1 ; config options 2 server: 3 target-fetch-policy: "0 0 0 0 0" 4 trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" 5 trust-anchor-signaling: no 6 val-override-date: 20201020135527 7 8 auth-zone: 9 name: "example.com." 10 ## zonefile (or none). 11 ## zonefile: "example.com.zone" 12 ## master by IP address or hostname 13 ## can list multiple masters, each on one line. 14 ## master: 15 ## url for http fetch 16 ## url: 17 ## queries from downstream clients get authoritative answers. 18 ## for-downstream: yes 19 for-downstream: no 20 ## queries are used to fetch authoritative answers from this zone, 21 ## instead of unbound itself sending queries there. 22 ## for-upstream: yes 23 for-upstream: yes 24 ## on failures with for-upstream, fallback to sending queries to 25 ## the authority servers 26 ## fallback-enabled: no 27 zonemd-check: yes 28 29 ## this line generates zonefile: \n"/tmp/xxx.example.com"\n 30 zonefile: 31 TEMPFILE_NAME example.com 32 ## this is the inline file /tmp/xxx.example.com 33 ## the tempfiles are deleted when the testrun is over. 34 TEMPFILE_CONTENTS example.com 35 example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 36 example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= 37 example.com. 3600 IN NS ns.example.com. 38 example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= 39 ; dnskey is wrong: 40 example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+AAAAA ;{id = 55566 (zsk), size = 1024b} 41 ; dnskey that was correct: 42 ;example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} 43 example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= 44 example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f 45 example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= 46 example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 47 example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= 48 bar.example.com. 3600 IN A 1.2.3.4 49 bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= 50 bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC 51 bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= 52 ding.example.com. 3600 IN A 1.2.3.4 53 ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= 54 ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC 55 ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= 56 foo.example.com. 3600 IN A 1.2.3.4 57 foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= 58 foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC 59 foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= 60 ns.example.com. 3600 IN A 127.0.0.1 61 ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= 62 ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC 63 ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= 64 www.example.com. 3600 IN A 127.0.0.1 65 www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= 66 www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC 67 www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= 68 TEMPFILE_END 69 70 stub-zone: 71 name: "." 72 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 73 CONFIG_END 74 75 SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed chain of trust 76 77 ; K.ROOT-SERVERS.NET. 78 RANGE_BEGIN 0 100 79 ADDRESS 193.0.14.129 80 ENTRY_BEGIN 81 MATCH opcode qtype qname 82 ADJUST copy_id 83 REPLY QR NOERROR 84 SECTION QUESTION 85 . IN NS 86 SECTION ANSWER 87 . IN NS K.ROOT-SERVERS.NET. 88 SECTION ADDITIONAL 89 K.ROOT-SERVERS.NET. IN A 193.0.14.129 90 ENTRY_END 91 92 ENTRY_BEGIN 93 MATCH opcode subdomain 94 ADJUST copy_id copy_query 95 REPLY QR NOERROR 96 SECTION QUESTION 97 com. IN NS 98 SECTION AUTHORITY 99 com. IN NS a.gtld-servers.net. 100 SECTION ADDITIONAL 101 a.gtld-servers.net. IN A 192.5.6.30 102 ENTRY_END 103 RANGE_END 104 105 ; a.gtld-servers.net. 106 RANGE_BEGIN 0 100 107 ADDRESS 192.5.6.30 108 ENTRY_BEGIN 109 MATCH opcode qtype qname 110 ADJUST copy_id 111 REPLY QR NOERROR 112 SECTION QUESTION 113 com. IN NS 114 SECTION ANSWER 115 com. IN NS a.gtld-servers.net. 116 SECTION ADDITIONAL 117 a.gtld-servers.net. IN A 192.5.6.30 118 ENTRY_END 119 120 ENTRY_BEGIN 121 MATCH opcode qname qtype 122 ADJUST copy_id 123 REPLY QR AA NOERROR 124 SECTION QUESTION 125 example.com. IN DS 126 SECTION ANSWER 127 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af 128 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= 129 ENTRY_END 130 131 ENTRY_BEGIN 132 MATCH opcode subdomain 133 ADJUST copy_id copy_query 134 REPLY QR NOERROR 135 SECTION QUESTION 136 example.com. IN NS 137 SECTION AUTHORITY 138 example.com. IN NS ns.example.com. 139 example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af 140 example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= 141 SECTION ADDITIONAL 142 ns.example.com. IN A 1.2.3.44 143 ENTRY_END 144 145 ENTRY_BEGIN 146 MATCH opcode qtype qname 147 ADJUST copy_id 148 REPLY QR AA NOERROR 149 SECTION QUESTION 150 com. IN DNSKEY 151 SECTION ANSWER 152 com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} 153 com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= 154 SECTION ADDITIONAL 155 ENTRY_END 156 157 RANGE_END 158 159 ; ns.example.net. 160 RANGE_BEGIN 0 100 161 ADDRESS 1.2.3.44 162 ENTRY_BEGIN 163 MATCH opcode qtype qname 164 ADJUST copy_id 165 REPLY QR NOERROR 166 SECTION QUESTION 167 example.net. IN NS 168 SECTION ANSWER 169 example.net. IN NS ns.example.net. 170 SECTION ADDITIONAL 171 ns.example.net. IN A 1.2.3.44 172 ENTRY_END 173 174 ENTRY_BEGIN 175 MATCH opcode qtype qname 176 ADJUST copy_id 177 REPLY QR NOERROR 178 SECTION QUESTION 179 ns.example.net. IN A 180 SECTION ANSWER 181 ns.example.net. IN A 1.2.3.44 182 SECTION AUTHORITY 183 example.net. IN NS ns.example.net. 184 ENTRY_END 185 186 ENTRY_BEGIN 187 MATCH opcode qtype qname 188 ADJUST copy_id 189 REPLY QR NOERROR 190 SECTION QUESTION 191 ns.example.net. IN AAAA 192 SECTION AUTHORITY 193 example.net. IN NS ns.example.net. 194 SECTION ADDITIONAL 195 www.example.net. IN A 1.2.3.44 196 ENTRY_END 197 198 ENTRY_BEGIN 199 MATCH opcode qtype qname 200 ADJUST copy_id 201 REPLY QR NOERROR 202 SECTION QUESTION 203 example.com. IN NS 204 SECTION ANSWER 205 example.com. IN NS ns.example.net. 206 ENTRY_END 207 208 ENTRY_BEGIN 209 MATCH opcode qtype qname 210 ADJUST copy_id 211 REPLY QR NOERROR 212 SECTION QUESTION 213 www.example.com. IN A 214 SECTION ANSWER 215 www.example.com. IN A 10.20.30.40 216 ENTRY_END 217 RANGE_END 218 219 STEP 1 QUERY 220 ENTRY_BEGIN 221 REPLY RD 222 SECTION QUESTION 223 www.example.com. IN A 224 ENTRY_END 225 226 ; recursion happens here. 227 STEP 20 CHECK_ANSWER 228 ENTRY_BEGIN 229 MATCH all 230 REPLY QR RD RA SERVFAIL 231 SECTION QUESTION 232 www.example.com. IN A 233 SECTION ANSWER 234 ENTRY_END 235 236 SCENARIO_END 237
Indexes created Mon Jun 01 00:24:59 UTC 2026