Verified Commit 778d7ab0 authored by Vladimír Čunát's avatar Vladimír Čunát Committed by Petr Špaček
Browse files

nsec tests: fix parts broken with aggr. cache

The steps get split in two, with the authoritative parts getting copied.
When it's possible to INCLUDE, this should get refactored.
parent 54687699
Pipeline #26359 passed with stage
in 54 seconds
; config options
server:
trust-anchor: ". 3600 IN DS 17272 13 4 B87AD8C76DC2244E7AA57285057BF533F2E248CC8D7E1A071D8A3837A711A5EA705C4707E6E8911DA653BE1AE019927B"
val-override-timestamp: "1442323400"
do-not-query-localhost: off
stub-zone:
name: "."
stub-addr: 127.0.0.1 # ns.
CONFIG_END
SCENARIO_BEGIN Test validation of NSEC name error responses.
; ns.
RANGE_BEGIN 0 100
ADDRESS 127.0.0.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. 3600 IN NS ns.
. 3600 IN RRSIG NS 13 0 3600 20151014142315 20150914142315 17272 . aEIYUS4S8Hd7vAVYvHwFyV97lKx4xt2PgAUbM4A7JUXHkTJDHUQEDVQh LWGxK6e+AUeuq4qlDo4vSz3IedmOBQ==
SECTION ADDITIONAL
ns. 3600 IN A 127.0.0.1
ns. 3600 IN RRSIG A 13 1 3600 20151014142315 20150914142315 17272 . 27h0pFJyb5t/2cZsFjynp0TRIdUlQwPYcAwCer2UbXTiBBaD8n15hfh8 PFU0if8X0ikqHusz6rCNTx/aBraYdQ==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
. IN DNSKEY
SECTION ANSWER
. 3600 IN DNSKEY 256 3 13 qKlBZ0TvdY8C8+7bTcdnQdrLZxEwvxEwlGmIOTd/ccL5Jiei1whNktoE /Qzo1lJ0cXfVssy4EVMaqEdzIa+pkA==
. 3600 IN RRSIG DNSKEY 13 0 3600 20151014142315 20150914142315 17272 . FaY+kslqSPIRZsk65z8SrROt7kfx+RGUEBGbVgLQxKruJxc9+MMrl4e4 +RefYIlwpecj4jXwb75RTbT0g7OGGg==
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example. IN MX
SECTION AUTHORITY
example. 3600 IN NS ns.example.
example. 3600 IN DS 11225 13 4 B4BDAB0B3751300BFB9D0D240649279B4BA0E67A308E1B0BFE2931D9 47F7FD71A2BD807D84CDE24286D955A35752484F
example. 3600 IN RRSIG DS 13 1 3600 20151014143533 20150914143533 17272 . b0+fXKmsBBXkzf+Myr5eRsXWDvY75oMlr4Yi5j+3iF7cOviVGKz3Dw8u bfKW+OmyHiuTeL71gez/84P+vHEvHA==
SECTION ADDITIONAL
ns.example. 3600 IN A 127.0.0.2
ENTRY_END
RANGE_END
; ns.example.
RANGE_BEGIN 0 100
ADDRESS 127.0.0.2
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example. IN NS
SECTION ANSWER
example. 3600 IN NS ns.example.
example. 3600 IN RRSIG NS 13 1 3600 20151014143225 20150914143225 11225 example. C6KOyVJzeRh/3KL9BxSVOVZN0RIyBhlBmmmnVEFT5qPUrn3m5FjcIBtI hi7cAl2FeY1rqstztvKAY6UOBE0kGQ==
SECTION ADDITIONAL
ns.example. 3600 IN A 127.0.0.2
ns.example. 3600 IN RRSIG A 13 2 3600 20151014143225 20150914143225 11225 example. fM/mwUOtyIbKTxgxaekZf5A8kV3qYIFADtvhcQi0TUh09nfkHQtUqhew zVBXCEtjKMnYFvNhWF6PyiirtOeM8w==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example. IN DNSKEY
SECTION ANSWER
example. 3600 IN DNSKEY 256 3 13 d9Qb4Tj90Y2cvdWcZfu45clfoLKqGbJn2vQKqZv07nc4FMf2oRkrNXtP fixVTLfbbWAFtbbFf3mhCNUsetRUVQ==
example. 3600 IN RRSIG DNSKEY 13 1 3600 20151015124839 20150915124839 11225 example. 4DemFjvys9Gfq+gG1i8IB6GPBUw9lIv3F082JwW7O8tqNIn45n2z14gg ieeJTRhU9xXOVIfj6amITZWbjvGyFA==
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
nsec.example. IN MX
SECTION AUTHORITY
nsec.example. 3600 IN NS ns.nsec.example.
nsec.example. 3600 IN DS 54343 13 4 90ABD4FB9F053CF67F6D838DD2437FB16104B8BF127319706223004F 2ED72AF2872B4E507EB483A303BF60BF08C87364
nsec.example. 3600 IN RRSIG DS 13 2 3600 20151015124611 20150915124611 11225 example. HYzlEdyYugggsEwUVyyY4XHFVUZZ8yiIh4vnuViGBQQJP+yryYh1aLyN ap2Q51nkmSG1fXDb2IySiAYuqUJyLw==
SECTION ADDITIONAL
ns.nsec.example. 3600 IN A 127.0.0.3
ENTRY_END
RANGE_END
; ns.nsec.example.
RANGE_BEGIN 0 100
ADDRESS 127.0.0.3
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
nsec.example. IN NS
SECTION ANSWER
nsec.example. 3600 IN NS ns.nsec.example.
nsec.example. 3600 IN RRSIG NS 13 2 3600 20151015124917 20150915124917 54343 nsec.example. 6s75LEuylIKAxqAbcPmmnkOMC7jxF6cPZGW5EFbhOOeR63ENyh642GE1 71WtJc7Ta4Y/PsnAT+/dTv8NSTDCHQ==
SECTION ADDITIONAL
ns.nsec.example. 3600 IN A 127.0.0.3
ns.nsec.example. 3600 IN RRSIG A 13 3 3600 20151015124917 20150915124917 54343 nsec.example. oJpF87bjXR0DjIoNvEAo+Wu+p9jF+URX5lxi+g53OFCX1Q1lxqj5ujGd KOPsNAbKvTCsoFFW4tQyhCYJYD1HlQ==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
nsec.example. IN DNSKEY
SECTION ANSWER
nsec.example. 3600 IN DNSKEY 256 3 13 HA6nKf+X7/mYkmmRO8qS2tIKT0B60P7COAiRs25xKs/rAP+tDtGWkrkG NQx2D3ajccC9whjRaKz2JVS3ItTFQg==
nsec.example. 3600 IN RRSIG DNSKEY 13 2 3600 20151015124917 20150915124917 54343 nsec.example. 965Mfxs1QtgxwzyhfxXyKyOZ9iT1DXpvypBBR10sLyjHe/w7cRhgcyev Cza6K+2jJwHJBmbknc3Qhi+1dd+AJw==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NXDOMAIN
SECTION QUESTION
aaa.nsec.example. IN MX
SECTION AUTHORITY
nsec.example. 3600 IN SOA ns.nsec.example. root.nsec.example. 2 60 60 120 3600
nsec.example. 3600 IN NSEC alias.nsec.example. A NS SOA MX AAAA RRSIG NSEC DNSKEY
nsec.example. 3600 IN RRSIG SOA 13 2 3600 20151015124917 20150915124917 54343 nsec.example. AcjIOhRgJMRILo06O2yl/G4Q6gTuA0NIGpnejpgcoVHg8kZy6xmURhTc kYf//qbx/WPB9k+8j+ymmQPe1phJCQ==
nsec.example. 3600 IN RRSIG NSEC 13 2 3600 20151015124917 20150915124917 54343 nsec.example. STcV7Lc1a794i9DTgflI+d0N0KXTMws0G8VGc0Wo4tVI8lvFJcG1SFXW /jJaXkQstdZ2EM63fIs/u1hhBaV2Gw==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NXDOMAIN
SECTION QUESTION
missing.nsec.example. IN MX
SECTION AUTHORITY
nsec.example. 3600 IN SOA ns.nsec.example. root.nsec.example. 2 60 60 120 3600
mail.nsec.example. 3600 IN NSEC multiple.nsec.example. A AAAA RRSIG NSEC
nsec.example. 3600 IN NSEC alias.nsec.example. A NS SOA MX AAAA RRSIG NSEC DNSKEY
nsec.example. 3600 IN RRSIG SOA 13 2 3600 20151015124917 20150915124917 54343 nsec.example. AcjIOhRgJMRILo06O2yl/G4Q6gTuA0NIGpnejpgcoVHg8kZy6xmURhTc kYf//qbx/WPB9k+8j+ymmQPe1phJCQ==
mail.nsec.example. 3600 IN RRSIG NSEC 13 3 3600 20151015124917 20150915124917 54343 nsec.example. kM+Z63RDn377szwbOqPPinkH98BuCljY7hoeM8jGJcnQ90fA3NFi72Jg k/0T1bo4r0cNMn6lm9OUotawa6BOqw==
nsec.example. 3600 IN RRSIG NSEC 13 2 3600 20151015124917 20150915124917 54343 nsec.example. STcV7Lc1a794i9DTgflI+d0N0KXTMws0G8VGc0Wo4tVI8lvFJcG1SFXW /jJaXkQstdZ2EM63fIs/u1hhBaV2Gw==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NXDOMAIN
SECTION QUESTION
missing1.nsec.example. IN MX
SECTION AUTHORITY
nsec.example. 3600 IN SOA ns.nsec.example. root.nsec.example. 2 60 60 120 3600
nsec.example. 3600 IN NSEC alias.nsec.example. A NS SOA MX AAAA RRSIG NSEC DNSKEY
nsec.example. 3600 IN RRSIG SOA 13 2 3600 20151015124917 20150915124917 54343 nsec.example. AcjIOhRgJMRILo06O2yl/G4Q6gTuA0NIGpnejpgcoVHg8kZy6xmURhTc kYf//qbx/WPB9k+8j+ymmQPe1phJCQ==
nsec.example. 3600 IN RRSIG NSEC 13 2 3600 20151015124917 20150915124917 54343 nsec.example. STcV7Lc1a794i9DTgflI+d0N0KXTMws0G8VGc0Wo4tVI8lvFJcG1SFXW /jJaXkQstdZ2EM63fIs/u1hhBaV2Gw==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NXDOMAIN
SECTION QUESTION
missing2.nsec.example. IN MX
SECTION AUTHORITY
nsec.example. 3600 IN SOA ns.nsec.example. root.nsec.example. 2 60 60 120 3600
mail.nsec.example. 3600 IN NSEC multiple.nsec.example. A AAAA RRSIG NSEC
nsec.example. 3600 IN RRSIG SOA 13 2 3600 20151015124917 20150915124917 54343 nsec.example. AcjIOhRgJMRILo06O2yl/G4Q6gTuA0NIGpnejpgcoVHg8kZy6xmURhTc kYf//qbx/WPB9k+8j+ymmQPe1phJCQ==
mail.nsec.example. 3600 IN RRSIG NSEC 13 3 3600 20151015124917 20150915124917 54343 nsec.example. kM+Z63RDn377szwbOqPPinkH98BuCljY7hoeM8jGJcnQ90fA3NFi72Jg k/0T1bo4r0cNMn6lm9OUotawa6BOqw==
ENTRY_END
RANGE_END
;STEP 0 TIME_PASSES ELAPSE 1000
STEP 5 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
missing1.nsec.example. IN MX
ENTRY_END
STEP 6 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
ADJUST copy_id
REPLY QR RD RA SERVFAIL
SECTION QUESTION
missing1.nsec.example. IN MX
SECTION AUTHORITY
ENTRY_END
STEP 7 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
missing2.nsec.example. IN MX
ENTRY_END
STEP 8 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
ADJUST copy_id
REPLY QR RD RA SERVFAIL
SECTION QUESTION
missing2.nsec.example. IN MX
SECTION AUTHORITY
ENTRY_END
SCENARIO_END
......@@ -233,38 +233,8 @@ mail.nsec.example. 3600 IN RRSIG NSEC 13 3 3600 20151015124917 20
nsec.example. 3600 IN RRSIG NSEC 13 2 3600 20151015124917 20150915124917 54343 nsec.example. STcV7Lc1a794i9DTgflI+d0N0KXTMws0G8VGc0Wo4tVI8lvFJcG1SFXW /jJaXkQstdZ2EM63fIs/u1hhBaV2Gw==
ENTRY_END
STEP 5 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
missing1.nsec.example. IN MX
ENTRY_END
STEP 6 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
ADJUST copy_id
REPLY QR RD RA SERVFAIL
SECTION QUESTION
missing1.nsec.example. IN MX
SECTION AUTHORITY
ENTRY_END
STEP 7 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
missing2.nsec.example. IN MX
ENTRY_END
STEP 8 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
ADJUST copy_id
REPLY QR RD RA SERVFAIL
SECTION QUESTION
missing2.nsec.example. IN MX
SECTION AUTHORITY
ENTRY_END
;; TODO: use INCLUDE when it's available.
;; Aggressive cache can answer STEP 5 and 7 without asking,
;; from the record in previous answer, as `missing*` is between `mail` and `multiple`.
SCENARIO_END
......@@ -180,21 +180,22 @@ nsec.example. 3600 IN RRSIG SOA 13 2 3600 20151017113144 201
nsec.example. 3600 IN RRSIG NSEC 13 2 3600 20151015124917 20150915124917 54343 nsec.example. STcV7Lc1a794i9DTgflI+d0N0KXTMws0G8VGc0Wo4tVI8lvFJcG1SFXW /jJaXkQstdZ2EM63fIs/u1hhBaV2Gw==
ENTRY_END
STEP 3 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
nsec.example. IN TYPE1000
ENTRY_END
STEP 4 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
ADJUST copy_id
REPLY QR RD RA SERVFAIL
SECTION QUESTION
nsec.example. IN TYPE1000
SECTION AUTHORITY
ENTRY_END
; TODO: aggressive caching can return the same answer as in STEP 2, without asking again.
;STEP 3 QUERY
;ENTRY_BEGIN
;REPLY RD DO
;SECTION QUESTION
;nsec.example. IN TYPE1000
;ENTRY_END
;
;STEP 4 CHECK_ANSWER
;ENTRY_BEGIN
;MATCH all
;ADJUST copy_id
;REPLY QR RD RA SERVFAIL
;SECTION QUESTION
;nsec.example. IN TYPE1000
;SECTION AUTHORITY
;ENTRY_END
SCENARIO_END
; config options
server:
trust-anchor: "nsec.example. IN DS 41524 8 2 D6B102667845D6CDDC05B44466426D9CCC189989BF67ADB23605EED0 BFE2A443"
val-override-date: "20170401000000"
stub-zone:
name: "."
stub-addr: 192.0.2.1 # ns.
CONFIG_END
SCENARIO_BEGIN Test validation of NSEC name error responses.
; ns.
RANGE_BEGIN 0 100
ADDRESS 192.0.2.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. 3600 IN NS ns.
SECTION ADDITIONAL
ns. 3600 IN A 192.0.2.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns. IN A
SECTION ANSWER
ns. 3600 IN A 192.0.2.1
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns. IN AAAA
SECTION AUTHORITY
. 3600 IN SOA . . 0 0 0 0 0
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example. IN CNAME
SECTION AUTHORITY
example. 3600 IN NS ns.example.
SECTION ADDITIONAL
ns.example. 3600 IN A 192.0.2.2
ENTRY_END
RANGE_END
; ns.example.
RANGE_BEGIN 0 100
ADDRESS 192.0.2.2
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
example. IN NS
SECTION ANSWER
example. 3600 IN NS ns.example.
SECTION ADDITIONAL
ns.example. 3600 IN A 192.0.2.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.example. IN A
SECTION ANSWER
ns.example. 3600 IN A 192.0.2.2
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.example. IN AAAA
SECTION AUTHORITY
example. 3600 IN SOA . . 0 0 0 0 0
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
nsec.example. IN CNAME
SECTION AUTHORITY
nsec.example. 3600 IN NS ns.nsec.example.
SECTION ADDITIONAL
ns.nsec.example. 3600 IN A 192.0.2.3
ENTRY_END
RANGE_END
; ns.nsec.example.
RANGE_BEGIN 0 100
ADDRESS 192.0.2.3
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
nsec.example. IN NS
SECTION ANSWER
nsec.example. 3600 IN NS ns.nsec.example.
nsec.example. 3600 IN RRSIG NS 8 2 3600 20170419140236 20170320140236 41524 nsec.example. KECif/B3ckfo5d9Qd/5dtIDt/8nIpTfTMxeJU3qw1U8jzQ/+nQ6qZAvr GH4MeGwY0M9kj2Jj3h2tdI+uhfLaGC7LStXIG0Q+PfalGdddDQwwd/p0 oOQ6bt0eilZN5OKF7Frzn4jmV1x7R/iieWp65xB7OByvguYoXOlzuoU1 ikaL43rm/whxn6iHf0K7NfaVqQwO26N/P3EBFFZMwuhHOB2+bVXKoE7r O4bC04tF7wG7CRUlc44xNs08L512RXRuFIrkHg932BFVlEYmPwbflE6+ zfpZafFzYutEHx7XZw2+gAklynmcAXltPCOiqThkDJzw2rpyUmiH0ztm lG76Tg==
SECTION ADDITIONAL
ns.nsec.example. 3600 IN A 192.0.2.3
ns.nsec.example. 3600 IN RRSIG A 8 3 3600 20170419140236 20170320140236 41524 nsec.example. E6Cx+MIElwAbw4Hg48Ee4CC4pKSjPkW8fmcHVoTqNwMyRs4Jjyymf1tE mNdjYkoN0kxI8PEgbGxzuwlFLpGncQhuZ0dyTzCPvnYFPLIkDmdtyIcj 4MVZiJpdyc5yRTC+Aja1Ik9cQ25QsSGAg4z54Zv0o6uqodppCHILgBzm Q833AQFh6hOQE3BFM3c8h3PCsH6HJOOIlgqculfT5d0S1XPFGmtjVW4G gZNsNeBtLB/SkvYKzNS+Yw38J9VTtWMlgTUwkjVXzC+f83AgzXHM3neq QhRhf72VO/xP5sd33VXDVBtOqbFSDZHLpGLfaXJSrnzKX5H8nCMuIXbs kWK60w==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.nsec.example. IN A
SECTION ANSWER
ns.nsec.example. 3600 IN A 192.0.2.3
ns.nsec.example. 3600 IN RRSIG A 8 3 3600 20170419140236 20170320140236 41524 nsec.example. E6Cx+MIElwAbw4Hg48Ee4CC4pKSjPkW8fmcHVoTqNwMyRs4Jjyymf1tE mNdjYkoN0kxI8PEgbGxzuwlFLpGncQhuZ0dyTzCPvnYFPLIkDmdtyIcj 4MVZiJpdyc5yRTC+Aja1Ik9cQ25QsSGAg4z54Zv0o6uqodppCHILgBzm Q833AQFh6hOQE3BFM3c8h3PCsH6HJOOIlgqculfT5d0S1XPFGmtjVW4G gZNsNeBtLB/SkvYKzNS+Yw38J9VTtWMlgTUwkjVXzC+f83AgzXHM3neq QhRhf72VO/xP5sd33VXDVBtOqbFSDZHLpGLfaXJSrnzKX5H8nCMuIXbs kWK60w==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
ns.nsec.example. IN AAAA
SECTION AUTHORITY
nsec.example. 3600 IN SOA ns.nsec.example. root.nsec.example. 6 60 60 120 3600
ns.nsec.example. 3600 IN NSEC nsec.example. A RRSIG NSEC
nsec.example. 3600 IN RRSIG SOA 8 2 3600 20170419140236 20170320140236 41524 nsec.example. gZCIxxFWL04vgzuNbZYq3Ghb7OZsZCp1WCcByM602yEgf0IUk8KSqkol pTem3IXQELhFTzbddGFV3Cis5MxZq8XjNbSwXelbUkOkKE4EzDcpldtR yqGnp+ZdZhBrymZvS8dOhwOGllF6AobXx7iFHaY7wtC17XvODduxOBdV mQ/t2QDUnl+Io3s1KfDRf4e22WvtatlQNr9NW+PueeGtGhEdDeyR7VMA fxEqL6Lds7NWN7DPKfsCVgUNkwHzy9opQ64AyVyQAmwRohuon652jKiu MbvJ1vaLxJLeDBnnT3hbMrI/CIfmjqucSOgM9JNXXggIcfBxok5Ze2R5 SL35VA==
ns.nsec.example. 3600 IN RRSIG NSEC 8 3 3600 20170419140236 20170320140236 41524 nsec.example. iOfnQqIT9V87emJsd/Aym6JqU4H8bzjNq3cbWUmiohgdKr2pkqdt3RV1 r/LGbhSm+seWC/xWuBinEH2WAwXwQMUGrYi5htGazk9C97gkSvle/gXT NZweNC7SkrkBv1VXHG/PrinzFP/YWRn7zMn7fOj/uYWDaYAi0Fzh+Ctn fx2hsHIXC9LduIs+Uv9B58tr9tkF5JNYapoZO59Wtiz1GPaPnfUg9X2u 2T+J5rWpYHJkzKulW+yi0YpipfJY+9J9KWGr2PorChm/W1mc83MptyK2 Po+IbX/I0YStNv+nCLccBo94y/DGOLVnF0XpJZnR5ZDcb8ZmbZIP7uD3 GBFKMg==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
nsec.example. IN DNSKEY
SECTION ANSWER
nsec.example. 3600 IN DNSKEY 257 3 8 AwEAAbgyvYQ2Vlff/inpv4NZLlIk2+l1sL0JoeOUlWHZ3eeWXZKxQJak QIXyGi8xsuANzu/YStLp31SfU/Fj4piUciqA+U74Lot1S/jcM7/1eczh 69YqGUAPZkreZ3z2DpWzBN4lgPR/w0OvTada3D42uV2bzuSK/nXMiMpZ vP1vZ1ykNRmbksTzA+HnrefRi2yuMSUqMHbtfbfFwqVTQ1ddVwSK7qIJ 02jo95YJUSZDPUUQlczIsFsa7Zxn6gQZl+iaRuDY6nLxxStYYlcqZhVA G5U8Dx4IznQ0FkEJp9RXtv5rmtClcQpudCl1gE0GC/W+TTUAa3hD597f onH+s/OfdCE=
nsec.example. 3600 IN RRSIG DNSKEY 8 2 3600 20170419140236 20170320140236 41524 nsec.example. Z1kUmre0LJX76zuKEYhCN5bNNPvXONZK8LElwgNqEQW4kPApz8+vfLmb 4Xlz6D9ChG6J0Pp/JHdKn+S+Le4B5dUOPzuOksfkHTmRsh9oN2ccSEq3 eJK1VhWwRN69xs1LZgXzVJk7DnDnPVUyIbDpb5piBCJHQVwkrIa1Ykeh hexHJb7YZBmF1B6GqTl7K9QwIvfnpKH+iM83QngepAJqpJuHSEPNWCbQ S9rfuP1SObyZD4L/Z3hBFpaZL9N25ThH7znfTc60xNCitmNMFfq68X2/ JoSrVrFLNv9nlneYNkihorhzDMlzN/i/EhrtBkdaSiRlEODnY7zN4Eax m3JkFQ==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
local.nsec.example. IN A
SECTION ANSWER
local.nsec.example. 3600 IN A 10.6.6.6
local.nsec.example. 3600 IN RRSIG A 8 2 3600 20170419140236 20170320140236 41524 nsec.example. H6auzgGxcWIcfhki7px+Iza4QRw5V47GXpPFDofXoORBdGtVYOhx+ILM pYA8ng4rzYCRFh/g9j8lIzU9y9WDfJyy8CMAJUsjiin/b9iJ0heQQU9r GmV1v+MvNxlcfMdJrec2O31RKBt7bK/FFesD4l3c3+XauwsOIsry+4t6 48uzUO48QVsbuw0PPDH82fPpSNgWyiAIEVwzz/tgrekk4eDwTVUkle4A 9ntjr5CFyKuoeDVTr0rZdJ90W6j4KYRUuk3x1V5w8eil7pNIN3arBzEv OXg4Du3AYskQ98a1VWz7MO/MX9u5WciXSbpDdI/2VtxMeKzkPotDds65 zLIsTA==
SECTION AUTHORITY
*.nsec.example. 3600 IN NSEC ns.nsec.example. A RRSIG NSEC
*.nsec.example. 3600 IN RRSIG NSEC 8 2 3600 20170419140236 20170320140236 41524 nsec.example. Hp/6sgDgYZuewpSkAugLRERgVAGgAIAN9vAqfuAGcqCxfQXLIXcXD8ji o4rjuSMmAaRw0AQ70pEWldc2Yqre+++/lnEJt5tpGrIhH2raJU9RS/Ix NaN40vwspRdN7tDNLH1T0oTDll76bVc/D4VFtnpGOlM3eIGjFVVdACvZ V0oVW8xp686xwB3uP2DqA0fxMjs4p9PC1FrnTAlGvTX0ThgZR6EmmWJH HCy4kpjfTFR93k/nuAendDVVZNkHL+EncojmUX+U0PRSZPXWBWXbb0kq h1OVaT4HpyWKet+PxKkTGaoNbXRk0BAKC/4Qg4A/+kRk+1OXG4dQMdsS zLnt/Q==
ENTRY_END
; missing NSEC proof
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
missing-nsec-nodata.local.nsec.example. IN CNAME
SECTION ANSWER
nsec.example. 3600 IN SOA ns.nsec.example. root.nsec.example. 6 60 60 120 3600
nsec.example. 3600 IN RRSIG SOA 8 2 3600 20170419140236 20170320140236 41524 nsec.example. gZCIxxFWL04vgzuNbZYq3Ghb7OZsZCp1WCcByM602yEgf0IUk8KSqkol pTem3IXQELhFTzbddGFV3Cis5MxZq8XjNbSwXelbUkOkKE4EzDcpldtR yqGnp+ZdZhBrymZvS8dOhwOGllF6AobXx7iFHaY7wtC17XvODduxOBdV mQ/t2QDUnl+Io3s1KfDRf4e22WvtatlQNr9NW+PueeGtGhEdDeyR7VMA fxEqL6Lds7NWN7DPKfsCVgUNkwHzy9opQ64AyVyQAmwRohuon652jKiu MbvJ1vaLxJLeDBnnT3hbMrI/CIfmjqucSOgM9JNXXggIcfBxok5Ze2R5 SL35VA==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
missing-nsec-nodata.local.nsec.example. IN RRSIG
SECTION ANSWER
missing-nsec-nodata.local.nsec.example. 3600 IN RRSIG A 8 2 3600 20170419140236 20170320140236 41524 nsec.example. H6auzgGxcWIcfhki7px+Iza4QRw5V47GXpPFDofXoORBdGtVYOhx+ILM pYA8ng4rzYCRFh/g9j8lIzU9y9WDfJyy8CMAJUsjiin/b9iJ0heQQU9r GmV1v+MvNxlcfMdJrec2O31RKBt7bK/FFesD4l3c3+XauwsOIsry+4t6 48uzUO48QVsbuw0PPDH82fPpSNgWyiAIEVwzz/tgrekk4eDwTVUkle4A 9ntjr5CFyKuoeDVTr0rZdJ90W6j4KYRUuk3x1V5w8eil7pNIN3arBzEv OXg4Du3AYskQ98a1VWz7MO/MX9u5WciXSbpDdI/2VtxMeKzkPotDds65 zLIsTA==
ENTRY_END
; synthesized A record was removed and replaced with SOA but no NSEC
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
missing-nsec-masked-data.local.nsec.example. IN A
SECTION ANSWER
nsec.example. 3600 IN SOA ns.nsec.example. root.nsec.example. 6 60 60 120 3600
nsec.example. 3600 IN RRSIG SOA 8 2 3600 20170419140236 20170320140236 41524 nsec.example. gZCIxxFWL04vgzuNbZYq3Ghb7OZsZCp1WCcByM602yEgf0IUk8KSqkol pTem3IXQELhFTzbddGFV3Cis5MxZq8XjNbSwXelbUkOkKE4EzDcpldtR yqGnp+ZdZhBrymZvS8dOhwOGllF6AobXx7iFHaY7wtC17XvODduxOBdV mQ/t2QDUnl+Io3s1KfDRf4e22WvtatlQNr9NW+PueeGtGhEdDeyR7VMA fxEqL6Lds7NWN7DPKfsCVgUNkwHzy9opQ64AyVyQAmwRohuon652jKiu MbvJ1vaLxJLeDBnnT3hbMrI/CIfmjqucSOgM9JNXXggIcfBxok5Ze2R5 SL35VA==
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
missing-nsec-masked-data.local.nsec.example. IN RRSIG
SECTION ANSWER
missing-nsec-masked-data.local.nsec.example. 3600 IN RRSIG A 8 2 3600 20170419140236 20170320140236 41524 nsec.example. H6auzgGxcWIcfhki7px+Iza4QRw5V47GXpPFDofXoORBdGtVYOhx+ILM pYA8ng4rzYCRFh/g9j8lIzU9y9WDfJyy8CMAJUsjiin/b9iJ0heQQU9r GmV1v+MvNxlcfMdJrec2O31RKBt7bK/FFesD4l3c3+XauwsOIsry+4t6 48uzUO48QVsbuw0PPDH82fPpSNgWyiAIEVwzz/tgrekk4eDwTVUkle4A 9ntjr5CFyKuoeDVTr0rZdJ90W6j4KYRUuk3x1V5w8eil7pNIN3arBzEv OXg4Du3AYskQ98a1VWz7MO/MX9u5WciXSbpDdI/2VtxMeKzkPotDds65 zLIsTA==
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
local.nsec.example. IN NS
SECTION AUTHORITY
nsec.example. 3600 IN SOA ns.nsec.example. root.nsec.example. 6 60 60 120 3600
*.nsec.example. 3600 IN NSEC ns.nsec.example. A RRSIG NSEC
nsec.example. 3600 IN RRSIG SOA 8 2 3600 20170419140236 20170320140236 41524 nsec.example. gZCIxxFWL04vgzuNbZYq3Ghb7OZsZCp1WCcByM602yEgf0IUk8KSqkol pTem3IXQELhFTzbddGFV3Cis5MxZq8XjNbSwXelbUkOkKE4EzDcpldtR yqGnp+ZdZhBrymZvS8dOhwOGllF6AobXx7iFHaY7wtC17XvODduxOBdV mQ/t2QDUnl+Io3s1KfDRf4e22WvtatlQNr9NW+PueeGtGhEdDeyR7VMA fxEqL6Lds7NWN7DPKfsCVgUNkwHzy9opQ64AyVyQAmwRohuon652jKiu MbvJ1vaLxJLeDBnnT3hbMrI/CIfmjqucSOgM9JNXXggIcfBxok5Ze2R5 SL35VA==
*.nsec.example. 3600 IN RRSIG NSEC 8 2 3600 20170419140236 20170320140236 41524 nsec.example. Hp/6sgDgYZuewpSkAugLRERgVAGgAIAN9vAqfuAGcqCxfQXLIXcXD8ji o4rjuSMmAaRw0AQ70pEWldc2Yqre+++/lnEJt5tpGrIhH2raJU9RS/Ix NaN40vwspRdN7tDNLH1T0oTDll76bVc/D4VFtnpGOlM3eIGjFVVdACvZ V0oVW8xp686xwB3uP2DqA0fxMjs4p9PC1FrnTAlGvTX0ThgZR6EmmWJH HCy4kpjfTFR93k/nuAendDVVZNkHL+EncojmUX+U0PRSZPXWBWXbb0kq h1OVaT4HpyWKet+PxKkTGaoNbXRk0BAKC/4Qg4A/+kRk+1OXG4dQMdsS zLnt/Q==
ENTRY_END
RANGE_END
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
missing-nsec-nodata.local.nsec.example. IN CNAME
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
ADJUST copy_id
REPLY QR RD RA SERVFAIL
SECTION QUESTION
missing-nsec-nodata.local.nsec.example. IN CNAME
ENTRY_END
SCENARIO_END
......@@ -258,22 +258,9 @@ nsec.example. 3600 IN RRSIG SOA 8 2 3600 20170419140236 20170320140236 41524 ns
*.nsec.example. 3600 IN RRSIG NSEC 8 2 3600 20170419140236 20170320140236 41524 nsec.example. Hp/6sgDgYZuewpSkAugLRERgVAGgAIAN9vAqfuAGcqCxfQXLIXcXD8ji o4rjuSMmAaRw0AQ70pEWldc2Yqre+++/lnEJt5tpGrIhH2raJU9RS/Ix NaN40vwspRdN7tDNLH1T0oTDll76bVc/D4VFtnpGOlM3eIGjFVVdACvZ V0oVW8xp686xwB3uP2DqA0fxMjs4p9PC1FrnTAlGvTX0ThgZR6EmmWJH HCy4kpjfTFR93k/nuAendDVVZNkHL+EncojmUX+U0PRSZPXWBWXbb0kq h1OVaT4HpyWKet+PxKkTGaoNbXRk0BAKC/4Qg4A/+kRk+1OXG4dQMdsS zLnt/Q==
ENTRY_END
; missing NSEC record in NODATA answer must be detected
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
missing-nsec-nodata.local.nsec.example. IN CNAME
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
ADJUST copy_id
REPLY QR RD RA SERVFAIL
SECTION QUESTION
missing-nsec-nodata.local.nsec.example. IN CNAME
ENTRY_END
;; TODO: use INCLUDE when it's available.
;; Aggressive cache can answer STEP20 without asking,
;; from the record in previous answer, so it has been split-out for now.
; missing data in NOERROR answer synthtesized from wildcard must be detected
STEP 30 QUERY
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment