1 ; config options 2 ; Test DNAME TTL=0 grace period: synthesis from cache within 1 second 3 ; Island of trust at example.com, DNSSEC signed DNAME with TTL=0 (RFC 2308) 4 server: 5 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 6 trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" 7 val-override-date: "20070916134226" 8 target-fetch-policy: "0 0 0 0 0" 9 qname-minimisation: "no" 10 fake-sha1: yes 11 trust-anchor-signaling: no 12 13 stub-zone: 14 name: "." 15 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 16 CONFIG_END 17 18 SCENARIO_BEGIN Test DNAME TTL=0: signed DNAME with TTL=0 and RRSIG Original TTL=0. 19 20 ; K.ROOT-SERVERS.NET. 21 RANGE_BEGIN 0 100 22 ADDRESS 193.0.14.129 23 ENTRY_BEGIN 24 MATCH opcode qtype qname 25 ADJUST copy_id 26 REPLY QR NOERROR 27 SECTION QUESTION 28 . IN NS 29 SECTION ANSWER 30 . IN NS K.ROOT-SERVERS.NET. 31 SECTION ADDITIONAL 32 K.ROOT-SERVERS.NET. IN A 193.0.14.129 33 ENTRY_END 34 35 ENTRY_BEGIN 36 MATCH opcode subdomain 37 ADJUST copy_id copy_query 38 REPLY QR NOERROR 39 SECTION QUESTION 40 com. IN NS 41 SECTION AUTHORITY 42 com. IN NS a.gtld-servers.net. 43 SECTION ADDITIONAL 44 a.gtld-servers.net. IN A 192.5.6.30 45 ENTRY_END 46 47 ENTRY_BEGIN 48 MATCH opcode subdomain 49 ADJUST copy_id copy_query 50 REPLY QR NOERROR 51 SECTION QUESTION 52 net. IN A 53 SECTION AUTHORITY 54 net. IN NS a.gtld-servers.net. 55 SECTION ADDITIONAL 56 a.gtld-servers.net. IN A 192.5.6.30 57 ENTRY_END 58 RANGE_END 59 60 ; a.gtld-servers.net. 61 RANGE_BEGIN 0 100 62 ADDRESS 192.5.6.30 63 ENTRY_BEGIN 64 MATCH opcode qtype qname 65 ADJUST copy_id 66 REPLY QR NOERROR 67 SECTION QUESTION 68 com. IN NS 69 SECTION ANSWER 70 com. IN NS a.gtld-servers.net. 71 SECTION ADDITIONAL 72 a.gtld-servers.net. IN A 192.5.6.30 73 ENTRY_END 74 75 ENTRY_BEGIN 76 MATCH opcode qtype qname 77 ADJUST copy_id 78 REPLY QR NOERROR 79 SECTION QUESTION 80 net. IN NS 81 SECTION ANSWER 82 net. IN NS a.gtld-servers.net. 83 SECTION ADDITIONAL 84 a.gtld-servers.net. IN A 192.5.6.30 85 ENTRY_END 86 87 ENTRY_BEGIN 88 MATCH opcode subdomain 89 ADJUST copy_id copy_query 90 REPLY QR NOERROR 91 SECTION QUESTION 92 example.com. IN NS 93 SECTION AUTHORITY 94 example.com. IN NS ns.example.com. 95 SECTION ADDITIONAL 96 ns.example.com. IN A 1.2.3.4 97 ENTRY_END 98 99 ENTRY_BEGIN 100 MATCH opcode subdomain 101 ADJUST copy_id copy_query 102 REPLY QR NOERROR 103 SECTION QUESTION 104 example.net. IN A 105 SECTION AUTHORITY 106 example.net. IN NS ns.example.net. 107 SECTION ADDITIONAL 108 ns.example.net. IN A 1.2.3.5 109 ENTRY_END 110 RANGE_END 111 112 ; ns.example.com. - DNAME with TTL=0 (RRSIG Original TTL=0) 113 RANGE_BEGIN 0 100 114 ADDRESS 1.2.3.4 115 ENTRY_BEGIN 116 MATCH opcode qtype qname 117 ADJUST copy_id 118 REPLY QR NOERROR 119 SECTION QUESTION 120 example.com. IN NS 121 SECTION ANSWER 122 example.com. IN NS ns.example.com. 123 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 124 SECTION ADDITIONAL 125 ns.example.com. IN A 1.2.3.4 126 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 127 ENTRY_END 128 129 ENTRY_BEGIN 130 MATCH opcode qtype qname 131 ADJUST copy_id 132 REPLY QR NOERROR 133 SECTION QUESTION 134 example.com. IN DNSKEY 135 SECTION ANSWER 136 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 137 example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} 138 SECTION AUTHORITY 139 example.com. IN NS ns.example.com. 140 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 141 SECTION ADDITIONAL 142 ns.example.com. IN A 1.2.3.4 143 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 144 ENTRY_END 145 146 ; DNAME with TTL=0, RRSIG Original TTL=0 (signed with ldns-signzone) 147 ENTRY_BEGIN 148 MATCH opcode qtype qname 149 ADJUST copy_id 150 REPLY QR NOERROR 151 SECTION QUESTION 152 foo.test-dname.example.com. IN A 153 SECTION ANSWER 154 test-dname.example.com. 0 IN DNAME example.net. 155 test-dname.example.com. 0 IN RRSIG DNAME 3 3 0 20070926135752 20070829135752 2854 example.com. ADRb2Jl5SCTF2a9/5QFOCfwFzh4Cpt90pJptwrKc+vBHnlivGyPShrU= 156 foo.test-dname.example.com. 0 IN CNAME foo.example.net. 157 ENTRY_END 158 159 RANGE_END 160 161 ; ns.example.net. 162 RANGE_BEGIN 0 100 163 ADDRESS 1.2.3.5 164 ENTRY_BEGIN 165 MATCH opcode qtype qname 166 ADJUST copy_id 167 REPLY QR NOERROR 168 SECTION QUESTION 169 example.net. IN NS 170 SECTION ANSWER 171 example.net. IN NS ns.example.net. 172 example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 173 SECTION ADDITIONAL 174 ns.example.net. IN A 1.2.3.5 175 ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 176 ENTRY_END 177 178 ENTRY_BEGIN 179 MATCH opcode qtype qname 180 ADJUST copy_id 181 REPLY QR NOERROR 182 SECTION QUESTION 183 example.net. IN DNSKEY 184 SECTION ANSWER 185 example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} 186 example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} 187 SECTION AUTHORITY 188 example.net. IN NS ns.example.net. 189 example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} 190 SECTION ADDITIONAL 191 ns.example.net. IN A 1.2.3.5 192 ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} 193 ENTRY_END 194 195 ENTRY_BEGIN 196 MATCH opcode qtype qname 197 ADJUST copy_id 198 REPLY QR NOERROR 199 SECTION QUESTION 200 foo.example.net. IN A 201 SECTION ANSWER 202 foo.example.net. IN A 11.12.13.15 203 foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA== 204 SECTION AUTHORITY 205 SECTION ADDITIONAL 206 ENTRY_END 207 208 ENTRY_BEGIN 209 MATCH opcode qtype qname 210 ADJUST copy_id 211 REPLY QR NOERROR 212 SECTION QUESTION 213 foo2.example.net. IN A 214 SECTION ANSWER 215 foo2.example.net. IN A 11.12.13.16 216 foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ== 217 SECTION AUTHORITY 218 SECTION ADDITIONAL 219 ENTRY_END 220 RANGE_END 221 222 STEP 1 TIME_PASSES ELAPSE 10 223 ; First query: get DNAME TTL=0 into cache 224 STEP 10 QUERY 225 ENTRY_BEGIN 226 REPLY RD DO 227 SECTION QUESTION 228 foo.test-dname.example.com. IN A 229 ENTRY_END 230 231 STEP 20 CHECK_ANSWER 232 ENTRY_BEGIN 233 MATCH all ttl 234 REPLY QR RD RA AD DO NOERROR 235 SECTION QUESTION 236 foo.test-dname.example.com. IN A 237 SECTION ANSWER 238 test-dname.example.com. 0 IN DNAME example.net. 239 test-dname.example.com. 0 IN RRSIG DNAME 3 3 0 20070926135752 20070829135752 2854 example.com. ADRb2Jl5SCTF2a9/5QFOCfwFzh4Cpt90pJptwrKc+vBHnlivGyPShrU= 240 foo.test-dname.example.com. 0 IN CNAME foo.example.net. 241 foo.example.net. IN A 11.12.13.15 242 foo.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. X6T6SE9UzxAD/4zKpwGOxEDyE4g7lfYYw3lvw533uwRN8mWTcBvSva0/jjyhrogJcuLO32jPHK6zGb93w2xnuA== 243 ENTRY_END 244 245 STEP 29 TIME_PASSES ELAPSE 1 246 247 ; Second query: within grace period (TIME_PASSES 1 above) 248 ; With cache grace: synthesis from cached TTL=0 DNAME 249 STEP 30 QUERY 250 ENTRY_BEGIN 251 REPLY RD DO 252 SECTION QUESTION 253 foo2.test-dname.example.com. IN A 254 ENTRY_END 255 256 ; foo2.test-dname.example.com is not answered upstream 257 ; so this reply is synthesized by the cached (1 second grace period) DNAME 258 STEP 40 CHECK_ANSWER 259 ENTRY_BEGIN 260 MATCH all ttl 261 REPLY QR RD RA AD DO NOERROR 262 SECTION QUESTION 263 foo2.test-dname.example.com. IN A 264 SECTION ANSWER 265 test-dname.example.com. 0 IN DNAME example.net. 266 test-dname.example.com. 0 IN RRSIG DNAME 3 3 0 20070926135752 20070829135752 2854 example.com. ADRb2Jl5SCTF2a9/5QFOCfwFzh4Cpt90pJptwrKc+vBHnlivGyPShrU= 267 foo2.test-dname.example.com. 0 IN CNAME foo2.example.net. 268 foo2.example.net. 3600 IN A 11.12.13.16 269 foo2.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. BZm+GljD8m9N+pNJN8D+LlSyHqM+InNUe0+heKILR9be+Goqv6SEb7LKtX6+kj3239Y5by7u+/Cuk8kkWistEQ== 270 ENTRY_END 271 272 SCENARIO_END 273
Indexes created Mon Jun 01 00:24:59 UTC 2026