Commit fbee8ff9 authored by Vitezslav Kriz's avatar Vitezslav Kriz Committed by Jan Včelák
Browse files

semcheck: nsec3

parent 2224b6bc
This diff is collapsed.
......@@ -29,11 +29,12 @@
#include "contrib/ucw/lists.h"
#include "libknot/mm_ctx.h"
enum check_levels {
SEM_CHECK_MANDATORY = 0,
SEM_CHECK_UNSIGNED = 1,
SEM_CHECK_NSEC = 2,
SEM_CHECK_NSEC3 = 3
SEM_CHECK_MANDATORY = 1,
SEM_CHECK_OPTIONAL = 2,
SEM_CHECK_NSEC = 4,
SEM_CHECK_NSEC3 = 8
};
/*!
......@@ -99,24 +100,11 @@ enum zonechecks_errors {
/// \TODO ADD LAST DELIMITER
};
/*!
* \brief Structure representing handle options.
*/
struct handler_options {
char log_cname; /*!< Log all CNAME related semantic errors. */
char log_glue; /*!< Log all glue related semantic errors. */
char log_rrsigs; /*!< Log all RRSIG related semantic errors. */
char log_nsec; /*!< Log all NSEC related semantic errors. */
char log_nsec3; /*!< Log all NSEC3 related semantic errors. */
};
/*!
* \brief Structure for handling semantic errors.
*/
struct err_handler {
/* Consider moving error messages here */
struct handler_options options; /*!< Handler options. */
unsigned errors[(-ZC_ERR_UNKNOWN) + 1]; /*!< Counting errors by type */
unsigned error_count; /*!< Total error count */
list_t error_list; /*!< List of all errors */
......@@ -128,8 +116,8 @@ typedef struct err_handler err_handler_t;
typedef struct err_node {
node_t node; ///< must be first
int error;
knot_dname_t *zone_name;
knot_dname_t *name;
char *zone_name;
char *name;
char *data;
} err_node_t;
......@@ -138,7 +126,7 @@ typedef struct semchecks_data {
zone_contents_t *zone;
err_handler_t *handler;
bool fatal_error;
zone_node_t *last_node;
const zone_node_t *next_nsec;
enum check_levels level;
} semchecks_data_t;
......@@ -151,14 +139,7 @@ typedef struct semchecks_data {
*/
void err_handler_init(err_handler_t *err_handler);
void err_handler_free(err_handler_t *h);
/*!
* \brief Creates new semantic error handler.
*
* \return err_handler_t * Created error handler.
*/
err_handler_t *err_handler_new(knot_mm_t *mm);
void err_handler_deinit(err_handler_t *h);
/*!
* \brief Called when error has been encountered in node. Will either log error
......@@ -204,7 +185,7 @@ void log_cyclic_errors_in_zone(err_handler_t *handler,
* \param handler Semantic error handler.
* \param last_node Last checked node, that is a part of NSEC(3) chain.
*/
int zone_do_sem_checks(zone_contents_t *zone, int check_level,
int zone_do_sem_checks(zone_contents_t *zone, bool optional,
err_handler_t *handler, zone_node_t *first_nsec3_node,
zone_node_t *last_nsec3_node);
......
......@@ -45,11 +45,15 @@ int zone_load_contents(conf_t *conf, const knot_dname_t *zone_name,
zl.creator->master = !zone_load_can_bootstrap(conf, zone_name);
*contents = zonefile_load(&zl);
err_handler_log_errors(&zl.err_handler);
zonefile_close(&zl);
if (*contents == NULL) {
return KNOT_ERROR;
}
return KNOT_EOK;
}
......
......@@ -124,25 +124,7 @@ int zcreator_step(zcreator_t *zc, const knot_rrset_t *rr)
return KNOT_EOK;
}
}
assert(node);
// // Do node semantic checks
// err_handler_t err_handler;
// err_handler_init(&err_handler);
// bool sem_fatal_error = false;
// ret = sem_check_node_plain(zc->z, node,
// &err_handler, true,
// &sem_fatal_error);
if (ret != KNOT_EOK) {
return ret;
}
return KNOT_EOK;
// return sem_fatal_error ? KNOT_ESEMCHECK : KNOT_EOK;
}
/*! \brief Creates RR from parser input, passes it to handling function. */
......@@ -195,6 +177,8 @@ int zonefile_open(zloader_t *loader, const char *source,
}
memset(loader, 0, sizeof(zloader_t));
err_handler_init(&loader->err_handler);
/* Check zone file. */
if (access(source, F_OK | R_OK) != 0) {
......@@ -289,37 +273,12 @@ zone_contents_t *zonefile_load(zloader_t *loader)
goto fail;
}
int check_level = SEM_CHECK_MANDATORY;
if (loader->semantic_checks) {
check_level = SEM_CHECK_UNSIGNED;
knot_rrset_t soa_rr = node_rrset(zc->z->apex, KNOT_RRTYPE_SOA);
assert(!knot_rrset_empty(&soa_rr)); // In this point, SOA has to exist
const bool have_nsec3param =
node_rrtype_exists(zc->z->apex, KNOT_RRTYPE_NSEC3PARAM);
if (zone_contents_is_signed(zc->z) && !have_nsec3param) {
/* Set check level to DNSSEC. */
check_level = SEM_CHECK_NSEC;
} else if (zone_contents_is_signed(zc->z) && have_nsec3param) {
check_level = SEM_CHECK_NSEC3;
}
}
knot_mm_t mm;
mm_ctx_init(&mm);
err_handler_t *err_handler = err_handler_new(&mm);
ret = zone_do_sem_checks(zc->z, check_level,
err_handler, first_nsec3_node,
ret = zone_do_sem_checks(zc->z, loader->semantic_checks,
&loader->err_handler, first_nsec3_node,
last_nsec3_node);
INFO(zname, "semantic check, completed");
err_handler_log_errors(err_handler);
err_handler_free(err_handler);
if (ret != KNOT_EOK) {
ERROR(zname, "failed to load zone, file '%s' (%s)",
loader->source, knot_strerror(ret));
goto fail;
......@@ -447,6 +406,7 @@ void zonefile_close(zloader_t *loader)
zs_deinit(&loader->scanner);
free(loader->source);
free(loader->creator);
err_handler_deinit(&loader->err_handler);
}
#undef ERROR
......
......@@ -43,7 +43,7 @@ typedef struct zcreator {
typedef struct zloader {
char *source; /*!< Zone source file. */
bool semantic_checks; /*!< Do semantic checks. */
err_handler_t *err_handler; /*!< Semantic checks error handler. */
err_handler_t err_handler; /*!< Semantic checks error handler. */
zcreator_t *creator; /*!< Loader context. */
zs_scanner_t scanner; /*!< Zone scanner. */
} zloader_t;
......
......@@ -72,13 +72,16 @@ utils_test_lookup_LDADD = \
$(top_builddir)/src/libknotus.la \
$(libedit_LIBS)
check-compile: $(check_PROGRAMS)
check-local: $(check_PROGRAMS)
include $(srcdir)/semcheck/Makefile.inc
check-compile: $(check_PROGRAMS) $(check_SCRIPTS)
check-local: $(check_PROGRAMS) $(check_SCRIPTS)
$(top_builddir)/libtap/runtests -s $(top_srcdir)/tests \
-b $(top_builddir)/tests \
-L $(top_builddir)/tests/runtests.log \
$(check_PROGRAMS)
$(check_PROGRAMS) $(check_SCRIPTS)
acl_SOURCES = acl.c test_conf.h
conf_SOURCES = conf.c test_conf.h
......@@ -86,4 +89,4 @@ confdb_SOURCES = confdb.c test_conf.h
confio_SOURCES = confio.c test_conf.h
process_query_SOURCES = process_query.c fake_server.h test_conf.h
process_answer_SOURCES = process_answer.c fake_server.h test_conf.h
CLEANFILES = runtests.log
CLEANFILES += runtests.log
......@@ -2,7 +2,7 @@ $ORIGIN example.com.
$TTL 3600
@ IN SOA dns1.example.com. hostmaster.example.com. (
2010111217 ; serial
2010111221 ; serial
6h ; refresh
1h ; retry
1w ; expire
......@@ -23,4 +23,4 @@ mail A 192.0.2.3
email CNAME mail
5NPA4RJPDJE6HUTJJIGU4A1KEBPAKMD4.example.com. A 10.0.0.1
; File written on Tue Jan 12 14:20:36 2016
; dnssec_signzone version 9.10.3-P2-RedHat-9.10.3-7.P2.fc22
example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. (
2010111218 ; serial
21600 ; refresh (6 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
3600 RRSIG SOA 7 2 3600 (
20160211132036 20160112122036 37670 example.com.
RBHGDvxlRfnbDDqV2ajVP+5N9vlXjTugArty
sp9grO7bKypezHbX3T7hiPGvfD4Ua1GJs+NL
TBd8IZ+cw3cDFoZ4B6mwk/qMc44jdWsG5shG
grTNkXsi6w9gmYnGOftV0QfjDY9KmgseIbEM
ZlzRzqFmVIynFeJBY+1gYFbsOZ8= )
3600 NS dns1.example.com.
3600 RRSIG NS 7 2 3600 (
20160211132036 20160112122036 37670 example.com.
uFDwGqfrNW13XfPYqg4K8+lIBsG4gsIVqXvp
pwXp8A1HBw//I6wdVc/rvLBCkIgi2Qe10edA
L6ldpunW4Bsz8VdVaCpcTDgIefeloV2Wgbzu
q9IX26oAZ2Nhh3Lty3mfRyi4PIqys+GBzT4G
MdHldmlagwrxSR9RRhlHLo/oaGs= )
3600 MX 10 mail.example.com.
3600 RRSIG MX 7 2 3600 (
20160211132036 20160112122036 37670 example.com.
dAD/RHEmfIUoFNAzgbE6LIvEZXyOJhaTP9uC
xnHXivEuTwHMGzYSmau/EdtQXvy25AboMiXu
NfuWIUONk0qfF1W77BSIvtWeGUS2c0czXX7i
jnsrfWSDLVz83TtFnEsADPojevpjEG+n/vGr
GD3cPH0/I2v4znJobHMHT9OqrBc= )
86400 NSEC dns1.example.com. NS SOA MX RRSIG NSEC DNSKEY
86400 RRSIG NSEC 7 2 86400 (
20160211132036 20160112122036 37670 example.com.
1fSztqR8Il3rh9CPQ92/f5W7u6yjh+KPaM1e
VV/V/sZyDu0DS/0ZUtGA/1Q1QKsId8/vuqh6
B9TiGFYx94D1oRDsLFD6VSOYBYjjxMUvhKRU
fFyGfU0leBQFyAkMe+FzP56E1en4x6MiOHxA
LTBCyQCwSINC0SkHgyfpipYjnRs= )
3600 DNSKEY 257 3 7 (
AwEAAeCLNEKG1vWXGzGZ5NT5jdMR19+teke2
bXtQNP/HzhS0H0zlwSvpBU6bk0D+q6oi7nO5
z7C0OdZc2nb9W8PjUzGpV0yjaroYRkopO8OG
kh2lycduq8/0bGrafJilMYcqZEdoPGt7WkW2
AWijNj/rdEIutg2kqQPCc4Fni+126Q/Z+tY6
ad7nfMXpEy6AKVo/OwrBuqfojb7TjPCTQQqZ
3hrHfLkQAMf08lgm6BEdUT1xNtgADxLNFAKC
yElluK6XpJiVg7NJ8V17mKmrVXr95LtuopBk
2310Jwi19y5icMM/VT17hbjVnfRtUpgum/pm
CzqRM39F3/ED0Dn4hJgl1Cc=
) ; KSK; alg = NSEC3RSASHA1; key id = 46380
3600 DNSKEY 256 3 7 (
AwEAAd5qzyjkOmOH0n3AgRUdVJsGFDDjZa3t
US3th/Bg1M03sapJagVyp4rjtRBZQCJQquSc
p5UrZTlbVUoaHTE6KaECPU2Ng6kE68Yasxzo
/QPWqJ6wqX2qStRAZCUIorxRyEdOiZhvm4oT
nc7BWjt5Kz/6Ew7c2Q4fylFet0nldwmJ
) ; ZSK; alg = NSEC3RSASHA1; key id = 37670
3600 RRSIG DNSKEY 7 2 3600 (
20160211132036 20160112122036 37670 example.com.
ZoFPB/8y1z0NjFOWNRU+C+T231/pQZDts4TC
saYd2He5qQt4iK3EE6xT5XPCOomH8oY3Fc7l
oXy/k6FzX5OZ1oBUqG1nFGDJp4zBNnbuKdiR
Fn0DiOCEzkmaZiRAsT0FMBvjWkqBE8P+Q5W9
pudJr34MgmusoaI65YjSUgEi4oA= )
3600 RRSIG DNSKEY 7 2 3600 (
20160211132036 20160112122036 46380 example.com.
n4yoALnbDddFkrrrt706BYChEM9vnyP2E5RD
KOTm4qZjzF/hJ1Hcv1yAcor26uff+3VpK5Ou
aDVWyiCMrbxImwu5HC2CyeKSBtmgX/qML2cL
7x3pMvFa7SOqQSIFitkCZ/CzaKMZVei78G4j
9jEKz5ksPcogTZcrnmEv2fYNuRKZOf9acb2o
gmLh6kLC8iUhy9LQVFKLZ9llArmW+6LhJSkc
GKWu91bIkSCLmjT0FU/JtR4tmROxIHI+s4D8
iiXTo+qYT4g9UT7oxyFFl2TTrRRW5UWnQIXO
Kwyvj4c80Ck1/ASbJ94n1WP2wA75WLFXEnve
LiNZfU3GdXt3Aff3Sg== )
mail.example.com. 3600 IN AAAA 2001:db8::3
3600 RRSIG AAAA 7 3 3600 (
20160211132036 20160112122036 37670 example.com.
1C/bHsiDPUWKS6n8tMNTn2gdOZEURRGiwpSB
QFvYvB30lJV1uu8xD2KbC+HQoxYJ9ZXg4DiM
lZAmFKH0Y2db36YshaSE94Imf89UkUhZb5pD
ZCS4nkFXW/JbEczvi4vfsgX1y9LXPFVs5i74
yHW/yTAoX7tHyGl6Y4uuOVny3M8= )
86400 NSEC mail.example.com. CNAME RRSIG NSEC
86400 RRSIG NSEC 7 3 86400 (
20160211132036 20160112122036 37670 example.com.
b4bqzfQjNhhDFO/3RejH6BPDxWb2uMA7ISvv
CXYwK7i+zZO2fCQlWzs+KnEn4SBSWktXzTsj
3+eMDcdSxWfyhTKs+qrHMYOLxg6n4nqeGpSh
f7I0o5tMUinYhzMZmawk3B3S2ozwWr36BW4A
YTCY6su5g7VJyWHUsWR/bud/p6A= )
dns1.example.com. 3600 IN A 192.0.2.1
3600 RRSIG A 7 3 3600 (
20160211132036 20160112122036 37670 example.com.
2HlU2M8//nWlQS0lCaYPZbNYwHYIDjB9uv41
ri2EqA8GOm5A5ZUu+MIRkCWWtXYTb60W28Ps
26e1xiT1hs373LID4xzkydlr2plz1xctEQh1
ZA10Vd2Mg4boiWeH7AWnLa2NLgzPgEdb0Uan
BwwYoMpZEJwYd6DCUozYaBGQ82I= )
86400 NSEC email.example.com. A RRSIG NSEC
86400 RRSIG NSEC 7 3 86400 (
20160211132036 20160112122036 37670 example.com.
fjTC5CmD80FFizMP4+540KahJoRG+mpIdiOH
ir50myY7XRZu7qH4Tx6hhnl8VSIWSCc/KcMy
Vbo8IsosKL97BqW4e4En4tHp/CihZKnpDJ/L
Jm1gyN4tWdvOzqzxopu/fgjQM11NaWvb9SSf
w81w73BQWc90c78vpxjQ6Sh+aOI= )
email.example.com. 3600 IN CNAME mail.example.com.
3600 RRSIG CNAME 7 3 3600 (
20160211132036 20160112122036 37670 example.com.
od/WThiICZkSq6PYp+XVOa+rRe7zyaqKByid
jO8xRRLcHXirhGQzlfd4EKnva59L+VbHehnq
jCkqQZhwOkzrMFGxQ8GH6/qnTkfl3Ea1f2DY
ljdRJMXyMkwbNLaheHT2wHi58+pn5/i0OMLT
wfuDqEcwQL9cnk0IjXAS/rVRYpk= )
86400 NSEC mail.example.com. CNAME RRSIG NSEC
86400 RRSIG NSEC 7 3 86400 (
20160211132036 20160112122036 37670 example.com.
b4bqzfQjNhhDFO/3RejH6BPDxWb2uMA7ISvv
CXYwK7i+zZO2fCQlWzs+KnEn4SBSWktXzTsj
3+eMDcdSxWfyhTKs+qrHMYOLxg6n4nqeGpSh
f7I0o5tMUinYhzMZmawk3B3S2ozwWr36BW4A
YTCY6su5g7VJyWHUsWR/bud/p6A= )
; File written on Thu Jan 7 09:48:40 2016
; dnssec_signzone version 9.10.3-P2-RedHat-9.10.3-7.P2.fc22
example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. (
2010111215 ; serial
21600 ; refresh (6 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
3600 RRSIG SOA 5 2 3600 (
20160206084840 20160107074840 9546 example.com.
AJCnfhxvKeobV5Jl3TUnVJT/zvfigTnOVGs6
xX5X5YYOe/MrjqrYOZOJCPZw9pXqEkkPZuPp
TtPCjAPv+JmxmzzsCus/afHYUPPSn9hPkR1n
M4b4lUTcP4+a635cDmTL8XGxha/SgYYrwCbJ
loyuIOX97FOFzPPKnwGlaO7GZIg= )
3600 NS dns1.example.com.
3600 NS dns2.example.com.
3600 RRSIG NS 5 2 3600 (
20160206084840 20160107074840 9546 example.com.
cStAmoUsQsOKA50b5+n1LVytM0K3WtOj2Xil
Dp/IPOfK0mMzAXgUXIUsHf65nspf+YyK9IFq
CHIB3MSct0DCiK+jKUGN9QvfXcowlDsys1XM
Ts85j5amlxlt0sR3iyDk6PJgHnaxKILuAUmY
2B68TnI1briYqxKvsBUs18huMdc= )
3600 MX 10 mail.example.com.
3600 RRSIG MX 5 2 3600 (
20160206084840 20160107074840 9546 example.com.
gH+pV+aXmhlZLj9938JcZnNqHAVVMWh3TZhN
07CvXyUbbAgBMbG1Jfipwv9MATHMuG8epw2Y
99hkLPmQ8pFu9paQ8USWVGm3LqjvUf/m2a5E
znxCNNQhZcttQ1rGaTlxiJBBFzeVyEx9zzN7
HxuXc6MXLT1vFrBGEDo922yS9b0= )
86400 NSEC dns1.example.com. NS SOA MX RRSIG NSEC DNSKEY
86400 RRSIG NSEC 5 2 86400 (
20160206084840 20160107074840 9546 example.com.
j6ZzNrpYhPBEYoPOyInI60dFLzKoyqvOVx1/
4NmqXEOuQCpkL38HDfvUxJs9OP2pmtjHOrZH
Cf+yM2p44818oGjFYLDk4n9dOfJFpATPB/YT
yhiaJQaLftBrYt/StPVSCYdhBUKsKwFYqlPw
O/8L6JjVIXJcultSvOBvOQQHbLY= )
3600 DNSKEY 257 3 5 (
AwEAAcIT7UXMZF2gtJUa8f5zN58HQmielpPz
mBVrrpvh5lqwNXxVGokQ6Xl3FY+CO/YS0O+W
4NGzRK2g8DljT6KIRrOwnhNng+ZAo2t0z47b
a+IYSzGbCLfAx51+gHDSSxDJj9NHNV2ZWWwO
cTqDpfPprdkDYxBiOWdXbwmZDikOwt0CNmU8
B83WAeUvWuWqbcMvGUI23E7WUGCuwOsFnHVs
QLQH+C3cwKtvYln9SSjvawEIybA24FQ7HnZt
v4HuoSc7hoXkQWEyc2B8fHL+UPXD9pp6hfuY
24ekIEuWAwa2trzMxm0n1BuWC8d20YcbYDi9
u9M+Wafgg+tu0/TUE4lqJjs=
) ; KSK; alg = RSASHA1; key id = 54091
3600 DNSKEY 256 3 5 (
AwEAAbbacIUbrL/78W9X9QiFmsYg5+uQKVWa
NOsGLeqVg3Pv4fAtixiUmsHSv7INkZq9L60m
UkZG1zUEOlF2UmWPLCxCQCKCV6QA2j5mi/6G
sDO7C0VjlyFgSGn8NjeIBxULET1GmsGis5Nc
2MbTQc7K5Lh6/8sj3TpnA18aFhgA4Rld
) ; ZSK; alg = RSASHA1; key id = 9546
3600 DNSKEY 256 3 5 (
AwEAAccCRNBHYEwCBI/Uo3uZ+tbvtesdq8nZ
CN0WYVpAZ97ceTmOtJfEOaQ9gLlMBBdblYs8
xmiDq85lUp2JR5+2GbbdIW5M9u94cCGWBqQM
GEN6sMAyPZvocLbUg/4D7F+2G3fRT5rW1B5R
beyywOzKH0ScBLrjxsGoVIZMlaBOVGIv
) ; ZSK; alg = RSASHA1; key id = 12045
3600 RRSIG DNSKEY 5 2 3600 (
20160206084840 20160107074840 9546 example.com.
n204F+GNf7nCaafOZdU469zLk+LUClzpgtdl
5f+hmi2MPqE9X/r58dQ7EEqmdDi8Rb1aajah
Ozl84Mk8JTx3i/JJNht4alTRhn7XLtYgcZ4C
ON4VCQDIoGbxtX0cqh+JWuNTp+yy6v5TPtTv
6259t4eQ0NdCfZ+Lul+gbwM2Y1g= )
3600 RRSIG DNSKEY 5 2 3600 (
20160206084840 20160107074840 54091 example.com.
K4MJ2U5M1WMcaOsOW4iZo8rFVaDgeJ06siNn
iop2vH/Rs58ktM5LUc6K7WATh+8jvFnszi9I
KqLqc+IB3oOhLEwo8LP/P0UIWKOKxlYW4oE4
3IuTYDP6QVXO/fX0mmqWMNry6XSXsvDmcNCW
D0b9KTxmx8LbiQDBOm9oTIXD7cgn9uACiV1w
baZdUl7yYGF/TY30ecCxN5m5FdLSUBU/kc00
YNp5jyoRsWCrdoyQ2qSoWcZwvSvTAhHhfuCC
85gCMSdUCHqL5CSH3CUCLCzRZMCdmt1iZ67V
fJQC7zl2OgoAD7ygzqS9KZyBsQLCH98taARQ
PwFeWZqWOfOYEem6GQ== )
email.example.com. 3600 IN CNAME mail.example.com.
3600 RRSIG CNAME 5 3 3600 (
20160206084840 20160107074840 9546 example.com.
cLOINF1olaFQOlpQxUtE7dSMcFXaIavQ2YiQ
Gmii9+9+7b4xFfsNf8NkHXcvff/6aHpQ06Xj
XUlnGO5wpu7f+gk4SimKLRt6QnvHqSzP8QOe
PtIJaO4ZBnVTXaOvMcO2U1jy03umoBF9Ct5a
NXlVc8OgkUjoZia4rHfNOnBUKEw= )
86400 NSEC mail.example.com. CNAME RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 (
20160206084840 20160107074840 9546 example.com.
DRlkEzRv9Ip4EU9Jn5hHSlXaNwAFZSIjSx96
RhihjCWkl6Tkk7gAY4tfbypd4huArLGezQXT
CIvpGE2DaYxavE4eXf/UcMkOhf4jNLFjrwDT
7sTJy3s3+5Flk21/Qi7v1yDgqXTnnOw7/ZME
524w3W45q80O/HYsAFEuSnKvG8s= )
dns1.example.com. 3600 IN A 192.0.2.1
3600 RRSIG A 5 3 3600 (
20160206084840 20160107074840 9546 example.com.
d9Dhc8INr7CJ6Z1ss8I2scZWYpKk2x3EaJoT
wSo3/cBSO+julyQhVhNV2g11zKcIrO3LiNFf
o6yUNSXRhTuPO4NRUGuDFh6zyMBlxK0RbEvS
BUSAjx8Tbx6+VRPrCuV8mNeGJcRpeCfjlUIE
iPCfZ/zG22lozxkbwkzzV9IuVKs= )
3600 AAAA 2001:db8::1
3600 RRSIG AAAA 5 3 3600 (
20160206084840 20160107074840 9546 example.com.
AtM3eczRxa6j41RDT77llbm+iSU+eyb087js
PNMmaE2Om3Xvq2XSNjZiCJYOSGKp4AazEatY
AiwDNwA24wIoZezOB0Pl4F865Y/HPl5uBgSn
WyVdF44IJ4d75c3EkF9xeQTHIqus/tnjYKiR
7GTRIIiT7WmyzbDBMjv/JL/YoLo= )
86400 NSEC dns2.example.com. A AAAA RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 (
20160206084840 20160107074840 9546 example.com.
juf5MuR128aKnCMog85OyZaz/NMJNyNTKir8
/zdPJtlJ/KYmOnIWXiyZ00TnJEq5CJhbeDSA
zyFOv3ucNh387s6j8KOrPV9YkLXO4T4X+GaJ
9tJS3hLU+Rg5JvRXrn2Fo4hXLEymUF6i7pBd
KnNQYth+1rm2Zv9UXB+Nu6tH6aU= )
mail.example.com. 3600 IN A 192.0.2.3
3600 RRSIG A 5 3 3600 (
20160206084840 20160107074840 9546 example.com.
GOdXqBNjSvw+LokLOkdMKnhdKbp6Rll9BbDm
ul0bGkR39FObFhaJL/vzSMywquAwrRrQUgTj
O8alnWb6z6zm7cIWlj0Z5aq0M+xP9LJOLzSy
sr0MdHFmWrzLJwQvfgxmD4ow4uk1U8U2yf1h
yMqQnc0P/RBr3+jP57CIcsvuRmc= )
3600 AAAA 2001:db8::3
3600 RRSIG AAAA 5 3 3600 (
20160206084840 20160107074840 9546 example.com.
rtmtu7LVBtgwOleworlidhfcPIpgsiO3pIB6
z5A6/oX2XEqxZmdECl1I2gSKveNgZWBw44wJ
JQcWTq77KJKq6CODNhQtTfUKu1qw71zB9ZGQ
GkbqdYCMgykaz/sIl3Kbh6dkeDxIXQI8xCGF
cK45fCHObclD/83SxXtl8ji4uzY= )
86400 NSEC example.com. A AAAA RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 (
20160206084840 20160107074840 9546 example.com.
mLssA5ShjO8FC4+rmc/DfY/JYLiwsCST63mn
m5jX5GtQESQJ0fbTMcns0j0rOCJiMnWCUFPM
8Rb7WKvPFrbC0VfFri9/YL3SPWRhcWYwhY36
QUj1+ecAKC2S4R1kOOkwT2gt7QQbKSHNPe5N
po1z4nEOrEPZ2B9FdvYltzfIjJQ= )
dns2.example.com. 3600 IN A 192.0.2.2
3600 RRSIG A 5 3 3600 (
20160206084840 20160107074840 9546 example.com.
GcRmgDXHZ++mHYmDRa3zEThBhlUHPXwpyJNJ
vdKegqH82cR9AeMeVAZRA+dkVnobKicUn/S3
V1ZxLZ6/wYHYim7aIlxsiVg1+iKKIxY0OmnG
3dz6oCtdTahTZnWMz3XfmG52HL0C5R8FDpy/
E8xbKKEiEEkZEFrQgLiolr1VmRo= )
3600 AAAA 2001:db8::2
3600 RRSIG AAAA 5 3 3600 (
20160206084840 20160107074840 9546 example.com.
XL44vC/btwusLc116BSFjJia8KCj5GOPr2Ll
ldpVAgUlF8kZYLbIMK5pA7XPy/IzWecRi7+1
pUEWZJwGIebP4a+Thj6jrAyoHGnov+xV0zLF
UMNj2NpXtXRWTPkuCKUbKXXIvvIvTLXcSZkA
1MkVHe8t+x712glfAf8F0vJ7Gxw= )
86400 NSEC email.example.com. A AAAA RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 (
20160206084840 20160107074840 9546 example.com.
Pl4Xbunhs3kYNMblnkax3gN2YVtxwGMCC+iI
L6mT04VVIWQGYWr2TzcplZNTBLMsJVPrEYRR
8x2d//6opaR65W8z5ArWMDbq31V4hqNYWWWT
u7Eux8znJE1kAYvycJJFIzSp6CQZyMNW5SgQ
DgaeTAGUXvuEoEt7vt/8GF3e0ZM= )
$ORIGIN example.com.
$TTL 3600
@ IN SOA dns1.example.com. hostmaster.example.com. (
2010111217 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
NS dns1
NS dns2
MX 10 mail
mail A 192.0.2.3
AAAA 2001:DB8::3
email CNAME mail
; File written on Wed Jan 20 12:39:27 2016
; dnssec_signzone version 9.10.3-P2-RedHat-9.10.3-7.P2.fc22
example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. (
2010111219 ; serial
21600 ; refresh (6 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
3600 RRSIG SOA 7 2 3600 (
20160219113927 20160120103927 16067 example.com.
NPAwCWYOIOKFT8JakgpfTDEbgIGphtW7SO5r
tP9WLxHzhUCWvjgXpV+mLFqxBNqfARf6EKIp
pSitLypya/d7MXNUjKVvuGS/jaCed6+zGpUU
tG96prkgK7fEvVhhMtaJhfZ65G1Bbk590u7V
AGkznuf/yU542fjY1ij1+019mv4= )
3600 NS dns1.example.com.
3600 NS dns2.example.com.
3600 RRSIG NS 7 2 3600 (
20160219113927 20160120103927 16067 example.com.
iUeKHdaMcYYJiyMybbtWeOilGWKxe8xRHutn
9UtoVY//y63P9BdocTp7fSCudguqJqvs2opK
gfRVNW+81KtBGWNs1woN22UZuL2Fg9qxowpj
soptk29XkSULvkrUHezWJ1dt1XVCkp4+gsVj
2e+IKbfh3XvURhfwWLW+zd0+Kjk= )
3600 MX 10 mail.example.com.
3600 RRSIG MX 7 2 3600 (
20160219113927 20160120103927 16067 example.com.
sLiGBnAc6Zzs/zvCDOYwF10W8atzir0KNlIF
3pwL6zUXbVhfwNCICSYCf76LjNeOCSKtbyQ3
uoVuepHWswQkik7T5EOqqhzENT6WBLZ4NC2l
8UpBYRt1YCsfjvGb6xJtzfgiPU/wompdEJO4
A5vUUc+qwiNSN0gwSBwiDctjB4o= )
3600 DNSKEY 257 3 7 (
AwEAAcJbz95j+IHktRWGmQQfnzjsBmLUaOyt
S+fm00LVKhZX6Lel9fWMa5jKEk9EGhmCPIXZ
yfrgPzcKGFZDYQtCcVd1f92muos38Bo3a7tD
0K7J9kRijmw3IP1i9dudnKSvdUE14S01263b
I1eWPNEv+AVfTYs/napld819DuRJd8QK0XU3
gwfkqHfFEidNAAbTfvZncVTSlIpeM8ybpQi5
8c8I/Rd0SwQ1EzdNiLiG3ZBjrjPk4K6Vg9oL
u7QX2I4oAfdRsZRCD8a/WB9HQKupUlLX4MnF
oMQPvK6xX7zCW26PjBY7/pi6OPKDA/iIPlTH
9At37QsSyxfmqPc2iNEb8j0=
) ; KSK; alg = NSEC3RSASHA1; key id = 42498
3600 DNSKEY 256 3 7 (
AwEAAb9VMYsBa5SUFTXsQjXaDXoEWNcYwPgn
DBe19E96aAFEP4ROuXlsV7aKx0IGvV8y85kU
wxOrYICJpWNqgU4GyHrRv6eyCjX7RAppzBqU
TCT4Tpmwz1huUZjhqiRqt8tmZ92dMgXUIO7E
mQRJNKH6WkZj3oWBEUH1n2B4z1bfZskF
) ; ZSK; alg = NSEC3RSASHA1; key id = 16067
3600 DNSKEY 256 3 7 (
AwEAAcXXj0yfYes8Ty26NjmYqH32qUN5arh2
usyC6bv8HCq9vrOpND1KwOM4dQEVHAd3oUj9
v7o+MvWBwKwD7jG8nUrDrplNJOlIoLqUjWU+
ECK2EidfCaEM9cDfzLWWdY0n/Rhzd6ybyK0e
/1aR5Mvsd5tQze2ciYKhp80HmcDSSByx
) ; ZSK; alg = NSEC3RSASHA1; key id = 59807
3600 RRSIG DNSKEY 7 2 3600 (
20160219113927 20160120103927 16067 example.com.
bojHrYK+zxTet5VRBTW4tGKpzgJnuJ5ulX8v
bvmL6CVTbRxj+mWtE2ogh/CmOOJklIai3Xug
e9jljwFgOmqHLCRhDweqebAnIB6d1JGC8Nn1
/zQ95tRLLMlmKvW5qCyOYjvSXafMDCSybslv
QR9BOYpHuF2CGB5S60aX3MsIyx8= )
3600 RRSIG DNSKEY 7 2 3600 (
20160219113927 20160120103927 42498 example.com.
bL2/qRftx06oTu3SaWiXWJhoiD4sUsmXWR0b
i8/3D7q2C7dSwsOkP+/UioELhnkZbXGaj5B5
eCwEMH/X57AtoHFk1vGzBZnYf0AxMHK3mkhS
ti4V69fOPosUQ6/XrtvztI/x/mrjjBnRD6Wc
ZDgzR+L/qva/BW+fFdH5i9734l8kFbP1qQr3
z0fK4IfLQPWkjPr4vUzxNLVEr3qQnCj9Xw8z
g/6GQrQT9eoNhbaZbSdDo/vEvHOrJjz9IZX0