1 ; config options 2 ; The island of trust is at example.com 3 server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 domain-insecure: "sub.example.com" 6 val-override-date: "20070916134226" 7 target-fetch-policy: "0 0 0 0 0" 8 qname-minimisation: "no" 9 ede: yes 10 11 stub-zone: 12 name: "." 13 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 14 CONFIG_END 15 16 SCENARIO_BEGIN Test validator with domain-insecure below a DS 17 18 ; K.ROOT-SERVERS.NET. 19 RANGE_BEGIN 0 100 20 ADDRESS 193.0.14.129 21 ENTRY_BEGIN 22 MATCH opcode qtype qname 23 ADJUST copy_id 24 REPLY QR NOERROR 25 SECTION QUESTION 26 . IN NS 27 SECTION ANSWER 28 . IN NS K.ROOT-SERVERS.NET. 29 SECTION ADDITIONAL 30 K.ROOT-SERVERS.NET. IN A 193.0.14.129 31 ENTRY_END 32 33 ENTRY_BEGIN 34 MATCH opcode qtype qname 35 ADJUST copy_id 36 REPLY QR NOERROR 37 SECTION QUESTION 38 www.sub.example.com. IN A 39 SECTION AUTHORITY 40 com. IN NS a.gtld-servers.net. 41 SECTION ADDITIONAL 42 a.gtld-servers.net. IN A 192.5.6.30 43 ENTRY_END 44 RANGE_END 45 46 ; a.gtld-servers.net. 47 RANGE_BEGIN 0 100 48 ADDRESS 192.5.6.30 49 ENTRY_BEGIN 50 MATCH opcode qtype qname 51 ADJUST copy_id 52 REPLY QR NOERROR 53 SECTION QUESTION 54 com. IN NS 55 SECTION ANSWER 56 com. IN NS a.gtld-servers.net. 57 SECTION ADDITIONAL 58 a.gtld-servers.net. IN A 192.5.6.30 59 ENTRY_END 60 61 ENTRY_BEGIN 62 MATCH opcode qtype qname 63 ADJUST copy_id 64 REPLY QR NOERROR 65 SECTION QUESTION 66 www.sub.example.com. IN A 67 SECTION AUTHORITY 68 example.com. IN NS ns.example.com. 69 SECTION ADDITIONAL 70 ns.example.com. IN A 1.2.3.4 71 ENTRY_END 72 RANGE_END 73 74 ; ns.example.com. 75 RANGE_BEGIN 0 100 76 ADDRESS 1.2.3.4 77 ENTRY_BEGIN 78 MATCH opcode qtype qname 79 ADJUST copy_id 80 REPLY QR NOERROR 81 SECTION QUESTION 82 example.com. IN NS 83 SECTION ANSWER 84 example.com. IN NS ns.example.com. 85 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 86 SECTION ADDITIONAL 87 ns.example.com. IN A 1.2.3.4 88 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 89 ENTRY_END 90 91 ; response to DNSKEY priming query 92 ENTRY_BEGIN 93 MATCH opcode qtype qname 94 ADJUST copy_id 95 REPLY QR NOERROR 96 SECTION QUESTION 97 example.com. IN DNSKEY 98 SECTION ANSWER 99 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 100 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 101 SECTION AUTHORITY 102 example.com. IN NS ns.example.com. 103 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 104 SECTION ADDITIONAL 105 ns.example.com. IN A 1.2.3.4 106 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 107 ENTRY_END 108 109 ; response for delegation to sub.example.com. 110 ENTRY_BEGIN 111 MATCH opcode qtype qname 112 ADJUST copy_id 113 REPLY QR NOERROR 114 SECTION QUESTION 115 www.sub.example.com. IN A 116 SECTION ANSWER 117 SECTION AUTHORITY 118 sub.example.com. IN NS ns.sub.example.com. 119 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 120 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} 121 SECTION ADDITIONAL 122 ns.sub.example.com. IN A 1.2.3.6 123 ENTRY_END 124 125 ; response for delegation to sub.example.com. 126 ENTRY_BEGIN 127 MATCH opcode qtype qname 128 ADJUST copy_id 129 REPLY QR NOERROR 130 SECTION QUESTION 131 sub.example.com. IN DNSKEY 132 SECTION ANSWER 133 SECTION AUTHORITY 134 sub.example.com. IN NS ns.sub.example.com. 135 sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 136 sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} 137 SECTION ADDITIONAL 138 ns.sub.example.com. IN A 1.2.3.6 139 ENTRY_END 140 RANGE_END 141 142 ; ns.sub.example.com. 143 RANGE_BEGIN 0 100 144 ADDRESS 1.2.3.6 145 ENTRY_BEGIN 146 MATCH opcode qtype qname 147 ADJUST copy_id 148 REPLY QR NOERROR 149 SECTION QUESTION 150 sub.example.com. IN NS 151 SECTION ANSWER 152 sub.example.com. IN NS ns.sub.example.com. 153 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} 154 SECTION ADDITIONAL 155 ns.sub.example.com. IN A 1.2.3.6 156 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} 157 ENTRY_END 158 159 ; response to DNSKEY priming query 160 ; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 161 ENTRY_BEGIN 162 MATCH opcode qtype qname 163 ADJUST copy_id 164 REPLY QR NOERROR 165 SECTION QUESTION 166 sub.example.com. IN DNSKEY 167 SECTION ANSWER 168 sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 169 sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} 170 SECTION AUTHORITY 171 sub.example.com. IN NS ns.sub.example.com. 172 sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} 173 SECTION ADDITIONAL 174 ns.sub.example.com. IN A 1.2.3.6 175 ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} 176 ENTRY_END 177 178 ; response to query of interest 179 ENTRY_BEGIN 180 MATCH opcode qtype qname 181 ADJUST copy_id 182 REPLY QR NOERROR 183 SECTION QUESTION 184 www.sub.example.com. IN A 185 SECTION ANSWER 186 www.sub.example.com. IN A 11.11.11.11 187 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} 188 SECTION AUTHORITY 189 SECTION ADDITIONAL 190 ENTRY_END 191 RANGE_END 192 193 STEP 1 QUERY 194 ENTRY_BEGIN 195 REPLY RD DO 196 SECTION QUESTION 197 www.sub.example.com. IN A 198 ENTRY_END 199 200 ; recursion happens here. 201 STEP 10 CHECK_ANSWER 202 ENTRY_BEGIN 203 MATCH all 204 REPLY QR RD RA DO NOERROR 205 SECTION QUESTION 206 www.sub.example.com. IN A 207 SECTION ANSWER 208 www.sub.example.com. 3600 IN A 11.11.11.11 209 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} 210 SECTION AUTHORITY 211 SECTION ADDITIONAL 212 ENTRY_END 213 214 ; Check cached response with CD bit 215 STEP 20 QUERY 216 ENTRY_BEGIN 217 REPLY RD CD DO 218 SECTION QUESTION 219 www.sub.example.com. IN A 220 ENTRY_END 221 222 ; a bug here would return EDE=6 (default from validator) 223 STEP 21 CHECK_ANSWER 224 ENTRY_BEGIN 225 MATCH all 226 REPLY QR RD RA CD DO NOERROR 227 SECTION QUESTION 228 www.sub.example.com. IN A 229 SECTION ANSWER 230 www.sub.example.com. 3600 IN A 11.11.11.11 231 www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} 232 SECTION AUTHORITY 233 SECTION ADDITIONAL 234 ENTRY_END 235 236 SCENARIO_END 237
Indexes created Mon Jun 01 00:24:59 UTC 2026