diff options
Diffstat (limited to 'testdata')
225 files changed, 3930 insertions, 1 deletions
diff --git a/testdata/03-testbound.tpkg b/testdata/03-testbound.tpkg Binary files differindex 2f348dcf2117..39e62169915b 100644 --- a/testdata/03-testbound.tpkg +++ b/testdata/03-testbound.tpkg diff --git a/testdata/10-unbound-anchor.tpkg b/testdata/10-unbound-anchor.tpkg Binary files differindex de8fb4df7871..db8680a647aa 100644 --- a/testdata/10-unbound-anchor.tpkg +++ b/testdata/10-unbound-anchor.tpkg diff --git a/testdata/autotrust_10key.rpl b/testdata/autotrust_10key.rpl index 89f2102a3419..1f2998f77890 100644 --- a/testdata/autotrust_10key.rpl +++ b/testdata/autotrust_10key.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_2exceed.rpl b/testdata/autotrust_addpend_2exceed.rpl index 5a15f8a13214..6a79a6436b07 100644 --- a/testdata/autotrust_addpend_2exceed.rpl +++ b/testdata/autotrust_addpend_2exceed.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_early.rpl b/testdata/autotrust_addpend_early.rpl index 8ff3299e7ffa..3df5ff2d47f2 100644 --- a/testdata/autotrust_addpend_early.rpl +++ b/testdata/autotrust_addpend_early.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_nosign.rpl b/testdata/autotrust_addpend_nosign.rpl index 689063309615..32fb1beab201 100644 --- a/testdata/autotrust_addpend_nosign.rpl +++ b/testdata/autotrust_addpend_nosign.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_nosignnew.rpl b/testdata/autotrust_addpend_nosignnew.rpl index d3b46d86bedf..32910e9c78d5 100644 --- a/testdata/autotrust_addpend_nosignnew.rpl +++ b/testdata/autotrust_addpend_nosignnew.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_once.rpl b/testdata/autotrust_addpend_once.rpl index 3c7b46804b12..2dcd7372725a 100644 --- a/testdata/autotrust_addpend_once.rpl +++ b/testdata/autotrust_addpend_once.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_twice.rpl b/testdata/autotrust_addpend_twice.rpl index 9bb788093fb5..2e14b0470e8b 100644 --- a/testdata/autotrust_addpend_twice.rpl +++ b/testdata/autotrust_addpend_twice.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init.rpl b/testdata/autotrust_init.rpl index f7208c264280..35a693be9a12 100644 --- a/testdata/autotrust_init.rpl +++ b/testdata/autotrust_init.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_ds.rpl b/testdata/autotrust_init_ds.rpl index 6245a4addab7..765d58919453 100644 --- a/testdata/autotrust_init_ds.rpl +++ b/testdata/autotrust_init_ds.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_fail.rpl b/testdata/autotrust_init_fail.rpl index bd7098ea7d15..bf8f5d342555 100644 --- a/testdata/autotrust_init_fail.rpl +++ b/testdata/autotrust_init_fail.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_failsig.rpl b/testdata/autotrust_init_failsig.rpl index 792ac9ead69e..4348878aad37 100644 --- a/testdata/autotrust_init_failsig.rpl +++ b/testdata/autotrust_init_failsig.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_legacy.rpl b/testdata/autotrust_init_legacy.rpl index f188d0aed784..91c3e7b1a924 100644 --- a/testdata/autotrust_init_legacy.rpl +++ b/testdata/autotrust_init_legacy.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_sigs.rpl b/testdata/autotrust_init_sigs.rpl index 050edf2a95f0..8ee65585d6da 100644 --- a/testdata/autotrust_init_sigs.rpl +++ b/testdata/autotrust_init_sigs.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_zsk.rpl b/testdata/autotrust_init_zsk.rpl index 7ef09e45c5cb..08c60f9e1407 100644 --- a/testdata/autotrust_init_zsk.rpl +++ b/testdata/autotrust_init_zsk.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_missing.rpl b/testdata/autotrust_missing.rpl index aab99911c7ea..ed183a3182a7 100644 --- a/testdata/autotrust_missing.rpl +++ b/testdata/autotrust_missing.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_missing_all.rpl b/testdata/autotrust_missing_all.rpl index 0c78aa6b109a..0813ef68ffb5 100644 --- a/testdata/autotrust_missing_all.rpl +++ b/testdata/autotrust_missing_all.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_missing_returns.rpl b/testdata/autotrust_missing_returns.rpl index d44e0b049859..93735f1b9745 100644 --- a/testdata/autotrust_missing_returns.rpl +++ b/testdata/autotrust_missing_returns.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_probefail.rpl b/testdata/autotrust_probefail.rpl index 7b8429d8bdf7..7e5a4da82bed 100644 --- a/testdata/autotrust_probefail.rpl +++ b/testdata/autotrust_probefail.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_probefailsig.rpl b/testdata/autotrust_probefailsig.rpl index 1b6e288a19d2..7abf373dd4a5 100644 --- a/testdata/autotrust_probefailsig.rpl +++ b/testdata/autotrust_probefailsig.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_revoked_use.rpl b/testdata/autotrust_revoked_use.rpl index ae72c42f6ba5..c87da44e7221 100644 --- a/testdata/autotrust_revoked_use.rpl +++ b/testdata/autotrust_revoked_use.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_revoked_with_invalid.rpl b/testdata/autotrust_revoked_with_invalid.rpl index 144bf4918b47..0c717f1adfac 100644 --- a/testdata/autotrust_revoked_with_invalid.rpl +++ b/testdata/autotrust_revoked_with_invalid.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_revtp.rpl b/testdata/autotrust_revtp.rpl index 40075e731a4b..275c8c6e18f7 100644 --- a/testdata/autotrust_revtp.rpl +++ b/testdata/autotrust_revtp.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_revtp_read.rpl b/testdata/autotrust_revtp_read.rpl index 80d505028322..cd48a6339888 100644 --- a/testdata/autotrust_revtp_read.rpl +++ b/testdata/autotrust_revtp_read.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes val-override-date: '20091018111500' + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_revtp_use.rpl b/testdata/autotrust_revtp_use.rpl index 37a097dcabb3..40223d334123 100644 --- a/testdata/autotrust_revtp_use.rpl +++ b/testdata/autotrust_revtp_use.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes val-override-date: '20091018111500' + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_rollalgo.rpl b/testdata/autotrust_rollalgo.rpl index 4deec32a8348..2381d399e99d 100644 --- a/testdata/autotrust_rollalgo.rpl +++ b/testdata/autotrust_rollalgo.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_rollalgo_unknown.rpl b/testdata/autotrust_rollalgo_unknown.rpl index 621e5d13cc6f..9fedab2b80de 100644 --- a/testdata/autotrust_rollalgo_unknown.rpl +++ b/testdata/autotrust_rollalgo_unknown.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_rollover.rpl b/testdata/autotrust_rollover.rpl index 0b94418fe306..f45ae53c4534 100644 --- a/testdata/autotrust_rollover.rpl +++ b/testdata/autotrust_rollover.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_valid_use.rpl b/testdata/autotrust_valid_use.rpl index d461da78a863..43d550026d61 100644 --- a/testdata/autotrust_valid_use.rpl +++ b/testdata/autotrust_valid_use.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/black_data.rpl b/testdata/black_data.rpl index dd703f62b188..945e8110732f 100644 --- a/testdata/black_data.rpl +++ b/testdata/black_data.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_dnskey.rpl b/testdata/black_dnskey.rpl index 0537757c0de4..a8662bb728e9 100644 --- a/testdata/black_dnskey.rpl +++ b/testdata/black_dnskey.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_ds.rpl b/testdata/black_ds.rpl index 7638c1b3f67b..be605e011127 100644 --- a/testdata/black_ds.rpl +++ b/testdata/black_ds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_ds_entry.rpl b/testdata/black_ds_entry.rpl index f77eecba423e..42e56a50fa86 100644 --- a/testdata/black_ds_entry.rpl +++ b/testdata/black_ds_entry.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_ent.rpl b/testdata/black_ent.rpl index 5aa3d3b04916..2d84cd22d01c 100644 --- a/testdata/black_ent.rpl +++ b/testdata/black_ent.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_key_entry.rpl b/testdata/black_key_entry.rpl index 6a644da1843b..167c91b5e4b3 100644 --- a/testdata/black_key_entry.rpl +++ b/testdata/black_key_entry.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_prime.rpl b/testdata/black_prime.rpl index bb89c39ac617..8e2ba492b670 100644 --- a/testdata/black_prime.rpl +++ b/testdata/black_prime.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_prime_entry.rpl b/testdata/black_prime_entry.rpl index 9bcb1857d65b..0e092cb60103 100644 --- a/testdata/black_prime_entry.rpl +++ b/testdata/black_prime_entry.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/chaos_trustanchor.rpl b/testdata/chaos_trustanchor.rpl new file mode 100644 index 000000000000..b46b7dcf1249 --- /dev/null +++ b/testdata/chaos_trustanchor.rpl @@ -0,0 +1,145 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + hide-trustanchor: no + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test chaos trustanchor query + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +trustanchor.unbound. CH TXT +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +trustanchor.unbound. CH TXT +SECTION ANSWER +trustanchor.unbound. CH TXT "example.com. 2854" +ENTRY_END + +SCENARIO_END diff --git a/testdata/dlv_anchor.rpl b/testdata/dlv_anchor.rpl index d9388862ee4b..e00ea99bd2a8 100644 --- a/testdata/dlv_anchor.rpl +++ b/testdata/dlv_anchor.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_ask_higher.rpl b/testdata/dlv_ask_higher.rpl index 365d3611f0a4..1e108b7b6f5b 100644 --- a/testdata/dlv_ask_higher.rpl +++ b/testdata/dlv_ask_higher.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_below_ta.rpl b/testdata/dlv_below_ta.rpl index 78d17f81b502..2aa1ee107fbb 100644 --- a/testdata/dlv_below_ta.rpl +++ b/testdata/dlv_below_ta.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_delegation.rpl b/testdata/dlv_delegation.rpl index a921dc9fb229..24e3af2e5299 100644 --- a/testdata/dlv_delegation.rpl +++ b/testdata/dlv_delegation.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_ds_lookup.rpl b/testdata/dlv_ds_lookup.rpl index 3b2d79ad5fbe..70c89d66781d 100644 --- a/testdata/dlv_ds_lookup.rpl +++ b/testdata/dlv_ds_lookup.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_insecure.rpl b/testdata/dlv_insecure.rpl index d8e6aba20a60..b37d5f61e745 100644 --- a/testdata/dlv_insecure.rpl +++ b/testdata/dlv_insecure.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" harden-referral-path: no target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_insecure_negcache.rpl b/testdata/dlv_insecure_negcache.rpl index a0437750e27f..bafd41efb895 100644 --- a/testdata/dlv_insecure_negcache.rpl +++ b/testdata/dlv_insecure_negcache.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" harden-referral-path: no target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_keyretry.rpl b/testdata/dlv_keyretry.rpl index 474d1e9d2c99..e7dc6c7c8d73 100644 --- a/testdata/dlv_keyretry.rpl +++ b/testdata/dlv_keyretry.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_negnx.rpl b/testdata/dlv_negnx.rpl index 79bdea774b50..218a57d85e61 100644 --- a/testdata/dlv_negnx.rpl +++ b/testdata/dlv_negnx.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_optout.rpl b/testdata/dlv_optout.rpl index b0f84db575c8..7fbb560bd6e4 100644 --- a/testdata/dlv_optout.rpl +++ b/testdata/dlv_optout.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_remove.rpl b/testdata/dlv_remove.rpl index 1b8b642d8a8a..d503148c7d76 100644 --- a/testdata/dlv_remove.rpl +++ b/testdata/dlv_remove.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_remove_empty.rpl b/testdata/dlv_remove_empty.rpl index 30afceda0328..2e9b4bcf6638 100644 --- a/testdata/dlv_remove_empty.rpl +++ b/testdata/dlv_remove_empty.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_remove_nodel.rpl b/testdata/dlv_remove_nodel.rpl index 799e841e8ea7..1f2d94721abd 100644 --- a/testdata/dlv_remove_nodel.rpl +++ b/testdata/dlv_remove_nodel.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_remove_pos.rpl b/testdata/dlv_remove_pos.rpl index de7da4473155..6309acbf10f3 100644 --- a/testdata/dlv_remove_pos.rpl +++ b/testdata/dlv_remove_pos.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_unused.rpl b/testdata/dlv_unused.rpl index 47650a060fba..4d3233285137 100644 --- a/testdata/dlv_unused.rpl +++ b/testdata/dlv_unused.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dnscrypt_cert.tpkg b/testdata/dnscrypt_cert.tpkg Binary files differnew file mode 100644 index 000000000000..18b41a27f16d --- /dev/null +++ b/testdata/dnscrypt_cert.tpkg diff --git a/testdata/dnscrypt_queries.tpkg b/testdata/dnscrypt_queries.tpkg Binary files differnew file mode 100644 index 000000000000..fa3cdca0056c --- /dev/null +++ b/testdata/dnscrypt_queries.tpkg diff --git a/testdata/fwd_bogus.tpkg b/testdata/fwd_bogus.tpkg Binary files differindex 9f4d655dc204..3a49d1f7558d 100644 --- a/testdata/fwd_bogus.tpkg +++ b/testdata/fwd_bogus.tpkg diff --git a/testdata/fwd_edns_bksec.tpkg b/testdata/fwd_edns_bksec.tpkg Binary files differindex ad63224d17cc..dc8ac739d626 100644 --- a/testdata/fwd_edns_bksec.tpkg +++ b/testdata/fwd_edns_bksec.tpkg diff --git a/testdata/fwddlv_parse.rpl b/testdata/fwddlv_parse.rpl index dd68cf246b18..d79d31f40251 100644 --- a/testdata/fwddlv_parse.rpl +++ b/testdata/fwddlv_parse.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "dlv.isc.org. 5072 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9SBdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBFtCibp/mkhw==" val-override-date: "20090617133009" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_class_any.rpl b/testdata/iter_class_any.rpl index 2242cbb9cc70..a1fac46c9bcc 100644 --- a/testdata/iter_class_any.rpl +++ b/testdata/iter_class_any.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_dname_insec.rpl b/testdata/iter_dname_insec.rpl new file mode 100644 index 000000000000..8f4a29c79e19 --- /dev/null +++ b/testdata/iter_dname_insec.rpl @@ -0,0 +1,1054 @@ +; config options +server: + harden-referral-path: no + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test scrub of insecure DNAME in answer section + +; root infrastucture +RANGE_BEGIN 0 10000000 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +shortloop. IN TXT +SECTION ANSWER +shortloop. IN TXT "shortloop end" +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN A +SECTION ANSWER +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +x. IN A +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END +; end of root infrastucture + +; a.gtld-servers.net. (com. net. x.) +RANGE_BEGIN 0 10000000 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns1.example.net. +SECTION ADDITIONAL +ns1.example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN NS +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN DNAME +SECTION AUTHORITY +x. IN DNAME . +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x.x. IN CNAME shortloop.x. +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +; DNAME at zone apex, allowed by RFC 6672 section 2.3 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +long. IN DNAME +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A +SECTION ANSWER +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END +RANGE_END +; end of a.gtld-servers.net. + +; RFC 6672 section 2.2. The DNAME Substitution table tests +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;1 com. example.com. example.net. <no match> +;2 example.com. example.com. example.net. [0] +;3 a.example.com. example.com. example.net. a.example.net. +;4 a.b.example.com. example.com. example.net. a.b.example.net. +;5 ab.example.com. b.example.com. example.net. <no match> +;6 foo.example.com. example.com. example.net. foo.example.net. +;7 a.x.example.com. x.example.com. example.net. a.example.net. +;8 a.example.com. example.com. y.example.net. a.y.example.net. +;9 cyc.example.com. example.com. example.com. cyc.example.com. +;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +;11 shortloop.x.x. x. . shortloop.x. +;12 shortloop.x. x. . shortloop. +; +; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then +; the result is "example.com.", else "<no match>". +; +; Table 1. DNAME Substitution Examples + +; line no. 1 is mostly for authoritative server +; line no. 2 QTYPE != DNAME +STEP 220201 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.com. IN NS +ENTRY_END + +STEP 220202 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. 0 IN A 168.192.2.2 +ENTRY_END + +; line no. 2 QTYPE == DNAME +STEP 220203 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.com. IN DNAME +ENTRY_END + +STEP 220204 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME example.net. +ENTRY_END + + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;3 a.example.com. example.com. example.net. a.example.net. + +STEP 220301 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.example.com. IN A +ENTRY_END + +STEP 220302 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +a.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.example.com. IN CNAME a.example.net. +a.example.net. IN A 10.0.0.97 +ENTRY_END + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;4 a.b.example.com. example.com. example.net. a.b.example.net. + +STEP 220401 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.b.example.com. IN A +ENTRY_END + +STEP 220402 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +a.b.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.b.example.com. IN CNAME a.b.example.net. +a.b.example.net. IN A 10.0.97.98 +ENTRY_END + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;5 ab.example.com. b.example.com. example.net. <no match> +;6 foo.example.com. example.com. example.net. foo.example.net. + +; line no. 5 is mostly for authoritative server +; line no. 6 is basically the same as line no. 3 + +; ns1.example.com. +RANGE_BEGIN 220000 220699 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 2 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME example.net. +ENTRY_END + +; line 3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.example.com. IN CNAME a.example.net. +ENTRY_END + +; line 4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.b.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.b.example.com. IN CNAME a.b.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;7 a.x.example.com. x.example.com. example.net. a.example.net. + +STEP 220701 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.x.example.com. IN A +ENTRY_END + +STEP 220702 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +a.x.example.com. IN A +SECTION ANSWER +x.example.com. IN DNAME example.net. +a.x.example.com. IN CNAME a.example.net. +a.example.net. IN A 10.0.0.97 +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 220700 220799 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 7 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +x.example.com. IN DNAME example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.x.example.com. IN A +SECTION ANSWER +x.example.com. IN DNAME example.net. +a.x.example.com. IN CNAME a.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;8 a.example.com. example.com. y.example.net. a.y.example.net. +; +; a.example.com. was renamed to a2.example.com. to avoid cache clashes +; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) + +STEP 220801 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a2.example.com. IN A +ENTRY_END + +STEP 220802 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +a2.example.com. IN A +SECTION ANSWER +example.com. IN DNAME y.example.net. +a2.example.com. IN CNAME a2.y.example.net. +a2.y.example.net. IN A 10.97.50.121 +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 220800 220899 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 8 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME y.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a2.example.com. IN A +SECTION ANSWER +example.com. IN DNAME y.example.net. +a2.example.com. IN CNAME a2.y.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;9 cyc.example.com. example.com. example.com. cyc.example.com. + +STEP 220901 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cyc.example.com. IN A +ENTRY_END + +; Expected result is defined by RFC 1034 section 3.6.2: +; CNAME chains should be followed and CNAME loops signalled as an error +STEP 220902 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +REPLY NOERROR +SECTION QUESTION +cyc.example.com. IN A +SECTION ANSWER +example.com. 0 IN DNAME example.com. +cyc.example.com. 0 IN CNAME cyc.example.com. +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 220900 220999 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 9 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.com. +cyc.example.com. IN CNAME cyc.example.com. +ENTRY_END +RANGE_END +; end of ns1.example.com. + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +; +; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes +; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) +; +; target c.example.com. was renamed to cyc2.example.net. +; to limit number of pre-canned answers required for the test + +STEP 221001 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cyc2.example.com. IN A +ENTRY_END + +; Expected result is defined by RFC 1034 section 3.6.2: +; CNAME chains should be followed and CNAME loops signalled as an error +STEP 221002 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +cyc2.example.com. IN A +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 221000 221099 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 10 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME cyc2.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc2.example.com. IN A +SECTION ANSWER +example.com. IN DNAME cyc2.example.net. +cyc2.example.com. IN CNAME cyc2.cyc2.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;11 shortloop.x.x. x. . shortloop.x. + +STEP 221101 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +shortloop.x.x. TXT +ENTRY_END + +STEP 221102 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +shortloop.x.x. IN TXT +SECTION ANSWER +x. IN DNAME . +shortloop.x.x. IN CNAME shortloop.x. +;;x. IN DNAME . +shortloop.x. IN CNAME shortloop. +shortloop. IN TXT "shortloop end" +ENTRY_END + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;12 shortloop.x. x. . shortloop. + +; expire potentically cached CNAMEs for shortloop.x. from cache +STEP 221200 TIME_PASSES ELAPSE 10000 + +STEP 221201 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +shortloop.x. TXT +ENTRY_END + +STEP 221202 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +shortloop.x. IN TXT +SECTION ANSWER +x. IN DNAME . +shortloop.x. IN CNAME shortloop. +shortloop. IN TXT "shortloop end" +ENTRY_END + + +; ns1.example.net. (data shared by whole 22xxxx range) +RANGE_BEGIN 220000 229999 + ADDRESS 168.192.3.3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns1.example.net. +SECTION ADDITIONAL +example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.net. IN A +SECTION ANSWER +ns1.example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.net. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.example.net. IN A +SECTION ANSWER +a.example.net. IN A 10.0.0.97 +ENTRY_END + +; line 4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.b.example.net. IN A +SECTION ANSWER +a.b.example.net. IN A 10.0.97.98 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a2.y.example.net. IN A +SECTION ANSWER +a2.y.example.net. IN A 10.97.50.121 +ENTRY_END + +; line 10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc2.example.net. IN DNAME +SECTION ANSWER +cyc2.example.net. IN DNAME example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc2.cyc2.example.net. IN A +SECTION ANSWER +cyc2.example.net. IN DNAME example.com. +cyc2.cyc2.example.com. IN CNAME cyc2.example.com. +ENTRY_END +RANGE_END +; end of ns1.example.net. + + +; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution +; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. +STEP 229001 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +x.long. IN A +ENTRY_END + +; query returning maximal permissible length - should work +STEP 229002 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +x.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +; result of substitution has too long name +; YXDOMAIN should be propagated to the client +; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html +;TODO +; STEP 229003 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; too.long. IN A +; ENTRY_END +; +; STEP 229004 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH all +; REPLY QR YXDOMAIN +; SECTION QUESTION +; x.long. IN A +; SECTION ANSWER +; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +; ENTRY_END + +; YXDOMAIN should work even if the cache is empty +STEP 229005 TIME_PASSES ELAPSE 4000 + +; STEP 229006 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; too.long. IN A +; ENTRY_END +; +; STEP 229007 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH all +; REPLY QR YXDOMAIN +; SECTION QUESTION +; x.long. IN A +; SECTION ANSWER +; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +; ENTRY_END + + + + +SCENARIO_END diff --git a/testdata/iter_dname_yx.rpl b/testdata/iter_dname_yx.rpl new file mode 100644 index 000000000000..18b9725cc66f --- /dev/null +++ b/testdata/iter_dname_yx.rpl @@ -0,0 +1,1041 @@ +; config options +server: + harden-referral-path: no + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test scrub of insecure DNAME in answer section + +; root infrastucture +RANGE_BEGIN 0 10000000 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +shortloop. IN TXT +SECTION ANSWER +shortloop. IN TXT "shortloop end" +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN A +SECTION ANSWER +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +x. IN A +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END +; end of root infrastucture + +; a.gtld-servers.net. (com. net. x.) +RANGE_BEGIN 0 10000000 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns1.example.net. +SECTION ADDITIONAL +ns1.example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN NS +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN DNAME +SECTION AUTHORITY +x. IN DNAME . +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x.x. IN CNAME shortloop.x. +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +; DNAME at zone apex, allowed by RFC 6672 section 2.3 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +long. IN DNAME +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A +SECTION ANSWER +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR AA YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END +RANGE_END +; end of a.gtld-servers.net. + +; RFC 6672 section 2.2. The DNAME Substitution table tests +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;1 com. example.com. example.net. <no match> +;2 example.com. example.com. example.net. [0] +;3 a.example.com. example.com. example.net. a.example.net. +;4 a.b.example.com. example.com. example.net. a.b.example.net. +;5 ab.example.com. b.example.com. example.net. <no match> +;6 foo.example.com. example.com. example.net. foo.example.net. +;7 a.x.example.com. x.example.com. example.net. a.example.net. +;8 a.example.com. example.com. y.example.net. a.y.example.net. +;9 cyc.example.com. example.com. example.com. cyc.example.com. +;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +;11 shortloop.x.x. x. . shortloop.x. +;12 shortloop.x. x. . shortloop. +; +; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then +; the result is "example.com.", else "<no match>". +; +; Table 1. DNAME Substitution Examples + +; ; line no. 1 is mostly for authoritative server +; ; line no. 2 QTYPE != DNAME +; STEP 220201 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; example.com. IN NS +; ENTRY_END +; +; STEP 220202 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode answer +; REPLY QR RD RA DO +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; ENTRY_END +; +; ; line no. 2 QTYPE == DNAME +; STEP 220203 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; example.com. IN DNAME +; ENTRY_END +; +; STEP 220204 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; REPLY QR RD RA DO +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME example.net. +; ENTRY_END +; +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;3 a.example.com. example.com. example.net. a.example.net. +; +; STEP 220301 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a.example.com. IN A +; ENTRY_END +; +; STEP 220302 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.example.com. IN CNAME a.example.net. +; a.example.net. IN A 10.0.0.97 +; ENTRY_END +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;4 a.b.example.com. example.com. example.net. a.b.example.net. +; +; STEP 220401 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a.b.example.com. IN A +; ENTRY_END +; +; STEP 220402 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a.b.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.b.example.com. IN CNAME a.b.example.net. +; a.b.example.net. IN A 10.0.97.98 +; ENTRY_END +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;5 ab.example.com. b.example.com. example.net. <no match> +; ;6 foo.example.com. example.com. example.net. foo.example.net. +; +; ; line no. 5 is mostly for authoritative server +; ; line no. 6 is basically the same as line no. 3 +; +; ; ns1.example.com. +; RANGE_BEGIN 220000 220699 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 2 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME example.net. +; ENTRY_END +; +; ; line 3 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.example.com. IN CNAME a.example.net. +; ENTRY_END +; +; ; line 4 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.b.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.b.example.com. IN CNAME a.b.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;7 a.x.example.com. x.example.com. example.net. a.example.net. +; +; STEP 220701 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a.x.example.com. IN A +; ENTRY_END +; +; STEP 220702 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a.x.example.com. IN A +; SECTION ANSWER +; x.example.com. IN DNAME example.net. +; a.x.example.com. IN CNAME a.example.net. +; a.example.net. IN A 10.0.0.97 +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 220700 220799 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 7 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; x.example.com. IN DNAME example.net. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.x.example.com. IN A +; SECTION ANSWER +; x.example.com. IN DNAME example.net. +; a.x.example.com. IN CNAME a.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;8 a.example.com. example.com. y.example.net. a.y.example.net. +; ; +; ; a.example.com. was renamed to a2.example.com. to avoid cache clashes +; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) +; +; STEP 220801 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a2.example.com. IN A +; ENTRY_END +; +; STEP 220802 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a2.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME y.example.net. +; a2.example.com. IN CNAME a2.y.example.net. +; a2.y.example.net. IN A 10.97.50.121 +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 220800 220899 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 8 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME y.example.net. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a2.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME y.example.net. +; a2.example.com. IN CNAME a2.y.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;9 cyc.example.com. example.com. example.com. cyc.example.com. +; +; STEP 220901 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; cyc.example.com. IN A +; ENTRY_END +; +; ; Expected result is defined by RFC 1034 section 3.6.2: +; ; CNAME chains should be followed and CNAME loops signalled as an error +; STEP 220902 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; REPLY SERVFAIL +; SECTION QUESTION +; cyc.example.com. IN A +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 220900 220999 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 9 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME example.com. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.com. +; cyc.example.com. IN CNAME cyc.example.com. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +; ; +; ; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes +; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) +; ; +; ; target c.example.com. was renamed to cyc2.example.net. +; ; to limit number of pre-canned answers required for the test +; +; STEP 221001 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; cyc2.example.com. IN A +; ENTRY_END +; +; ; Expected result is defined by RFC 1034 section 3.6.2: +; ; CNAME chains should be followed and CNAME loops signalled as an error +; STEP 221002 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; REPLY SERVFAIL +; SECTION QUESTION +; cyc2.example.com. IN A +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 221000 221099 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 10 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME cyc2.example.net. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc2.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME cyc2.example.net. +; cyc2.example.com. IN CNAME cyc2.cyc2.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;11 shortloop.x.x. x. . shortloop.x. +; +; STEP 221101 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; shortloop.x.x. TXT +; ENTRY_END +; +; STEP 221102 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; shortloop.x.x. IN TXT +; SECTION ANSWER +; x. IN DNAME . +; ; unbound hack +; x. IN DNAME . +; shortloop.x.x. IN CNAME shortloop.x. +; shortloop.x. IN CNAME shortloop. +; shortloop. IN TXT "shortloop end" +; ENTRY_END +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;12 shortloop.x. x. . shortloop. +; +; ; expire potentically cached CNAMEs for shortloop.x. from cache +; STEP 221200 TIME_PASSES ELAPSE 10000 +; +; STEP 221201 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; shortloop.x. TXT +; ENTRY_END +; +; STEP 221202 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; shortloop.x. IN TXT +; SECTION ANSWER +; x. IN DNAME . +; shortloop.x. IN CNAME shortloop. +; shortloop. IN TXT "shortloop end" +; ENTRY_END +; +; +; ; ns1.example.net. (data shared by whole 22xxxx range) +; RANGE_BEGIN 220000 229999 +; ADDRESS 168.192.3.3 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.net. IN NS +; SECTION ANSWER +; example.net. IN NS ns1.example.net. +; SECTION ADDITIONAL +; example.net. IN A 168.192.3.3 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.net. IN A +; SECTION ANSWER +; ns1.example.net. IN A 168.192.3.3 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.net. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 3 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.example.net. IN A +; SECTION ANSWER +; a.example.net. IN A 10.0.0.97 +; ENTRY_END +; +; ; line 4 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.b.example.net. IN A +; SECTION ANSWER +; a.b.example.net. IN A 10.0.97.98 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a2.y.example.net. IN A +; SECTION ANSWER +; a2.y.example.net. IN A 10.97.50.121 +; ENTRY_END +; +; ; line 10 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc2.example.net. IN DNAME +; SECTION ANSWER +; cyc2.example.net. IN DNAME example.com. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc2.cyc2.example.net. IN A +; SECTION ANSWER +; cyc2.example.net. IN DNAME example.com. +; cyc2.cyc2.example.com. IN CNAME cyc2.example.com. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.net. +; +; +; ; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution +; ; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. +; STEP 229001 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; x.long. IN A +; ENTRY_END +; +; ; query returning maximal permissible length - should work +; STEP 229002 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; x.long. IN A +; SECTION ANSWER +; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +; x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +; x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +; ENTRY_END + +; result of substitution has too long name +; YXDOMAIN should be propagated to the client +; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html +STEP 229003 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +too.long. IN A +ENTRY_END + +STEP 229004 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +REPLY QR YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + + ; ; YXDOMAIN should work even if the cache is empty + ; STEP 229005 TIME_PASSES ELAPSE 4000 + ; + ; STEP 229006 QUERY + ; ENTRY_BEGIN + ; REPLY RD DO + ; SECTION QUESTION + ; too.long. IN A + ; ENTRY_END + ; + ; STEP 229007 CHECK_ANSWER + ; ENTRY_BEGIN + ; MATCH rcode question answer + ; REPLY QR YXDOMAIN + ; SECTION QUESTION + ; x.long. IN A + ; SECTION ANSWER + ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. + ; ENTRY_END + + + + +SCENARIO_END diff --git a/testdata/iter_dnsseclame_bug.rpl b/testdata/iter_dnsseclame_bug.rpl index a22dc96bc551..cb5c549216ba 100644 --- a/testdata/iter_dnsseclame_bug.rpl +++ b/testdata/iter_dnsseclame_bug.rpl @@ -2,6 +2,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_dnsseclame_ds.rpl b/testdata/iter_dnsseclame_ds.rpl index 0e8405db94e9..ca7e8f35aeb2 100644 --- a/testdata/iter_dnsseclame_ds.rpl +++ b/testdata/iter_dnsseclame_ds.rpl @@ -2,6 +2,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_dnsseclame_ds_ok.rpl b/testdata/iter_dnsseclame_ds_ok.rpl index 0ff322cd42bc..eb0ad34d4922 100644 --- a/testdata/iter_dnsseclame_ds_ok.rpl +++ b/testdata/iter_dnsseclame_ds_ok.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_dnsseclame_ta.rpl b/testdata/iter_dnsseclame_ta.rpl index 9472dcc1a1e6..6569949b274f 100644 --- a/testdata/iter_dnsseclame_ta.rpl +++ b/testdata/iter_dnsseclame_ta.rpl @@ -2,6 +2,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_dnsseclame_ta_ok.rpl b/testdata/iter_dnsseclame_ta_ok.rpl index e794b54fdaa8..9c2e0a5d762e 100644 --- a/testdata/iter_dnsseclame_ta_ok.rpl +++ b/testdata/iter_dnsseclame_ta_ok.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_emptydp.rpl b/testdata/iter_emptydp.rpl index 260888c32e51..8e1e4a68d6a7 100644 --- a/testdata/iter_emptydp.rpl +++ b/testdata/iter_emptydp.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_emptydp_for_glue.rpl b/testdata/iter_emptydp_for_glue.rpl index 91e76711ee95..ab19a6b91e65 100644 --- a/testdata/iter_emptydp_for_glue.rpl +++ b/testdata/iter_emptydp_for_glue.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_primenoglue.rpl b/testdata/iter_primenoglue.rpl index c3709dcb1adb..3963a989ddee 100644 --- a/testdata/iter_primenoglue.rpl +++ b/testdata/iter_primenoglue.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_scrub_dname_rev.rpl b/testdata/iter_scrub_dname_rev.rpl index 44939de0a17f..dc259bf63d45 100644 --- a/testdata/iter_scrub_dname_rev.rpl +++ b/testdata/iter_scrub_dname_rev.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_scrub_dname_sec.rpl b/testdata/iter_scrub_dname_sec.rpl index 1ce74ca17785..6cfa19455e8a 100644 --- a/testdata/iter_scrub_dname_sec.rpl +++ b/testdata/iter_scrub_dname_sec.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/net_signed_servfail.rpl b/testdata/net_signed_servfail.rpl index 9fd50df972e9..23669ec2fb8a 100644 --- a/testdata/net_signed_servfail.rpl +++ b/testdata/net_signed_servfail.rpl @@ -4,6 +4,7 @@ server: trust-anchor: ". IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk)}" val-override-date: "20110207110823" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/nomem_cnametopos.rpl b/testdata/nomem_cnametopos.rpl index 68a0b96cbccc..3bc66f753de1 100644 --- a/testdata/nomem_cnametopos.rpl +++ b/testdata/nomem_cnametopos.rpl @@ -7,6 +7,7 @@ server: msg-cache-size: 8 rrset-cache-size: 8 target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/stop_nxdomain.rpl b/testdata/stop_nxdomain.rpl index 9c57ec71bd47..a36138e9100d 100644 --- a/testdata/stop_nxdomain.rpl +++ b/testdata/stop_nxdomain.rpl @@ -4,6 +4,7 @@ server: harden-below-nxdomain: yes trust-anchor: ". IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" val-override-date: "20070916134226" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/stop_nxdomain_minimised.rpl b/testdata/stop_nxdomain_minimised.rpl index 8882b7bd9080..6b9cbef0ce88 100644 --- a/testdata/stop_nxdomain_minimised.rpl +++ b/testdata/stop_nxdomain_minimised.rpl @@ -5,6 +5,7 @@ server: qname-minimisation: yes trust-anchor: ". IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" val-override-date: "20070916134226" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/subnet_cached.crpl b/testdata/subnet_cached.crpl new file mode 100644 index 000000000000..fefbdd1a0d83 --- /dev/null +++ b/testdata/subnet_cached.crpl @@ -0,0 +1,234 @@ +; Ask the same question twice. Check to see second is answered +; from cache + +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache validator iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with positive response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to DNSKEY priming query + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN DNSKEY + SECTION ANSWER + example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} + example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 00 00 ;127.0.0.0/17 + HEX_ANSWER_END +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RD RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 11 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +STEP 11 QUERY + +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 00 00 00 01 00 00 ;ID 0, no RD + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 12 00 ; ip4, scope 18, source 0 + 7f 00 00 ;127.0.0.0/18 + HEX_ANSWER_END +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 12 11 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_derived.crpl b/testdata/subnet_derived.crpl new file mode 100644 index 000000000000..e2944ff8c07f --- /dev/null +++ b/testdata/subnet_derived.crpl @@ -0,0 +1,163 @@ +server: + send-client-subnet: 5.0.15.10 + send-client-subnet: 193.0.14.129 + max-client-subnet-ipv4: 21 + verbosity: 3 + module-config: "subnetcache validator iterator" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Must not send subnet option for 'derived' queries. + +RANGE_BEGIN 0 100 + + ADDRESS 193.0.14.129 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + a.gtld-servers.net. IN AAAA + SECTION AUTHORITY + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 192.5.6.30 + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 5.0.15.10 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 5.0.15.10 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + ns.example.com. IN AAAA + SECTION ANSWER + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ENTRY_END + +RANGE_END + +;; ---------------------------------------- + +STEP 1 QUERY + + ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A + ENTRY_END + +STEP 10 CHECK_ANSWER + + ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION AUTHORITY + SECTION ADDITIONAL + ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_format_ip4.crpl b/testdata/subnet_format_ip4.crpl new file mode 100644 index 000000000000..2ee3c7d4ec1b --- /dev/null +++ b/testdata/subnet_format_ip4.crpl @@ -0,0 +1,160 @@ +server: + send-client-subnet: 5.0.15.10 + max-client-subnet-ipv4: 21 + verbosity: 3 + module-config: "subnetcache validator iterator" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Subnet option ONLY in final query + +RANGE_BEGIN 0 100 + + ADDRESS 193.0.14.129 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + a.gtld-servers.net. IN AAAA + SECTION AUTHORITY + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 192.5.6.30 + + ENTRY_BEGIN + MATCH opcode opcode qtype qname ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 5.0.15.10 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + ns.example.com. IN AAAA + SECTION ANSWER + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ENTRY_END + +RANGE_END + +;; ---------------------------------------- + +STEP 1 QUERY + + ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A + ENTRY_END + +STEP 10 CHECK_ANSWER + + ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION AUTHORITY + SECTION ADDITIONAL + ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_not_whitelisted.crpl b/testdata/subnet_not_whitelisted.crpl new file mode 100644 index 000000000000..474687b5856e --- /dev/null +++ b/testdata/subnet_not_whitelisted.crpl @@ -0,0 +1,156 @@ +server: + send-client-subnet: 9.9.9.9/32 + client-subnet-opcode: 20730 + max-client-subnet-ipv4: 21 + verbosity: 3 + module-config: "subnetcache validator iterator" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Subnet option MUST NOT be send to any host + +RANGE_BEGIN 0 100 + + ADDRESS 193.0.14.129 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + a.gtld-servers.net. IN AAAA + SECTION AUTHORITY + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 192.5.6.30 + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 5.0.15.10 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + ns.example.com. IN AAAA + SECTION ANSWER + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + +RANGE_END + +;; ---------------------------------------- + +STEP 1 QUERY + + ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A + ENTRY_END + +STEP 10 CHECK_ANSWER + + ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION AUTHORITY + SECTION ADDITIONAL + ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_val_positive.crpl b/testdata/subnet_val_positive.crpl new file mode 100644 index 000000000000..732657374a13 --- /dev/null +++ b/testdata/subnet_val_positive.crpl @@ -0,0 +1,183 @@ +; Test subnet option in combination with dnssec + +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache validator iterator" + verbosity: 3 + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with positive response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to DNSKEY priming query + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN DNSKEY + SECTION ANSWER + example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} + example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN + REPLY RD DO + SECTION QUESTION + www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RD RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_val_positive_client.crpl b/testdata/subnet_val_positive_client.crpl new file mode 100644 index 000000000000..96be71f5082f --- /dev/null +++ b/testdata/subnet_val_positive_client.crpl @@ -0,0 +1,194 @@ +; Test subnet option in combination with dnssec +; Client asks for subnet data + +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache validator iterator" + verbosity: 3 + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with positive response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to DNSKEY priming query + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN DNSKEY + SECTION ANSWER + example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} + example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 00 00 ;127.0.0.0/17 + HEX_ANSWER_END +ENTRY_END + + + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RD RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_without_validator.crpl b/testdata/subnet_without_validator.crpl new file mode 100644 index 000000000000..ea0daf730384 --- /dev/null +++ b/testdata/subnet_without_validator.crpl @@ -0,0 +1,160 @@ +server: + send-client-subnet: 5.0.15.10 + max-client-subnet-ipv4: 21 + verbosity: 3 + module-config: "subnetcache iterator" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Works without validator module + +RANGE_BEGIN 0 100 + + ADDRESS 193.0.14.129 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + a.gtld-servers.net. IN AAAA + SECTION AUTHORITY + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 192.5.6.30 + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 5.0.15.10 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + ns.example.com. IN AAAA + SECTION ANSWER + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ENTRY_END + +RANGE_END + +;; ---------------------------------------- + +STEP 1 QUERY + + ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A + ENTRY_END + +STEP 10 CHECK_ANSWER + + ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION AUTHORITY + SECTION ADDITIONAL + ENTRY_END + +SCENARIO_END diff --git a/testdata/val_adbit.rpl b/testdata/val_adbit.rpl index bffc9b71370c..8e9b76e6f7e4 100644 --- a/testdata/val_adbit.rpl +++ b/testdata/val_adbit.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_adcopy.rpl b/testdata/val_adcopy.rpl index 6cd9ad6ecdff..04d04880b915 100644 --- a/testdata/val_adcopy.rpl +++ b/testdata/val_adcopy.rpl @@ -4,6 +4,7 @@ server: #trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_anchor_nx.rpl b/testdata/val_anchor_nx.rpl index be347b11d65c..dbb384dc9145 100644 --- a/testdata/val_anchor_nx.rpl +++ b/testdata/val_anchor_nx.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_anchor_nx_nosig.rpl b/testdata/val_anchor_nx_nosig.rpl index de9be6c456cc..e36180b082f2 100644 --- a/testdata/val_anchor_nx_nosig.rpl +++ b/testdata/val_anchor_nx_nosig.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ans_dsent.rpl b/testdata/val_ans_dsent.rpl index 1eb7778c2d4b..dfac62879f91 100644 --- a/testdata/val_ans_dsent.rpl +++ b/testdata/val_ans_dsent.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ans_nx.rpl b/testdata/val_ans_nx.rpl index 257377202bd2..1e4cc8a1f661 100644 --- a/testdata/val_ans_nx.rpl +++ b/testdata/val_ans_nx.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_any.rpl b/testdata/val_any.rpl index 4285f49c5c32..388d25f6c458 100644 --- a/testdata/val_any.rpl +++ b/testdata/val_any.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_any_cname.rpl b/testdata/val_any_cname.rpl index e85c14c20b53..1477299a49c6 100644 --- a/testdata/val_any_cname.rpl +++ b/testdata/val_any_cname.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_any_dname.rpl b/testdata/val_any_dname.rpl index 6e94f9a4ee8f..cd9ede9a1bb0 100644 --- a/testdata/val_any_dname.rpl +++ b/testdata/val_any_dname.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cname_loop1.rpl b/testdata/val_cname_loop1.rpl index 11d094cdd921..61fcdb7036fd 100644 --- a/testdata/val_cname_loop1.rpl +++ b/testdata/val_cname_loop1.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cname_loop2.rpl b/testdata/val_cname_loop2.rpl index af293401b9c7..26644bc14755 100644 --- a/testdata/val_cname_loop2.rpl +++ b/testdata/val_cname_loop2.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cname_loop3.rpl b/testdata/val_cname_loop3.rpl index e34b0108db2d..fbd0d8abcf3c 100644 --- a/testdata/val_cname_loop3.rpl +++ b/testdata/val_cname_loop3.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnameinsectopos.rpl b/testdata/val_cnameinsectopos.rpl index 29d1565f3cdd..d7ac6deadbaa 100644 --- a/testdata/val_cnameinsectopos.rpl +++ b/testdata/val_cnameinsectopos.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnamenx_dblnsec.rpl b/testdata/val_cnamenx_dblnsec.rpl index 77c50f60b5c0..85a58b5ef0cf 100644 --- a/testdata/val_cnamenx_dblnsec.rpl +++ b/testdata/val_cnamenx_dblnsec.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnamenx_rcodenx.rpl b/testdata/val_cnamenx_rcodenx.rpl index 8d9c2d4fea54..f4485921739a 100644 --- a/testdata/val_cnamenx_rcodenx.rpl +++ b/testdata/val_cnamenx_rcodenx.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnameqtype.rpl b/testdata/val_cnameqtype.rpl index 66a894f6c2e6..0bd5b62e2ba2 100644 --- a/testdata/val_cnameqtype.rpl +++ b/testdata/val_cnameqtype.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametocloser.rpl b/testdata/val_cnametocloser.rpl index c3377c2395ca..ef20c5674ab7 100644 --- a/testdata/val_cnametocloser.rpl +++ b/testdata/val_cnametocloser.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" trust-anchor: "a.b.example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8=" val-override-date: "20091113091234" + fake-sha1: yes forward-zone: name: "." diff --git a/testdata/val_cnametocloser_nosig.rpl b/testdata/val_cnametocloser_nosig.rpl index 80d1020037eb..53793aa3e3eb 100644 --- a/testdata/val_cnametocloser_nosig.rpl +++ b/testdata/val_cnametocloser_nosig.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" trust-anchor: "a.b.example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8=" val-override-date: "20091113091234" + fake-sha1: yes forward-zone: name: "." diff --git a/testdata/val_cnametocnamewctoposwc.rpl b/testdata/val_cnametocnamewctoposwc.rpl index 56faf4130125..e7d9d9460481 100644 --- a/testdata/val_cnametocnamewctoposwc.rpl +++ b/testdata/val_cnametocnamewctoposwc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b" val-override-date: "-1" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametodname.rpl b/testdata/val_cnametodname.rpl index 43561d280777..8f60f7e540bc 100644 --- a/testdata/val_cnametodname.rpl +++ b/testdata/val_cnametodname.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametodnametocnametopos.rpl b/testdata/val_cnametodnametocnametopos.rpl index 0a3a32360561..5c2d578edbfa 100644 --- a/testdata/val_cnametodnametocnametopos.rpl +++ b/testdata/val_cnametodnametocnametopos.rpl @@ -6,6 +6,7 @@ server: trust-anchor: "example.org. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametoinsecure.rpl b/testdata/val_cnametoinsecure.rpl index 538e9fb88efc..c39c5e70eb4c 100644 --- a/testdata/val_cnametoinsecure.rpl +++ b/testdata/val_cnametoinsecure.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" trust-anchor: "example.org. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20091011000000" + fake-sha1: yes forward-zone: name: "." diff --git a/testdata/val_cnametonodata.rpl b/testdata/val_cnametonodata.rpl index b930b5607dd6..3e323ff7fc42 100644 --- a/testdata/val_cnametonodata.rpl +++ b/testdata/val_cnametonodata.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametonodata_nonsec.rpl b/testdata/val_cnametonodata_nonsec.rpl index 588273fba008..097fc683acb5 100644 --- a/testdata/val_cnametonodata_nonsec.rpl +++ b/testdata/val_cnametonodata_nonsec.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametonsec.rpl b/testdata/val_cnametonsec.rpl index 6b32b8da55d8..493b40ccdb46 100644 --- a/testdata/val_cnametonsec.rpl +++ b/testdata/val_cnametonsec.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametonx.rpl b/testdata/val_cnametonx.rpl index cc3315608dba..c0b8a50da13a 100644 --- a/testdata/val_cnametonx.rpl +++ b/testdata/val_cnametonx.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametooptin.rpl b/testdata/val_cnametooptin.rpl index aa58d07f01bd..751d802cce16 100644 --- a/testdata/val_cnametooptin.rpl +++ b/testdata/val_cnametooptin.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametooptout.rpl b/testdata/val_cnametooptout.rpl index 0150a7d87c98..c520383820e1 100644 --- a/testdata/val_cnametooptout.rpl +++ b/testdata/val_cnametooptout.rpl @@ -2,6 +2,7 @@ server: trust-anchor: "GOV. DS 26079 7 2 4ED5FFBC8A40262B56E1232135B929192804ACC006930D087AAB38A611C89041" val-override-date: "20091113091234" + fake-sha1: yes forward-zone: name: "." diff --git a/testdata/val_cnametopos.rpl b/testdata/val_cnametopos.rpl index 9ff4020a909a..822f55e5902c 100644 --- a/testdata/val_cnametopos.rpl +++ b/testdata/val_cnametopos.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametoposnowc.rpl b/testdata/val_cnametoposnowc.rpl index 6e8ff4f27d81..7753a5553901 100644 --- a/testdata/val_cnametoposnowc.rpl +++ b/testdata/val_cnametoposnowc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametoposwc.rpl b/testdata/val_cnametoposwc.rpl index 114fa705acb8..1ceb297fba99 100644 --- a/testdata/val_cnametoposwc.rpl +++ b/testdata/val_cnametoposwc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnamewctonodata.rpl b/testdata/val_cnamewctonodata.rpl index 83aec7a025e8..e2095f979636 100644 --- a/testdata/val_cnamewctonodata.rpl +++ b/testdata/val_cnamewctonodata.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnamewctonx.rpl b/testdata/val_cnamewctonx.rpl index 7da96e259f39..638b665587c4 100644 --- a/testdata/val_cnamewctonx.rpl +++ b/testdata/val_cnamewctonx.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnamewctoposwc.rpl b/testdata/val_cnamewctoposwc.rpl index 33fbc45511f8..731336aa46d5 100644 --- a/testdata/val_cnamewctoposwc.rpl +++ b/testdata/val_cnamewctoposwc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_deleg_nons.rpl b/testdata/val_deleg_nons.rpl index 83cf69232924..bdc68c465f34 100644 --- a/testdata/val_deleg_nons.rpl +++ b/testdata/val_deleg_nons.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_dnametoolong.rpl b/testdata/val_dnametoolong.rpl index b5eea56c6b3e..6cd202ebba96 100644 --- a/testdata/val_dnametoolong.rpl +++ b/testdata/val_dnametoolong.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." @@ -244,10 +245,12 @@ ENTRY_END STEP 10 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA DO SERVFAIL +REPLY QR RD RA DO YXDOMAIN SECTION QUESTION www.example.com. IN A SECTION ANSWER +example.com. IN DNAME long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef. +example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFBdWQE6lzktCN4vdAx9HY1zZe6dYAhUAghsHM4lSJAykdvp5p0wppml03K0= ;{id = 2854} SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/val_dnametopos.rpl b/testdata/val_dnametopos.rpl index faeb40f9dac4..ed2948a9b8ec 100644 --- a/testdata/val_dnametopos.rpl +++ b/testdata/val_dnametopos.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_dnametoposwc.rpl b/testdata/val_dnametoposwc.rpl index e1e91d494717..c5856150e881 100644 --- a/testdata/val_dnametoposwc.rpl +++ b/testdata/val_dnametoposwc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_dnamewc.rpl b/testdata/val_dnamewc.rpl index c34b9e0f9d2d..9d74ee7ce14d 100644 --- a/testdata/val_dnamewc.rpl +++ b/testdata/val_dnamewc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_afterprime.rpl b/testdata/val_ds_afterprime.rpl index 0b203d2676f2..deac3e550f2c 100644 --- a/testdata/val_ds_afterprime.rpl +++ b/testdata/val_ds_afterprime.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_cname.rpl b/testdata/val_ds_cname.rpl index 95fcf5be7e97..85631e53a320 100644 --- a/testdata/val_ds_cname.rpl +++ b/testdata/val_ds_cname.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_cnamesub.rpl b/testdata/val_ds_cnamesub.rpl index d70e2ae29000..618c3caba1cd 100644 --- a/testdata/val_ds_cnamesub.rpl +++ b/testdata/val_ds_cnamesub.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_gost.crpl b/testdata/val_ds_gost.crpl index 10bb7fbd4c3e..ec54cd94857c 100644 --- a/testdata/val_ds_gost.crpl +++ b/testdata/val_ds_gost.crpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_gost_downgrade.crpl b/testdata/val_ds_gost_downgrade.crpl index b8caae2fafaa..a90fa8d180d9 100644 --- a/testdata/val_ds_gost_downgrade.crpl +++ b/testdata/val_ds_gost_downgrade.crpl @@ -4,6 +4,8 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + harden-algo-downgrade: yes stub-zone: name: "." diff --git a/testdata/val_ds_sha2.crpl b/testdata/val_ds_sha2.crpl index 6b92e230f486..9ecba61bc618 100644 --- a/testdata/val_ds_sha2.crpl +++ b/testdata/val_ds_sha2.crpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" fake-dsa: yes + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_sha2_downgrade.crpl b/testdata/val_ds_sha2_downgrade.crpl index ea4a48105cd4..5d9eecb6e236 100644 --- a/testdata/val_ds_sha2_downgrade.crpl +++ b/testdata/val_ds_sha2_downgrade.crpl @@ -5,6 +5,8 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" fake-dsa: yes + fake-sha1: yes + harden-algo-downgrade: yes stub-zone: name: "." diff --git a/testdata/val_ds_sha2_lenient.crpl b/testdata/val_ds_sha2_lenient.crpl new file mode 100644 index 000000000000..fb0fdf01f24f --- /dev/null +++ b/testdata/val_ds_sha2_lenient.crpl @@ -0,0 +1,227 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-dsa: yes + fake-sha1: yes + harden-algo-downgrade: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1 lenience + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. + +; Downgrade attack: false SHA2, correct SHA1 + +; SHA256 DS for sub.example.com. +;sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033 +; BAD SHA256 DS +sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000 + +; SHA1 DS for sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN AAAA +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +; must servfail, BOGUS +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_dsnsec.rpl b/testdata/val_dsnsec.rpl index 5e55b2ba03eb..f0facea9770c 100644 --- a/testdata/val_dsnsec.rpl +++ b/testdata/val_dsnsec.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_entds.rpl b/testdata/val_entds.rpl index 6ad86271a2a1..9a0b539bb748 100644 --- a/testdata/val_entds.rpl +++ b/testdata/val_entds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_faildnskey.rpl b/testdata/val_faildnskey.rpl index 7d0350f1a1a3..4fb7d70c2002 100644 --- a/testdata/val_faildnskey.rpl +++ b/testdata/val_faildnskey.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" # test that default value of harden-dnssec-stripped is still yes. + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_faildnskey_ok.rpl b/testdata/val_faildnskey_ok.rpl index 3764000f10d8..5a50b0fb5e43 100644 --- a/testdata/val_faildnskey_ok.rpl +++ b/testdata/val_faildnskey_ok.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" harden-dnssec-stripped: no target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_fwdds.rpl b/testdata/val_fwdds.rpl index 26e30f44c957..f6c23c6cd5e5 100644 --- a/testdata/val_fwdds.rpl +++ b/testdata/val_fwdds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_keyprefetch.rpl b/testdata/val_keyprefetch.rpl index 9b927b20ef4c..4920375b7ee1 100644 --- a/testdata/val_keyprefetch.rpl +++ b/testdata/val_keyprefetch.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" prefetch-key: yes + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_keyprefetch_verify.rpl b/testdata/val_keyprefetch_verify.rpl index 5f044cc2f28b..3c3ea4d55165 100644 --- a/testdata/val_keyprefetch_verify.rpl +++ b/testdata/val_keyprefetch_verify.rpl @@ -6,6 +6,7 @@ server: target-fetch-policy: "0 0 0 0 0" prefetch-key: yes prefetch: yes + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_mal_wc.rpl b/testdata/val_mal_wc.rpl index d834fe648048..3bd7794488ee 100644 --- a/testdata/val_mal_wc.rpl +++ b/testdata/val_mal_wc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_negcache_ds.rpl b/testdata/val_negcache_ds.rpl index c7739e34cba5..78d823793395 100644 --- a/testdata/val_negcache_ds.rpl +++ b/testdata/val_negcache_ds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_negcache_dssoa.rpl b/testdata/val_negcache_dssoa.rpl index 3f35bbf3b5e7..a74e80969b2a 100644 --- a/testdata/val_negcache_dssoa.rpl +++ b/testdata/val_negcache_dssoa.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_noadwhennodo.rpl b/testdata/val_noadwhennodo.rpl index 13015dbdbd60..8f80b8b9f540 100644 --- a/testdata/val_noadwhennodo.rpl +++ b/testdata/val_noadwhennodo.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata.rpl b/testdata/val_nodata.rpl index 1dbbb77842df..73987685ba88 100644 --- a/testdata/val_nodata.rpl +++ b/testdata/val_nodata.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_ent.rpl b/testdata/val_nodata_ent.rpl index 467bdf5f353a..c67c4016ca48 100644 --- a/testdata/val_nodata_ent.rpl +++ b/testdata/val_nodata_ent.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_entnx.rpl b/testdata/val_nodata_entnx.rpl index 935cf7ce7ce7..298f8a2aea00 100644 --- a/testdata/val_nodata_entnx.rpl +++ b/testdata/val_nodata_entnx.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. IN DS 29332 8 2 751f8b755718a7b4ef8920a4b42407520889c3d2142a64f6ffad9e12fa9fc262" val-override-date: "20140301134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_entwc.rpl b/testdata/val_nodata_entwc.rpl index 03c09a207dcb..82e8258eaf1e 100644 --- a/testdata/val_nodata_entwc.rpl +++ b/testdata/val_nodata_entwc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_failsig.rpl b/testdata/val_nodata_failsig.rpl index 27d5d30c8314..44f7b4160d22 100644 --- a/testdata/val_nodata_failsig.rpl +++ b/testdata/val_nodata_failsig.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_hasdata.rpl b/testdata/val_nodata_hasdata.rpl index f5321182a5ed..47992da3a837 100644 --- a/testdata/val_nodata_hasdata.rpl +++ b/testdata/val_nodata_hasdata.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_zonecut.rpl b/testdata/val_nodata_zonecut.rpl index e9e50a7ce603..9f610654615c 100644 --- a/testdata/val_nodata_zonecut.rpl +++ b/testdata/val_nodata_zonecut.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodatawc.rpl b/testdata/val_nodatawc.rpl index 30e38b605144..6ac40b79ae3a 100644 --- a/testdata/val_nodatawc.rpl +++ b/testdata/val_nodatawc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodatawc_badce.rpl b/testdata/val_nodatawc_badce.rpl index dcf8697db0cb..2811ff846810 100644 --- a/testdata/val_nodatawc_badce.rpl +++ b/testdata/val_nodatawc_badce.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodatawc_nodeny.rpl b/testdata/val_nodatawc_nodeny.rpl index 52dcb0f7842f..1c1adbd251dc 100644 --- a/testdata/val_nodatawc_nodeny.rpl +++ b/testdata/val_nodatawc_nodeny.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodatawc_one.rpl b/testdata/val_nodatawc_one.rpl index 88d66effb430..54f915cd8a1b 100644 --- a/testdata/val_nodatawc_one.rpl +++ b/testdata/val_nodatawc_one.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nokeyprime.rpl b/testdata/val_nokeyprime.rpl index 5eae44f8198e..22653ad1a983 100644 --- a/testdata/val_nokeyprime.rpl +++ b/testdata/val_nokeyprime.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b1_nameerror.rpl b/testdata/val_nsec3_b1_nameerror.rpl index dbe1f9aa3cf1..3e4c9f72adc5 100644 --- a/testdata/val_nsec3_b1_nameerror.rpl +++ b/testdata/val_nsec3_b1_nameerror.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b1_nameerror_noce.rpl b/testdata/val_nsec3_b1_nameerror_noce.rpl index 6dca24cc50ec..f3262752048e 100644 --- a/testdata/val_nsec3_b1_nameerror_noce.rpl +++ b/testdata/val_nsec3_b1_nameerror_noce.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b1_nameerror_nonc.rpl b/testdata/val_nsec3_b1_nameerror_nonc.rpl index b9d32d32e0de..993e943b0d6a 100644 --- a/testdata/val_nsec3_b1_nameerror_nonc.rpl +++ b/testdata/val_nsec3_b1_nameerror_nonc.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm 3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b1_nameerror_nowc.rpl b/testdata/val_nsec3_b1_nameerror_nowc.rpl index 1293aa919d14..db208bbe17cc 100644 --- a/testdata/val_nsec3_b1_nameerror_nowc.rpl +++ b/testdata/val_nsec3_b1_nameerror_nowc.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b21_nodataent.rpl b/testdata/val_nsec3_b21_nodataent.rpl index 10f51f83ab8f..0f41f1e9cfcf 100644 --- a/testdata/val_nsec3_b21_nodataent.rpl +++ b/testdata/val_nsec3_b21_nodataent.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b21_nodataent_wr.rpl b/testdata/val_nsec3_b21_nodataent_wr.rpl index 6c2f44ef5748..7060fb9b7986 100644 --- a/testdata/val_nsec3_b21_nodataent_wr.rpl +++ b/testdata/val_nsec3_b21_nodataent_wr.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b2_nodata.rpl b/testdata/val_nsec3_b2_nodata.rpl index 11af26967262..8ea653f6b3d3 100644 --- a/testdata/val_nsec3_b2_nodata.rpl +++ b/testdata/val_nsec3_b2_nodata.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b2_nodata_nons.rpl b/testdata/val_nsec3_b2_nodata_nons.rpl index 8311fffc07ba..85669401b134 100644 --- a/testdata/val_nsec3_b2_nodata_nons.rpl +++ b/testdata/val_nsec3_b2_nodata_nons.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout.rpl b/testdata/val_nsec3_b3_optout.rpl index 5cde1a9bcf62..ea89e82bf64a 100644 --- a/testdata/val_nsec3_b3_optout.rpl +++ b/testdata/val_nsec3_b3_optout.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_negcache.rpl b/testdata/val_nsec3_b3_optout_negcache.rpl index c2468bab82a7..06bcdb18cbcc 100644 --- a/testdata/val_nsec3_b3_optout_negcache.rpl +++ b/testdata/val_nsec3_b3_optout_negcache.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_noce.rpl b/testdata/val_nsec3_b3_optout_noce.rpl index e61aba83e249..ce476b62c4b9 100644 --- a/testdata/val_nsec3_b3_optout_noce.rpl +++ b/testdata/val_nsec3_b3_optout_noce.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_nonc.rpl b/testdata/val_nsec3_b3_optout_nonc.rpl index 7c8f19fd5b9e..f4804e40c21c 100644 --- a/testdata/val_nsec3_b3_optout_nonc.rpl +++ b/testdata/val_nsec3_b3_optout_nonc.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b4_wild.rpl b/testdata/val_nsec3_b4_wild.rpl index e3041ecd8ea4..5dcd308c95d6 100644 --- a/testdata/val_nsec3_b4_wild.rpl +++ b/testdata/val_nsec3_b4_wild.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b4_wild_wr.rpl b/testdata/val_nsec3_b4_wild_wr.rpl index bff6b4457530..b9a1cda665b0 100644 --- a/testdata/val_nsec3_b4_wild_wr.rpl +++ b/testdata/val_nsec3_b4_wild_wr.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b5_wcnodata.rpl b/testdata/val_nsec3_b5_wcnodata.rpl index c8014ed6931e..717125e8626d 100644 --- a/testdata/val_nsec3_b5_wcnodata.rpl +++ b/testdata/val_nsec3_b5_wcnodata.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b5_wcnodata_noce.rpl b/testdata/val_nsec3_b5_wcnodata_noce.rpl index a933b50c94f7..0506a4780dca 100644 --- a/testdata/val_nsec3_b5_wcnodata_noce.rpl +++ b/testdata/val_nsec3_b5_wcnodata_noce.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b5_wcnodata_nonc.rpl b/testdata/val_nsec3_b5_wcnodata_nonc.rpl index 8ff0e76bc860..440386ee5cc7 100644 --- a/testdata/val_nsec3_b5_wcnodata_nonc.rpl +++ b/testdata/val_nsec3_b5_wcnodata_nonc.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b5_wcnodata_nowc.rpl b/testdata/val_nsec3_b5_wcnodata_nowc.rpl index 4460e5faee22..e6619cf81b3e 100644 --- a/testdata/val_nsec3_b5_wcnodata_nowc.rpl +++ b/testdata/val_nsec3_b5_wcnodata_nowc.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_cname_ds.rpl b/testdata/val_nsec3_cname_ds.rpl index 299400569598..bf4dc5903fa7 100644 --- a/testdata/val_nsec3_cname_ds.rpl +++ b/testdata/val_nsec3_cname_ds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_cname_par.rpl b/testdata/val_nsec3_cname_par.rpl index 20ea0619d654..20ae3b2911a2 100644 --- a/testdata/val_nsec3_cname_par.rpl +++ b/testdata/val_nsec3_cname_par.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_cname_sub.rpl b/testdata/val_nsec3_cname_sub.rpl index 7b38b1a1bdfd..beb910c5f43d 100644 --- a/testdata/val_nsec3_cname_sub.rpl +++ b/testdata/val_nsec3_cname_sub.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_cnametocnamewctoposwc.rpl b/testdata/val_nsec3_cnametocnamewctoposwc.rpl index d8f2c411e482..a7c45efcf099 100644 --- a/testdata/val_nsec3_cnametocnamewctoposwc.rpl +++ b/testdata/val_nsec3_cnametocnamewctoposwc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b" val-override-date: "-1" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_entnodata_optout.rpl b/testdata/val_nsec3_entnodata_optout.rpl index 56ed195fc3f5..5d868def0ac1 100644 --- a/testdata/val_nsec3_entnodata_optout.rpl +++ b/testdata/val_nsec3_entnodata_optout.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_entnodata_optout_badopt.rpl b/testdata/val_nsec3_entnodata_optout_badopt.rpl index d1548f522f36..928814bfb3bc 100644 --- a/testdata/val_nsec3_entnodata_optout_badopt.rpl +++ b/testdata/val_nsec3_entnodata_optout_badopt.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_entnodata_optout_match.rpl b/testdata/val_nsec3_entnodata_optout_match.rpl index 329db5f53d57..2919ff76707b 100644 --- a/testdata/val_nsec3_entnodata_optout_match.rpl +++ b/testdata/val_nsec3_entnodata_optout_match.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_iter_high.rpl b/testdata/val_nsec3_iter_high.rpl index 451bec540a7f..461b5503c59e 100644 --- a/testdata/val_nsec3_iter_high.rpl +++ b/testdata/val_nsec3_iter_high.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" val-nsec3-keysize-iterations: "1024 100 2048 200 4096 500" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nodatawccname.rpl b/testdata/val_nsec3_nodatawccname.rpl index 4f01cdf8a41a..ef5cadf89e4c 100644 --- a/testdata/val_nsec3_nodatawccname.rpl +++ b/testdata/val_nsec3_nodatawccname.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nods.rpl b/testdata/val_nsec3_nods.rpl index 60f20817f805..592adf7617f9 100644 --- a/testdata/val_nsec3_nods.rpl +++ b/testdata/val_nsec3_nods.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nods_badopt.rpl b/testdata/val_nsec3_nods_badopt.rpl index c2f71ca76ac7..723bc767b237 100644 --- a/testdata/val_nsec3_nods_badopt.rpl +++ b/testdata/val_nsec3_nods_badopt.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nods_badsig.rpl b/testdata/val_nsec3_nods_badsig.rpl index 5e265326449e..b0a4ebe56c16 100644 --- a/testdata/val_nsec3_nods_badsig.rpl +++ b/testdata/val_nsec3_nods_badsig.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nods_negcache.rpl b/testdata/val_nsec3_nods_negcache.rpl index 0c4d20ec2040..053e003597ef 100644 --- a/testdata/val_nsec3_nods_negcache.rpl +++ b/testdata/val_nsec3_nods_negcache.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nods_soa.rpl b/testdata/val_nsec3_nods_soa.rpl index a967c5037e30..5b6877ebe13e 100644 --- a/testdata/val_nsec3_nods_soa.rpl +++ b/testdata/val_nsec3_nods_soa.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_optout_ad.rpl b/testdata/val_nsec3_optout_ad.rpl index 1c484eab02fc..67675b830b2c 100644 --- a/testdata/val_nsec3_optout_ad.rpl +++ b/testdata/val_nsec3_optout_ad.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. DS 57024 7 1 46d134be319b2cc910b9938f1cb25dc41abb27bf" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_optout_cache.rpl b/testdata/val_nsec3_optout_cache.rpl index 3ec7ccbdd5cf..f047d3571ed1 100644 --- a/testdata/val_nsec3_optout_cache.rpl +++ b/testdata/val_nsec3_optout_cache.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_wcany.rpl b/testdata/val_nsec3_wcany.rpl index 37074a6a6e0f..f2b68a81bfc2 100644 --- a/testdata/val_nsec3_wcany.rpl +++ b/testdata/val_nsec3_wcany.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_wcany_nodeny.rpl b/testdata/val_nsec3_wcany_nodeny.rpl index 080f086c8ea5..d2c91e0e07c6 100644 --- a/testdata/val_nsec3_wcany_nodeny.rpl +++ b/testdata/val_nsec3_wcany_nodeny.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx.rpl b/testdata/val_nx.rpl index 434354fb487d..9dee57dd4378 100644 --- a/testdata/val_nx.rpl +++ b/testdata/val_nx.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx_nodeny.rpl b/testdata/val_nx_nodeny.rpl index 9c1e0bb3d766..f98248e12be2 100644 --- a/testdata/val_nx_nodeny.rpl +++ b/testdata/val_nx_nodeny.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx_nowc.rpl b/testdata/val_nx_nowc.rpl index 9b8880d77b66..dc04c65f6058 100644 --- a/testdata/val_nx_nowc.rpl +++ b/testdata/val_nx_nowc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx_nsec3_collision.rpl b/testdata/val_nx_nsec3_collision.rpl index 85236e46eb97..5cba2e109af2 100644 --- a/testdata/val_nx_nsec3_collision.rpl +++ b/testdata/val_nx_nsec3_collision.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx_nsec3_params.rpl b/testdata/val_nx_nsec3_params.rpl index 926712637f96..c24714d51acf 100644 --- a/testdata/val_nx_nsec3_params.rpl +++ b/testdata/val_nx_nsec3_params.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx_overreach.rpl b/testdata/val_nx_overreach.rpl index 4494c30f5a58..11c3a4a191c9 100644 --- a/testdata/val_nx_overreach.rpl +++ b/testdata/val_nx_overreach.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_pos_truncns.rpl b/testdata/val_pos_truncns.rpl index 12d3a5481958..76563a50b89a 100644 --- a/testdata/val_pos_truncns.rpl +++ b/testdata/val_pos_truncns.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_positive.rpl b/testdata/val_positive.rpl index c6f8d797a555..9c70fcbc92c6 100644 --- a/testdata/val_positive.rpl +++ b/testdata/val_positive.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_positive_nosigs.rpl b/testdata/val_positive_nosigs.rpl index 4ab6e54f0d03..e1c04d6c1311 100644 --- a/testdata/val_positive_nosigs.rpl +++ b/testdata/val_positive_nosigs.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_positive_wc.rpl b/testdata/val_positive_wc.rpl index f6a04e71ec93..2fb737deb51e 100644 --- a/testdata/val_positive_wc.rpl +++ b/testdata/val_positive_wc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_positive_wc_nodeny.rpl b/testdata/val_positive_wc_nodeny.rpl index b0c1a5428501..4c5f31083878 100644 --- a/testdata/val_positive_wc_nodeny.rpl +++ b/testdata/val_positive_wc_nodeny.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_qds_badanc.rpl b/testdata/val_qds_badanc.rpl index b451135ffe98..dce22a897e55 100644 --- a/testdata/val_qds_badanc.rpl +++ b/testdata/val_qds_badanc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_qds_oneanc.rpl b/testdata/val_qds_oneanc.rpl index 657b4856ea77..541dfeae8ecb 100644 --- a/testdata/val_qds_oneanc.rpl +++ b/testdata/val_qds_oneanc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_qds_twoanc.rpl b/testdata/val_qds_twoanc.rpl index 61e7458b0f0f..1b2cae15a558 100644 --- a/testdata/val_qds_twoanc.rpl +++ b/testdata/val_qds_twoanc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_refer_unsignadd.rpl b/testdata/val_refer_unsignadd.rpl index eb74817ddbbf..d55332687ec9 100644 --- a/testdata/val_refer_unsignadd.rpl +++ b/testdata/val_refer_unsignadd.rpl @@ -6,6 +6,7 @@ server: val-override-date: "20070916134226" access-control: 127.0.0.1 allow_snoop target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_referd.rpl b/testdata/val_referd.rpl index 67e44ea75bff..d532c9a00cf0 100644 --- a/testdata/val_referd.rpl +++ b/testdata/val_referd.rpl @@ -6,6 +6,7 @@ server: harden-referral-path: no access-control: 127.0.0.1 allow_snoop target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_referglue.rpl b/testdata/val_referglue.rpl index bd829bff44df..891e89393fe9 100644 --- a/testdata/val_referglue.rpl +++ b/testdata/val_referglue.rpl @@ -6,6 +6,7 @@ server: directory: "" access-control: 127.0.0.1 allow_snoop target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_rrsig.rpl b/testdata/val_rrsig.rpl index 6ea8c1bc3ee7..e8c39f0fc904 100644 --- a/testdata/val_rrsig.rpl +++ b/testdata/val_rrsig.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_secds.rpl b/testdata/val_secds.rpl index d1a5f64b5c5a..4c40409b7203 100644 --- a/testdata/val_secds.rpl +++ b/testdata/val_secds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_secds_nosig.rpl b/testdata/val_secds_nosig.rpl index 310c9bb8875d..c12f934ce683 100644 --- a/testdata/val_secds_nosig.rpl +++ b/testdata/val_secds_nosig.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_spurious_ns.rpl b/testdata/val_spurious_ns.rpl index 741fd1affc3c..3aef40341ef6 100644 --- a/testdata/val_spurious_ns.rpl +++ b/testdata/val_spurious_ns.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_stub_noroot.rpl b/testdata/val_stub_noroot.rpl index 369bc66e428f..f50041c568f6 100644 --- a/testdata/val_stub_noroot.rpl +++ b/testdata/val_stub_noroot.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20100913111500" ; the dlv anchor is completely ignored, but here to test that. dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_stubds.rpl b/testdata/val_stubds.rpl index 565c596333de..bf5f5d651b8b 100644 --- a/testdata/val_stubds.rpl +++ b/testdata/val_stubds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ta_algo_dnskey.rpl b/testdata/val_ta_algo_dnskey.rpl index d5dd26040cbd..dfe608ef3bb1 100644 --- a/testdata/val_ta_algo_dnskey.rpl +++ b/testdata/val_ta_algo_dnskey.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ta_algo_dnskey_dp.rpl b/testdata/val_ta_algo_dnskey_dp.rpl index b23c0f1b04d7..1ef14adf87a9 100644 --- a/testdata/val_ta_algo_dnskey_dp.rpl +++ b/testdata/val_ta_algo_dnskey_dp.rpl @@ -6,6 +6,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" harden-algo-downgrade: no + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ta_algo_missing.rpl b/testdata/val_ta_algo_missing.rpl index d8c89807b2b0..51dddce2b2f1 100644 --- a/testdata/val_ta_algo_missing.rpl +++ b/testdata/val_ta_algo_missing.rpl @@ -7,6 +7,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" harden-algo-downgrade: yes + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ta_algo_missing_dp.rpl b/testdata/val_ta_algo_missing_dp.rpl index 2cf0556f5bff..fb4a1382562b 100644 --- a/testdata/val_ta_algo_missing_dp.rpl +++ b/testdata/val_ta_algo_missing_dp.rpl @@ -7,6 +7,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" harden-algo-downgrade: no + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_twocname.rpl b/testdata/val_twocname.rpl index 9495c28536fe..2736d917a017 100644 --- a/testdata/val_twocname.rpl +++ b/testdata/val_twocname.rpl @@ -2,6 +2,7 @@ server: trust-anchor: "ORG. DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2" val-override-date: "20091116100204" + fake-sha1: yes forward-zone: name: "." diff --git a/testdata/val_unalgo_anchor.rpl b/testdata/val_unalgo_anchor.rpl index 1a653186a5d4..0848b7063003 100644 --- a/testdata/val_unalgo_anchor.rpl +++ b/testdata/val_unalgo_anchor.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 208 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unalgo_dlv.rpl b/testdata/val_unalgo_dlv.rpl index 7e1d8c9d50f0..9320ca67feda 100644 --- a/testdata/val_unalgo_dlv.rpl +++ b/testdata/val_unalgo_dlv.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unalgo_ds.rpl b/testdata/val_unalgo_ds.rpl index adf1ff123442..8adc049884a0 100644 --- a/testdata/val_unalgo_ds.rpl +++ b/testdata/val_unalgo_ds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unsec_cname.rpl b/testdata/val_unsec_cname.rpl index c532da5ee000..6d4e52f8fa8b 100644 --- a/testdata/val_unsec_cname.rpl +++ b/testdata/val_unsec_cname.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unsecds.rpl b/testdata/val_unsecds.rpl index ff2bc7633dd4..e8a85eb1760a 100644 --- a/testdata/val_unsecds.rpl +++ b/testdata/val_unsecds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unsecds_negcache.rpl b/testdata/val_unsecds_negcache.rpl index de3183978391..7de1775b4901 100644 --- a/testdata/val_unsecds_negcache.rpl +++ b/testdata/val_unsecds_negcache.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unsecds_qtypeds.rpl b/testdata/val_unsecds_qtypeds.rpl index 4d82a1b7e156..5101300053a4 100644 --- a/testdata/val_unsecds_qtypeds.rpl +++ b/testdata/val_unsecds_qtypeds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_wild_pos.rpl b/testdata/val_wild_pos.rpl index d47f03f59a89..9c0c5df0f0c6 100644 --- a/testdata/val_wild_pos.rpl +++ b/testdata/val_wild_pos.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." |