1 ; config options 2 ; The island of trust is at test. 3 server: 4 trust-anchor: "test. DS 1444 8 2 8a87d067fd09a5965244fe2e317dd26d182c468e0a7f26ecc4c7b479bf89db9b" 5 val-override-date: "20201020135527" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 minimal-responses: no 11 iter-scrub-promiscuous: no 12 aggressive-nsec: yes 13 local-zone: test. nodefault 14 log-servfail: yes 15 16 stub-zone: 17 name: "." 18 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 19 CONFIG_END 20 21 SCENARIO_BEGIN Test DNAME with an unsigned CNAME that mismatches the DNAME. 22 ; The CNAME occurs later in a list of redirections. 23 24 ; K.ROOT-SERVERS.NET. 25 RANGE_BEGIN 0 100 26 ADDRESS 193.0.14.129 27 ENTRY_BEGIN 28 MATCH opcode qtype qname 29 ADJUST copy_id 30 REPLY QR NOERROR 31 SECTION QUESTION 32 . IN NS 33 SECTION ANSWER 34 . IN NS K.ROOT-SERVERS.NET. 35 SECTION ADDITIONAL 36 K.ROOT-SERVERS.NET. IN A 193.0.14.129 37 ENTRY_END 38 39 ENTRY_BEGIN 40 MATCH opcode subdomain 41 ADJUST copy_id copy_query 42 REPLY QR NOERROR 43 SECTION QUESTION 44 test. IN NS 45 SECTION AUTHORITY 46 test. IN NS ns.test. 47 SECTION ADDITIONAL 48 ns.test. IN A 1.2.3.5 49 ENTRY_END 50 RANGE_END 51 52 ; ns.test 53 RANGE_BEGIN 0 100 54 ADDRESS 1.2.3.5 55 ENTRY_BEGIN 56 MATCH opcode qtype qname 57 ADJUST copy_id 58 REPLY QR AA NOERROR 59 SECTION QUESTION 60 test. IN NS 61 SECTION ANSWER 62 test. IN NS ns.test 63 test. 3600 IN RRSIG NS 8 1 3600 20201116135527 20201019135527 1444 test. RGCxIO32TbbLTk6xZmTr+fjYPH50hntBxeOQ2DIj2pDsmjALcHYtVkOfpfk2EhOhHZd+9PLuoJPbJh6a9NqLSFeBvr0XZoCZoQ2g0tCHUNHcH5EVjA2TuYBQem6DVYnPLJ3914aRx0uA1j42b8dC2xsam/XkOo7U+dLbUW2Os1s= 64 SECTION ADDITIONAL 65 ns.test. IN A 1.2.3.5 66 ns.test. 3600 IN RRSIG A 8 2 3600 20201116135527 20201019135527 1444 test. GskCc4/k6GjH9V9Jz2V5L2XLiizbOeWkB0feSbf+aN859S3vxVvtuqkvIgwY4LafUO1QAn/pUcv9zA7rcFO++rlg+8t6gvZTo9p3v0bfeIv2uJDsfSBD5jDh0WXlxjekfnrKrQp7zE+GiA93tWwKUWKPvxXDgP+n886e6WcbHJw= 67 ENTRY_END 68 69 ENTRY_BEGIN 70 MATCH opcode qtype qname 71 ADJUST copy_id 72 REPLY QR AA NOERROR 73 SECTION QUESTION 74 ns.test. IN A 75 SECTION ANSWER 76 ns.test. IN A 1.2.3.5 77 ns.test. 3600 IN RRSIG A 8 2 3600 20201116135527 20201019135527 1444 test. GskCc4/k6GjH9V9Jz2V5L2XLiizbOeWkB0feSbf+aN859S3vxVvtuqkvIgwY4LafUO1QAn/pUcv9zA7rcFO++rlg+8t6gvZTo9p3v0bfeIv2uJDsfSBD5jDh0WXlxjekfnrKrQp7zE+GiA93tWwKUWKPvxXDgP+n886e6WcbHJw= 78 ENTRY_END 79 80 ENTRY_BEGIN 81 MATCH opcode qtype qname 82 ADJUST copy_id 83 REPLY QR AA NOERROR 84 SECTION QUESTION 85 ns.test. IN AAAA 86 SECTION AUTHORITY 87 test. 3600 IN SOA ns.test. host.test. 20201 3600 1800 604800 3600 88 test. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 test. IZJIDmEgf0W7A5G7hvvZ2hUqJ9Trbv1/i7ySapDmPbYV9lVCmHHobySxO01yDhI2/Pvpsvxqrm1Tiv3BxH8uzZ4keKgiQjBsSy4htAsFct9I4E7ly2glPj/Fm3oun3PsjJDv5QYhx0KS7w4IQKU7Nc9pfJc92uoUI5bdoC1pRGw= 89 ns.test. 3600 IN NSEC nz.test. A RRSIG 90 ns.test. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 test. PElArVB3KPg8KHAP7lzcNbhFuXNxTsHNTn1dZVncB5qmWRdIaeKpaXDjpH0JSXMaelGFS+/QhuQ6Hmw9+4VyZFRqMzGhw4agUR/2bxABHcDIG4ZpUwyeSP61ATTfHUkQVxaH2wjCWI/tfmesdP2xVE4GXyUvCIBxU914MkZbULU= 91 ENTRY_END 92 93 ENTRY_BEGIN 94 MATCH opcode qtype qname 95 ADJUST copy_id 96 REPLY QR AA NOERROR 97 SECTION QUESTION 98 test. IN DNSKEY 99 SECTION ANSWER 100 test. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} 101 test. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 test. UmRMS4iG9NBBHZYOtpwFFcJgbEb5SfHSgHd9XRe/8pTWM31WSDayn5ViPOBMqI1T5TXg2amc13dDI574xIM2oKMus3b5cBW72jJLW13jprBtslO6P8BMWb4HNnvLrJtQjwf3ErRirtTxinLmywQtmyr1cdthyG3Gp4N7i90fHSc= 102 SECTION ADDITIONAL 103 ENTRY_END 104 105 ENTRY_BEGIN 106 MATCH opcode qname qtype 107 ADJUST copy_id 108 REPLY QR AA NOERROR 109 SECTION QUESTION 110 example.test. IN DS 111 SECTION ANSWER 112 example.test. 3600 IN DS 55567 8 2 a2d578906330a10a57d40462257b6ce038bad3f7bf4a45c46c46086e20a94b39 113 example.test. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 test. P7+FTYW2qHuJ4I1YbuvseEz5X1lOYAraGEHB3C5y0OOCQFmhmSiFRdquNi2NlpcS6FXLdsE0EU+Bo1+0atTG4EkMWXbpF21lrtbB51BdsnlX4Mzc/o375fvjiOMwmF6wPCUaOUN62jrVrhsE/hedaVyDphDToqL17ETohwgUO2I= 114 ENTRY_END 115 116 ENTRY_BEGIN 117 MATCH opcode subdomain 118 ADJUST copy_id copy_query 119 REPLY QR NOERROR 120 SECTION QUESTION 121 example.test. IN NS 122 SECTION AUTHORITY 123 example.test. IN NS ns.example.test. 124 example.test. 3600 IN DS 55567 8 2 a2d578906330a10a57d40462257b6ce038bad3f7bf4a45c46c46086e20a94b39 125 example.test. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 test. P7+FTYW2qHuJ4I1YbuvseEz5X1lOYAraGEHB3C5y0OOCQFmhmSiFRdquNi2NlpcS6FXLdsE0EU+Bo1+0atTG4EkMWXbpF21lrtbB51BdsnlX4Mzc/o375fvjiOMwmF6wPCUaOUN62jrVrhsE/hedaVyDphDToqL17ETohwgUO2I= 126 SECTION ADDITIONAL 127 ns.example.test. IN A 1.2.3.4 128 ENTRY_END 129 130 ENTRY_BEGIN 131 MATCH opcode subdomain 132 ADJUST copy_id copy_query 133 REPLY QR NOERROR 134 SECTION QUESTION 135 fox.test. IN NS 136 SECTION AUTHORITY 137 fox.test. IN NS ns.fox.test. 138 fox.test. 3600 IN DS 29332 8 2 5b06f16c7b8cc07ba7b8e1ab0a40a40ecf89e1e94da2f0b1d2159b64dba80d96 139 fox.test. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 test. B9bKqUJgJcGlKSWyGkdGGS6unKUwNJteTq08caL40QEZcAy836vwypGzOIQJNUw+mYIEecvtrF9H4mG+EjzDKv+n+36DCNvJMn6b8+FC9COw4mqITAjYPZjDwtOXAKVbuBuZJsbP2ztacJ98tXcORozaaKDGH/3fmsUlaKcuPmo= 140 SECTION ADDITIONAL 141 ns.fox.test. IN A 1.2.3.6 142 ENTRY_END 143 RANGE_END 144 145 ; ns.example.test. 146 RANGE_BEGIN 0 15 147 ADDRESS 1.2.3.4 148 ENTRY_BEGIN 149 MATCH opcode qtype qname 150 ADJUST copy_id 151 REPLY QR NOERROR 152 SECTION QUESTION 153 example.test. IN NS 154 SECTION ANSWER 155 example.test. IN NS ns.example.test. 156 example.test. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55567 example.test. l1JT0wMlK0YI7/CWHzexf/k0iafUhCgN+BdgjBXIRXmSQNf4HDTiAkbcWL2/15qtnp12nQy9JeiTdSQ3vtPoHAJX4C5uTWaze4ms+Wrrf+n92sLCjacP9x50uuicH3URT6cKb1QCAPwlvlWxIlZjAMYFScSns7+C441NMJT8aE4= 157 SECTION ADDITIONAL 158 ns.example.test. IN A 1.2.3.4 159 ns.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. 2PWaVaccZFQgfPKXNsdEGYUVaashCAj1ZhBo9XRt5eQKUFvZcauBjMnXIuxZFyWeootn1fZGw6GuPI5W48Y0FDx38H6adprkFgQikso2Y64jDdDMWznSo38Z/XqP+U0+kq4vmwonvmEMpm7hKnNEXvhqGKyGzyBwb+CZVJ2L8Eo= 160 ENTRY_END 161 162 ENTRY_BEGIN 163 MATCH opcode qtype qname 164 ADJUST copy_id 165 REPLY QR AA NOERROR 166 SECTION QUESTION 167 ns.example.test. IN A 168 SECTION ANSWER 169 ns.example.test. IN A 1.2.3.4 170 ns.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. 2PWaVaccZFQgfPKXNsdEGYUVaashCAj1ZhBo9XRt5eQKUFvZcauBjMnXIuxZFyWeootn1fZGw6GuPI5W48Y0FDx38H6adprkFgQikso2Y64jDdDMWznSo38Z/XqP+U0+kq4vmwonvmEMpm7hKnNEXvhqGKyGzyBwb+CZVJ2L8Eo= 171 ENTRY_END 172 173 ENTRY_BEGIN 174 MATCH opcode qtype qname 175 ADJUST copy_id 176 REPLY QR AA NOERROR 177 SECTION QUESTION 178 ns.example.test. IN AAAA 179 SECTION AUTHORITY 180 example.test. 3600 IN SOA ns.example.test. host.example.test. 20301 3600 1800 604800 3600 181 example.test. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55567 example.test. 2UUkScBAN37fJpSrelhE8DotKvmOzj3q9wicaanCIaCv95DE4nQnePih5B+ek3FIRjB/Uv2+z4Ro5Uxy94XAnlK0rCkDLSa0U9U7KP0ytc88sevO0x1SCPAMoZoJO6JqHkv42pdh54WSz+Zb/D8npY0j/tksHe/uX+VQnMymgb8= 182 ns.example.test. 3600 IN NSEC nz.example.test. A RRSIG 183 ns.example.test. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55567 example.test. v/5aO/n8Ow21y7LE7JKZsFkUJU5MjIfadVRm2Tdb8f3RLwYDdBTs3aWeeEQdCRSUF61TmfJM1jIxlWQPuHbqzGnjSk7adw9gFpP7wFwoqG3/xdCFHoxo/3/1F/4Ankey3sDgKgOFsgnu40TlL36mGPYszeK+/2o3SAx2GM+3BdU= 184 ENTRY_END 185 186 ; response to DNSKEY priming query 187 ENTRY_BEGIN 188 MATCH opcode qtype qname 189 ADJUST copy_id 190 REPLY QR NOERROR 191 SECTION QUESTION 192 example.test. IN DNSKEY 193 SECTION ANSWER 194 example.test. 3600 IN DNSKEY 257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b} 195 example.test. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55567 example.test. IbWMC6quOuZFNPAVxQLqCJ9nLhindBo826rnLcg5yMgs9dGUSPOCXAfHTmbgJAUNs9HTFfrJWNvasnETs0UOpmEuifGwWdH1OlME7Gny4RL2QmITUFeMW81Jz1tiVQxFXl6yxT0jxOxvz+bqMHlrz+8IeWQXcO+GZTPu8ueq30g= 196 ENTRY_END 197 198 ; response to query of interest 199 ENTRY_BEGIN 200 MATCH opcode qtype qname 201 ADJUST copy_id 202 REPLY QR AA NOERROR 203 SECTION QUESTION 204 a.d.example.test. IN A 205 SECTION ANSWER 206 d.example.test. 3600 IN DNAME tgt.example.test. 207 d.example.test. 3600 IN RRSIG DNAME 8 3 3600 20201116135527 20201019135527 55567 example.test. EGpXUnJuzkETAO2OWyZDrTeInnyxF7CXPXGDfFt2x3CBUeckUUZcgQQ3yMh+BATKph2nOhBfk8klvZ35C9sQO7Z32REAnqGjpHiR86xRPYxG62Nk9kXv1Odeh/adz2QhB93N8U7W57FM0P/VQDkP0GQXTSRGTuj+7ihfYVd4HWI= 208 ; with CNAME signature 209 a.d.example.test. 3600 IN CNAME a.tgt.example.test. 210 a.d.example.test. 3600 IN RRSIG CNAME 8 4 3600 20201116135527 20201019135527 55567 example.test. efnytLE7P95kLr/tA9H0Z77VTOUQk24ci2bDgdVe8EuodTXtgg5PVHVLljD3QQ1Cpyme50odH/fhn2j1ORQpJTMk24Un/VRhVNquf+kj1nawJ59J0hjag4i0FIwZEG3/P7ogTB3Yd2y0Osb42Aawp48KvtVkUeBukk/GSutaTVQ= 211 ENTRY_END 212 213 ENTRY_BEGIN 214 MATCH opcode qtype qname 215 ADJUST copy_id 216 REPLY QR AA NOERROR 217 SECTION QUESTION 218 a.tgt.example.test. IN A 219 SECTION ANSWER 220 a.tgt.example.test. 3600 IN CNAME b.d.example.test. 221 a.tgt.example.test. 3600 IN RRSIG CNAME 8 4 3600 20201116135527 20201019135527 55567 example.test. XHYWSHIm9J8j8T1qMh1tHZS71UguXYUVescKPFtoGHRuyRhHNob+NAqdn3I4/+8HSSGrJDqhTX/Vo3rcc3/g5HOHScwzZByB/diyJWpG9IA7pm7c7FnHnHpGBVdHq9wXlkgCPiaJShpE1zg1nNy3p99ca9/wh4y9XWSfcl0L8aw= 222 ENTRY_END 223 224 ENTRY_BEGIN 225 MATCH opcode qtype qname 226 ADJUST copy_id 227 REPLY QR AA NOERROR 228 SECTION QUESTION 229 b.d.example.test. IN A 230 SECTION ANSWER 231 ; This answer is injected 232 ; Without an RRSIG. 233 b.d.example.test. 3600 IN CNAME www.fox.test. 234 ENTRY_END 235 RANGE_END 236 237 ; ns.fox.test. 238 RANGE_BEGIN 0 100 239 ADDRESS 1.2.3.6 240 ENTRY_BEGIN 241 MATCH opcode qtype qname 242 ADJUST copy_id 243 REPLY QR AA NOERROR 244 SECTION QUESTION 245 ns.fox.test. IN AAAA 246 SECTION AUTHORITY 247 fox.test. 3600 IN SOA ns.fox.test. host.fox.test. 20601 3600 1800 604800 3600 248 fox.test. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 29332 fox.test. QScf+vyis5/Km03ALuLQDfUDagA9/UG/oIQw6LnvmsVoqJSNXa3LIObWT9zfWgdJT0qFayWR4K9hnd9rT1enuVmXX8k47s7AjPZmE0qQxms5xz7jOhj/XLFplXOE9/GkgvAZKPb42qkU3Xf6Bevxzfy4/qW7+yXflWsjLV1vAhz38M4ESeWp0MDme8+DND0f7aoprGcC5saAPfa35nQhHS40q4IwiUDBBk1uwhCBF9ZGsjRfXmECOxIc1/0hBOv+Hhwog4K5b8rdl7LA2VggNiVOUuLFpXEH0XxknEspbQwWppP4TWC1H2QYGaKCc2Hu7NBhM/Ly7caGK+2u1MZvsg== 249 ns.fox.test. 3600 IN NSEC nz.fox.test. A RRSIG 250 ns.fox.test. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 29332 fox.test. RQjV2PHbBVdGhvSRl0lutzoIZ9KezBAAwvI5sQoIGLdlMeQxj/BOy16auYRLTxvB9xehkrTTeL5xYUwcbi4uFS/kr3IUmlVXeldHOk4T42huV9MGfWzguUsB2jjsrcdt11qEnLo27SVVcvQReswwfpOPRPHg52fS6vt50AIWwttLOLvZEGiGIjRGb4lBaCnoO6YYzOnwcRCV0UScTjlPxS1SBEKsdbPvzfUUyp+wOVnIVAXrd0xEChB7QrTIrcBt4mutXVUNBDcfkZCXgEwu3scWQQS8rNO6O3PvpLgs6PIHX191WjovkJ9/PL+8MO/7UUatSWhZUwuQBUq6VofCYw== 251 ENTRY_END 252 253 ; response to DNSKEY priming query 254 ENTRY_BEGIN 255 MATCH opcode qtype qname 256 ADJUST copy_id 257 REPLY QR NOERROR 258 SECTION QUESTION 259 fox.test. IN DNSKEY 260 SECTION ANSWER 261 fox.test. IN DNSKEY 257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b} 262 fox.test. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 29332 fox.test. bTslCQKai9U9EWkBPnMiO+Rb34qMAZSzfgEb68x+ZKi2DDyzK7v8TCX8unTlqeQCnTqqgJ7cCUcqrbSV3ip9WGNe5fUy5j9hxH04ddLcDhygnjLi4C7iQX67ratRGu1JM3Evk/gVF76a5J2RSQk340jOFHC0nnjWOMHlDDxBeK4Zr6lYvAMJB2uy08xbi1FuGUSPcrbRFnVb74QMAPLS9Uj5JM8lMsOMtrhHX9zBN8Euo4M1X0sinBdJse3P/fIZ+ZvSnOEpVvur3bcUl+bqFJ18nM/Mj/e3XW3WBWE1dI6p6HdAXLrJyjJINzm+YnNzj11tzu/e4BQCjOutY9XkKA== 263 ENTRY_END 264 265 ; response to query of interest 266 ENTRY_BEGIN 267 MATCH opcode qtype qname 268 ADJUST copy_id 269 REPLY QR AA NOERROR 270 SECTION QUESTION 271 www.fox.test. IN A 272 SECTION ANSWER 273 www.fox.test. 3600 IN A 10.20.30.43 274 www.fox.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 29332 fox.test. ehPLws7Jnlx5Trm7Z8Hxr0WkLdkxyif+E1aGzFMib4eP0nvLV89WOQ2Fpm1xT/VaNJBXjXhWPB0Oo/gAKVs1znqmyjutFdXi2+9rXnK73jD2+rWBGW/sgBl/9cr458j7441nEK18Mq4SserQcLBqM38IivTlK1J5uXUpEPKMCSA82waf0Z+LUk8czFqeYy+KlJSsiu33mrVWrjyNLIXCbZ2dxfdaVSKyAoQafiokp1NGnw3onQkXXOPqJ7GRsN8Ml4c2nOrEYIG6otoZXXjtkoNCOHzBBkPVEP82JjzQchq0fDWQ2UHOXXZYBG/B6m5PuOXmgKJVDKZ/iVNQofPp8w== 275 ENTRY_END 276 RANGE_END 277 278 STEP 1 QUERY 279 ENTRY_BEGIN 280 REPLY RD DO 281 SECTION QUESTION 282 a.d.example.test. IN A 283 ENTRY_END 284 285 STEP 10 TRAFFIC 286 ; The unsigned CNAME should make SERVFAIL. 287 288 STEP 20 CHECK_ANSWER 289 ENTRY_BEGIN 290 MATCH all 291 REPLY QR RD RA DO SERVFAIL 292 SECTION QUESTION 293 a.d.example.test. IN A 294 SECTION ANSWER 295 ENTRY_END 296 297 SCENARIO_END 298
Indexes created Mon Jun 22 00:25:11 UTC 2026