1; config options 2; The island of trust is at example.com 3server: 4 trust-anchor: "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 trust-anchor-signaling: no 9 minimal-responses: no 10 rrset-roundrobin: no 11 ede: yes 12 log-servfail: yes 13 14stub-zone: 15 name: "." 16 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 17CONFIG_END 18 19SCENARIO_BEGIN Test validator with scrub of RR for inappropriate length 20 21; K.ROOT-SERVERS.NET. 22RANGE_BEGIN 0 100 23 ADDRESS 193.0.14.129 24ENTRY_BEGIN 25MATCH opcode qtype qname 26ADJUST copy_id 27REPLY QR NOERROR 28SECTION QUESTION 29. IN NS 30SECTION ANSWER 31. IN NS K.ROOT-SERVERS.NET. 32SECTION ADDITIONAL 33K.ROOT-SERVERS.NET. IN A 193.0.14.129 34ENTRY_END 35 36ENTRY_BEGIN 37MATCH opcode qtype qname 38ADJUST copy_id 39REPLY QR NOERROR 40SECTION QUESTION 41www.example.com. IN A 42SECTION AUTHORITY 43com. IN NS a.gtld-servers.net. 44SECTION ADDITIONAL 45a.gtld-servers.net. IN A 192.5.6.30 46ENTRY_END 47RANGE_END 48 49; a.gtld-servers.net. 50RANGE_BEGIN 0 100 51 ADDRESS 192.5.6.30 52ENTRY_BEGIN 53MATCH opcode qtype qname 54ADJUST copy_id 55REPLY QR NOERROR 56SECTION QUESTION 57com. IN NS 58SECTION ANSWER 59com. IN NS a.gtld-servers.net. 60SECTION ADDITIONAL 61a.gtld-servers.net. IN A 192.5.6.30 62ENTRY_END 63 64ENTRY_BEGIN 65MATCH opcode qtype qname 66ADJUST copy_id 67REPLY QR NOERROR 68SECTION QUESTION 69www.example.com. IN A 70SECTION AUTHORITY 71example.com. IN NS ns.example.com. 72SECTION ADDITIONAL 73ns.example.com. IN A 1.2.3.4 74ENTRY_END 75RANGE_END 76 77; ns.example.com. 78RANGE_BEGIN 0 100 79 ADDRESS 1.2.3.4 80ENTRY_BEGIN 81MATCH opcode qtype qname 82ADJUST copy_id 83REPLY QR NOERROR 84SECTION QUESTION 85example.com. IN NS 86SECTION ANSWER 87example.com. IN NS ns.example.com. 88example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= 89SECTION ADDITIONAL 90ns.example.com. IN A 1.2.3.4 91ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= 92ENTRY_END 93 94; response to DNSKEY priming query 95ENTRY_BEGIN 96MATCH opcode qtype qname 97ADJUST copy_id 98REPLY QR NOERROR 99SECTION QUESTION 100example.com. IN DNSKEY 101SECTION ANSWER 102example.com. IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} 103example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 55566 example.com. Ni7Q17l2dzKcAnHdU3Mycpdwo0I6qgGxRvBhBNI43xIUFHJpgKpbeMFxKvVTkbwHyMPMIuHmOaC82IBhOpGD10SExVh4erQhWS3Hvl+m4Cwl3WI9N+AW6CTB9yj+d4xzX3bHjjBt6MSk4bU8ABR7qIoAjgjY7zdtUDWQlaM+d18= 104SECTION AUTHORITY 105example.com. IN NS ns.example.com. 106example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= 107SECTION ADDITIONAL 108ns.example.com. IN A 1.2.3.4 109ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= 110ENTRY_END 111 112ENTRY_BEGIN 113MATCH opcode qtype qname 114ADJUST copy_id 115REPLY QR AA NOERROR 116SECTION QUESTION 117ns.example.com. IN AAAA 118SECTION AUTHORITY 119example.com. IN NS ns.example.com. 120example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= 121SECTION ADDITIONAL 122ns.example.com. IN A 1.2.3.4 123ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= 124ENTRY_END 125 126; response to query of interest 127ENTRY_BEGIN 128MATCH opcode qtype qname 129ADJUST copy_id 130REPLY QR NOERROR 131SECTION QUESTION 132www.example.com. IN A 133SECTION ANSWER 134www.example.com. IN A 10.20.30.40 135www.example.com. IN A \# 5 0102030405 136; RRSIG includes the malformed record. 137www.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. W4WFu9B81uRvp3Dj8uLIscypznKWuLuKrZqVg1on5/45/3/xyjHvj3TjTL3gruWFXPiQpldvOstXLZ5eN3OpqILdkVey0eqVATujpHwIruY6GWztVx5WptmFfK6E6zzshZ3RmAARqq/czQ+IZli2A9xixdY2H0o1dSU6gohEjjE= 138SECTION AUTHORITY 139example.com. IN NS ns.example.com. 140example.com. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8= 141SECTION ADDITIONAL 142ns.example.com. IN A 1.2.3.4 143ns.example.com. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as= 144ENTRY_END 145RANGE_END 146 147STEP 1 QUERY 148ENTRY_BEGIN 149REPLY RD DO 150SECTION QUESTION 151www.example.com. IN A 152ENTRY_END 153 154; recursion happens here. 155STEP 10 CHECK_ANSWER 156ENTRY_BEGIN 157MATCH all ede=0 158REPLY QR RD RA DO SERVFAIL 159SECTION QUESTION 160www.example.com. IN A 161SECTION ANSWER 162ENTRY_END 163 164SCENARIO_END 165