1 ; config options 2 ; The island of trust is at example.com 3 server: 4 trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" 5 val-override-date: "20070916134226" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 minimal-responses: no 11 nsid: "ascii_hopsa kidee" 12 ede: yes 13 access-control: 127.0.0.0/8 allow_snoop 14 15 stub-zone: 16 name: "." 17 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 18 CONFIG_END 19 20 SCENARIO_BEGIN Test for NSID in SERVFAIL response due to DNSSEC bogus 21 22 ; K.ROOT-SERVERS.NET. 23 RANGE_BEGIN 0 100 24 ADDRESS 193.0.14.129 25 ENTRY_BEGIN 26 MATCH opcode qtype qname 27 ADJUST copy_id 28 REPLY QR NOERROR 29 SECTION QUESTION 30 . IN NS 31 SECTION ANSWER 32 . IN NS K.ROOT-SERVERS.NET. 33 SECTION ADDITIONAL 34 K.ROOT-SERVERS.NET. IN A 193.0.14.129 35 ENTRY_END 36 37 ENTRY_BEGIN 38 MATCH opcode qtype qname 39 ADJUST copy_id 40 REPLY QR NOERROR 41 SECTION QUESTION 42 www.example.com. IN A 43 SECTION AUTHORITY 44 com. IN NS a.gtld-servers.net. 45 SECTION ADDITIONAL 46 a.gtld-servers.net. IN A 192.5.6.30 47 ENTRY_END 48 RANGE_END 49 50 ; a.gtld-servers.net. 51 RANGE_BEGIN 0 100 52 ADDRESS 192.5.6.30 53 ENTRY_BEGIN 54 MATCH opcode qtype qname 55 ADJUST copy_id 56 REPLY QR NOERROR 57 SECTION QUESTION 58 com. IN NS 59 SECTION ANSWER 60 com. IN NS a.gtld-servers.net. 61 SECTION ADDITIONAL 62 a.gtld-servers.net. IN A 192.5.6.30 63 ENTRY_END 64 65 ENTRY_BEGIN 66 MATCH opcode qtype qname 67 ADJUST copy_id 68 REPLY QR NOERROR 69 SECTION QUESTION 70 www.example.com. IN A 71 SECTION AUTHORITY 72 example.com. IN NS ns.example.com. 73 SECTION ADDITIONAL 74 ns.example.com. IN A 1.2.3.4 75 ENTRY_END 76 RANGE_END 77 78 ; ns.example.com. 79 RANGE_BEGIN 0 100 80 ADDRESS 1.2.3.4 81 ENTRY_BEGIN 82 MATCH opcode qtype qname 83 ADJUST copy_id 84 REPLY QR NOERROR 85 SECTION QUESTION 86 example.com. IN NS 87 SECTION ANSWER 88 example.com. IN NS ns.example.com. 89 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 90 SECTION ADDITIONAL 91 ns.example.com. IN A 1.2.3.4 92 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 93 ENTRY_END 94 95 ; response to DNSKEY priming query 96 ENTRY_BEGIN 97 MATCH opcode qtype qname 98 ADJUST copy_id 99 REPLY QR NOERROR 100 SECTION QUESTION 101 example.com. IN DNSKEY 102 SECTION ANSWER 103 example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} 104 example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} 105 SECTION AUTHORITY 106 example.com. IN NS ns.example.com. 107 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 108 SECTION ADDITIONAL 109 ns.example.com. IN A 1.2.3.4 110 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} 111 ENTRY_END 112 113 ; nodata for ns.example.com AAAA 114 ENTRY_BEGIN 115 MATCH opcode qtype qname 116 ADJUST copy_id 117 REPLY QR AA NOERROR 118 SECTION QUESTION 119 ns.example.com. IN AAAA 120 SECTION ANSWER 121 SECTION AUTHORITY 122 example.com. 3600 IN SOA ns.example.com. root.example.com. 4 1440 0 3600 604800 3600 123 example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= 124 SECTION ADDITIONAL 125 ENTRY_END 126 127 128 ; response to query of interest 129 ENTRY_BEGIN 130 MATCH opcode qtype qname 131 ADJUST copy_id 132 REPLY QR NOERROR 133 SECTION QUESTION 134 www.example.com. IN A 135 SECTION ANSWER 136 www.example.com. IN A 10.20.30.40 137 ;good signature 138 ;www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} 139 ;missing 140 www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2855 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= 141 SECTION AUTHORITY 142 example.com. IN NS ns.example.com. 143 example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} 144 SECTION ADDITIONAL 145 ns.example.com. IN A 1.2.3.4 146 ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} 147 ENTRY_END 148 RANGE_END 149 150 STEP 1 QUERY 151 ENTRY_BEGIN 152 REPLY RD DO 153 SECTION QUESTION 154 www.example.com. IN A 155 SECTION ADDITIONAL 156 HEX_EDNSDATA_BEGIN 157 00 03 ; Opcode NSID (3) 158 00 00 ; Length 0 159 HEX_EDNSDATA_END 160 ENTRY_END 161 162 ; recursion happens here. 163 STEP 10 CHECK_ANSWER 164 ENTRY_BEGIN 165 MATCH all ede=9 166 REPLY QR RD RA DO SERVFAIL 167 SECTION QUESTION 168 www.example.com. IN A 169 SECTION ANSWER 170 SECTION ADDITIONAL 171 HEX_EDNSDATA_BEGIN 172 00 03 ; Opcode NSID (3) 173 00 0b ; Length 11 174 68 6F 70 73 61 20 ; "hopsa " 175 6B 69 64 65 65 ; "kidee" 176 HEX_EDNSDATA_END 177 ENTRY_END 178 179 ; Redo the query without RD to check EDE caching. 180 STEP 11 QUERY 181 ENTRY_BEGIN 182 REPLY DO 183 SECTION QUESTION 184 www.example.com. IN A 185 SECTION ADDITIONAL 186 HEX_EDNSDATA_BEGIN 187 00 03 ; Opcode NSID (3) 188 00 00 ; Length 0 189 HEX_EDNSDATA_END 190 ENTRY_END 191 192 STEP 12 CHECK_ANSWER 193 ENTRY_BEGIN 194 MATCH all ede=9 195 REPLY QR RA DO SERVFAIL 196 SECTION QUESTION 197 www.example.com. IN A 198 SECTION ANSWER 199 SECTION ADDITIONAL 200 HEX_EDNSDATA_BEGIN 201 00 03 ; Opcode NSID (3) 202 00 0b ; Length 11 203 68 6F 70 73 61 20 ; "hopsa " 204 6B 69 64 65 65 ; "kidee" 205 HEX_EDNSDATA_END 206 ENTRY_END 207 208 SCENARIO_END 209
Indexes created Mon Jun 01 00:24:59 UTC 2026