1eaad808eSchristos; config options 2eaad808eSchristos; The island of trust is at example.com 3eaad808eSchristosserver: 4eaad808eSchristos trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5eaad808eSchristos val-override-date: "20070916134226" 6eaad808eSchristos target-fetch-policy: "0 0 0 0 0" 7*d6959bcfSchristos qname-minimisation: "no" 8762909a6Schristos fake-sha1: yes 9762909a6Schristos trust-anchor-signaling: no 10eaad808eSchristos 11eaad808eSchristosstub-zone: 12eaad808eSchristos name: "." 13eaad808eSchristos stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 14eaad808eSchristosCONFIG_END 15eaad808eSchristos 16eaad808eSchristosSCENARIO_BEGIN Test validator with nxdomain NSEC3 several parameters. 17eaad808eSchristos 18eaad808eSchristos; K.ROOT-SERVERS.NET. 19eaad808eSchristosRANGE_BEGIN 0 100 20eaad808eSchristos ADDRESS 193.0.14.129 21eaad808eSchristosENTRY_BEGIN 22eaad808eSchristosMATCH opcode qtype qname 23eaad808eSchristosADJUST copy_id 24eaad808eSchristosREPLY QR NOERROR 25eaad808eSchristosSECTION QUESTION 26eaad808eSchristos. IN NS 27eaad808eSchristosSECTION ANSWER 28eaad808eSchristos. IN NS K.ROOT-SERVERS.NET. 29eaad808eSchristosSECTION ADDITIONAL 30eaad808eSchristosK.ROOT-SERVERS.NET. IN A 193.0.14.129 31eaad808eSchristosENTRY_END 32eaad808eSchristos 33eaad808eSchristosENTRY_BEGIN 34eaad808eSchristosMATCH opcode qtype qname 35eaad808eSchristosADJUST copy_id 36eaad808eSchristosREPLY QR NOERROR 37eaad808eSchristosSECTION QUESTION 38eaad808eSchristoswww.example.com. IN A 39eaad808eSchristosSECTION AUTHORITY 40eaad808eSchristoscom. IN NS a.gtld-servers.net. 41eaad808eSchristosSECTION ADDITIONAL 42eaad808eSchristosa.gtld-servers.net. IN A 192.5.6.30 43eaad808eSchristosENTRY_END 44eaad808eSchristosRANGE_END 45eaad808eSchristos 46eaad808eSchristos; a.gtld-servers.net. 47eaad808eSchristosRANGE_BEGIN 0 100 48eaad808eSchristos ADDRESS 192.5.6.30 49eaad808eSchristosENTRY_BEGIN 50eaad808eSchristosMATCH opcode qtype qname 51eaad808eSchristosADJUST copy_id 52eaad808eSchristosREPLY QR NOERROR 53eaad808eSchristosSECTION QUESTION 54eaad808eSchristoscom. IN NS 55eaad808eSchristosSECTION ANSWER 56eaad808eSchristoscom. IN NS a.gtld-servers.net. 57eaad808eSchristosSECTION ADDITIONAL 58eaad808eSchristosa.gtld-servers.net. IN A 192.5.6.30 59eaad808eSchristosENTRY_END 60eaad808eSchristos 61eaad808eSchristosENTRY_BEGIN 62eaad808eSchristosMATCH opcode qtype qname 63eaad808eSchristosADJUST copy_id 64eaad808eSchristosREPLY QR NOERROR 65eaad808eSchristosSECTION QUESTION 66eaad808eSchristoswww.example.com. IN A 67eaad808eSchristosSECTION AUTHORITY 68eaad808eSchristosexample.com. IN NS ns.example.com. 69eaad808eSchristosSECTION ADDITIONAL 70eaad808eSchristosns.example.com. IN A 1.2.3.4 71eaad808eSchristosENTRY_END 72eaad808eSchristosRANGE_END 73eaad808eSchristos 74eaad808eSchristos; ns.example.com. 75eaad808eSchristosRANGE_BEGIN 0 100 76eaad808eSchristos ADDRESS 1.2.3.4 77eaad808eSchristosENTRY_BEGIN 78eaad808eSchristosMATCH opcode qtype qname 79eaad808eSchristosADJUST copy_id 80eaad808eSchristosREPLY QR NOERROR 81eaad808eSchristosSECTION QUESTION 82eaad808eSchristosexample.com. IN NS 83eaad808eSchristosSECTION ANSWER 84eaad808eSchristosexample.com. IN NS ns.example.com. 85eaad808eSchristosexample.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 86eaad808eSchristosSECTION ADDITIONAL 87eaad808eSchristosns.example.com. IN A 1.2.3.4 88eaad808eSchristosns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 89eaad808eSchristosENTRY_END 90eaad808eSchristos 91eaad808eSchristos; response to DNSKEY priming query 92eaad808eSchristosENTRY_BEGIN 93eaad808eSchristosMATCH opcode qtype qname 94eaad808eSchristosADJUST copy_id 95eaad808eSchristosREPLY QR NOERROR 96eaad808eSchristosSECTION QUESTION 97eaad808eSchristosexample.com. IN DNSKEY 98eaad808eSchristosSECTION ANSWER 99eaad808eSchristosexample.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 100eaad808eSchristosexample.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 101eaad808eSchristosSECTION AUTHORITY 102eaad808eSchristosexample.com. IN NS ns.example.com. 103eaad808eSchristosexample.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 104eaad808eSchristosSECTION ADDITIONAL 105eaad808eSchristosns.example.com. IN A 1.2.3.4 106eaad808eSchristosns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 107eaad808eSchristosENTRY_END 108eaad808eSchristos 109eaad808eSchristos; response to query of interest 110eaad808eSchristosENTRY_BEGIN 111eaad808eSchristosMATCH opcode qtype qname 112eaad808eSchristosADJUST copy_id 113eaad808eSchristosREPLY QR NXDOMAIN 114eaad808eSchristosSECTION QUESTION 115eaad808eSchristoswww.example.com. IN A 116eaad808eSchristosSECTION ANSWER 117eaad808eSchristosSECTION AUTHORITY 118eaad808eSchristosexample.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 119eaad808eSchristosexample.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} 120eaad808eSchristos 121eaad808eSchristos; closest encloser, H(example.com). 122eaad808eSchristos6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG 123eaad808eSchristos6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} 124eaad808eSchristos 125eaad808eSchristos; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub 126eaad808eSchristos4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG 127eaad808eSchristos4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} 128eaad808eSchristos 129eaad808eSchristos; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. 130eaad808eSchristoss1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG 131eaad808eSchristoss1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} 132eaad808eSchristos 133eaad808eSchristosENTRY_END 134eaad808eSchristosRANGE_END 135eaad808eSchristos 136eaad808eSchristosSTEP 1 QUERY 137eaad808eSchristosENTRY_BEGIN 138eaad808eSchristosREPLY RD DO 139eaad808eSchristosSECTION QUESTION 140eaad808eSchristoswww.example.com. IN A 141eaad808eSchristosENTRY_END 142eaad808eSchristos 143eaad808eSchristos; recursion happens here. 144eaad808eSchristosSTEP 10 CHECK_ANSWER 145eaad808eSchristosENTRY_BEGIN 146eaad808eSchristosMATCH all 147eaad808eSchristosREPLY QR RD RA DO NXDOMAIN 148eaad808eSchristosSECTION QUESTION 149eaad808eSchristoswww.example.com. IN A 150eaad808eSchristosSECTION ANSWER 151eaad808eSchristosSECTION AUTHORITY 152eaad808eSchristosexample.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 153eaad808eSchristosexample.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} 154eaad808eSchristos6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG 155eaad808eSchristos6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} 156eaad808eSchristos4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG 157eaad808eSchristos4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} 158eaad808eSchristoss1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG 159eaad808eSchristoss1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} 160eaad808eSchristos 161eaad808eSchristosSECTION ADDITIONAL 162eaad808eSchristosENTRY_END 163eaad808eSchristos 164eaad808eSchristosSCENARIO_END 165