUjP80geUrxJVQt3 + boo1BwFW4Rnnsg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 34876 + 3600 DNSKEY 257 3 13 ( + eYNrBYFUn5JIhTlS3N0i2aFj1YE8127h3tlb + VJP9JAfMMxQT+Mg6lwDpUa0oQkNFbEoHhqrD + 0pcMvp4VeMgJ7g== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 36952 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201008165912 36952 example.com. + AVF7u7FzDx2ORApl74nP2hcJd4Szs1o1LXH5 + OWe6JULh80kITEb9zogpCryQu41bYSZYuxMk + yeblfo1OEI2DZg== ) +dns1.example.com. 3600 IN A 192.0.2.1 +; TTL of RRSIG differs from original-ttl + 600 RRSIG A 13 3 3600 ( + 20601231235959 20201008165912 34876 example.com. + +PPg6tDZVS2mbxWXOtVEYTQtjK+CkwRk/WFZ + dWgX3rzHPQ9AIexC9vKbXdont3s0xdHpcV/8 + +Sf+N2h44ZTwMQ== ) + 86400 NSEC example.com. A RRSIG NSEC + 86400 RRSIG NSEC 13 3 86400 ( + 20601231235959 20201008165912 34876 example.com. + OCjWQ/5e4SUIWgR84IJLlghKyuowctiZ+b0q + eXB0o2qpcWoX6wfxzMlYxGtpgyq3OWKF+R8H + UBVCdT+qBt5VOA== ) |