1 ; config options 2 ; The island of trust is at nsecwc.nlnetlabs.nl 3 server: 4 trust-anchor: "nsecwc.nlnetlabs.nl. 10024 IN DS 565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E" 5 val-override-date: "20181202115531" 6 target-fetch-policy: "0 0 0 0 0" 7 qname-minimisation: "no" 8 fake-sha1: yes 9 trust-anchor-signaling: no 10 ede: yes 11 access-control: 127.0.0.0/8 allow_snoop 12 13 stub-zone: 14 name: "nsecwc.nlnetlabs.nl" 15 stub-addr: "185.49.140.60" 16 17 CONFIG_END 18 19 SCENARIO_BEGIN Test validator with nxdomain response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test. 20 21 ; ns.example.com. 22 RANGE_BEGIN 0 100 23 ADDRESS 185.49.140.60 24 25 ; response to DNSKEY priming query 26 ENTRY_BEGIN 27 MATCH opcode qtype qname 28 ADJUST copy_id 29 REPLY QR NOERROR 30 SECTION QUESTION 31 nsecwc.nlnetlabs.nl. IN DNSKEY 32 SECTION ANSWER 33 nsecwc.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX 34 nsecwc.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU= 35 ENTRY_END 36 37 ; response to query of interest 38 ENTRY_BEGIN 39 MATCH opcode qtype qname 40 ADJUST copy_id 41 REPLY QR NXDOMAIN 42 SECTION QUESTION 43 a.nsecwc.nlnetlabs.nl. IN TXT 44 SECTION ANSWER 45 SECTION AUTHORITY 46 !.nsecwc.nlnetlabs.nl. 3600 IN NSEC delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC 47 !.nsecwc.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw= 48 nsecwc.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 49 nsecwc.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY= 50 SECTION ADDITIONAL 51 ENTRY_END 52 RANGE_END 53 54 STEP 1 QUERY 55 ENTRY_BEGIN 56 REPLY RD DO 57 SECTION QUESTION 58 a.nsecwc.nlnetlabs.nl. IN TXT 59 ENTRY_END 60 61 ; recursion happens here. 62 STEP 10 CHECK_ANSWER 63 ENTRY_BEGIN 64 MATCH all ede=6 65 REPLY QR RD RA DO SERVFAIL 66 SECTION QUESTION 67 a.nsecwc.nlnetlabs.nl. IN TXT 68 SECTION ANSWER 69 ENTRY_END 70 71 ; Redo the query without RD to check EDE caching. 72 STEP 11 QUERY 73 ENTRY_BEGIN 74 REPLY DO 75 SECTION QUESTION 76 a.nsecwc.nlnetlabs.nl. IN TXT 77 ENTRY_END 78 79 STEP 12 CHECK_ANSWER 80 ENTRY_BEGIN 81 MATCH all ede=6 82 REPLY QR RA DO SERVFAIL 83 SECTION QUESTION 84 a.nsecwc.nlnetlabs.nl. IN TXT 85 SECTION ANSWER 86 ENTRY_END 87 88 SCENARIO_END 89
Indexes created Mon Jun 01 00:24:59 UTC 2026