Home | History | Annotate | Line # | Download | only in testdata 
      1 ; config options
      2 server:
      3 	module-config: "respip validator iterator"
      4 	target-fetch-policy: "0 0 0 0 0"
      5 	qname-minimisation: no
      6 	trust-anchor: "org. DS 1444 8 2 5224fb17d630a2e3efdc863a05a4032c5db415b5de3f32472ee9abed42e10146"
      7 	val-override-date: "20070916134226"
      8 	trust-anchor-signaling: no
      9 	val-log-level: 2
     10 	ede: yes
     11 
     12 stub-zone:
     13         name: "."
     14         stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
     15 
     16 rpz:
     17         name: "rpz.example.com."
     18         rpz-log: yes
     19         rpz-log-name: "rpz.example.com"
     20         zonefile:
     21 TEMPFILE_NAME rpz.example.com
     22 TEMPFILE_CONTENTS rpz.example.com
     23 $ORIGIN example.com.
     24 rpz     3600    IN      SOA     ns1.rpz.example.com. hostmaster.rpz.example.com. (
     25                 1379078166 28800 7200 604800 7200 )
     26         3600    IN      NS      ns1.rpz.example.com.
     27         3600    IN      NS      ns2.rpz.example.com.
     28 $ORIGIN rpz.example.com.
     29 foo.org CNAME .
     30 foo2.org CNAME .
     31 foo3.org CNAME .
     32 bok.foo4.org A 4.0.5.5
     33 www.foo5.org CNAME alt.foo5.org.
     34 TEMPFILE_END
     35 
     36 CONFIG_END
     37 
     38 SCENARIO_BEGIN Test RPZ with validator handles blocked zone.
     39 ; The DNSKEY and DS lookups are stopped.
     40 
     41 ; K.ROOT-SERVERS.NET.
     42 RANGE_BEGIN 0 1000
     43 	ADDRESS 193.0.14.129
     44 ENTRY_BEGIN
     45 MATCH opcode qtype qname
     46 ADJUST copy_id
     47 REPLY QR AA NOERROR
     48 SECTION QUESTION
     49 . IN NS
     50 SECTION ANSWER
     51 . IN NS K.ROOT-SERVERS.NET.
     52 SECTION ADDITIONAL
     53 K.ROOT-SERVERS.NET. IN A 193.0.14.129
     54 ENTRY_END
     55 
     56 ENTRY_BEGIN
     57 MATCH opcode subdomain
     58 ADJUST copy_id copy_query
     59 REPLY QR NOERROR
     60 SECTION QUESTION
     61 org. IN NS
     62 SECTION AUTHORITY
     63 org.    IN NS  ns1.servers.org.
     64 SECTION ADDITIONAL
     65 ns1.servers.org. IN A 1.2.3.51
     66 ENTRY_END
     67 
     68 ENTRY_BEGIN
     69 MATCH opcode subdomain
     70 ADJUST copy_id copy_query
     71 REPLY QR NOERROR
     72 SECTION QUESTION
     73 com. IN NS
     74 SECTION AUTHORITY
     75 com.    IN NS  ns1.servers.com.
     76 SECTION ADDITIONAL
     77 ns1.servers.com. IN A 1.2.3.52
     78 ENTRY_END
     79 RANGE_END
     80 
     81 ; ns1.servers.org for .org
     82 RANGE_BEGIN 0 1000
     83 	ADDRESS 1.2.3.51
     84 ENTRY_BEGIN
     85 MATCH opcode qtype qname
     86 ADJUST copy_id
     87 REPLY QR AA NOERROR
     88 SECTION QUESTION
     89 org. IN NS
     90 SECTION ANSWER
     91 org.	3600	IN	NS	ns1.servers.org.
     92 org.	3600	IN	RRSIG	NS 8 1 3600 20070926134150 20070829134150 1444 org. arkVLr3b2Ip4bkWpjPTywYWzoVqay11KLB+ZygfoIWtq7mKW20SjRGI+AzIviHHWPv8iibzA8nwcTehuSmqIuRTmZXYj58hpi/AxrqqzJNiwE60swi1dKn3ti0SZKZaLMRnxrrAv7yu3PR6zGt7CD7gJgxfMfQMc6QryQJQbiyM=
     93 SECTION ADDITIONAL
     94 ns1.servers.org.	3600	IN	A	1.2.3.51
     95 ns1.servers.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 1444 org. k+9JSbFm5GWSzEbVckC9bVXvzQYwbLvMbHMYmL5tIjt8RMhVhbkyqu+XER5m8xUFL0nrUqJ8ad6SKI9X/8FYGk1iSegpAjIh4bHGzea7vvM7CWw0HfTmmwDhS569IvUfxHyjH4TjSVlM1x9o/d8NGSLAa7h34b0s+NXLEEjNNbI=
     96 ENTRY_END
     97 
     98 ENTRY_BEGIN
     99 MATCH opcode qtype qname
    100 ADJUST copy_id
    101 REPLY QR AA NOERROR
    102 SECTION QUESTION
    103 org. IN DNSKEY
    104 SECTION ANSWER
    105 org.	3600	IN	DNSKEY	257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
    106 org.	3600	IN	RRSIG	DNSKEY 8 1 3600 20070926134150 20070829134150 1444 org. pJVKrXD3veTg0qOB2PSQAWdeTEyFFzSbMHJ2F9J9WyxVuMMIDj119aJrkHtkXTmLT7wdOd9RZxDfG0A1H30lQeQdvaJoymaVUgWLXfiwIAYg+4Uk7vZrP7UzHJO2BgDnGdf42h2vgBoboyP9szNMHTGGQdpUk7VkhtE6djonzwg=
    107 ENTRY_END
    108 
    109 ENTRY_BEGIN
    110 MATCH opcode subdomain
    111 ADJUST copy_id copy_query
    112 REPLY QR NOERROR
    113 SECTION QUESTION
    114 foo.org. IN NS
    115 SECTION AUTHORITY
    116 foo.org.	3600	IN	DS	29332 8 2 d38b124648bd7e32033a7fe9fd94ceab56e971ea9e61b3365566ccc028c15c98
    117 foo.org.	3600	IN	RRSIG	DS 8 2 3600 20070926134150 20070829134150 1444 org. BE2cR03ecUYk/nRsJNMcNfsOWnSoOfkwx4zmF9eEqwoRn/i5QzsrRBEUdorfBsFjpdKqB2R6jSu53CTQAGv392w8AE0cRANPBxcDUiWaRyFZ7CaqspKorPijOJCKEtgztEfFgC9YXab3xvRkJVUZzZRJ4nCrpmNIGzvmf7LlCTg=
    118 foo.org. IN NS  ns.foo.org.
    119 SECTION ADDITIONAL
    120 ns.foo.org. IN A 1.2.3.53
    121 ENTRY_END
    122 
    123 ENTRY_BEGIN
    124 MATCH opcode subdomain
    125 ADJUST copy_id copy_query
    126 REPLY QR NOERROR
    127 SECTION QUESTION
    128 foo2.org. IN NS
    129 SECTION AUTHORITY
    130 foo2.org.	3600	IN	NSEC	foo3.org. NS RRSIG NSEC
    131 foo2.org.	3600	IN	RRSIG	NSEC 8 2 3600 20070926134150 20070829134150 1444 org. RfkRfmLeyLYtdDKrLBaXTk/KXTkUn9/4dMZtm3Kl5k5oa9/LkbPmnPb0z+zZ/3aBBKZu0QIevS7w++fdYWfIQiK+DIgG9hhp+lNxakLKp4M5SiWuh+zlTjwbRzlf4abWe/c/FR4bjesgObUdLnaIoM4h3aQUS1KsjyGFmLOCUGM=
    132 foo2.org. IN NS  ns.foo2.org.
    133 SECTION ADDITIONAL
    134 ns.foo2.org. IN A 1.2.3.54
    135 ENTRY_END
    136 
    137 ; for this entry the org zone is suddenly resigned with NSEC3.
    138 ENTRY_BEGIN
    139 MATCH opcode subdomain
    140 ADJUST copy_id copy_query
    141 REPLY QR NOERROR
    142 SECTION QUESTION
    143 foo3.org. IN NS
    144 SECTION AUTHORITY
    145 ; org. NSEC3PARAM 1 0 0 -
    146 ; org. -> mvnq25j8mo8ge527pikocn5rl72s2o0s.
    147 ; foo3.org. -> n3dm0vverfek5tl6klsp0k0gduj0gk92.
    148 mvnq25j8mo8ge527pikocn5rl72s2o0s.org. IN NSEC3 1 0 0 - mvnq25j8mo8ge527pikocn5rl72s2o0t NS SOA RRSIG DNSKEY
    149 mvnq25j8mo8ge527pikocn5rl72s2o0s.org.	3600	IN	RRSIG	NSEC3 8 2 3600 20070926134150 20070829134150 1444 org. MBmDCmjCeXShkwoDI/I04KK7w33FkNs7vci+SKoR5uWS24E3yt2AVgfkwFkKh42+MgqZnBUJEdRPOfATc80XDwxDhdymB3Ff4W1KAVFpJAkU42ii3bdiyYr+YPWVWdCYG2EfSpLcJiD6E21mW2DNRR7Lj9/W89WmndeUEgpjALA=
    150 n3dm0vverfek5tl6klsp0k0gduj0gk91.org. IN NSEC3 1 0 0 - n3dm0vverfek5tl6klsp0k0gduj0gk93 NS DS RRSIG
    151 n3dm0vverfek5tl6klsp0k0gduj0gk91.org.	3600	IN	RRSIG	NSEC3 8 2 3600 20070926134150 20070829134150 1444 org. H5aeeVc6k8fTSwUYDA9BW4ScHazb2b3NfvdQwRbKYj97tlJnJa+cojgOnyvP3qW9YoqO0aRT8rzUjFPJajOIRoS/6XVWCZ3ymDNQIi8oW6vT8qQYA2ldmoWDvFK9fHSgiwqJzQiKXtNGdqTfj2HEyVKVbFTv/Cgxh5jLcB6r9jM=
    152 foo3.org. IN NS  ns.foo3.org.
    153 SECTION ADDITIONAL
    154 ns.foo3.org. IN A 1.2.3.55
    155 ENTRY_END
    156 
    157 ENTRY_BEGIN
    158 MATCH opcode subdomain
    159 ADJUST copy_id copy_query
    160 REPLY QR NOERROR
    161 SECTION QUESTION
    162 foo4.org. IN NS
    163 SECTION AUTHORITY
    164 foo4.org.	3600	IN	DS	55567 8 2 db658962fbd0a03e81f1a68c33bb53eef3bc30e980040cb476fb191b24dfdd5a
    165 foo4.org.	3600	IN	RRSIG	DS 8 2 3600 20070926134150 20070829134150 1444 org. kO2d+9du+9y0HcAUq056qnqBoXLwT+/EN82lEocJjCE7lx9qxv4YpwfNd1Sr3J9lwvZbfEm5uRPmSwtrythlI4+qmlsEWE90mfUntH+JqlXj7t2E514AZ/SZPSUd6h6AKPlB/DIhHuI/fAEKB+S263NnvVMccaHh8ScJMsY9nGI=
    166 foo4.org. IN NS  ns.foo4.org.
    167 SECTION ADDITIONAL
    168 ns.foo4.org. IN A 1.2.3.56
    169 ENTRY_END
    170 
    171 ENTRY_BEGIN
    172 MATCH opcode subdomain
    173 ADJUST copy_id copy_query
    174 REPLY QR NOERROR
    175 SECTION QUESTION
    176 foo5.org. IN NS
    177 SECTION AUTHORITY
    178 foo5.org.	3600	IN	DS	55567 8 2 4046e908302813cad9b4448cd4c243be118b7c18f8414b820bce0a1eab6f6889
    179 foo5.org.	3600	IN	RRSIG	DS 8 2 3600 20070926134150 20070829134150 1444 org. e0+FRSrwoSeQxd35dcvsEFGQIO9nz+H6p52LAwPDUTOSwFcbR+q+x4OKX+eG8dbFXK7MGztdGdpPji95HzlezXRTt/66sXqYeDM61NezxVM6N/OjPIOL3VTGeyG4nvDj4ycvBbgjJqdhmev6aWYmTQwFa0+6Nxrlsldrl5/chW4=
    180 foo5.org. IN NS  ns.foo5.org.
    181 SECTION ADDITIONAL
    182 ns.foo5.org. IN A 1.2.3.57
    183 ENTRY_END
    184 RANGE_END
    185 
    186 ; ns1.servers.com for .com
    187 RANGE_BEGIN 0 1000
    188 	ADDRESS 1.2.3.52
    189 ENTRY_BEGIN
    190 MATCH opcode qtype qname
    191 ADJUST copy_id
    192 REPLY QR AA NOERROR
    193 SECTION QUESTION
    194 com. IN NS
    195 SECTION ANSWER
    196 com.    IN NS  ns1.servers.com.
    197 SECTION ADDITIONAL
    198 ns1.servers.com. IN A 1.2.3.52
    199 ENTRY_END
    200 
    201 ENTRY_BEGIN
    202 MATCH opcode qtype qname
    203 ADJUST copy_id
    204 REPLY QR AA NOERROR
    205 SECTION QUESTION
    206 foo.com. IN TXT
    207 SECTION ANSWER
    208 foo.com. IN CNAME www.foo.org.
    209 ENTRY_END
    210 
    211 ENTRY_BEGIN
    212 MATCH opcode qtype qname
    213 ADJUST copy_id
    214 REPLY QR AA NOERROR
    215 SECTION QUESTION
    216 foo2.com. IN TXT
    217 SECTION ANSWER
    218 foo2.com. IN CNAME www.foo2.org.
    219 ENTRY_END
    220 
    221 ENTRY_BEGIN
    222 MATCH opcode qtype qname
    223 ADJUST copy_id
    224 REPLY QR AA NOERROR
    225 SECTION QUESTION
    226 foo4.com. IN A
    227 SECTION ANSWER
    228 foo4.com. IN CNAME www.foo4.org.
    229 ENTRY_END
    230 
    231 ENTRY_BEGIN
    232 MATCH opcode qtype qname
    233 ADJUST copy_id
    234 REPLY QR AA NOERROR
    235 SECTION QUESTION
    236 foo5.com. IN A
    237 SECTION ANSWER
    238 foo5.com. IN CNAME www.foo5.org.
    239 ENTRY_END
    240 RANGE_END
    241 
    242 ; ns.foo.org for foo.org
    243 RANGE_BEGIN 0 1000
    244 	ADDRESS 1.2.3.53
    245 ENTRY_BEGIN
    246 MATCH opcode qtype qname
    247 ADJUST copy_id
    248 REPLY QR AA NOERROR
    249 SECTION QUESTION
    250 foo.org. IN NS
    251 SECTION ANSWER
    252 foo.org.	3600	IN	NS	ns.foo.org.
    253 foo.org.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 29332 foo.org. WfSshqIf/LdScUjw5uyB10t3yoF36aOc+lkhTQsAiR7gat14Un+F1s8bQiG3gU8mnMirsu7M1aMBeQlbJncFhLu4av6ZkkI5L/qvojBAL0AF7Rj0gUWKbMc2NsAeAKY8ySzDXqF7ol9YEskHWW35aL+r5DB91u4joZVsANSqeAfLWAhm47hDGlWgzQ1us72dWOPxPqNBG0sx48xaFxiZJjowXVs/zbRQ1TyIFPeKztayc6HL2gaOPPUoOuHp/AEecySqjamXI28mqBBs8MGJoArFaJ05wIuWEdOzsfc+BcYnmuCaTVgEHUvZMbNvi2CYCY4l0jcl1UD7i4FzPhC4jQ==
    254 SECTION ADDITIONAL
    255 ns.foo.org.	3600	IN	A	1.2.3.53
    256 ns.foo.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 29332 foo.org. pScBuh9fyXazJLV4yPGQsDKAnNgAGe5G5712sQ46V9CA4Rv+STTI9p6JDyqu1EWVJupLwbL7dqqypSwcSy8CpCO1nH/n/yBnT/9txduEpzvr4OtVJnRZS1LMMlpb4NrT+QPpzxXZH5Zlc+Axevbxj7FVeFIAUq9Fh2+yO6lYXffIy9BW85VOZa1S08/O/2ZyZwPh6pdxB7HRGe/KuD86TMjfjVsveYL4w7UFC+wk1XGQA+zuXOIm+9MQC+UzM/cVR38nW/7Oj1hY2iAgvevFrT75tesf+H927uaHaPrWqSVJLPRIfm4O5wT5K1bgvfYDSlpU/YLf7vaCtJ+kKSOpJw==
    257 ENTRY_END
    258 
    259 ENTRY_BEGIN
    260 MATCH opcode qtype qname
    261 ADJUST copy_id
    262 REPLY QR AA NOERROR
    263 SECTION QUESTION
    264 foo.org. IN DNSKEY
    265 SECTION ANSWER
    266 foo.org.	3600	IN	DNSKEY	257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b}
    267 foo.org.	3600	IN	RRSIG	DNSKEY 8 2 3600 20070926134150 20070829134150 29332 foo.org. qlZQpZG+prXK6vsd+zObdHj8DbPBCpjB16B7UgTwsgmVxGRX9nSBnkqUqcIrnszJMHvEwu7VPWjegPX3E8LESgz2Slepa5T8hWmcoega2vWakIzIRNtDxH9PXDy804Dmduk/fxBzMlbbFLfsSrG5+cK5PhingjjxNbEuG3V124xTjFUGHKu4NM6kMfPcHOwjTTQLt6azJ10i6CeyaUXCSYz5xGE7Z4PSLYAstlLsM64EtLTGQHAZIEr2Dq6C23u23sRrj/0qcMFo0Nv8E3rjnkfJIo+RYuqqAznFsLMqfveX42ElWBl5YVLQHSo+kFbXcvgX7gzL8X9u4Z6MJ9zUkw==
    268 ENTRY_END
    269 
    270 ENTRY_BEGIN
    271 MATCH opcode qtype qname
    272 ADJUST copy_id
    273 REPLY QR AA NOERROR
    274 SECTION QUESTION
    275 foo.org. IN TXT
    276 SECTION ANSWER
    277 foo.org.	3600	IN	TXT	"a.b.c."
    278 foo.org.	3600	IN	RRSIG	TXT 8 2 3600 20070926134150 20070829134150 29332 foo.org. UW/T+M0crcfzQ6PVM/0o1ZtXF2o26VTm/V/9/+F873aQnDwfRLH+tzYSC+yfWZ/0niuif6fv9FYWisE8CyAIIMZ8mrxM7M4JgEZ0/vFOC2sN0qnmqSoZoZaeOEjJIAS6F2om+L6AAFtAH2Khbm0wkHc0jBWj3vK8HoXO38iLe1pPnuBK6BhE2+tyDIcUCoABFrycT0E5NBKFERQL+CzYMEzMUS/joSeWloFw1AB1X9Z94ezgmD+g2MnbW78DR6TRZXGD4DWXuxYNswRnfp4VENSOsSbhX9ixtuxwGn1fhiZeTxN84zE/ERiLK59Yo1bQ3TFjOY0cCvj+c2NulTAr9w==
    279 ENTRY_END
    280 
    281 ENTRY_BEGIN
    282 MATCH opcode qtype qname
    283 ADJUST copy_id
    284 REPLY QR AA NOERROR
    285 SECTION QUESTION
    286 www.foo.org. IN TXT
    287 SECTION ANSWER
    288 www.foo.org.	3600	IN	TXT	"a.b.d."
    289 www.foo.org.	3600	IN	RRSIG	TXT 8 3 3600 20070926134150 20070829134150 29332 foo.org. EjFHdpJdlFFLDWabiMsMzUPE1+brzq/0ecRG39bpPuU/6MW4HCQs4rlLlZNmmJP/vj+kLTGfguSrKyLQt8n9Tf1fKbvD6NUOIOwiVUOE4kb54JghbiBhWeCnRLmUQwi7DKy0UEw8niX3SY6WwJxO/e7+leQJY7Gpg3S00vKskTAjnKeDYiHcrO69Dpyc0l/qtR1Bb98xcs4vMsh6//BBklSlPTMKBcu2uK6sK7G2ZR1lOtShoginq5UHa+EZWR6Pxn8pLkfQGOXTjGq5WaTeEdcinBlvXYBGhAPKWXHwcEtEjClkWi1ZXOnSgwHu9dRxgSk/jcfSmjBFzw2bycq2Lg==
    290 ENTRY_END
    291 RANGE_END
    292 
    293 ; ns.foo2.org for foo2.org
    294 RANGE_BEGIN 0 1000
    295 	ADDRESS 1.2.3.54
    296 ENTRY_BEGIN
    297 MATCH opcode qtype qname
    298 ADJUST copy_id
    299 REPLY QR AA NOERROR
    300 SECTION QUESTION
    301 foo2.org. IN NS
    302 SECTION ANSWER
    303 foo2.org. IN NS  ns.foo2.org.
    304 SECTION ADDITIONAL
    305 ns.foo2.org. IN A 1.2.3.54
    306 ENTRY_END
    307 
    308 ENTRY_BEGIN
    309 MATCH opcode qtype qname
    310 ADJUST copy_id
    311 REPLY QR AA NOERROR
    312 SECTION QUESTION
    313 www.foo2.org. IN TXT
    314 SECTION ANSWER
    315 www.foo2.org. IN TXT "a.b.e."
    316 ENTRY_END
    317 RANGE_END
    318 
    319 ; ns.foo3.org for foo3.org
    320 RANGE_BEGIN 0 1000
    321 	ADDRESS 1.2.3.55
    322 ENTRY_BEGIN
    323 MATCH opcode qtype qname
    324 ADJUST copy_id
    325 REPLY QR AA NOERROR
    326 SECTION QUESTION
    327 foo3.org. IN NS
    328 SECTION ANSWER
    329 foo3.org. IN NS  ns.foo3.org.
    330 SECTION ADDITIONAL
    331 ns.foo3.org. IN A 1.2.3.55
    332 ENTRY_END
    333 
    334 ENTRY_BEGIN
    335 MATCH opcode qtype qname
    336 ADJUST copy_id
    337 REPLY QR AA NOERROR
    338 SECTION QUESTION
    339 ns.foo3.org. IN A
    340 SECTION ANSWER
    341 ns.foo3.org. IN A 1.2.3.55
    342 ENTRY_END
    343 
    344 ENTRY_BEGIN
    345 MATCH opcode qtype qname
    346 ADJUST copy_id
    347 REPLY QR AA NOERROR
    348 SECTION QUESTION
    349 ns.foo3.org. IN AAAA
    350 SECTION AUTHORITY
    351 foo3.org. IN SOA ns.foo3.org. host.foo3.org. 2007090422 3600 300 604800 3600
    352 ENTRY_END
    353 
    354 ENTRY_BEGIN
    355 MATCH opcode qtype qname
    356 ADJUST copy_id
    357 REPLY QR AA NOERROR
    358 SECTION QUESTION
    359 www.foo3.org. IN TXT
    360 SECTION ANSWER
    361 www.foo3.org. IN TXT "a.b.f."
    362 ENTRY_END
    363 
    364 ENTRY_BEGIN
    365 MATCH opcode qtype qname
    366 ADJUST copy_id
    367 REPLY QR AA NOERROR
    368 SECTION QUESTION
    369 www2.foo3.org. IN TXT
    370 SECTION ANSWER
    371 www2.foo3.org. IN TXT "a.b.g."
    372 ENTRY_END
    373 RANGE_END
    374 
    375 ; ns.foo4.org for foo4.org
    376 RANGE_BEGIN 0 1000
    377 	ADDRESS 1.2.3.56
    378 ENTRY_BEGIN
    379 MATCH opcode qtype qname
    380 ADJUST copy_id
    381 REPLY QR AA NOERROR
    382 SECTION QUESTION
    383 foo4.org. IN NS
    384 SECTION ANSWER
    385 foo4.org.	3600	IN	NS	ns.foo4.org.
    386 foo4.org.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 55567 foo4.org. FXwXqJ8EW2XZDzHiMSiqiUpkk6tHGsJdlH1pfuOO6yPsmAmg6sSnyE9UsIDeW1bGwanYxbZGiD4YR9ED/NzdlMUrCI0fs4c0fa0yJjcF5WY0yZCL9OZbyn/dPIcqZ3D6UWjVVMW6EhZSPqzuz5gWYEiXkBDEc1s2BEjIYSwZo4g=
    387 SECTION ADDITIONAL
    388 ns.foo4.org.	3600	IN	A	1.2.3.56
    389 ns.foo4.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55567 foo4.org. MgKROh4mE6pUyp0ik2CHTZuf7n9M4WaDvTLdI9qb+AvvpJJiwA1+7/v004A3PADvohsUytQttldYKwK6J9+c8R48lpieT+e/WzeyoCM1ieFhbP73By32Bl/akH+8cOUxfqqLD8Y+1z/oKV55LyqKP0H0DCb6vfYtSxWAYQym9PQ=
    390 ENTRY_END
    391 
    392 ENTRY_BEGIN
    393 MATCH opcode qtype qname
    394 ADJUST copy_id
    395 REPLY QR AA NOERROR
    396 SECTION QUESTION
    397 foo4.org. IN DNSKEY
    398 SECTION ANSWER
    399 foo4.org.	IN	DNSKEY	257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b}
    400 foo4.org.	3600	IN	RRSIG	DNSKEY 8 2 3600 20070926134150 20070829134150 55567 foo4.org. Hy1tP0xBPp23e+w2YJ49e09e8AB9hLDP3ksWI/8ujNFK51Kuwo8HBx4R6zbcuOELlqWxr6IQU2w6AwB6UqClS88mc2sIgeEbw7Nm+nCDWPSPklPP4qa9pdXFh2M4txF4NxymrgRABjTTJiXK4oeWtFBNKkUu0hf6RGb9OJmdzF0=
    401 ENTRY_END
    402 
    403 ENTRY_BEGIN
    404 MATCH opcode qtype qname
    405 ADJUST copy_id
    406 REPLY QR AA NOERROR
    407 SECTION QUESTION
    408 www.foo4.org. IN A
    409 SECTION ANSWER
    410 www.foo4.org.	3600	IN	CNAME	bok.foo4.org.
    411 www.foo4.org.	3600	IN	RRSIG	CNAME 8 3 3600 20070926134150 20070829134150 55567 foo4.org. ZRY/v7TPmkuKVNB739kTMiqPh84jtDO01hx2EtuPI2YwG4EnhWFV0fuz86FDMPKUD17MXRHKsi0+RUopqGUEbuZ7G9MzUFtuuTnVD8f9lNJVp2AfE2RAr1le8zZpdSvlmB1Y07HsrFPxxZAPYdBC2IY3VcpI0xaT1nHGsSpcoXc=
    412 ENTRY_END
    413 
    414 ENTRY_BEGIN
    415 MATCH opcode qtype qname
    416 ADJUST copy_id
    417 REPLY QR AA NOERROR
    418 SECTION QUESTION
    419 bok.foo4.org. IN A
    420 SECTION ANSWER
    421 bok.foo4.org.	3600	IN	A	1.2.3.4
    422 bok.foo4.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55567 foo4.org. xDPRNYlwWTxfQaX6kKHbYeKC/ro/U1TAQzEexUoQb/GDpx1zB1oqvYBuauivIjHyKwjrGg7f9WHyyzMxSby0G62hJLPoMJMLscLce17mwkWcG2AuojBiDwLBr5QXvJXhvT21LpOFt8xplLZuzNRyw4EsUau0ecd2nQ/5vtIz5aU=
    423 ENTRY_END
    424 RANGE_END
    425 
    426 ; ns.foo5.org for foo5.org
    427 RANGE_BEGIN 0 1000
    428 	ADDRESS 1.2.3.57
    429 ENTRY_BEGIN
    430 MATCH opcode qtype qname
    431 ADJUST copy_id
    432 REPLY QR AA NOERROR
    433 SECTION QUESTION
    434 foo5.org. IN NS
    435 SECTION ANSWER
    436 foo5.org.	3600	IN	NS	ns.foo5.org.
    437 foo5.org.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 55567 foo5.org. Zv/zSvsLucTxX2LL+i4IZfFw/D/5HvzNKmRcohBjmP2W+F53KddGJpRHb2FPqcBzKhvjL/Awf0x1mhHUUBCSQcHA3FZQ9q2kfXK4pzg4XbI03U/hsY5b/1M8SC/DfGE+4jN59QadXZ6N4ouV4Ka9sqRfqXiQFED1Rz9WuMyHfXY=
    438 SECTION ADDITIONAL
    439 ns.foo5.org.	3600	IN	A	1.2.3.57
    440 ns.foo5.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. TcHl2qjwwcfoM1kJ+rwje/VRmPJT62RvJvjHwri5NqJopKp9tcaKz1dYByTlhbGbB0tGihWPa271ja3s31dHuOlZsuWd8hdMr7Hq/COpyn7iVOoeU8bLRtkvReLyiD3Ju9IMmzLMyWCGNNzpuZrEBfbBwTC4ali5iL4OgPjMdhc=
    441 ENTRY_END
    442 
    443 ENTRY_BEGIN
    444 MATCH opcode qtype qname
    445 ADJUST copy_id
    446 REPLY QR AA NOERROR
    447 SECTION QUESTION
    448 foo5.org. IN DNSKEY
    449 SECTION ANSWER
    450 foo5.org.	IN	DNSKEY	257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b}
    451 foo5.org.	3600	IN	RRSIG	DNSKEY 8 2 3600 20070926134150 20070829134150 55567 foo5.org. wq5nET6vQal5aXvNr6lhUI5VzGJNM52k9RVdNsntiN25GehtBKF/+O2OhrD4YoLCIkMM4dzSSlO/nbbtx/8V8Y5LlA5Kxx3DU+QWpn4iwJg01VwXhJaw8KqK20bUS+PbkG+ZwAqVD1veAdtKR7lfYI35XZojZQ1ReSMWb/vLv4s=
    452 ENTRY_END
    453 
    454 ENTRY_BEGIN
    455 MATCH opcode qname
    456 ADJUST copy_id copy_query
    457 REPLY QR AA NOERROR
    458 SECTION QUESTION
    459 www.foo5.org. IN A
    460 SECTION ANSWER
    461 www.foo5.org.	3600	IN	CNAME	bok.foo5.org.
    462 www.foo5.org.	3600	IN	RRSIG	CNAME 8 3 3600 20070926134150 20070829134150 55567 foo5.org. L/KOVafKFY401Y2k3J+QjkX0XcBTsMperFyhKfTmyQYY3lI5shvdJT0UGu6ogZ9cCWM+tLNyVr804+dfK6QL/wdYOx9hkK/fiePUhAU6lzepJBdg7wotw560Eu6J7UhhtopHKrWa5ElQFG1UFR/qjcx/m4Ms6BgCWh8yWy20N1E=
    463 ENTRY_END
    464 
    465 ENTRY_BEGIN
    466 MATCH opcode qtype qname
    467 ADJUST copy_id
    468 REPLY QR AA NOERROR
    469 SECTION QUESTION
    470 alt.foo5.org. IN A
    471 SECTION ANSWER
    472 alt.foo5.org.	3600	IN	A	4.0.5.6
    473 alt.foo5.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. vG+qffAmazC38iBE2QsZq5kFxNW5Mo+65epMjAA/06syLzjOKkfh8dbe++jQqvwqCqrIBb56miVFDCW1VEYOdh8vReptt9KtbQjXXMfRF39V3ccvbhEfP1xMG8Z8B7tkIBtLvfCNrsfYaccvYgq+gkPeeL1JEiK3ntOukJUbapM=
    474 ENTRY_END
    475 
    476 ENTRY_BEGIN
    477 MATCH opcode qtype qname
    478 ADJUST copy_id
    479 REPLY QR AA NOERROR
    480 SECTION QUESTION
    481 bok.foo5.org. IN A
    482 SECTION ANSWER
    483 bok.foo5.org.	3600	IN	A	1.2.3.4
    484 bok.foo5.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. rlBgWgq0R4yT+bK0CyuZfFJ36dCsZnpvc9/7tShcMAzDPDu4+hgbXuyMWcsnsZjX3ZfR0a4wRwOwH86ZNLLxdkXNO1/bSDq+IsLyXesoVBDmcNvtdq5PgupCNW5I/cBP4tK0DCytXDLRFtU7LOxdgPps4dFANhHU6Q6LboqW4t8=
    485 ENTRY_END
    486 
    487 ENTRY_BEGIN
    488 MATCH opcode qtype qname
    489 ADJUST copy_id
    490 REPLY QR AA NOERROR
    491 SECTION QUESTION
    492 alt.foo5.org. IN DS
    493 SECTION ANSWER
    494 SECTION AUTHORITY
    495 foo5.org.	3600	IN	SOA	ns.foo5.org. host.foo5.org. 2007090422 3600 300 604800 3600
    496 foo5.org.	3600	IN	RRSIG	SOA 8 2 3600 20070926134150 20070829134150 55567 foo5.org. cHo00Jg0OI9sRaQV9t6WMybhkRwG6UFx6gEq87HOeOm2gPSbXFjIImyH6l1u8MPdXj8kYcGsUotWUEPuBTfA88bGb/lKfbu4aMD9GaqjB9oZF1iOCf7IdkXqHg/0iZNHOXbUNyNlCJgjkrVdZysJ1D1tAx7qmJgmzsJHerDuQzA=
    497 alt.foo5.org.	3600	IN	NSEC	alt2.foo5.org. A RRSIG NSEC
    498 alt.foo5.org.	3600	IN	RRSIG	NSEC 8 3 3600 20070926134150 20070829134150 55567 foo5.org. fgOxxCj+ZnRWyfVFlNCS/9UDg4n8+JaSmMjQzsqUoXk5Db9fMzOd3ScYqVxweXC/ER6Ly+XHz9RFVsAOA4I67eWGL6YJ5sA/MUJd3tB4Dk3xp0ycHH0ARvys9YedG9PLUvBY9B5qT/nhrw2N9yRtkq04z6DhjLh3uC0UJKsSiVc=
    499 ENTRY_END
    500 RANGE_END
    501 
    502 ; Test query
    503 STEP 10 QUERY
    504 ENTRY_BEGIN
    505 REPLY RD
    506 SECTION QUESTION
    507 foo.org. IN TXT
    508 ENTRY_END
    509 
    510 ; It is blocked
    511 STEP 11 CHECK_ANSWER
    512 ENTRY_BEGIN
    513 MATCH all
    514 REPLY QR RD RA AA NXDOMAIN
    515 SECTION QUESTION
    516 foo.org. IN TXT
    517 SECTION ANSWER
    518 ENTRY_END
    519 
    520 ; The foo2.org domain has no DS with NSEC. The queries for foo2.org DS and
    521 ; DNSKEY are blocked.
    522 STEP 20 QUERY
    523 ENTRY_BEGIN
    524 REPLY RD
    525 SECTION QUESTION
    526 www.foo2.org. IN TXT
    527 ENTRY_END
    528 
    529 STEP 21 CHECK_ANSWER
    530 ENTRY_BEGIN
    531 MATCH all
    532 REPLY QR RD RA NOERROR
    533 SECTION QUESTION
    534 www.foo2.org. IN TXT
    535 SECTION ANSWER
    536 www.foo2.org. IN TXT "a.b.e."
    537 ENTRY_END
    538 
    539 ; The foo3.org domain has no DS with NSEC3. The queries for foo3.org DS and
    540 ; DNSKEY are blocked. Because it is nsec3, there is no negative cache entry,
    541 ; and a type DS query is made, that is then blocked.
    542 STEP 30 QUERY
    543 ENTRY_BEGIN
    544 REPLY RD
    545 SECTION QUESTION
    546 www.foo3.org. IN TXT
    547 ENTRY_END
    548 
    549 STEP 31 CHECK_ANSWER
    550 ENTRY_BEGIN
    551 MATCH all
    552 REPLY QR RD RA NOERROR
    553 SECTION QUESTION
    554 www.foo3.org. IN TXT
    555 SECTION ANSWER
    556 www.foo3.org. IN TXT "a.b.f."
    557 ENTRY_END
    558 
    559 ; This query would use a validation failure for foo3.org from the key cache,
    560 ; if it previously failed.
    561 STEP 32 QUERY
    562 ENTRY_BEGIN
    563 REPLY RD
    564 SECTION QUESTION
    565 www2.foo3.org. IN TXT
    566 ENTRY_END
    567 
    568 STEP 33 CHECK_ANSWER
    569 ENTRY_BEGIN
    570 MATCH all
    571 REPLY QR RD RA NOERROR
    572 SECTION QUESTION
    573 www2.foo3.org. IN TXT
    574 SECTION ANSWER
    575 www2.foo3.org. IN TXT "a.b.g."
    576 ENTRY_END
    577 
    578 ; This query has a CNAME to www.foo.org. It is signed, but foo.org is blocked,
    579 ; for DS and DNSKEY queries. There is a DS, but the DNSKEY query is blocked.
    580 STEP 40 QUERY
    581 ENTRY_BEGIN
    582 REPLY RD
    583 SECTION QUESTION
    584 foo.com. IN TXT
    585 ENTRY_END
    586 
    587 STEP 41 CHECK_ANSWER
    588 ENTRY_BEGIN
    589 MATCH all
    590 REPLY QR RD RA NOERROR
    591 SECTION QUESTION
    592 foo.com. IN TXT
    593 SECTION ANSWER
    594 foo.com. IN CNAME www.foo.org.
    595 www.foo.org.	3600	IN	TXT	"a.b.d."
    596 ENTRY_END
    597 
    598 ; The foo4.com query has a CNAME to a validly signed domain www.foo4.org,
    599 ; that has a cname to bok.foo4.org. The bok.foo4.org name is RPZ filtered,
    600 ; with a new A record in the response, that is not signed, from RPZ.
    601 STEP 50 QUERY
    602 ENTRY_BEGIN
    603 REPLY RD
    604 SECTION QUESTION
    605 foo4.com. IN A
    606 ENTRY_END
    607 
    608 STEP 51 CHECK_ANSWER
    609 ENTRY_BEGIN
    610 MATCH all
    611 REPLY QR RD RA AA NOERROR
    612 SECTION QUESTION
    613 foo4.com. IN A
    614 SECTION ANSWER
    615 foo4.com. IN CNAME www.foo4.org.
    616 www.foo4.org. IN CNAME bok.foo4.org.
    617 bok.foo4.org IN A 4.0.5.5
    618 ENTRY_END
    619 
    620 ; The foo5.com query has a CNAME to a signed domain www.foo5.org,
    621 ; the www.foo5.org is filtered by RPZ with a different CNAME to another,
    622 ; DNSSEC signed A record, alt.foo5.org, instead of bok.foo5.org.
    623 STEP 60 QUERY
    624 ENTRY_BEGIN
    625 REPLY RD
    626 SECTION QUESTION
    627 foo5.com. IN A
    628 ENTRY_END
    629 
    630 STEP 61 CHECK_ANSWER
    631 ENTRY_BEGIN
    632 MATCH all
    633 REPLY QR RD RA NOERROR
    634 SECTION QUESTION
    635 foo5.com. IN A
    636 SECTION ANSWER
    637 foo5.com. IN CNAME www.foo5.org.
    638 www.foo5.org. IN CNAME alt.foo5.org.
    639 alt.foo5.org IN A 4.0.5.6
    640 ENTRY_END
    641 
    642 SCENARIO_END
    643