Tree @c2ee7321-09a1-4ac6-a786-53e54f2790b2/main (Download .tar.gz)
- ..
- 00-lint.tdir
- 01-doc.tdir
- 02-unittest.tdir
- 03-testbound.tdir
- 04-checkconf.tdir
- 05-asynclook.tdir
- 06-ianaports.tdir
- 07-confroot.tdir
- 08-host-lib.tdir
- 09-unbound-control.tdir
- 10-unbound-anchor.tdir
- auth_axfr.tdir
- auth_https.tdir
- clang-analysis.tdir
- ctrl_itr.tdir
- ctrl_pipe.tdir
- dnscrypt_cert.tdir
- dnscrypt_cert_chacha.tdir
- dnstap.tdir
- dnstap_reconnect.tdir
- dnstap_tcp.tdir
- dnstap_tls.tdir
- dnstap_tls_badcert.tdir
- dnstap_tls_badname.tdir
- dnstap_tls_clientauth.tdir
- dnstap_tls_peername.tdir
- doh_downstream.tdir
- doh_downstream_buffer_size.tdir
- doh_downstream_endpoint.tdir
- doh_downstream_notls.tdir
- doh_downstream_post.tdir
- dynlibmod.tdir
- edns_cache.tdir
- fwd_ancil.tdir
- fwd_bogus.tdir
- fwd_capsid.tdir
- fwd_capsid_fallback.tdir
- fwd_capsid_strip.tdir
- fwd_capsid_white.tdir
- fwd_compress_c00c.tdir
- fwd_edns_bksec.tdir
- fwd_edns_probe.tdir
- fwd_malformed.tdir
- fwd_no_edns.tdir
- fwd_oneport.tdir
- fwd_tcp.tdir
- fwd_tcp_tc.tdir
- fwd_tcp_tc6.tdir
- fwd_three.tdir
- fwd_three_service.tdir
- fwd_ttlexpire.tdir
- fwd_udp.tdir
- fwd_udp_with_tcp_upstream.tdir
- fwd_udptmout.tdir
- fwd_waitudp.tdir
- fwd_zero.tdir
- hostsfileosx.tdir
- http_user_agent.tdir
- local_nodefault.tdir
- local_norec.tdir
- local_nosnoop.tdir
- nss_compile.tdir
- padding.tdir
- pylib.tdir
- pymod.tdir
- pymod_thread.tdir
- ratelimit.tdir
- remote-threaded.tdir
- root_anchor.tdir
- root_hints.tdir
- speed_cache.tdir
- speed_local.tdir
- ssl_req_order.tdir
- ssl_req_timeout.tdir
- stat_timer.tdir
- stat_values.tdir
- stream_ssl.tdir
- stream_tcp.tdir
- stub_udp.tdir
- stub_udp6.tdir
- stub_udp_with_tcp_upstream.tdir
- svcb.tdir
- tcp_conn_limit.tdir
- tcp_idle_timeout.tdir
- tcp_req_order.tdir
- tcp_req_size.tdir
- tcp_req_timeout.tdir
- tcp_reuse.tdir
- tcp_sigpipe.tdir
- tls_reuse.tdir
- zonemd_reload.tdir
- acl.rpl
- auth_nsec3_ent.rpl
- auth_nsec3_wild.rpl
- auth_xfr.rpl
- auth_xfr_host.rpl
- auth_xfr_ixfr.rpl
- auth_xfr_ixfrisaxfr.rpl
- auth_xfr_ixfrmismatch.rpl
- auth_xfr_ixfrnotimpl.rpl
- auth_xfr_notify.rpl
- auth_xfr_probesoa.rpl
- auth_zonefile.rpl
- auth_zonefile_dnssec.rpl
- auth_zonefile_dnssec_fail.rpl
- auth_zonefile_down.rpl
- auth_zonefile_noup.rpl
- auth_zonefile_root.rpl
- auth_zonemd_anchor.rpl
- auth_zonemd_anchor_fail.rpl
- auth_zonemd_chain.rpl
- auth_zonemd_chain_fail.rpl
- auth_zonemd_file.rpl
- auth_zonemd_file_fail.rpl
- auth_zonemd_insecure.rpl
- auth_zonemd_insecure_absent.rpl
- auth_zonemd_insecure_absent_reject.rpl
- auth_zonemd_insecure_fail.rpl
- auth_zonemd_nokey.rpl
- auth_zonemd_permissive_mode.rpl
- auth_zonemd_xfr.rpl
- auth_zonemd_xfr_anchor.rpl
- auth_zonemd_xfr_anchor_fail.rpl
- auth_zonemd_xfr_chain.rpl
- auth_zonemd_xfr_chain_fail.rpl
- auth_zonemd_xfr_chain_keyinxfr.rpl
- auth_zonemd_xfr_fail.rpl
- autotrust_10key.rpl
- autotrust_addpend_2exceed.rpl
- autotrust_addpend_early.rpl
- autotrust_addpend_nosign.rpl
- autotrust_addpend_nosignnew.rpl
- autotrust_addpend_once.rpl
- autotrust_addpend_twice.rpl
- autotrust_init.rpl
- autotrust_init_ds.rpl
- autotrust_init_fail.rpl
- autotrust_init_failsig.rpl
- autotrust_init_legacy.rpl
- autotrust_init_sigs.rpl
- autotrust_init_zsk.rpl
- autotrust_missing.rpl
- autotrust_missing_all.rpl
- autotrust_missing_returns.rpl
- autotrust_probefail.rpl
- autotrust_probefailsig.rpl
- autotrust_revoked_use.rpl
- autotrust_revoked_with_invalid.rpl
- autotrust_revtp.rpl
- autotrust_revtp_read.rpl
- autotrust_revtp_use.rpl
- autotrust_rollalgo.rpl
- autotrust_rollalgo_unknown.rpl
- autotrust_rollover.rpl
- autotrust_valid_use.rpl
- black_data.rpl
- black_dnskey.rpl
- black_ds.rpl
- black_ds_entry.rpl
- black_ent.rpl
- black_key_entry.rpl
- black_prime.rpl
- black_prime_entry.rpl
- chaos_trustanchor.rpl
- common.sh
- dns64_lookup.rpl
- domain_insec_ds.rpl
- edns_attached_once_per_upstream.rpl
- edns_client_string.rpl
- edns_client_string_opcode.rpl
- edns_keepalive.rpl
- fetch_glue.rpl
- fetch_glue_cname.rpl
- fwd.rpl
- fwd_0ttlservfail.rpl
- fwd_any.rpl
- fwd_cached.rpl
- fwd_droptoomany.rpl
- fwd_error.rpl
- fwd_error_retries.rpl
- fwd_jostle.rpl
- fwd_jostle_out.rpl
- fwd_lrudrop.rpl
- fwd_minimal.rpl
- fwd_no_cache.rpl
- fwd_notcached.rpl
- fwd_timeout.rpl
- fwd_two.rpl
- host_file.template
- ipsecmod_bogus_ipseckey.crpl
- ipsecmod_enabled.crpl
- ipsecmod_hook.sh
- ipsecmod_ignore_bogus_ipseckey.crpl
- ipsecmod_max_ttl.crpl
- ipsecmod_strict.crpl
- ipsecmod_whitelist.crpl
- iter_class_any.rpl
- iter_cname_cache.rpl
- iter_cname_double.rpl
- iter_cname_nx.rpl
- iter_cname_qnamecopy.rpl
- iter_cycle.rpl
- iter_cycle_noh.rpl
- iter_dname_insec.rpl
- iter_dname_yx.rpl
- iter_dnsseclame_bug.rpl
- iter_dnsseclame_ds.rpl
- iter_dnsseclame_ds_ok.rpl
- iter_dnsseclame_ta.rpl
- iter_dnsseclame_ta_ok.rpl
- iter_domain_sale.rpl
- iter_domain_sale_nschange.rpl
- iter_donotq127.rpl
- iter_dp_turnsuseless.rpl
- iter_ds_locate_ns.rpl
- iter_ds_locate_ns_cname.rpl
- iter_ds_locate_ns_detach.rpl
- iter_ds_locate_ns_nosoa.rpl
- iter_ds_referral.rpl
- iter_ds_reply.rpl
- iter_emptydp.rpl
- iter_emptydp_for_glue.rpl
- iter_fwdfirst.rpl
- iter_fwdfirstequal.rpl
- iter_fwdstub.rpl
- iter_fwdstubroot.rpl
- iter_got6only.rpl
- iter_hint_lame.rpl
- iter_lame_aaaa.rpl
- iter_lame_noaa.rpl
- iter_lame_nosoa.rpl
- iter_lamescrub.rpl
- iter_mod.rpl
- iter_ns_badip.rpl
- iter_ns_spoof.rpl
- iter_pc_a.rpl
- iter_pc_aaaa.rpl
- iter_pcdiff.rpl
- iter_pcdirect.rpl
- iter_pclame.rpl
- iter_pcname.rpl
- iter_pcnamech.rpl
- iter_pcnamechrec.rpl
- iter_pcnamerec.rpl
- iter_pcttl.rpl
- iter_prefetch.rpl
- iter_prefetch_change.rpl
- iter_prefetch_change2.rpl
- iter_prefetch_childns.rpl
- iter_prefetch_fail.rpl
- iter_prefetch_ns.rpl
- iter_primenoglue.rpl
- iter_privaddr.rpl
- iter_ranoaa_lame.rpl
- iter_reclame_one.rpl
- iter_reclame_two.rpl
- iter_recurse.rpl
- iter_req_qname.rpl
- iter_resolve.rpl
- iter_resolve_minimised.rpl
- iter_resolve_minimised_nx.rpl
- iter_resolve_minimised_refused.rpl
- iter_resolve_minimised_timeout.rpl
- iter_scrub_cname_an.rpl
- iter_scrub_dname_insec.rpl
- iter_scrub_dname_rev.rpl
- iter_scrub_dname_sec.rpl
- iter_scrub_ns.rpl
- iter_scrub_ns_fwd.rpl
- iter_scrub_ns_side.rpl
- iter_soamin.rpl
- iter_stub_leak.rpl
- iter_stub_noroot.rpl
- iter_stubfirst.rpl
- iter_stublastresort.rpl
- iter_timeout_ra_aaaa.rpl
- Kexample.com.+003+02854.ds
- Kexample.com.+003+02854.key
- Kexample.com.+003+02854.private
- Kexample.com.+005+16486.ds
- Kexample.com.+005+16486.key
- Kexample.com.+005+16486.private
- Kexample.com.+005+30899.ds
- Kexample.com.+005+30899.key
- Kexample.com.+005+30899.private
- Kexample.com.+005+55582.ds
- Kexample.com.+005+55582.key
- Kexample.com.+005+55582.private
- Kexample.com.+005+60946.ds
- Kexample.com.+005+60946.key
- Kexample.com.+005+60946.private
- Kexample.com.+007+57024.ds
- Kexample.com.+007+57024.key
- Kexample.com.+007+57024.private
- Kexample.com.+008+01443.ds
- Kexample.com.+008+01443.key
- Kexample.com.+008+01443.private
- Kexample.com.+008+29332.ds
- Kexample.com.+008+29332.key
- Kexample.com.+008+29332.private
- Kexample.com.+008+55566.ds
- Kexample.com.+008+55566.key
- Kexample.com.+008+55566.private
- Kexample.com.+009+48886.ds
- Kexample.com.+009+48886.key
- Kexample.com.+009+48886.private
- Kexample.com.+012+60385.ds
- Kexample.com.+012+60385.key
- Kexample.com.+012+60385.private
- local_acl_override.rpl
- local_acl_taglist.rpl
- local_acl_taglist_action.rpl
- local_cname.rpl
- local_ds.rpl
- local_nodefault.rpl
- local_transparent_sametype.rpl
- local_typetransparent.rpl
- localdata.rpl
- net_signed_servfail.rpl
- nomem_cnametopos.rpl
- nsid_ascii.rpl
- nsid_bogus.rpl
- nsid_hex.rpl
- nsid_not_set.rpl
- refuse_xfr.rpl
- root_key_sentinel.rpl
- rpz_axfr.rpl
- rpz_clientip.rpl
- rpz_ixfr.rpl
- rpz_nsdname.rpl
- rpz_nsip.rpl
- rpz_qname.rpl
- rpz_qname_override.rpl
- rpz_qname_tcponly.rpl
- rpz_respip.rpl
- rpz_respip_override.rpl
- rpz_respip_tcponly.rpl
- rpz_rootwc.rpl
- rpz_signal_nxdomain_ra.rpl
- rrset_rettl.rpl
- rrset_untrusted.rpl
- rrset_updated.rpl
- serve_expired.rpl
- serve_expired_client_timeout.rpl
- serve_expired_reply_ttl.rpl
- serve_expired_servfail.rpl
- serve_expired_ttl.rpl
- serve_expired_ttl_client_timeout.rpl
- serve_expired_zerottl.rpl
- serve_original_ttl.rpl
- stop_nxdomain.rpl
- stop_nxdomain_minimised.rpl
- subnet_cached.crpl
- subnet_derived.crpl
- subnet_format_ip4.crpl
- subnet_max_source.crpl
- subnet_not_whitelisted.crpl
- subnet_val_positive.crpl
- subnet_val_positive_client.crpl
- subnet_without_validator.crpl
- test_ds.sha1
- test_ds.sha384
- test_ldnsrr.1
- test_ldnsrr.2
- test_ldnsrr.3
- test_ldnsrr.4
- test_ldnsrr.5
- test_ldnsrr.c1
- test_ldnsrr.c2
- test_ldnsrr.c3
- test_ldnsrr.c4
- test_ldnsrr.c5
- test_nsec3_hash.1
- test_packets.1
- test_packets.2
- test_packets.3
- test_packets.4
- test_packets.5
- test_packets.6
- test_packets.7
- test_packets.8
- test_packets.9
- test_signatures.1
- test_signatures.2
- test_signatures.3
- test_signatures.4
- test_signatures.5
- test_signatures.6
- test_signatures.7
- test_signatures.8
- test_signatures.9
- test_sigs.ecdsa_p256
- test_sigs.ecdsa_p384
- test_sigs.ed25519
- test_sigs.ed448
- test_sigs.gost
- test_sigs.hinfo
- test_sigs.revoked
- test_sigs.rsasha256
- test_sigs.rsasha256_draft
- test_sigs.rsasha512_draft
- test_sigs.sha1_and_256
- trust_cname_chain.rpl
- ttl_max.rpl
- ttl_min.rpl
- ttl_msg.rpl
- val_adbit.rpl
- val_adcopy.rpl
- val_anchor_nx.rpl
- val_anchor_nx_nosig.rpl
- val_ans_dsent.rpl
- val_ans_nx.rpl
- val_any.rpl
- val_any_cname.rpl
- val_any_dname.rpl
- val_cname_loop1.rpl
- val_cname_loop2.rpl
- val_cname_loop3.rpl
- val_cnameinsectopos.rpl
- val_cnamenx_dblnsec.rpl
- val_cnamenx_rcodenx.rpl
- val_cnameqtype.rpl
- val_cnametocloser.rpl
- val_cnametocloser_nosig.rpl
- val_cnametocnamewctoposwc.rpl
- val_cnametodname.rpl
- val_cnametodnametocnametopos.rpl
- val_cnametoinsecure.rpl
- val_cnametonodata.rpl
- val_cnametonodata_nonsec.rpl
- val_cnametonsec.rpl
- val_cnametonx.rpl
- val_cnametooptin.rpl
- val_cnametooptout.rpl
- val_cnametopos.rpl
- val_cnametoposnowc.rpl
- val_cnametoposwc.rpl
- val_cnamewctonodata.rpl
- val_cnamewctonx.rpl
- val_cnamewctoposwc.rpl
- val_deleg_nons.rpl
- val_dnametoolong.rpl
- val_dnametopos.rpl
- val_dnametoposwc.rpl
- val_dnamewc.rpl
- val_ds_afterprime.rpl
- val_ds_cname.rpl
- val_ds_cnamesub.rpl
- val_ds_gost.crpl
- val_ds_gost_downgrade.crpl
- val_ds_sha2.crpl
- val_ds_sha2_downgrade.crpl
- val_ds_sha2_lenient.crpl
- val_dsnsec.rpl
- val_entds.rpl
- val_faildnskey.rpl
- val_faildnskey_ok.rpl
- val_fwdds.rpl
- val_keyprefetch.rpl
- val_keyprefetch_verify.rpl
- val_mal_wc.rpl
- val_negcache_ds.rpl
- val_negcache_dssoa.rpl
- val_negcache_nodata.rpl
- val_negcache_nta.rpl
- val_negcache_nxdomain.rpl
- val_noadwhennodo.rpl
- val_nodata.rpl
- val_nodata_ent.rpl
- val_nodata_entnx.rpl
- val_nodata_entwc.rpl
- val_nodata_failsig.rpl
- val_nodata_failwc.rpl
- val_nodata_hasdata.rpl
- val_nodata_zonecut.rpl
- val_nodatawc.rpl
- val_nodatawc_badce.rpl
- val_nodatawc_nodeny.rpl
- val_nodatawc_one.rpl
- val_nokeyprime.rpl
- val_nsec3_b1_nameerror.rpl
- val_nsec3_b1_nameerror_noce.rpl
- val_nsec3_b1_nameerror_nonc.rpl
- val_nsec3_b1_nameerror_nowc.rpl
- val_nsec3_b21_nodataent.rpl
- val_nsec3_b21_nodataent_wr.rpl
- val_nsec3_b2_nodata.rpl
- val_nsec3_b2_nodata_nons.rpl
- val_nsec3_b3_optout.rpl
- val_nsec3_b3_optout_negcache.rpl
- val_nsec3_b3_optout_noce.rpl
- val_nsec3_b3_optout_nonc.rpl
- val_nsec3_b4_wild.rpl
- val_nsec3_b4_wild_wr.rpl
- val_nsec3_b5_wcnodata.rpl
- val_nsec3_b5_wcnodata_noce.rpl
- val_nsec3_b5_wcnodata_nonc.rpl
- val_nsec3_b5_wcnodata_nowc.rpl
- val_nsec3_cname_ds.rpl
- val_nsec3_cname_par.rpl
- val_nsec3_cname_sub.rpl
- val_nsec3_cnametocnamewctoposwc.rpl
- val_nsec3_entnodata_optout.rpl
- val_nsec3_entnodata_optout_badopt.rpl
- val_nsec3_entnodata_optout_match.rpl
- val_nsec3_iter_high.rpl
- val_nsec3_nodatawccname.rpl
- val_nsec3_nods.rpl
- val_nsec3_nods_badopt.rpl
- val_nsec3_nods_badsig.rpl
- val_nsec3_nods_negcache.rpl
- val_nsec3_nods_soa.rpl
- val_nsec3_optout_ad.rpl
- val_nsec3_optout_cache.rpl
- val_nsec3_wcany.rpl
- val_nsec3_wcany_nodeny.rpl
- val_nx.rpl
- val_nx_failwc.rpl
- val_nx_nodeny.rpl
- val_nx_nowc.rpl
- val_nx_nsec3_collision.rpl
- val_nx_nsec3_params.rpl
- val_nx_overreach.rpl
- val_pos_truncns.rpl
- val_positive.rpl
- val_positive_nosigs.rpl
- val_positive_wc.rpl
- val_positive_wc_nodeny.rpl
- val_qds_badanc.rpl
- val_qds_oneanc.rpl
- val_qds_twoanc.rpl
- val_refer_unsignadd.rpl
- val_referd.rpl
- val_referglue.rpl
- val_rrsig.rpl
- val_secds.rpl
- val_secds_nosig.rpl
- val_spurious_ns.rpl
- val_stub_noroot.rpl
- val_stubds.rpl
- val_ta_algo_dnskey.rpl
- val_ta_algo_dnskey_dp.rpl
- val_ta_algo_missing.rpl
- val_ta_algo_missing_dp.rpl
- val_twocname.rpl
- val_unalgo_anchor.rpl
- val_unalgo_ds.rpl
- val_unsec_cname.rpl
- val_unsecds.rpl
- val_unsecds_negcache.rpl
- val_unsecds_qtypeds.rpl
- val_wild_pos.rpl
- version_bind.rpl
- version_bind_hide.rpl
- views.rpl
- zonemd.example1.zone
- zonemd.example10.zone
- zonemd.example11.zone
- zonemd.example12.zone
- zonemd.example13.zone
- zonemd.example14.zone
- zonemd.example15.zone
- zonemd.example16.zone
- zonemd.example17.zone
- zonemd.example2.zone
- zonemd.example3.zone
- zonemd.example4.zone
- zonemd.example5.zone
- zonemd.example6.zone
- zonemd.example7.zone
- zonemd.example8.zone
- zonemd.example9.zone
- zonemd.example_a1.zone
- zonemd.example_a2.zone
- zonemd.example_a3.zone
- zonemd.example_a4.zone
- zonemd.example_a5.zone
ipsecmod_bogus_ipseckey.crpl @c2ee7321-09a1-4ac6-a786-53e54f2790b2/main — raw · history · blame
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 | ; Test ipsecmod with bogus IPSECKEY ; config options ; The island of trust is at example.com server: trust-anchor: "example.com. IN DS 48069 8 2 fce2bcb0d88b828064faad58e935ca2e32ff0bbd8bd8407a8f344d8f8e8c438a" val-override-date: "-1" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" # test that default value of harden-dnssec-stripped is still yes. fake-sha1: yes trust-anchor-signaling: no access-control: 127.0.0.1 allow_snoop module-config: "ipsecmod validator iterator" ; ../../ is there because the test runs from testdata/03-testbound.dir ipsecmod-hook: "../../testdata/ipsecmod_hook.sh" ipsecmod-strict: no ipsecmod-max-ttl: 200 stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END SCENARIO_BEGIN Test ipsecmod with bogus IPSECKEY ; Scenario overview: ; - query for example.com. IN A ; - check that query for example.com. IN IPSECKEY is generated ; - check that we get an answer for example.com. IN A with the correct TTL ; - check that the get the same answer from cache ; - check that we don't get the IPSECKEY answer from cache (bogus) ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS K.ROOT-SERVERS.NET. SECTION ADDITIONAL K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION AUTHORITY . 86400 IN SOA . . 20070304 28800 7200 604800 86400 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION K.ROOT-SERVERS.NET. IN AAAA SECTION AUTHORITY . 86400 IN SOA . . 20070304 28800 7200 604800 86400 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION com. IN A SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END RANGE_END ; a.gtld-servers.net. RANGE_BEGIN 0 100 ADDRESS 192.5.6.30 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION ANSWER com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION example.com. IN A SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END RANGE_END ; ns.example.com. RANGE_BEGIN 0 100 ADDRESS 1.2.3.4 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN NS SECTION ANSWER example.com. IN NS ns.example.com. example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION AUTHORITY example.com. 86400 IN SOA ns.example.com. example.com. 2002022401 10800 15 604800 10800 example.com. 86400 IN RRSIG SOA 8 2 86400 20170609142855 20170512142855 48069 example.com. fr6oVOsRMnm3D8N01LxzPvT9lWdNDhTlmwR1co42c3H2ra1EjbbKqkLcrXQAsq7E/ddzqgL3RnYS+3USojXycI1xhjXC8YT2xsW3uH8uTY1Qvk1K75lu1OXmDiU6wvHplFowl0OX7sx76lB1itbvsau4bMPMt03sf4u8po7V35s= ENTRY_END ; response to A query ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN A SECTION ANSWER example.com. 3600 IN A 5.6.7.8 example.com. 3600 IN RRSIG A 8 2 3600 20170609142855 20170512142855 48069 example.com. Qviw6w8ReMG2WZxenvzj/YwoeM3Ln59Fnw6s1MRWGsD2yA3+y0loFdUEHZdRhrEiV0kvtQGC+kBhMuSMq/cyjprbKLw5pkS9+MMDDnVPP1PQb17LY4NIxPtq710AN1sjhBK6PVa6XN+3ciUmCcLs1ESviQkVKpgAY/QlV0TaarQ= SECTION AUTHORITY example.com. IN NS ns.example.com. example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= ENTRY_END ; response to IPSECKEY query ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION example.com. IN IPSECKEY SECTION ANSWER example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== ;(correct answer) example.com. 3600 IN RRSIG IPSECKEY 8 2 3600 20170609144114 20170512144114 48069 example.com. UqRbG6P8mWQEVt16j86cS6fqEN8c+5t8qtePr9ghRqIxeuPOCkLiSqmXQYcQbOeOK4YoWQ3gD2az2JMWQMxEKeBLpxXZbgZN+2uIZ9LLEkyYjGRulr9kameKTM1feSe31A9mR9IgMNrY/ZeUkfxC+8Q7s8avOqYH2jVMFUg9raE= ; (bogus answer) example.com. 3600 IN RRSIG IPSECKEY 8 2 3600 20170609144114 20170512144114 48069 example.com. Bogus6P8mWQEVt16j86cS6fqEN8c+5t8qtePr9ghRqIxeuPOCkLiSqmXQYcQbOeOK4YoWQ3gD2az2JMWQMxEKeBLpxXZbgZN+2uIZ9LLEkyYjGRulr9kameKTM1feSe31A9mR9IgMNrY/ZeUkfxC+8Q7s8avOqYH2jVMFUg9raE= SECTION AUTHORITY example.com. IN NS ns.example.com. example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= ENTRY_END ; response to DNSKEY priming query ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION example.com. IN DNSKEY SECTION ANSWER example.com. 86400 IN DNSKEY 256 3 8 AwEAAddE7q1HL4Id+gpQ7imk+RyNEhCWgtew5tstsqIR/fXq0RBn0rF4SI1H6ysbb3nfqAV1xRDJ01ddpgfGyz9zXXHQ/H/9qEpeWapqfNTQ5GHHdxBL2iST7XusThfXEyX/pouKIpvtknvtLs8tmH64dajxoJkaejU2EKXKaBaRKcYx ;{id = 48069 (zsk), size = 1024b} example.com. 86400 IN RRSIG DNSKEY 8 2 86400 20170609144114 20170512144114 48069 example.com. mJU3LnubfYW7vhksiC1STWbrSjCe6TG1kEpnk4jRrYovues6bzOTIFSXEMjPW1mikulapnx3nMtTWdrW2InjfP9wLV/u2Wx1Vu3s9uzli/27y//3DOkZSeBa5RZdKpC1h8UB5GAxq4MRiSidgEBB1qaDIaE29sWmn9kPHEgNcgI= SECTION AUTHORITY example.com. IN NS ns.example.com. example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes= SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM= ENTRY_END RANGE_END STEP 1 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION example.com. IN A ENTRY_END STEP 2 CHECK_OUT_QUERY ENTRY_BEGIN MATCH qname qtype opcode SECTION QUESTION example.com. IN IPSECKEY ENTRY_END ; recursion happens here. STEP 10 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA SERVFAIL SECTION QUESTION example.com. IN A SECTION ANSWER ENTRY_END ; Query without RD, check if not cached STEP 11 QUERY ENTRY_BEGIN SECTION QUESTION example.com. IN A ENTRY_END STEP 20 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RA NOERROR SECTION QUESTION example.com. IN A SECTION ANSWER SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END SCENARIO_END |